02-16-2020 04:03 AM
I've inherited an ISE deployment and In our AD there is a ISE service account who is a domain admin.
Going through the ISE guides, I can that the service account need specific permission in AD, and I guess they've used a domain admin (the dirty way).
I want to rectify this by creating a new account with the specific permission, but I can't seem to find where the account is defined within ISE. The only account I can find (but not used in any way), is the AD join account.
So the question is, where do I find the other account in ISE?
02-16-2020 08:08 AM
02-17-2020 04:47 AM
Hi Damien
Both nodes are present in AD, and "joined" under External Ident.
I've stepped through the guide again, and under "Set Permissions for Access to WMI Root/CIMv2 Name Space" the account is applied on our Domain controller. But I can't seem to find, where the user is defined in ISE (where the pwd is set)
02-17-2020 07:15 AM
02-20-2020 08:36 PM
The WMI thing is for Passive Identity.
Unless you are using that feature, you would not need the user credentials, just like Damien said.
02-21-2020 01:16 PM
02-24-2020 11:54 PM
I haven't found the settings for the service account within ISE?
02-25-2020 12:56 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide