Meraki

Community

MX and AD Server Integration

Solved
KSM
Here to help
‎Dec 6 2023 10:02 PM
‎Dec 6 2023 10:02 PM

MX and AD Server Integration

Hi~

 

I am testing the integration between Meraki MX and AD server.

 

However, other products work well with AD server.

 

However, only Meraki is not working with the AD server.

 

I looked into it, and it seems like it's failing because it only supports STARTTLS.

 

What should I check on the AD side?

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
‎Dec 7 2023 1:41 AM
‎Dec 7 2023 1:41 AM

There are some steps you should check first.

 

 

Configuration Overview

The following steps outline the required configuration (both in Dashboard and Active Directory) to allow for AD-based group policy application. Please be sure to follow each step as accurately as possible, errors can be difficult to diagnose and resolve.

  1. Create an Active Directory site for the MX so users authenticate against the correct Domain Controll...
  2. Enable security auditing on Active Directory Domain Controllers so the MX can obtain all relevant lo...
  3. Enable the Global Catalog role on each Domain Controller because the MX uses LDAP/TLS over TCP port ...
  4. Install a digital certificate on each Domain Controller for LDAP/TLS.
  5. Certificate Requirements for TLS
  6. Create groups in Active Directory which will be mapped to Group Policies in Dashboard.
  7. Add users to groups in Active Directory. 
  8. Configure Group Policies in Dashboard.
  9. Configure Active Directory Authentication in Dashboard.
  10. Create LDAP group to Group Policy mappings in Dashboard.

    https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 6 2023 11:21 PM
‎Dec 6 2023 11:21 PM

The MX integrates with AD for several different things.  What feature specifically are you trying to integrate with AD?

0 Kudos
alemabrahao
Kind of a big deal
‎Dec 7 2023 1:41 AM
‎Dec 7 2023 1:41 AM

There are some steps you should check first.

 

 

Configuration Overview

The following steps outline the required configuration (both in Dashboard and Active Directory) to allow for AD-based group policy application. Please be sure to follow each step as accurately as possible, errors can be difficult to diagnose and resolve.

  1. Create an Active Directory site for the MX so users authenticate against the correct Domain Controll...
  2. Enable security auditing on Active Directory Domain Controllers so the MX can obtain all relevant lo...
  3. Enable the Global Catalog role on each Domain Controller because the MX uses LDAP/TLS over TCP port ...
  4. Install a digital certificate on each Domain Controller for LDAP/TLS.
  5. Certificate Requirements for TLS
  6. Create groups in Active Directory which will be mapped to Group Policies in Dashboard.
  7. Add users to groups in Active Directory. 
  8. Configure Group Policies in Dashboard.
  9. Configure Active Directory Authentication in Dashboard.
  10. Create LDAP group to Group Policy mappings in Dashboard.

    https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
KSM
Here to help
‎Dec 10 2023 9:02 PM
‎Dec 10 2023 9:02 PM

I'll try one more time using the method you suggested.
Thank you for your response.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.