Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1368
Views
5
Helpful
2
Replies

ISE Machine Account in AD

Go to solution
AMNassiri0210
Level 1
Level 1

‎10-25-2022 09:29 PM

Hi Everyone, 

I would like to know why ISE needs the ability to change own password in AD with the Machine account.

What is this functionality used for as this is flagged by a client?

The ISE/AD integration lists the requirements for the Machine account but does not specify why this functionality is required.

Below is the list of requirements from the guide for the ISE/AD Machine account:

  • Set attributes on the machine account (for example, Cisco machine account password, SPN, DNS Hostname)
  • Ability to change own password
  • Read the user/machine objects corresponding to users/machines
  • Query Active Directory to get information (for example, trusted domains, alternative UPN suffixes)
  • Ability to read token Groups attribute

Appreciate your inputs.

Thanks. 

A M Nassiri

0 Helpful
1 Accepted Solution

Accepted Solutions
2 Replies 2

Go to solution
poongarg
Cisco Employee
Cisco Employee

‎10-25-2022 10:11 PM

Kindly refer below community post, hope it will answers your query:

https://community.cisco.com/t5/network-access-control/question-on-ise-machine-account-on-active-directory/m-p/3600826

 

Go to solution
AMNassiri0210
Level 1
Level 1

‎10-27-2022 02:34 PM

Thank you @poongarg. Appreciate your prompt assistance.

0 Helpful
Customers Also Viewed These Support Documents