Showing results for 
Search instead for 
Did you mean: 
noc Beginner

ISE 2.4 patch 9 -> AD Test User not working


I have found a bug in Cisco ISE Patch 9


In ISE 2.4 menu Administration/Identity Management/External Identity Source/, after installing the ISE 2.4 patch 9 it’s not possible to retrieve the groups of AD user



I’ve tried in with  Kerberos, Lookup, MS-RPC, but the result is the same


Luckily, I have verified that this behavior does not affect the authentication and authorization process, so the policies are applied correctly.

That’s an environment that can easily be reproduced in a lab test:

You have to install ISE 2.4, join to AD, install patch 8, test the AD user, install patch 9, test the AD user and try to see what’s happening


I use this tool often, it's very useful to troubleshoot the user groups and attributes, and also to check the status of AD connection.


Any suggestion?


Best Regards

Cisco Employee

Re: ISE 2.4 patch 9 -> AD Test User not working

Yes, I was able to reproduce. Please open a TAC SR and have them reference CSCvq78503. May not be visible to you yet as it was just created. Unfortunately I do not see a workaround for this defect. Thank you for reporting it to us.

Re: ISE 2.4 patch 9 -> AD Test User not working


I also had this problem after installing patch 9.

I,m using Microsoft cmd line commands to find out group memberships for

machines and users....

examples: net group "Domain Computers" /domain | find "machine name" or net user xxxx /domain


waiting for patch 10  :)

VIP Engager

Re: ISE 2.4 patch 9 -> AD Test User not working

There is no indication that this will be fixed in 2.4 patch 10, just 2.6 patch 2. Is there an update that hasn't been added to the bug notes?