https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3898318#M471057 <P>Such traffic is for AD domain and forest discovery.</P> Fri, 26 Jul 2019 13:58:27 GMT hslai 2019-07-26T13:58:27Z https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3897791#M471056 <P>Hi All,</P> <P>&nbsp;</P> <P>I have a customer that connects their ISE deployment to their main Active Directory Domain. They are seeing traffic from a PSN to a secondary Active Directory domain that has a one-way trust with the main Active Directory domain.&nbsp;</P> <P>&nbsp;</P> <P>Is there any reason there would be traffic to the secondary domain if its not specified in the config? The secondary domain is not listed in the secondary domains for the ISE deployment.&nbsp;</P> <P>&nbsp;</P> <P>Appreciate any guidance.&nbsp;</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Rob&nbsp;</P> Thu, 25 Jul 2019 18:22:29 GMT https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3897791#M471056 Rob4 2019-07-25T18:22:29Z https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3898318#M471057 <P>Such traffic is for AD domain and forest discovery.</P> Fri, 26 Jul 2019 13:58:27 GMT https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3898318#M471057 hslai 2019-07-26T13:58:27Z https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3898369#M471058 <P>Thanks for the reply. So, if there was no trusting between the two domains, would we see that discovery still?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Rob&nbsp;</P> Fri, 26 Jul 2019 14:48:49 GMT https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3898369#M471058 Rob4 2019-07-26T14:48:49Z https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3898747#M471059 <P>Yes.</P> Sat, 27 Jul 2019 23:54:36 GMT https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3898747#M471059 hslai 2019-07-27T23:54:36Z https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3899530#M471210 <P>Thanks for the assistance. Do we have any documentation to show this behavior? The customer will need to provide some info to other team members.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Rob&nbsp;</P> Mon, 29 Jul 2019 19:39:40 GMT https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3899530#M471210 Rob4 2019-07-29T19:39:40Z https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3899698#M471211 <P>I suggest going through Cisco Live session -&nbsp;<SPAN>BRKSEC-2132 which has information about discovery !</SPAN></P> <P><SPAN>Thanks,</SPAN></P> <P><SPAN>Nidhi&nbsp;</SPAN></P> Tue, 30 Jul 2019 04:04:09 GMT https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3899698#M471211 Nidhi 2019-07-30T04:04:09Z https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3900019#M471212 <P>Thanks so much for the info!&nbsp;</P> Tue, 30 Jul 2019 13:25:22 GMT https://community.cisco.com/t5/network-access-control/ise-ldap-communication-to-secondary-ad/m-p/3900019#M471212 Rob4 2019-07-30T13:25:22Z