Solved: Re: Cisco ISE not joined in AD domain after upgrade from version 2.2.0 to 2.7.0

albertofdez · ‎08-13-2020

Hi guys,

After upgrading from version 2.2.0 Patch 13 to version 2.7.0 Patch 2, when I restart ISE 2.7.0 the Active Directory (External Identity Sources) window appears as "Not joined"

Just hitting join and entering the credentials again would be enough, but I have a question.

Is it necessary to delete the machine object in the Microsoft Ad that was created for Cisco ISE before joining again?

Thanks.

Rob Ingram · ‎08-13-2020

Hi,
No you do not need to delete the object in AD, you can just re-join ISE to the AD domain.

HTH

View solution in original post

Rob Ingram · ‎08-13-2020

Hi,
No you do not need to delete the object in AD, you can just re-join ISE to the AD domain.

HTH

albertofdez · ‎08-13-2020

Hi,
Currently the Cisco ISE object in the AD is inserted in a specific OU, specifying the same path of the OU where it is currently is enough, is it correct?
Thanks.

Rob Ingram · ‎08-13-2020

You shouldn’t even need to specify the OU, just join it to the domain and it will use the existing object.

albertofdez · ‎08-14-2020

Hi guys,

Thank you very much everyone for your help and about you Rob.

Bye.

balaji.bandi · ‎08-13-2020

I have seen some time this behaviour, so you rejoin back to AD ( make sure the user has enough rights to joine to AD).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Karsten Iwen · ‎08-13-2020

The need to re-join (without the need to delete the AD-object) is also a documented in the upgrade-guide:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/upgrade_guide/Upgrade_Journey/PDF/b_ise_upgrade_guide_2_7_pdf/m_postupgradetasks.html#id_124359