I have read/heard two completely different reasons/theories why ISE allows the AD user creds to be saved at the time of joining an Active Directory domain. I have to say I never save the creds and I have yet to see the point of it:
1) Saving creds allows the PAN to easily join any nodes that are registered in the future without needing to enter the creds again.
2) Saving creds is required to allow the AD profiler probe to work
I am comfortable with reason one and I don’t care if I have to enter the creds for each new ise node I register. But point two concerns me. Does the AD profiler probe really need this ? I have not tested but I was fairly sure that my AD probes work without saving AD creds.
Does anyone know the real use case for saving AD creds? I can’t find an answer in the manuals.