cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

230
Views
0
Helpful
1
Replies
miclacs13
Beginner

ISE nodes - AD join question

We have a distributed deployment and each ISE node is joined to different Domain Controllers. Some of these Domain Controllers are going away and new DCs will be built to replace the old ones. How do I remove the ISE nodes from the old DCs and join to the new DC with zero-downtime?

1 REPLY 1
agrissimanis
Beginner

The failover will be handled automatically by ISE, but you must have at least one of the name servers available (specified with ip name-server x.x.x.x from ISE cli)

As long as there is at least one other DC available for ISE to join to when the old ones are switched off, you should be fine.

The success of this operation depends on the health of your AD (SRV records, etc). One way to check is to run the AD diagnostics tool from ISE.

Best to do this during off-peak hours or maintenance window of course...

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube