cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
294
Views
0
Helpful
1
Replies
Beginner

AD Integration - Exclude Certain ISE Nodes From AD Join

We have ISE PSN nodes in a DMZ guest access scenario and do not want them joined to the AD.

Is there any way to disable the AD join for specific ISE nodes while allowing it for others?

Cheers

1 REPLY 1
Highlighted
VIP Engager

Re: AD Integration - Exclude Certain ISE Nodes From AD Join

This is possible but you will have to live with a dashboard alarm. At least in ISE 2.4, if you don't join every node in the deployment to AD, it triggers the "Active Directory not joined" alarm. You can turn this alarm off globally but not on a per node basis.

You choose which nodes you want to join to AD in each external AD domain you set up. Each PSN can be joined to up to 50 domains, and it's entirely up to you as to which node you join to which domain if at all. As long as you don't need AD authentication via the specific PSN's, then there is no requirement to join AD. 

 

Example
lab.PNG

 

lab2.PNG