Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Clear User Cache after Changing Active Directory Domain ... - Knowledge Base - Palo Alto Networks

How to Clear User Cache after Changing Active Directory Domain Name

63061
Created On 09/27/18 10:04 AM - Last Modified 01/24/25 21:17 PM


Symptom


This article explains the required steps that are needed to clear the cached IP mapping after active directory domain name changing 

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS versions
  • LDAP or Radius Authentication profile is configured with domain override
  • User-ID Agent
  • Domain name of the Active Directory is changed 

Cause


When changing the domain name in the LDAP or Radius server profile, it is necessary to clear the user cache in order for the firewall to start a new IP to User mapping list.

Resolution


  1. To clear the user cache and group cache, Run the following commands:
    > clear user-cache-mp all   
    > clear user-cache all
    > delete user-group-cache
  2. To populate the group information again, Run the following command.
    > debug user-id refresh group-mapping all

    Note: If the command is not executed, the next group-mapping refresh should populate the group information. The default value of this "Update Interval" is 3600 seconds (60 min). 
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 240,240
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm9fCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language