Solved: Re: Cisco ISE with AD integration Group Missing in Retrieval

SaintEvn · ‎01-30-2021

Hi,

I’m trying to integrate Cisco ISE and AD.

I’ve successfully joined ISE with AD and the status is operational.

The problem is when I tried to retrieve group from AD, only group that are part of Buildin OU and Users OU are shown in the lists.

We’ve created new OU, Group and User in AD but it is not in the ISE group retrieval list. And also when I test user authentication in ISE using the users from newly created groups , it kept failing.

We are deploying two AD in the same domain and we can’t find out if the issue is at AD side or ISE side.

Any idea for AD side to work or ISE to retrieve all groups??

Thank you so much!

SaintEvn · ‎01-19-2023

The issue was solved using administrator privilege user account created on AD.

View solution in original post

Marcelo Morais · ‎01-30-2021

Hi @SaintEvn

could you please try the Test User again but in a different browser?

Hope this helps.

Anton Abik · ‎12-29-2022

Hello,

how did you resolve this? I have similar issue cannot find anything under the new OU. Thanks

SaintEvn · ‎01-19-2023

The issue was solved using administrator privilege user account created on AD.

Anton Abik · ‎01-19-2023

Just want to share how I fixed my issue. I tried to reboot the PAN node didnt help. I dont have technical explanation for this, but the OU and AD groups under that OU were probably not created correctly. I had to recreate them in the AD and ISE started to see it. Luckily it was new OU