Professional Documents
Culture Documents
Identity Management
AD Integration
Last updated: May 16, 2013
Task
Join ISE to the AD domain.
Import the groups in the table below.
Configuration
To join the domain we need to add an external identity source. The external identity source is added
under
Administration>Identity Management>External Identity Sources>Active Directory.
Define the INELAB>LOCAL domain and give the Identity Store a name. Click the Save
Configuration button.
Now we can see that ISE has been added. We need to select the checkbox next to the ISE node
and click the Join button.
Enter the credentials of an account that has the rights to add devices to the domain. In this case we
are using the Administrator account.
We can also use the Test Connection button, but a test is performed when we join the domain.
Now click the groups tab and click the Add button. Click the Select Groups From Directory option.
Click the Retrieve Groups button.
Verification
The verification for this task occurs as you add the server. If the process fails, you will not be able to
add the domain as seen in the configuration section.
One event may occur here: an issue with the time skew between the AD and the ISE. The clocks
need to have little skew. When performing the basic test, you may see the following error.
Because NTP is synchronizing the network, the easiest thing to do is change the clock on the
server to match the clock on the network.