I have AD setup on Server 2016 and have it communicating with Meraki. I only ever scope to AD groups and rarely am doing back end user/computer management - so the management aspect is still new to me. So, are users supposed to only pupate in Meraki once they enroll (authenticate either via DEP or m.meraki.com) and then whatever groups they are in come over or should I be able to que an AD sync and all users in AD and their groups come over.
Thanks
Jared
With regard to Systems Manager, AD users only appear after they enrol.
Thanks @PhilipDAth. I thought I was doing something wrong. Also, is it possible to restrict certain AD users from enrolling or is that not possible?
I don't believe that is possible.
@PhilipDAth Thanks for all your help. Does Meraki only sync the username of the user and the AD groups they are in? When I click on their AD profile in Meraki, it seems to only show their username.
Thanks,
Jared
My recollection when using Systems Manager is that it only "syncs" the username (and sync is a strong use of the word here).
Other things with Content Filtering have full AD group visibility.
We have one network where the AD groups do appear to Sync in. It would be nice if there was a way to get all of the AD groups to sync to owners in all networks.
I believe this one works due to the device providing authentication is on the same network/VLAN as one of our Domain Controllers. To be honest though, I have not tried to determine the specifics of why it is working here and not our other networks as it's not critical to have at this time.
I agree with @PhilipDAth “sync” is a very strong word. No user information like position, etc. The only advantage is syncing AD groups.
You could restrict their devices from your network via their MAC.