Synchronize Users and Groups
Synchronizing users and groups means the management center queries the realms and directories you configured for groups and users in those groups. All users the management center finds can be used in identity policies.
If issues are found, you most likely need to add a realm that contains users and groups the management center cannot load. For details, see Realms and Trusted Domains.
Before you begin
Create a cloud-delivered Firewall Management Center realm for each Active Directory domain and a management center directory for each Active Director domain controller in each forest. See Create an LDAP Realm or an Active Directory Realm and Realm Directory.
You must create a realm only for domains that have users you want to use in user control.
You can nest Microsoft AD groups and the cloud-delivered Firewall Management Center downloads those groups and the users they contain. You can optionally restrict which groups and users get downloaded as discussed in Create an LDAP Realm or an Active Directory Realm and Realm Directory.
You must create the realm with the original domain name of the domain and not any alternative user principal name (UPN) suffixes of the domain. Otherwise, users and groups fail to download and identity policies will not be enforced. For example, if the original domain is domain.example.com and the alternative UPN name isdomain2.mydomain.com, you must configure the realm to use domain.example.com. For more information about configuring an alternative UPN suffix, see a resource like Configuring Alternate Login ID on learn.microsoft.com.
Procedure
Step 1 | Log in to the Cisco Security Cloud Control. | ||||||
Step 2 | Click . | ||||||
Step 3 | Next to each realm, click Download ( | ||||||
Step 4 | To see the results, click the Sync Results tab. The Realms column indicates whether or not there were issues synchronizing users and groups in Active Directory forests. Look for the following indicators next to each realm.
|
)