Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
559
Views
0
Helpful
4
Replies

ISE 1.2 Active Directory Question

Go to solution
ALAN MURRAY
Level 1
Level 1

‎05-13-2014 03:51 PM - edited ‎03-10-2019 09:42 PM

Hi,

I have a question regarding using Active Directory as an External Identity Source.

Our customer has 4 AD servers in their domain and thus 4 DNS entries for the domain. When I join ISE to the domain DNS resolves to one address and uses that machine to perform the join operation. What happens if the machine subsequently fails - does my ISE node need to leave and then re-join the domain or is this handled by some other method?

Thanks

Alan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M. Wisely
Level 4
Level 4

‎05-14-2014 01:09 AM

Assuming that they're part of the same AD domain ISE will learn all of the DCs in the domain and you'll likely find after a while that it has moved to a different DC. We have over 100 DCs in our domain and it works just fine, no intervention is required to get it to connect to a different DC if the one it's connected to disappears.
 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Saurav Lodh
Level 7
Level 7

‎05-13-2014 10:38 PM

In case of any failure, you should always leave and re join

0 Helpful

Go to solution
M. Wisely
Level 4
Level 4

‎05-14-2014 01:09 AM

Assuming that they're part of the same AD domain ISE will learn all of the DCs in the domain and you'll likely find after a while that it has moved to a different DC. We have over 100 DCs in our domain and it works just fine, no intervention is required to get it to connect to a different DC if the one it's connected to disappears.
 

0 Helpful

Go to solution
ALAN MURRAY
Level 1
Level 1

‎05-14-2014 02:37 PM

Thanks to all who have replied. It appears we have two correct answers so for my own piece of mind I'm going with the one from martinwisely2 - it suits my purposes at this stage. Needless to say I shall test this before putting into production.

 

Once again many thanks.

 

Alan

0 Helpful

Go to solution
kaaftab
Level 4
Level 4

‎05-15-2014 06:36 AM

yes you can join AD if any issue come but for same domain. As currently ISE is does not support multi domain features which are expect in future release and you can manage in current version through trust relation.

***********Do rate Helpful posts*******************

0 Helpful
Top