Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4718
Views
3
Helpful
7
Replies

Cisco ISE Join multiple Domain

Go to solution
Mohamed BH
Level 1
Level 1

‎04-28-2023 07:45 AM

Hi,

We have a Cisco ISE implementation with a single domain (Active Directory), we are trying to add an other domain (New Active Directory with a new Domain name separate from the old one) to our implementation, is it possible to do it, if YES how to do it ?

Kind Regards,

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP

‎04-28-2023 11:38 AM

Hi @Mohamed BH ,

 at Administration > Identity Management > External Identity Sources > Active Directory > select your AD, check

1st the Allowed Domains tab ... Enable Select the Domains that you want

Note: special attention to the Use All AD Domains for Authentication option ... if checked the all current and future Trusted AD Domains will be used for Authentication.

2nd the Advanced Settings tab ... double check the information in the Identity Resolution window

Hope this helps !!!

View solution in original post

Go to solution
thomas
Cisco Employee
Cisco Employee

‎05-07-2023 09:40 AM

To add an Active Directory as an AD domain controller, add it the same way you did for the first one.

To add anything - including your AD server(s) - as DNS servers, you do this on the ISE CLI for each ISE node. You may add up to 3 DNS name-servers or you may add individual host aliases. Be aware that each new entry will require the ISE node to reboot.

See the ISE CLI Guide for all available commands:

ise/admin(config)#ip ?
Possible completions:
  default-gateway   Configure default gateway
  domain-name       Default domain name
  host              Configure host aliases
  name-server       Specify address of name server(s) to use

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Mohamed BH
Level 1
Level 1
In response to Flavio Miranda

‎04-28-2023 09:25 AM

Hi @Flavio Miranda and thanks for you reply, i saw that but my problem is how to be able to configure the AD as a DNS on ISE to be able to see and reach the new domain when i add an other join point.

Example :

My ISE configuration is :

#domain-name example.com.fr

#ip name-server 1.1.1.1 2.2.2.2

The domain i want to add : example2.com.fr

what to do to reach the new domain ?

Kind Regards,

0 Helpful

Go to solution
Andres Sarmiento (Cisco)
Cisco Employee
Cisco Employee
In response to Mohamed BH

‎04-28-2023 01:47 PM

HI @Mohamed BH - from your config can ip name-server 1.1.1.1 2.2.2.2 resolve to the domain you want to add? - if this is the case then you will be able to accomplish this with no issues. Let us know if it does and if you re successful Joining the new AD Server to ISE

0 Helpful

Go to solution
Mohamed BH
Level 1
Level 1
In response to Andres Sarmiento (Cisco)

‎05-05-2023 03:36 AM - edited ‎05-05-2023 06:17 AM

Hi,

Yes the ip name-server 1.1.1.1 can resolve the 2.2.2.2 domain but still i cant join the second domain from Cisco it hit me with :

Result for ISE node: ise.ccie.lab.
Status: Join Operation Failed: Failed to find domain controller, please check network connectivity

0 Helpful

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎04-28-2023 09:19 AM

Yes, you can join ISE to another domain as a separate join point.

Go to solution
Marcelo Morais
VIP
VIP

‎04-28-2023 11:38 AM

Hi @Mohamed BH ,

 at Administration > Identity Management > External Identity Sources > Active Directory > select your AD, check

1st the Allowed Domains tab ... Enable Select the Domains that you want

Note: special attention to the Use All AD Domains for Authentication option ... if checked the all current and future Trusted AD Domains will be used for Authentication.

2nd the Advanced Settings tab ... double check the information in the Identity Resolution window

Hope this helps !!!

Go to solution
thomas
Cisco Employee
Cisco Employee

‎05-07-2023 09:40 AM

To add an Active Directory as an AD domain controller, add it the same way you did for the first one.

To add anything - including your AD server(s) - as DNS servers, you do this on the ISE CLI for each ISE node. You may add up to 3 DNS name-servers or you may add individual host aliases. Be aware that each new entry will require the ISE node to reboot.

See the ISE CLI Guide for all available commands:

ise/admin(config)#ip ?
Possible completions:
  default-gateway   Configure default gateway
  domain-name       Default domain name
  host              Configure host aliases
  name-server       Specify address of name server(s) to use

 

0 Helpful
Customers Also Viewed These Support Documents