We're setting up new MX gateways for an SD-WAN deployment. We have a requirement to apply custom content filters based on active directory group membership. We're trying to setup Active directory authentication and the status indicator next to the active directory servers has the green check mark, however the LDAP groups never refreshes. We're not getting anywhere with meraki support, and we have followed the documentation found online to no avail. Has anyone else run into this, or have a suggestion?
I've not had that issue. If you get a green ticket you are usually away.
Anything appearing in the Windows event log on the AD controllers? Specifically errors when the MXs attempt to retrieve the groups?
Is the account being used a domain admin?
If you use ldapsearch, are you able to run a query like the below to manually retrieve the list of groups?
Thanks for the quick reply Phillip. Yes, we get the green check mark. I forgot to mention, on the clients page I do see that users are being identified, it's just that the list of AD groups never populates when we hit "refresh ldap groups". I'm not familar with ldapsearch, I can give it a go. We did try ldp.exe and it seems we're able to connect to ldap over SSL. No idea where we're going wrong here. Checked the event viewer on the domain controllers, didn't see anything that seemed related to this. Checked the event log on the meraki appliance and other than 'connected to domain controller' I don't see any messaging related to this process.
Also worth noting....the green status check mark is intermittent. When no changes have been made it will occasionally display a red X or amber !, but it later (refresh page) displays green check again
Since the error is intermittent, you might try this page: https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Active_Directory_...
and check the section "WMI Error".