01-16-2020 12:55 AM - edited 01-16-2020 01:03 AM
Hi,
I am new to Cisco ISE. We have an existing distributed ISE environment. Currently 5 ISE is pointing to 2 Domain Controller. However the AD servers are now migrated to AWS. Now I want to modify the existing configuration of ISE pointing towards the new Domain Controllers. The Active Directory Domain is same only we need to change the IP address or FQDN. Can anyone guide me.
Solved! Go to Solution.
01-16-2020 08:44 AM
Assuming the AD domain was added as an AD external identity source, then there is no place to add domain controllers by IP. ISE operates just like any Windows client in that it uses DNS to find the domain controllers. You do not add individual domain controllers into ISE when connecting to AD. ISE queries AD for the domain name and asks for the nearest domain controller. So as long as your DNS is updated to the new AWS IPs, then everything should be fine.
If they were added as an LDAP external identity source, then go to Administration->Identity Management->External Identity Sources->LDAP. There you can update the primary and secondary IP's for your LDAP connection.
01-16-2020 08:44 AM
Assuming the AD domain was added as an AD external identity source, then there is no place to add domain controllers by IP. ISE operates just like any Windows client in that it uses DNS to find the domain controllers. You do not add individual domain controllers into ISE when connecting to AD. ISE queries AD for the domain name and asks for the nearest domain controller. So as long as your DNS is updated to the new AWS IPs, then everything should be fine.
If they were added as an LDAP external identity source, then go to Administration->Identity Management->External Identity Sources->LDAP. There you can update the primary and secondary IP's for your LDAP connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide