Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
10
Helpful
1
Replies

Active Directory status via API

Go to solution
SecurityEng99
Level 1
Level 1

‎10-25-2022 10:23 AM

How to get the Active Directory status in the ISE External Identity Sources  via the API ??

HaydenA_1-1666718281931.png

I'm using the REST API below and I can see there is no users and no groups returned in the API response, but nothing about the status.

https://x.x.x.x:9060/ers/config/activedirectory/<Name>

 

Please let me know if there is a way to get the status information via the API. I'm using ISE 2.7 and latest patch.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎10-25-2022 04:15 PM

This status is not something that is currently returned by the ERS API in any shipping versions of ISE (including 3.2).

The only option I can think of would be using the 'getGroupsByDomain' PUT call to query the domain for a group. If you get a '200 OK' response, that would indicate that at least the PAN status is Joined. If you get a '500 Internal Server Error' response, that would indicate Not Joined.

https://developer.cisco.com/docs/identity-services-engine/v1/#!activedirectory

Example:

{
"OperationAdditionalData" : {
"additionalData" : [
{
"name" : "domain",
"value" : "{{ad_domain_name}}"
},
{
"name" : "filter",
"value" : "*Domain Computers"
}
]
}
}

You could also submit a request for this to be added to the API via https://cs.co/ise-feedback.

 

View solution in original post

1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎10-25-2022 04:15 PM

This status is not something that is currently returned by the ERS API in any shipping versions of ISE (including 3.2).

The only option I can think of would be using the 'getGroupsByDomain' PUT call to query the domain for a group. If you get a '200 OK' response, that would indicate that at least the PAN status is Joined. If you get a '500 Internal Server Error' response, that would indicate Not Joined.

https://developer.cisco.com/docs/identity-services-engine/v1/#!activedirectory

Example:

{
"OperationAdditionalData" : {
"additionalData" : [
{
"name" : "domain",
"value" : "{{ad_domain_name}}"
},
{
"name" : "filter",
"value" : "*Domain Computers"
}
]
}
}

You could also submit a request for this to be added to the API via https://cs.co/ise-feedback.

 

Customers Also Viewed These Support Documents