cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1559
Views
0
Helpful
5
Replies

Domain name is not unique in the deployment for edit??

matt-blackwell
Level 1
Level 1

Hi guys,

 

I need some advice if possible. I have a lab set up with a standalone virtual ISE deployment running on ESXi 6.0,  with one domain controller set as an external identity store. I have wired/wireless dot1x configured and I'm just about to dip my toe into BYOD wired dot1x on-boarding lab but I've have hit a brick wall with adding a new AD group. When I try and add a new AD user group to the existing group list or make any changes at all to the Active Direct Scope_Default I get an error saying "Domain name is not unique in the deployment for edit" I've looked around on the web but can't see anyone with the same issue! Any help would be appreciated. The only that I have in mind that could of caused an issue is when I messed with the ISE Wireless Setup is beta software.

 

Version 2.2.0.470
Product Identifier (PID) SE-VM-K9
Version Identifier (VID) V01
Serial Number (SN) SA5EBLDNOB6
ADE-OS Version 3.0.2.218
 
 
Thanks 
Matt
1 Accepted Solution

Accepted Solutions

Just in case someone else come across this problem. 

 

I solved this myself by removing the Scope_Default/AD server from the "identity source sequences"  and all of the Authentication/Authorisation polices where the objects were referenced. Once that was completed I exited scope mode which in turn placed the AD controller in the correct external identity sources directory tree. I removed the AD groups under the "Group" tab clicked on the "leave" button under the "connections" tab. I was then able to re-join the AD server and add the necessary AD groups and then re-added the AD server to the identity source sequences, and policies etc. This turned out to be a bit of a time thief! What perplexes me is how I managed to put my AD server into  Scope Mode folder to begin with?

 

View solution in original post

5 Replies 5

Arne Bier
VIP
VIP

Do you manually add the Group name, or select from Directory lookup?

I have never seen this but then again I have never used Scopes either.

Since you only have one domain controller, have you tried creating a new Join Point, (call it ATDC01a) and then don't use scopes and see if it's any different?

A single Domain Controller in a Scope is no different to not using Scope at all.

Hi Arne,

 

The group is from a directory lookup. Come to think of it I have no idea how I came to using scopes and not entirely sure what scopes are for?

OK I see what your saying I just noticed  the button that says "exit scope mode" however because it referenced in the config I have to reverse engineer it before moving the join-point back to the active directory folder...the plot thickens!

Thanks

Matt

Just in case someone else come across this problem. 

 

I solved this myself by removing the Scope_Default/AD server from the "identity source sequences"  and all of the Authentication/Authorisation polices where the objects were referenced. Once that was completed I exited scope mode which in turn placed the AD controller in the correct external identity sources directory tree. I removed the AD groups under the "Group" tab clicked on the "leave" button under the "connections" tab. I was then able to re-join the AD server and add the necessary AD groups and then re-added the AD server to the identity source sequences, and policies etc. This turned out to be a bit of a time thief! What perplexes me is how I managed to put my AD server into  Scope Mode folder to begin with?

 

@matt-blackwellcan you elaborate a little more when you say you removed the Scope_Default/AD server from the "Identity source sequences"

Are you talking about this portion

jebanks_0-1691097270962.png