Palo Alto Firewall AD Group Mapping

These commands will help troubleshoot and resolve issues with Active Directory groups on your PAN firewall.

1. Shows every AD group added to the PAN firewall:

show user group list

2. Shows the user and IP address mapping (or specific user):

show user ip-user-mapping all

3. Gives more detailed statistics of the command above:

show user group-mapping state all

4. Shows the user members of the group specified:

show user group name "group_name"

5. Re-pulls the user-to-group mapping from AD:

debug user-id reset group-mapping all

6. Refreshes all user-to-IP mappings:

debug user-id refresh user-id agent all

7. Restarts the user-id service (this command is usually not needed):

debug software restart user-id