cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3262
Views
15
Helpful
4
Replies

Cisco ISE with AD integration Group Missing in Retrieval

SaintEvn
Level 1
Level 1

Hi,

I’m trying to integrate Cisco ISE and AD.

I’ve successfully joined ISE with AD and the status is operational.

The problem is when I tried to retrieve group from AD, only group that are part of Buildin OU and Users OU are shown in the lists.

We’ve created new OU, Group and User in AD but it is not in the ISE group retrieval list. And also when I test user authentication in ISE  using the users from newly created groups , it  kept failing.

We are deploying two AD in the same domain and we can’t find out if the issue is at AD side or ISE side.

Any idea for AD side to work or ISE to retrieve all groups??

Thank you so much!

 

 

1 Accepted Solution

Accepted Solutions

SaintEvn
Level 1
Level 1

The issue was solved using administrator privilege user account created on AD.

View solution in original post

4 Replies 4

Hi @SaintEvn 

 could you please try the Test User again but in a different browser?

 

Hope this helps.

Anton Abik
Level 4
Level 4

Hello,

how did you resolve this? I have similar issue cannot find anything under the new OU. Thanks

SaintEvn
Level 1
Level 1

The issue was solved using administrator privilege user account created on AD.

Anton Abik
Level 4
Level 4

Just want to share how I fixed my issue. I tried to reboot the PAN node didnt help. I dont have technical explanation for this, but the OU and AD groups under that OU were probably not created correctly. I had to recreate them in the AD and ISE started to see it. Luckily it was new OU