08-20-2018 12:48 PM - edited 08-20-2018 12:51 PM
Hi,
if we are using WMI to monitor all our DCs( over 100 in 2 forests), the account we used for WMI has to change the password every year .....
Is there a way to do a bulk edit to update the password?
2nd question, we have local PSN cluster and DCs have site setup.
once we enable WMI, will local PSN only contact local DC site? How does traffic sharing between multiple PSN in different cluster?
Solved! Go to Solution.
08-22-2018 08:42 AM
08-20-2018 01:17 PM
Currently no way to bulk change password for this operation. Please reach out to local Cisco sales team or use the ISE feedback tool (From GUI, click gear icon > About Identity Services Engine > Provide Feedback)
ISE will leverage native SRV records in the DNS response to find AD servers. If Windows Sites & Services is configured then each ISE node will find local AD server per Site & Services setup.
08-20-2018 02:08 PM
Hi,
do you know if i have PSN1 and PSN2 in same cluster, will both query same AD server? or PSN1 will query to AD1 and PSN2 query AD2? for remote Sites, how PSN query?
still try to understand the traffic flow.
08-22-2018 08:03 AM
Please disregard my answer to the 2nd question. My answer was for normal ISE/AD integration not for PIC/WMI. Have reached out to ISE-PIC subject matter expert who can provide the answer.
08-22-2018 08:42 AM
09-04-2018 12:42 PM
i see. thank you.
Do you know if there is a session limitation?
Like Agent method, in the document mentions that each agent can monitor 10 ADs.
Is there a limitation for WMI to monitor ADs ?
09-04-2018 03:27 PM
100 DCs
Use the ISE scaling guide as a reference:
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide