Hi Folks,
I finally got a Windows Server 2012 R2 lab setup with AD. I have verified that I can enroll devices with a user from AD, but I can't seem to sync over any AD groups in Meraki. I feel it is the way I am setting my AD groups up in Windows Server. Could anyone provide a sample group they configured that syncs to Meraki?
Thanks!
Jared
Just a warning: This is my first time ever touching Windows Server and Active Directory. I configured this all from Youtube videos.
AD can be configured in many places for different things. Where are you doing it?
I'm going to guess that it may need ldaps, and you'll need to use a certificate on your AD controller (can be free private), or perhaps the permissions are not allowing it.
The Server is running in a virtual machine.
@PhilipDAth I enabled a certificate on the server using LDAPS and switched the port on my Meraki configuration to use 636. My AD sync is still failing, the funny part is that when I go to m.meraki.com and log in with my AD credentials it works and that specific user syncs over but the groups they are a member of do not sync over. Any other tips you recommend?
In the Meraki dashboard; where are you configuring AD? It can be done in several places. Once I know I can give you some screen shots.
For some reason I can’t upload a screenshot from my phone. But, it is under Systems Manager > Configure > General Heading > User Authentication Settings
Thanks,
Jared
Under:
Security Appliance/Active Directory does it look something like this:
You have definitely promoted the server to be an AD Controller?
Funny part is that I don’t see the LDAP policies section. I have promoted the server to a domain controller. I am going to give support a ring.
Does the "Status" have a green dot it in, showing it can talk to AD okay?
@nst1 we did these settings on our AD aswell, but you don't need to do this. This docs are referencing if you are integrating your AD through a MX Firewall. We use an enrolled device as Gateway.
Did the same thing already with a Windows VM which is used as AD (enrolling in SM and using it as Gateway for AD access). No need to configure these things as mentioned in the docs you linked.