cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
526
Views
0
Helpful
4
Replies
Beginner

Condition to check Domain Machine

Hi guys,

please, wich is the best solution to know if a machine is member of the Microsoft AD Domain?

I am looking for something in ISE conditions but i couldn't see anything related.

thanks a lot

4 REPLIES 4
Cisco Employee

Condition to check Domain Machine

do you only need to perform and match machine authentication ot machine plus user authentication from the MS ad domain.

The below listed screen shot is good example to understand machine and user. This is called machine access restriction.

https://supportforums.cisco.com/servlet/JiveServlet/showImage/2-3715106-99239/Machine%2BUser.jpg

If you only looking for machine authentication that we have to use condition with systemuser equals to host/

Jatin Katyal


- Do rate helpful posts -

~Jatin Katyal
Highlighted
Beginner

Condition to check Domain Machine

Hi Jatin,

thanks a lot for your reply!

I'll test this and i'll send the results.

thanks

Beginner

Condition to check Domain Machine

Hi Jatin,

please, could you answer me a question which i am a litlle confused about it?

Why does the Machine AD Domain verification isn't on Posture verification?

Because can i see the Machine AD verification like a posture requeriment? isn't it?

thanks

Beginner

Condition to check Domain Machine

This can be accomplished in 2 ways:

Check whether the machine was authenticated. I agree with Jatin, he has provided helpful information

For more information follow this location

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_auth_pol.html#wp1063457

OR

Configure Profiling condition based on IP:FQDN attribte CONTAINS "ad-domain.com"

Review the following link:

https://supportforums.cisco.com/message/3940928#3940928