https://community.cisco.com/t5/network-access-control/discover-recover-ise-ad-join-credentials/m-p/4499326#M570918 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1214276">@mattw</a> Actually no, the credentials that are used for the join or leave operation <U>are not stored in Cisco <SPAN class="ph">ISE</SPAN></U>. Only the Cisco <SPAN class="ph">ISE</SPAN> machine account credentials are stored. It's this ISE machine account thats created in AD that is used to communicate between ISE and AD.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html</A></P> <P>&nbsp;</P> Mon, 08 Nov 2021 11:04:31 GMT Rob Ingram 2021-11-08T11:04:31Z https://community.cisco.com/t5/network-access-control/discover-recover-ise-ad-join-credentials/m-p/4499314#M570917 <P>Hi,</P><P>I'll be doing an ISE upgrade for a client soon and we want to make sure we have the AD user account credentials to hand so we can rejoin ISE to AD if we need to after the upgrade.</P><P>The client is not sure what account was used when it was set up.</P><P>I'm assuming ISE uses that account each time it does a user or group lookup right?</P><P>Is there any way to find this out from a log or something what account is being used?</P><P>Thanks,</P><P>Matt.</P> Mon, 08 Nov 2021 07:41:02 GMT https://community.cisco.com/t5/network-access-control/discover-recover-ise-ad-join-credentials/m-p/4499314#M570917 mattw 2021-11-08T07:41:02Z https://community.cisco.com/t5/network-access-control/discover-recover-ise-ad-join-credentials/m-p/4499326#M570918 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1214276">@mattw</a> Actually no, the credentials that are used for the join or leave operation <U>are not stored in Cisco <SPAN class="ph">ISE</SPAN></U>. Only the Cisco <SPAN class="ph">ISE</SPAN> machine account credentials are stored. It's this ISE machine account thats created in AD that is used to communicate between ISE and AD.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html</A></P> <P>&nbsp;</P> Mon, 08 Nov 2021 11:04:31 GMT https://community.cisco.com/t5/network-access-control/discover-recover-ise-ad-join-credentials/m-p/4499326#M570918 Rob Ingram 2021-11-08T11:04:31Z https://community.cisco.com/t5/network-access-control/discover-recover-ise-ad-join-credentials/m-p/4499403#M570930 <P>Thank you&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>.</P> Mon, 08 Nov 2021 10:50:47 GMT https://community.cisco.com/t5/network-access-control/discover-recover-ise-ad-join-credentials/m-p/4499403#M570930 mattw 2021-11-08T10:50:47Z