Solved: Re: Finding AD admin account when used at integration ise and ad

CiscoJane · ‎11-01-2023

Hi all,

I have a questions regarding cisco ise ad integration. I have integrated ISE and AD using one of the admin account of AD, Then, i cannot remember which one i have used. How could i find it at ise? Can i check it which account name is using at cisco ISE side? coz i need to change this AD account password according to our organization policy.

Thank you.

Greg Gibbs · ‎11-02-2023

That will not be an issue. It does not matter what account is used to perform the domain join operation as long as the account has the necessary permissions as defined in the Active Directory Integration with Cisco ISE 2.x guide (which also applies to 3.x).

View solution in original post

marce1000 · ‎11-02-2023

- Go to Administration > Identity Management > External Identity Sources > Active Directory .
and review the settings,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

CiscoJane · ‎11-02-2023

i cannot see any review setting there.

Arne Bier · ‎11-02-2023

@CiscoJane - when you integrated ISE with AD, did you tick the box "store credentials" or not? If not, then ISE would not have retained the creds - all that ISE does, is to create an AD machine account. It's not required to store the creds in ISE for regular AD joins. I struggle to remember why this option is even there - I think it might only be used when doing Passive ID.

CiscoJane · ‎11-02-2023

If we cannot know that account anymore, we may plan to join using new account.

Greg Gibbs · ‎11-02-2023

That will not be an issue. It does not matter what account is used to perform the domain join operation as long as the account has the necessary permissions as defined in the Active Directory Integration with Cisco ISE 2.x guide (which also applies to 3.x).