Implementing Group Policy to Integrated Active Directory

guzgerardo
Here to help

Implementing Group Policy to Integrated Active Directory

Hi,

 

I'm new to the integration of AD and Meraki. Lucky, I was able to add my domain to meraki but I'm not able to apply my group policy to LDAP groups. I doubled check it by looking at the Network-wide>Clients. I tried to force my policy to the specific client to see if I configured the correct group policy and it worked.

 

I'm not sure if i've missed something on my AD but it shows "check" status in meraki.

 

I'm using MX84.

 

Thank you in advance!

8 REPLIES 8
AjitKumar
Head in the Cloud

Hi @guzgerardo 

I understand if AD Integration is successful with Dashboard. We can MAP the AD Groups with Respective Meraki Group Policy and this shall work.

 

Kindly refer the following image for more information.

 

AD.png

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
PhilipDAth
Kind of a big deal

Also note that the client needs to be using the MX for its default gateway for this to work.

Hello,

 

Thanks for the response. That's the same setup I've config.

 

guzgerardo_0-1581038729870.png

 

I was not getting the rules to apply to AD users, then I checked in the documentation that in the "domain admin" field we don't need to enter the "domainname" before the user, after I removed it the rules were successfully applied to AD users.

 

I hope I have contributed

yes i've made the MX as default gateway.

Hi @guzgerardo 

Is it possible for you to connect a PC directly to MX and Test?

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

Hi,

 

Yes it's possible. Will have it test and revert soonest.

It is now working! Also tested it in MX ports. Knowing that I created incorrect switchport where the meraki was connected to the switch. 

 

Additional question: what is the right way in activating Blocked/whitelisted url patterns? Should it be Append or Override?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels