This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Dear Expert, i want to ask regarding integrating ISE with Active directory.
Solved! Go to Solution.
Mohammed gave a great detailed answer. The simple answer is joined ISE to AD is identical to joining a Windows server/computer to AD. The ID used to join ISE to AD needs to have join permissions. Once ISE is joined to AD it has its own computer account to interact with AD. The ID used to join ISE to AD is not saved unless you check the box to save it.
Just to add what @paul mentioned about the saved AD credentials - I have never found a Cisco document that explained why this would be needed/beneficial. It seems obvious at first that you would NOT want to save the admin's credentials in ISE (esp if password changes over time, or just because of plain paranoia).
However, after watching the labminutes.com series he quite causally mentions that the Save credentials is REQUIRED if you are using the ISE AD Probe (Profiling). I have never seen this confirmed anywhere. I have not tested to see if AD probing breaks if I joined AD without saving creds.
It would be nice to have the official statement from Cisco about WHY this option even exists.