+ Reply to Thread
Results 1 to 12 of 12
  1. Member
    Join Date
    Jul 2010
    Location
    Location
    Posts
    94

    Certifications
    CCNA R&S, CCNP R&S, CCNA Security, JNCIA, JNCIS-SEC, CCNA DataCenter
    #1

    Default ISE and AD integration

    Does anyone knows why ISE cannot retrieve groups from the AD? I have successfully connect the ISE with AD (the checkbox is green). What tshoot steps do you recommend ? Test connection from ISE GUI, doesn't reveal anything wrong.
    Reply With Quote Quote  

  2. SS -->
  3. Member NVLady's Avatar
    Join Date
    Oct 2015
    Location
    Nevada
    Posts
    51

    Certifications
    CCNA Security, CCNA, MCDST
    #2
    AD groups can be added to ISE. What version of ISE are you running? What steps are you following? What error messages do you get?
    Reply With Quote Quote  

  4. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,677

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #3
    Happy to help you out:

    Navigate to Administration>Identity Management>External Identity Sources and click on the your AD Domain, then Groups
    TE1.JPG

    Then click on Add>Select Groups From Directory:
    TE2.JPG

    From here, you can either filter by group name or just with * and pull up everything:
    TE3.jpg

    Check the box and click ok! Now you're ready to rock and roll.

    If this doesn't work, it might be a permissions issue with the account you used. I remember you have to have the following permissions:Active Directory Integration with Cisco ISE 1.3 - Cisco


    After you have that up and going, it's easy to create conditions based on groups. Condition if: <AD-Name>:ExternalGroups Equals <Groupname>
    Last edited by Iristheangel; 06-15-2016 at 04:57 PM.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    Bonus TE Fun: Nerd Photos
    Reply With Quote Quote  

  5. Senior Member aftereffector's Avatar
    Join Date
    Dec 2013
    Location
    NC
    Posts
    512

    Certifications
    CISSP, CASP, CCNA R/S, CCNA Security, MCTS
    #4
    I'm willing to bet that it is a permissions issue with the AD account that ISE is using. (Source: I had this problem before too!)
    Reply With Quote Quote  

  6. Member
    Join Date
    Jul 2010
    Location
    Location
    Posts
    94

    Certifications
    CCNA R&S, CCNP R&S, CCNA Security, JNCIA, JNCIS-SEC, CCNA DataCenter
    #5
    I'm using 1.2. I'm trying to pull everything from AD, but the message is "no data available". THe account used is Administrator for AD join, so should have enough permission.
    Reply With Quote Quote  

  7. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,677

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #6
    This is something completely separate but I would highly highly highly recommend upgrading to ISE 2.0 or ISE 2.1. ISE 1.2 has already been announced as End-of-Life and they'll stop releasing maintenance releases in under a year for 1.2.

    Is this production or a lab?
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    Bonus TE Fun: Nerd Photos
    Reply With Quote Quote  

  8. Member
    Join Date
    Jul 2010
    Location
    Location
    Posts
    94

    Certifications
    CCNA R&S, CCNP R&S, CCNA Security, JNCIA, JNCIS-SEC, CCNA DataCenter
    #7
    Lab...learning for SISAS.
    Reply With Quote Quote  

  9. BS:ITSec, MS:ISA
    Join Date
    Feb 2014
    Location
    Chicago, IL
    Posts
    218

    Certifications
    A+, Project+, Network+, Security+, CCNA, CCNA Security, CEH, CHFI, CISSP, ITIL, GCIH
    #8
    Does the SISAS use 1.4? I believe I also saw somewhere that they had some 2.0 version questions for ISE.

    Did you verify the permissions on your AD account? Try a domain admin just to triple check permissions if possible. Are you using Kerberos authentication?
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
    Reply With Quote Quote  

  10. Senior Member aftereffector's Avatar
    Join Date
    Dec 2013
    Location
    NC
    Posts
    512

    Certifications
    CISSP, CASP, CCNA R/S, CCNA Security, MCTS
    #9
    Quote Originally Posted by zimskiz View Post
    Lab...learning for SISAS.
    Oh, that makes sense. We're all kind of in the same boat there lol.

    I'm still thinking it would be an AD permissions issue...
    Reply With Quote Quote  

  11. ABL - Always Be Labbin' Iristheangel's Avatar
    Join Date
    Dec 2009
    Location
    Pasadena, CA
    Posts
    3,677

    Certifications
    CISSP, CCIE DC, CCNP R&S/DC, CCDP, CCNA:RS/S/V/DC, CCDA, BCVRE, BCEFP, BCNE, CEH, CHFI, MCSE:S, MCDST, A/S/L/P/N+, some useless Citrix and CIW certs
    #10
    Hmm.. have you fully patched 1.2? For fun, try installing ISE 1.3 on the side of 1.2 and see if it has the same issue. I didn't have any AD issues with 1.2 back in the day. It was considerably less buggy than 1.1. Just slow to move around :P
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
    Bonus TE Fun: Nerd Photos
    Reply With Quote Quote  

  12. Member
    Join Date
    Jul 2010
    Location
    Location
    Posts
    94

    Certifications
    CCNA R&S, CCNP R&S, CCNA Security, JNCIA, JNCIS-SEC, CCNA DataCenter
    #11
    I will try today to install ISE2.0...version 1.2 was without any kind of patch.
    Reply With Quote Quote  

  13. Member
    Join Date
    Jul 2010
    Location
    Location
    Posts
    94

    Certifications
    CCNA R&S, CCNP R&S, CCNA Security, JNCIA, JNCIS-SEC, CCNA DataCenter
    #12
    It was from ISE version 1.2. With ISE2.0 the groups are available now.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks