Solved: Re: RODC with ISE-PIC (wmi or agent)

Spyros Kasapis · ‎03-28-2022

Hello ,

it is clear that it is not supported but is there any workaround ?

thomas · ‎04-15-2022

Talk to your AD admins. They can do whatever they want to the controllers, but you can only read group memberships from them - hence the name Read Only Domain Controller.

View solution in original post

thomas · ‎04-12-2022

The ISE PIC 3.1 Admin guide says

Cisco ISE does not support Read-only Domain Controller for authentication flows.

But ISE PIC does not perform authentication - it is passive and only receives events for username to IP login/mapping events.

Spyros Kasapis · ‎04-12-2022

Hello Thomas ,

can we deploy agents in Read-Only Domain Controllers and learn active connections from there ?

Thank you in advance.

thomas · ‎04-15-2022

Talk to your AD admins. They can do whatever they want to the controllers, but you can only read group memberships from them - hence the name Read Only Domain Controller.

carrols1 · ‎06-01-2024

Hi thomas ,

I am not asking about under ISE PIC. To join RODC with ISE do we need to join RODC as active directory or under LDAP? Is it possible to join RODC as Active directory (not under LDAP) for the authentication purpose? Because I see some authentication protocol limitations under LDAP.