Hi Sir,The version is 1.1.3

Tzy Chun Chong · ‎09-11-2015

Hi All,

I got distributed ISEs setup in both location.

Below the deployment setup.

MY1-ISE-01 PRI(A) PRI(M)

SG1-ISE-01 SEC(A) SEC(M)

Below the current AD connection.

MY1-ISE-01 connected to myad01.adg.local

SG2-ISE-01 connected to sgad01.adg.local

I brought up a new AD in MY and name myad02.adg.local and would like to do the AD migration in "only" MY location, no changes for SG location. But I can't locate any resource to explain the step by step how to modify the AD setup in primary admin node. My few questions below.

1.) If i leave the myad01.local at primary admin node, would it cause the ISE failover? Because MY1-ISE-01 lost the connection to myad01.adg.local and there is only 1 AD connection which is in SG2-ISE-01. Or there is no failover but only authentication will be redirect to sgad01.adg.local?

2.) How to leave existing myad01.adg.local and join the new myad02.adg.local? I'm thinking to add new AD but from the GUI page Administration>Identity>External Identity Sources > Active Directory, there is no way join create new AD and the "save configuration" are blur and not function if the same domain name are specified?

Pls share me if you have any documentation that shown how to modify the AD server in ISE. I tried to look from google but no useful link found.

Pls help me and I will rate for helpful reply, Thanks.

Regards

Tzy

Marvin Rhoads · ‎09-13-2015

It sounds like you may be running ISE 1.2 or earlier. Please confirm your version.

Generally speaking, all nodes in an ISE deployment will be controlled by the setup on the Primary PAN. ISE 1.3 and later have a lot more options about behavior in how they join AD.

Tzy Chun Chong · ‎09-13-2015

Hi Sir,

The version is 1.1.3.124.

Regards

Tzy

Distributed ISEs Change AD server