I think this may do it for us. I had actually been looking at purchasing an ACS server from Cisco in order to facilitate this transaction, but I will test your scripts right now on my test 5505 before deploying to the local 5510.

Thanks much.

I was unable to verify whether this works on not as I was attempting the configure on a test 5505. It wants to place the AD server on the inside network, which cannot be done at the present time.

I am placing a 5510 inline next week and will attempt the synchronization of AD accounts to the 5510 then.

Thanks.

Hi

please i would like to ask a question on this topic (asa and Microsoft Active directory sync)

i am still confusse about this topic what is the purpsoe for doing this sync between the ASA and Microsoft Active directory

is it just only for vpn users

or can it help in internet filtring with (server like ISA Server) i am still very confused please hope some one reply me

thanks alot

AD authentication can be used for VPN users.

It can also be used:

- If you have CSC module for web filtering per user/group based.

- For Identity firewall feature (configuring access-list with AD users as one of the field).

- If you are running the latest version of ASA (version 9.x) which is just out today, you can redirect the traffic to ScanSafe web security cloud with AD authentication as well.

Hope that answers your question.

Thank you very much appreciating your answer

your answer made me wanna ask you another question

i want to sync between the ASA and the microsoft AD to do the following

redirecting  traffic to microsoft Isa Server also the asa is configed as a gateway

i read about the wccp protocol but i found that isa Server is not supporting this protocol there is another server like squid and websense ETC

MY Goal is to filter all the web traffic and wireless

so what is the best senario to do this task with DC & Isa

note

ASA IOS is 7.2

i don't have CSC Module

also i hope there is another soultion without the ISA

thanks alot

Unfortunately you can't transparently redirect to ISA server if it doesn't support WCCP as that will be the only solution to transparently redirect to ISA server.

You would need to configure your hosts to use explicit proxy to use the ISA proxy server.

i understand from you this mean that also Sync between the microsoft AD and the Asa is not the solution to accomplishe the web filtreing cause i only want to do this sync for this reason

so there is no need to go on the SYNC configuration between the ASA and AD is that right

ALSO is there is any free server that can support WCCP INSTEAD OF  ISA SERVER (content filtering)