07-26-2018 01:11 AM - edited 03-11-2019 01:46 AM
Hi ISE experts,
I'm working in a SDA project and my customer, Italian Broadcaster, wants to use ISE with external AD.
They raised us a question: what happen if external AD fails while ISE is running properly? Is ISE able to cache AD DB, synchronize all the info in local ISE DB and grant authentication even if external AD is down?
Can you please confirm that ISE doesn't cache AD credentials. However, customer can setup the ISE to work with up to 50 ADs.
"DC Failover
Domain controller (DC) failover can be triggered by the following conditions:
The AD connector detects if the currently selected DC becomes unavailable during the LDAP, RPC, or Kerberos communication attempt. The DC might be unavailable because it is down or has no network connectivity. In such cases, the AD connector initiates DC selection and fails over to the newly selected DC.
The DC is up and responds to the CLDAP ping, but AD connector cannot communicate with it for some reason, for example if the RPC port is blocked, the DC is in the broken replication state, or the DC has not been properly decommissioned. In such cases, the AD connector initiates DC selection with a black list ("bad" DC is placed in the black list) and tries to communicate with the selected DC. Neither the DC selected with the blacklist nor the blacklist is cached."
Is it the suggest way to go?
Please let me know
best Regards
Marco
Solved! Go to Solution.
07-26-2018 12:07 PM
07-26-2018 12:07 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide