07-15-2021 08:37 AM
I am trying to write a script that will search AD for group membership then add that group as a usable group in ISE so I can put it into policy. I am following these logical steps so far:
1) Get ID of domain (https://{{URL}}/ers/config/activedirectory)
2) Get SID of vendor group based on search (https://{{URL}}/ers/config/activedirectory/{id}/getGroupsByDomain) with the OU name in the body
3) Search current applied user groups to see if group exists
4) ???
The only call I can see in the API is to use the 'addGroups' call, but I'm having issues adding a new group with the name/SID. Any suggestions on this?
Solved! Go to Solution.
07-15-2021 10:39 AM
I think I got it figured out. You can use the addGroups call in the following manner without all the additional values. I do get a 204 response here instead of 200, but the group shows up in ISE and can be used in policy.
07-15-2021 09:01 AM
What version of ISE are you working with?
The only call I can see in the API is to use the 'addGroups' call, but I'm having issues adding a new group with the name/SID. Any suggestions on this?
-If possible, please share any related error output, code snippets, etc. that will allow the community to better assist.
07-15-2021 10:39 AM
I think I got it figured out. You can use the addGroups call in the following manner without all the additional values. I do get a 204 response here instead of 200, but the group shows up in ISE and can be used in policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide