Hi,
I am testing ISE External AD authentication and when I rename an AD security group that the user is a member of authentication against ISE is still successful, however the group name shown in the logs is the original group name and not the new renamed group name. This appears to be the same for both nested groups and those mapped directly to ISE in my testing.
After waiting what could be potentially 24 hours between retesting after renaming the group this appears to then show the correct renamed group in the authentication log. I believe that ISE has an ADclient cache which I assume is where the group name is being pulled from for the ISE logs and hence why this shows incorrectly for a period of time until it is refreshed.
I did find details of a configuration option on the ISE CLI to "Clear Active Directory Trusts Cache and restart/apply Active Directory settings". I have attempted to do this and this makes no difference to the names of the groups in the authentication log. However this may be due to CSCul65329 that I have found that seems to exhibit the similar symptoms to what I am experiencing.
So I guess what I am asking is, has anyone else experienced similar issues when attempting to rename external AD groups? And if so, excluding the potential for CSCul65329 is the process when renaming AD external groups to Clear Active Directory Trusts Cache and restart/apply Active Directory settings.
Any help appreciated.
Many thanks
Andy