Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
157
Views
0
Helpful
3
Replies

Join ISE 3.3 to Windows AD

DAVID
Level 3
Level 3

‎06-19-2024 05:15 AM

I am setting up a new ISE 3.3 deployment..  Our network has two domains; mydomain,com and local.mydomain.com.  The local domain is for all Windows systems and the other is the *nix domain.  I have setup the ISE nodes on the *nix domain as they are RedHat underneath.

I want to add the ISE servers to the AD so I can use external identity source for user accounts.  I know that you can join a linux machine to an Active Directory without changing the hostname of the client to hostname.mydomain.com but is there a way to add the Cisco ISE nodes to the AD without doing so. 

0 Helpful
3 Replies 3

Torbjørn
Spotlight
Spotlight

‎06-19-2024 05:59 AM

When you join it to AD it will create a machine object in AD which _must_ exist within your AD forest. What is the need of having it under mydomain.com? Would a CNAME record from hostname.mydomain.com to hostname.local.mydomain.com be sufficient?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

DAVID
Level 3
Level 3
In response to Torbjørn

‎06-19-2024 06:37 AM

Or I just log into the ISE CLI and change the domain to local.mydomain.com and restart and the attempt to join the domain?

0 Helpful

DAVID
Level 3
Level 3
In response to Torbjørn

‎06-19-2024 07:02 AM

I'm good now.  The DNS in the ISE was pointing to the wrong IP.  Both ISE 3.3 nodes joined with no issues.

0 Helpful
Customers Also Viewed These Support Documents