These commands will help troubleshoot and resolve issues with Active Directory groups on your PAN firewall.
1. Shows every AD group added to the PAN firewall:
show user group list
2. Shows the user and IP address mapping (or specific user):
show user ip-user-mapping all
3. Gives more detailed statistics of the command above:
show user group-mapping state all
4. Shows the user members of the group specified:
show user group name "group_name"
5. Re-pulls the user-to-group mapping from AD:
debug user-id reset group-mapping all
6. Refreshes all user-to-IP mappings:
debug user-id refresh user-id agent all
7. Restarts the user-id service (this command is usually not needed):
debug software restart user-id