Solved: Can we join Single Cisco ISE node to multiple Active Directory Forest/domains same time

aaggarwal23 · ‎06-11-2021

Hi,

Can some one please help to get an answer as mentioned in Subject if we can join Single ISE Node to Multiple Active Directory Domain/Forest same time. I am aware Cisco ISE support upto 50 Active Directory domain joined but i am not sure if we can join Single ISE node to Multiple Active Directory forest/Domain same time or not. Can some one please help me on this.

thomas · ‎06-11-2021

Yes.

"50 Active Directory domain join points" means 50 unique domains/forests or 50 different places within a single domain.

From the ISE Admin Guide:

View solution in original post

thomas · ‎06-11-2021

Yes.

"50 Active Directory domain join points" means 50 unique domains/forests or 50 different places within a single domain.

From the ISE Admin Guide:

asdraper · ‎12-24-2024

Is there any way I can break the trust / prevent one domain join point from looking for accounts in other domains that have a trust?

I set up a new AD join point, and the account that was previously getting grabbed by the wrong domain and coming back as disabled is now working. The new problem, however, is that new join point is allowing authentication from multiple domains (since there are trusts between them) but I did not set up the AD groups for that join point, so now the accounts are failing authorization. I'm looking at having to add all the groups across every domain into each join point so they can be authorized regardless of which join point authenticates them.

That explanation is getting a little wordy, yikes.