Connecting Cisco ISE 2.1 to an Active Directory Domain (Windows Server 2012 R2)

Having recently just installed ISE 2.1 I want to use my active directory as an external identity source. ISE has a built in user store known as the internal identity source where you can create users however most deployments use active directory or some other LDAP source for authentication.

Firstly navigate to your ISE instance within a supported web browser using https://x.x.x./ and login, I haven't used ISE for a long while so the first thing I noticed upon logging in was how modern the GUI looks in version 2.

Once logged in navigate to Administrator -> External Identity Sources, as seen below.

You can then navigate to Active Directory and the Click Add, you will see the following prompt. The join point name is just a local descriptor for ISE as ISE supports the joining of multiple different active directory domains. So name it something meaningful if you plan to join your ISE to multiple domains for example, (Test, Dev, Production, etc)

The active directory domain is what it says, the name of the domain. Ideally you should have your ISE name servers pointing to your domain controllers otherwise you will need to ensure you have an A record for your root domain pointing to your domain controllers.

Once you click 'Submit' you will see that the Active Directory connection has been added to ISE but it still needs to join the domain. Click the checkboxes against your ISE nodes that you wish to join the domain (in my case I just have one standalone instance of ISE) and click the join button.

The following pop up will appear where you should enter the credentials for an account that can be used to join the ISE instance to your active directory.

Job done!