06-19-2024 05:15 AM
I am setting up a new ISE 3.3 deployment.. Our network has two domains; mydomain,com and local.mydomain.com. The local domain is for all Windows systems and the other is the *nix domain. I have setup the ISE nodes on the *nix domain as they are RedHat underneath.
I want to add the ISE servers to the AD so I can use external identity source for user accounts. I know that you can join a linux machine to an Active Directory without changing the hostname of the client to hostname.mydomain.com but is there a way to add the Cisco ISE nodes to the AD without doing so.
06-19-2024 05:59 AM
When you join it to AD it will create a machine object in AD which _must_ exist within your AD forest. What is the need of having it under mydomain.com? Would a CNAME record from hostname.mydomain.com to hostname.local.mydomain.com be sufficient?
06-19-2024 06:37 AM
Or I just log into the ISE CLI and change the domain to local.mydomain.com and restart and the attempt to join the domain?
06-19-2024 07:02 AM
I'm good now. The DNS in the ISE was pointing to the wrong IP. Both ISE 3.3 nodes joined with no issues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide