cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

132
Views
0
Helpful
4
Replies
Cisco Employee

What is the best practice to check if MacOS device is Domain Joined or not?

In one of the deployment, we need to check MacOS is Domain Joined or not so that we can apply ISE posture check to that device.

If this is a Non-Domain Joined device (like BYOD) device, we would apply it to go through BYOD flow.

Authentication is using EAP-PEAP.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: What is the best practice to check if MacOS device is Domain Joined or not?

You can use the AD attribute - "AD-Host-Exists = True" as a condition.

 

4 REPLIES 4
VIP Advisor

Re: What is the best practice to check if MacOS device is Domain Joined or not?

Hi

If mac devices are joined to a Microsoft AD domain, it means the object ad will be a member, at least of domain computers.

If you create a rule that use this group, the result will show if the device is member or not of your AD.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Cisco Employee

Re: What is the best practice to check if MacOS device is Domain Joined or not?

Hi Francesco,

Thank you for the information. Yes, the Mac devices are Domain Joined.
Could you elaborate more about the rule? How should it be configured and which condition to be used?
Cisco Employee

Re: What is the best practice to check if MacOS device is Domain Joined or not?

You can use the AD attribute - "AD-Host-Exists = True" as a condition.

 

VIP Advisor

Re: What is the best practice to check if MacOS device is Domain Joined or not?

Sorry for my late answer I was at Cisco Live but you got the answer. Sorry

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question