Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1087
Views
1
Helpful
1
Replies

ISE AD passive ID

Go to solution
wileong
Cisco Employee
Cisco Employee

‎04-23-2018 06:54 AM

Hi,

We are positioning ISE Base for AD passive ID. Part of ISE passive ID on AD require some changes in AD. Upon checking on the documentation, the following is the requirement

My customer is not comfortable with changing AD setting and registry. Understand that there is a ISE agent auto configuration, does the ISE automation perform the same as above?

If my customer is not comfortable with the above steps, what option do we have? SPAN?

Thanks

Wing Churn

1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎04-23-2018 07:14 AM

Hi,

The "Config WMI" button automates the required steps to remotely monitor AD logon events.  The agent is less intrusive because it is a native windows application.  The agent can be install on the controller itself or on a member server that will then monitor the DC.  If either approach is unacceptable, the customer can either use kerberos SPAN or syslog.

Regards,

-Tim

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎04-23-2018 07:14 AM

Hi,

The "Config WMI" button automates the required steps to remotely monitor AD logon events.  The agent is less intrusive because it is a native windows application.  The agent can be install on the controller itself or on a member server that will then monitor the DC.  If either approach is unacceptable, the customer can either use kerberos SPAN or syslog.

Regards,

-Tim

0 Helpful
Customers Also Viewed These Support Documents