- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2021 08:37 AM
I am trying to write a script that will search AD for group membership then add that group as a usable group in ISE so I can put it into policy. I am following these logical steps so far:
1) Get ID of domain (https://{{URL}}/ers/config/activedirectory)
2) Get SID of vendor group based on search (https://{{URL}}/ers/config/activedirectory/{id}/getGroupsByDomain) with the OU name in the body
3) Search current applied user groups to see if group exists
4) ???
The only call I can see in the API is to use the 'addGroups' call, but I'm having issues adding a new group with the name/SID. Any suggestions on this?
Solved! Go to Solution.
- Labels:
-
APIs
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2021 10:39 AM
I think I got it figured out. You can use the addGroups call in the following manner without all the additional values. I do get a 204 response here instead of 200, but the group shows up in ISE and can be used in policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2021 09:01 AM
What version of ISE are you working with?
The only call I can see in the API is to use the 'addGroups' call, but I'm having issues adding a new group with the name/SID. Any suggestions on this?
-If possible, please share any related error output, code snippets, etc. that will allow the community to better assist.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2021 10:39 AM
I think I got it figured out. You can use the addGroups call in the following manner without all the additional values. I do get a 204 response here instead of 200, but the group shows up in ISE and can be used in policy.
