AD

jared_f
Kind of a big deal

AD

I have AD setup on Server 2016 and have it communicating with Meraki. I only ever scope to AD groups and rarely am doing back end user/computer management - so the management aspect is still new to me. So, are users supposed to only pupate in Meraki once they enroll (authenticate either via DEP or m.meraki.com) and then whatever groups they are in come over or should I be able to que an AD sync and all users in AD and their groups come over.

 

Thanks

Jared

Find this helpful? Click the kudos button. Thanks!
8 REPLIES 8
PhilipDAth
Kind of a big deal
Kind of a big deal

With regard to Systems Manager, AD users only appear after they enrol.

jared_f
Kind of a big deal

Thanks @PhilipDAth. I thought I was doing something wrong. Also, is it possible to restrict certain AD users from enrolling or is that not possible?

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't believe that is possible.

jared_f
Kind of a big deal

@PhilipDAth Thanks for all your help. Does Meraki only sync the username of the user and the AD groups they are in? When I click on their AD profile in Meraki, it seems to only show their username.

 

Thanks,

Jared

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

My recollection when using Systems Manager is that it only "syncs" the username (and sync is a strong use of the word here).

 

Other things with Content Filtering have full AD group visibility.

We have one network where the AD groups do appear to Sync in. It would be nice if there was a way to get all of the AD groups to sync to owners in all networks.

 

AD.PNG

 

I believe this one works due to the device providing authentication is on the same network/VLAN as one of our Domain Controllers. To be honest though, I have not tried to determine the specifics of why it is working here and not our other networks as it's not critical to have at this time.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
jared_f
Kind of a big deal

I agree with @PhilipDAth “sync” is a very strong word. No user information like position, etc. The only advantage is syncing AD groups.

Find this helpful? Click the kudos button. Thanks!

You could restrict their devices from your network via their MAC.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels