cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

AD Operational/Not Operational

mick5kull
Cisco Employee
Cisco Employee

Hi experts,

 

Does ISE automatically leave from Active Directory domain and re-join during reboot if it is already joined?

Does ISE periodically communicate with Active Directory DC after it joined to a domain?

 

I read "Active Directory Integration with Cisco ISE 2.x" below but it only describe behavior on application reset or configuration restore.

 

'When you reset the Cisco ISE application configuration from the command-line interface or restore configuration after a backup or upgrade, it performs a leave operation, disconnecting the Cisco ISE node from the Active Directory domain, if it is already joined.'

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html#ID612

 

 

[Background]

My customer says they sometimes see "Not Operational" when checking AD integration status in [Administrator]->[External Identity Source]->AD domain after ISE reboot.

They say there seems no impact to user authentication during "Not Operational", but asking why ISE changes its status.

Who Me Too'd this topic