AKAIK, No this account is only used to join ISE to the domain. Once the ISE nodes is a member of the domain, it uses its own machine/domain account to authenticate/search the forest.
AKAIK, No this account is only used to join ISE to the domain. Once the ISE nodes is a member of the domain, it uses its own machine/domain account to authenticate/search the forest.
Hi, Yes you are correct if ISE is joined to domain. But if AD is added as LDAP source then it uses bind requests through the configured account. I should have been clear on this.
I would say it depends on what you added for profiling. If you will be relying on Active Directory attributes for profiling then you should store the access details on ISE. In that case, if you remove the account you used from the AD that will affect ISE profiling functionality.
Yes, AD account should be permanent. ISE uses this AD account for bind requests to AD when authenticating users. Also, it is used for groups fetching etc
**** please remember to rate useful posts
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
