Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
952
Views
0
Helpful
1
Replies

AD Integration - Exclude Certain ISE Nodes From AD Join

gschmitt.ngit
Level 1
Level 1

‎04-18-2019 04:36 PM

We have ISE PSN nodes in a DMZ guest access scenario and do not want them joined to the AD.

Is there any way to disable the AD join for specific ISE nodes while allowing it for others?

Cheers

0 Helpful
1 Reply 1

Damien Miller
VIP Alumni
VIP Alumni

‎04-18-2019 11:30 PM - edited ‎04-18-2019 11:31 PM

This is possible but you will have to live with a dashboard alarm. At least in ISE 2.4, if you don't join every node in the deployment to AD, it triggers the "Active Directory not joined" alarm. You can turn this alarm off globally but not on a per node basis.

You choose which nodes you want to join to AD in each external AD domain you set up. Each PSN can be joined to up to 50 domains, and it's entirely up to you as to which node you join to which domain if at all. As long as you don't need AD authentication via the specific PSN's, then there is no requirement to join AD. 

 

Example
lab.PNG

 

lab2.PNG

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents