Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3937
Views
0
Helpful
2
Replies

Question on ISE machine account on Active Directory

Go to solution
smukai
Cisco Employee
Cisco Employee

‎05-24-2016 03:43 AM

I have a question on the ISE machine account that needs to be created on Active Directory: Why does it want ability to change its own password?

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html#reference_F19556CAD5C949B58DF89334E2C6255D

> Active Directory Account Permissions Required for Performing Various Operations

>  Cisco ISE Machine Accounts

>   * Ability to change own password

Thank you!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎05-24-2016 04:04 AM

It is MS requirement. All machines joined to the domain are required to change its password periodically. I believe the default interval is per 90 days. Many think that the password is set by the AD server, but that is not the case, the password is generated from the machine and updated to the AD server which is why that permission is needed.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎05-24-2016 04:04 AM

It is MS requirement. All machines joined to the domain are required to change its password periodically. I believe the default interval is per 90 days. Many think that the password is set by the AD server, but that is not the case, the password is generated from the machine and updated to the AD server which is why that permission is needed.

0 Helpful

Go to solution
smukai
Cisco Employee
Cisco Employee
In response to howon

‎05-24-2016 04:15 AM

I believe this answers my question.  Thank you very much!

0 Helpful
Customers Also Viewed These Support Documents