Showing results for 
Search instead for 
Did you mean: 

OIDs to monitor ISE active directory


I was reviewing the available SNMP OIDs available to monitor ISE:


Is it possible to send SNMP traps to monitor the active directory? for example is there a OID to know if the active directory isn't operational /Joined or an OID for AD Connector status (in show app status ise command) ... etc

4 Replies 4

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

Hi @SMD28316 ,

 ISE 2.4+ automatically and periodically run the AD Diagnostic Tool (at Administration > Identity Management > External Identity Sources > Active Directory > select the AD, click Advanced Tools > Diagnostic Tool) ... please check if this diagnostic test is what you need.


Note: prior to ISE 2.4, such test are ONLY triggered manually by an ISE Admin User.


Hope this help !!!

Greg Gibbs
Cisco Employee
Cisco Employee

See the following post for the MIBs supported by the SNMP Agent on ISE. These are mainly MIBs supported by the underlying RHEL OS, so there is limited monitoring of the ISE application itself via SNMP.

Monitoring ISE health using SNMP Polling 

Customers typically monitor these critical operations via Email and/or Syslog alarms.

Cisco ISE Alarms



Ok but which ones can be used to monitor the active directory connections?

There are a number of Syslog messages related to Active Directory events. You can find them on the Administration > System > Logging > Message Catalog page by filtering on 'AD Connector'

If you sort the alarms by name, those related to AD are towards the top of the list and include references to 'Active Directory' or 'AD' in the name.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers