Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
5
Helpful
2
Replies

Multiple AD External Identity Sources in ISE 1.2

Go to solution
bberry
Level 1
Level 1

‎03-19-2015 07:53 AM - edited ‎03-10-2019 10:33 PM

First I guess is it possible to have multiple AD entries for External Identity Sources in ISE 1.2? When I display Active Directory (AD1) it displays my four ISE servers with a status of connected but I see no where to add anything additional. I did not originally set this up so figure I am missing something somewhere if this is possible. I though maybe add under LDAP and then it would roll into AD or something but I have nothing listed under LDAP either.

What I am trying to do is figure out how to have ISE cover our two different domains. We ahve one big forest but currently that is split into two AD domains based upon our two divisions.  am trying to see if possibly I can simply get through the existing configuration to pull security groups from the other domain into the dictionary but so far that has proven not do able.

Brent

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Saurav Lodh
Level 7
Level 7

‎03-20-2015 01:05 AM

The ISE v1.3 allows you to add 50 diff. Domains, Please upgrade it to v 1.3

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html

View solution in original post

2 Replies 2

Go to solution
Saurav Lodh
Level 7
Level 7

‎03-20-2015 01:05 AM

The ISE v1.3 allows you to add 50 diff. Domains, Please upgrade it to v 1.3

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html

Go to solution
bberry
Level 1
Level 1
In response to Saurav Lodh

‎03-20-2015 10:46 AM

Saurav,

 

I was beginning to think that might be the solution. Now I just need to go through the release notes and make sure there are no issues with it running on ACS-2111 appliance. We are currently using this as the secondary Admin but knew we would have to move off something. I think management is hoping later than sooner especially since we are still in that initial roll out phase.

How does the system handle the fact that this is all centralized but I have users authenticating from the different time zones? I have been reading about everything pointing to the same NTP server but took that to simply be the servers in the ISE Cluster. Will this also impact all the switches and network devices involved in the authentication process?

 

Brent

0 Helpful
Customers Also Viewed These Support Documents