Sync AD Groups Over

jared_f
Kind of a big deal

Sync AD Groups Over

Hi Folks,

 

I finally got a Windows Server 2012 R2 lab setup with AD. I have verified that I can enroll devices with a user from AD, but I can't seem to sync over any AD groups in Meraki. I feel it is the way I am setting my AD groups up in Windows Server. Could anyone provide a sample group they configured that syncs to Meraki?

 

Thanks!

Jared

Find this helpful? Click the kudos button. Thanks!
12 Replies 12
jared_f
Kind of a big deal

Just a warning: This is my first time ever touching Windows Server and Active Directory. I configured this all from Youtube videos.

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

AD can be configured in many places for different things.  Where are you doing it?

 

I'm going to guess that it may need ldaps, and you'll need to use a certificate on your AD controller (can be free private), or perhaps the permissions are not allowing it.

jared_f
Kind of a big deal

The Server is running in a virtual machine. 

Find this helpful? Click the kudos button. Thanks!
jared_f
Kind of a big deal

@PhilipDAth I enabled a certificate on the server using LDAPS and switched the port on my Meraki configuration to use 636. My AD sync is still failing, the funny part is that when I go to m.meraki.com and log in with my AD credentials it works and that specific user syncs over but the groups they are a member of do not sync over. Any other tips you recommend?

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

In the Meraki dashboard; where are you configuring AD?  It can be done in several places.  Once I know I can give you some screen shots.

jared_f
Kind of a big deal

For some reason I can’t upload a screenshot from my phone. But, it is under Systems Manager > Configure > General Heading > User Authentication Settings  

 

 

Thanks,

Jared

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

Under:

Security Appliance/Active Directory does it look something like this:

Screenshot from 2018-02-24 11-33-05.png

 

You have definitely promoted the server to be an AD Controller?

jared_f
Kind of a big deal

Funny part is that I don’t see the LDAP policies section. I have promoted the server to a domain controller. I am going to give support a ring. 

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

Does the "Status" have a green dot it in, showing it can talk to AD okay?

nst1
Building a reputation

beks88
A model citizen

@nst1 we did these settings on our AD aswell, but you don't need to do this. This docs are referencing if you are integrating your AD through a MX Firewall. We use an enrolled device as Gateway.

Did the same thing already with a Windows VM which is used as AD (enrolling in SM and using it as Gateway for AD access). No need to configure these things as mentioned in the docs you linked.

nst1
Building a reputation


in my case, add the AD to the MX with the user and password and everything looks fine, update the groups and I can see them.

Only that a new group was created in the AD and when updating the groups this new group did not loveo.

I do not administer the AD and therefore I asked the person who administers the AD to check if the group is mapped.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels