cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

816
Views
5
Helpful
2
Replies
mattw
Beginner

Discover/Recover ISE-AD join credentials

Hi,

I'll be doing an ISE upgrade for a client soon and we want to make sure we have the AD user account credentials to hand so we can rejoin ISE to AD if we need to after the upgrade.

The client is not sure what account was used when it was set up.

I'm assuming ISE uses that account each time it does a user or group lookup right?

Is there any way to find this out from a log or something what account is being used?

Thanks,

Matt.

1 ACCEPTED SOLUTION

Accepted Solutions
Rob Ingram
VIP Expert

@mattw Actually no, the credentials that are used for the join or leave operation are not stored in Cisco ISE. Only the Cisco ISE machine account credentials are stored. It's this ISE machine account thats created in AD that is used to communicate between ISE and AD.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html

 

View solution in original post

2 REPLIES 2
Rob Ingram
VIP Expert

@mattw Actually no, the credentials that are used for the join or leave operation are not stored in Cisco ISE. Only the Cisco ISE machine account credentials are stored. It's this ISE machine account thats created in AD that is used to communicate between ISE and AD.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html

 

Thank you @Rob Ingram.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube