topic ISE and AD integration in Network Access Control

ISE and AD integration

shubhampatki1994 — Thu, 30 Jun 2022 18:50:48 GMT

My question is, what will happen if we delete the user on the AD that was used at the time of AD integration on the ISE.

Does the user used at the time of AD integration be part of the AD forever?

Thanks

shubham

Re: ISE and AD integration

ahollifield — Fri, 01 Jul 2022 13:35:32 GMT

AKAIK, No this account is only used to join ISE to the domain. Once the ISE nodes is a member of the domain, it uses its own machine/domain account to authenticate/search the forest.

Re: ISE and AD integration

Aref Alsouqi — Fri, 01 Jul 2022 08:47:11 GMT

I would say it depends on what you added for profiling. If you will be relying on Active Directory attributes for profiling then you should store the access details on ISE. In that case, if you remove the account you used from the AD that will affect ISE profiling functionality.

Re: ISE and AD integration

Mohammed al Baqari — Fri, 01 Jul 2022 13:29:31 GMT

Hi,

Yes, AD account should be permanent. ISE uses this AD account for bind
requests to AD when authenticating users. Also, it is used for groups
fetching etc

**** please remember to rate useful posts

Re: ISE and AD integration

Mohammed al Baqari — Fri, 01 Jul 2022 14:11:31 GMT

Hi, Yes you are correct if ISE is joined to domain. But if AD is added as
LDAP source then it uses bind requests through the configured account. I
should have been clear on this.

Thx for highlighting it. +5

***** please remember to rate useful posts