This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
My customer has slightly more than 200 domain controllers to monitor via WMI for Passive Identity.
|Max AD Domain Controllers supported via WMI or ISE AD Agent||100|
It is not clear however if this limit is per PSN or per cluster. Could someone confirm?
If this is per PSN, does this mean the maximum number of DC we can monitor per ISE cluster is limited to 200:
|Recommended # PSNs enabled for WMI (Passive ID service)||2|
Is this a hard limit or does it just mean we haven't tested higher number? With the use of "recommended", it sounds like we could try to go higher...
Any chance to increase these numbers in the future (v2.5?)
Solved! Go to Solution.
Can you provide more information or at least point me in the right direction for setting up event forwarding to support passive ID for a domain with more than 100 DCs? I have information on event subscription, however it seems I can't specify the security event log as the destination. Can the AD connector read from "forwarded events" on the subscriber? If so, do I need to specify this somewhere in the configuration?