05-14-2021 11:32 AM
I've got ISE-PIC setup for testing.
I am seeing active sessions logged after setting a group policy to enable "Audit Kerberos Authentication Service" and "Audit Kerberos Service Ticket Operations"
My problem is this only shows users logging in to the joined domain/join point.
There are two ways trusts and other users log in to domain machines - I want to track these users/IP addresses as well.
05-14-2021 04:51 PM
Unable to understand your question.
05-14-2021 05:25 PM
ISE-PIC is joined to DOMAIN1
DOMAIN1 and DOMAIN2 have a two way trust
I only see identities/IP addresses for users in DOMAIN1.
When a user logs in as DOMAIN1\username I don't see any session/IP address
05-16-2021 04:28 PM
I assume you mean "When a user logs in as DOMAIN2\username I don't see any session/IP address". I that correct?
I'm no AD expert, but AFAIK ISE can use the two-way trust to query the directory in the second domain but I don't believe DOMAIN2 will share login events with DOMAIN1 for ISE to consume via Passive ID.
If you want to see login events for DOMAIN2, I would expect you would also need to have a DC from DOMAIN2 added using either WMI or the Agent.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide