This short guide will show you how to configure ISE-PIC (Passive Identity Connector) to monitor Active Directory using WMI. In previous versions of ISE, configuring PassiveID was a long process that involved many configuration steps on the AD controller. With the enhancements to PassiveID in ISE 2.2 and ISE-PIC, that process has become significantly easier. To begin, we need to configure an AD instance.
Configure an AD instance in ISE-PIC
Navigate to Providers -> Active Directory
Click the "Add" button to configure a new instance:
Give your instance and name and the domain we wish to monitor then click "Submit":
ISE-PIC will now ask you if you would like all nodes in the deployment to join AD. If you have more than one node in your deployment, click "Yes"
ISE-PIC will now ask you for domain admin credentials so that it can create a computer account in AD. Enter valid domain administrator credentials and click "OK":
If successful, ISE-PIC will state the process was completed. Click "Close":
Configure the AD instance for PassiveID
Now that we have our instance of Active Directory configured, we need to configure it for PassiveID. Begin by selecting the PassiveID Tab:
Click the "Add DCs" button:
Select the domain controller we want to monitor, then click "OK":
Notice that the domain controller has been added and the default monitoring state is WMI but that doesn't mean the domain controller is prepared to be monitored at this point. To monitor it using WMI, we need to configure it. Check the box for the domain controller then click "Config WMI"
The WMI configuration process could possible take some time to complete so ISE-PIC will offer to run the process in the background:
Once the WMI configuration process completes, ISE-PIC will give you the status of the configuration task:
At this point, ISE-PIC is monitoring the domain controller remotely via WMI. You can check the status of the domain controller on the dashboard using the "Providers" dashlet. Do not be alarmed if you don't see a green check right away:
At this point, you should have at least one session in the the sessions directory. That session is from the AD join process previously:
At this point, ISE-PIC has been successfully configured to remotely monitor AD using WMI.
Hello, Wanted to run this question by you guys: We are deploying 3 Guest PSNs (One per region) which are going to be used only for Guest Self registration portal and sponsor approval services. Is it possible to: If I am an ...
The far end can bring up the tunnel; I confirm it with the show IPSec SA command. They launch a ping, the tunnel comes up, but they do NOT see the echo-reply. If I tear down the tunnel, and initiate it from my side, the tunnel comes up, AND the ...
Hi, I'm installing ISE 2.6 with Anyconnect 4.7 with ISE Posture VPN Posture and Compliance Module 4.3 for posture. But When test PC is connected to NAD, it gets authenticated but Compliance Modue shows message "Byppassing anyconnect scan your network...
Dear Support, We have FMC 2500 appliance where fiber card 10 GB is integrated.we are trying to move the management copper port , to the fiber ports 10 GB. however , if you go to system > configuration > management interfaces , you will onl...