cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

378
Views
1
Helpful
3
Replies
Highlighted
Cisco Employee

WMI backend changes for Easy-Connect

I have some questions from an Active Directory team about exactly what's happening "behind the scenes" when we enable Easy-Connect on an AD controller.  Previously there was a script that was run, but now it's all done from the ISE GUI and it's made them very nervous about exactly what is being sent / changed.  Can someone provide an explanation of exactly what we're doing to the AD controller when it's added in ISE as an Easy-Connect server?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: WMI backend changes for Easy-Connect

The requirements for Passive ID setup have not changed.  We just made it simpler than having to run through steps manually:

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Manage Users and External Identity Sources [Cisco Ide…

The alternative is to run agent on DC or member server and you bypass the settings needed for remote access via DCOM, but core principles apply.

Craig

View solution in original post

3 REPLIES 3
Advocate

Re: WMI backend changes for Easy-Connect

The requirements for Passive ID setup have not changed.  We just made it simpler than having to run through steps manually:

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Manage Users and External Identity Sources [Cisco Ide…

The alternative is to run agent on DC or member server and you bypass the settings needed for remote access via DCOM, but core principles apply.

Craig

View solution in original post

Cisco Employee

Re: WMI backend changes for Easy-Connect

IRT running the agent, it can be run on any member server? I assume then it’s more of an interval based polling rather than real-time / near-time?

Brad Landrum

Systems Engineer | Cisco Systems

SNR: 1.770.236.7927

blandrum@cisco.com

https://acecloud.webex.com/meet/blandrum

Cisco Employee

Re: WMI backend changes for Easy-Connect

Adding to what Craig said, we may still either manually configure for what required or run the script ourselves, instead of using the automation by "Configure WMI".

Running a PIC agent is a good option other than that providing PassiveID only but not yet supported for Easy Connect.