Active Directory Integration

Overview

Manage ISE integration with Active Directory for user/machine authentication and group-based authorization.

Commands

Command Description

Command	Description
`get-ad-join-points`	List AD domains joined to ISE
`get-ad-groups`	List groups from AD join point
`search-ad-groups`	Search for groups in AD
`add-ad-groups`	Add groups to ISE from AD

get-ad-join-points

List AD domains joined to ISE

get-ad-groups

List groups from AD join point

search-ad-groups

Search for groups in AD

add-ad-groups

Add groups to ISE from AD

List AD Join Points

netapi ise get-ad-join-points

Shows all Active Directory domains configured in ISE.

List AD Groups

# List groups from specific AD join point
netapi ise get-ad-groups "corp.domain.com"

Search AD Groups

# Search for groups matching pattern
netapi ise search-ad-groups "corp.domain.com" "VPN"
netapi ise search-ad-groups "corp.domain.com" "Wireless_Users"

Add AD Groups to ISE

# Add group for use in authorization policies
netapi ise add-ad-groups "corp.domain.com" "Domain Users"
netapi ise add-ad-groups "corp.domain.com" "Wireless_Admins"

Use Cases

Document AD Integration

#!/bin/bash
echo "=== AD Join Points ==="
netapi ise get-ad-join-points

echo ""
echo "=== Groups in each join point ==="
# List groups for your AD join points
netapi ise get-ad-groups "corp.domain.com"

Add Groups for New Policy

#!/bin/bash
# Add required AD groups for new wireless policy
AD="corp.domain.com"

netapi ise add-ad-groups "$AD" "Wireless_Staff"
netapi ise add-ad-groups "$AD" "Wireless_Contractors"
netapi ise add-ad-groups "$AD" "Wireless_Guests"

Related Commands

policy-sets - Use AD groups in policies
conditions - Create AD-based conditions