Solved: Cisco ISE - ADD new AD servers

SagarDebnath8187 · ‎01-16-2020

Hi,

I am new to Cisco ISE. We have an existing distributed ISE environment. Currently 5 ISE is pointing to 2 Domain Controller. However the AD servers are now migrated to AWS. Now I want to modify the existing configuration of ISE pointing towards the new Domain Controllers. The Active Directory Domain is same only we need to change the IP address or FQDN. Can anyone guide me.

Colby LeMaire · ‎01-16-2020

Assuming the AD domain was added as an AD external identity source, then there is no place to add domain controllers by IP. ISE operates just like any Windows client in that it uses DNS to find the domain controllers. You do not add individual domain controllers into ISE when connecting to AD. ISE queries AD for the domain name and asks for the nearest domain controller. So as long as your DNS is updated to the new AWS IPs, then everything should be fine.

If they were added as an LDAP external identity source, then go to Administration->Identity Management->External Identity Sources->LDAP. There you can update the primary and secondary IP's for your LDAP connection.

View solution in original post

Colby LeMaire · ‎01-16-2020

Assuming the AD domain was added as an AD external identity source, then there is no place to add domain controllers by IP. ISE operates just like any Windows client in that it uses DNS to find the domain controllers. You do not add individual domain controllers into ISE when connecting to AD. ISE queries AD for the domain name and asks for the nearest domain controller. So as long as your DNS is updated to the new AWS IPs, then everything should be fine.

If they were added as an LDAP external identity source, then go to Administration->Identity Management->External Identity Sources->LDAP. There you can update the primary and secondary IP's for your LDAP connection.