Which permission is common to the Active Directory Join and Leave operations?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Active Directory Join and Leave operations are related to integrating the Cisco Identity Services Engine (ISE) with the Active Directory (AD) domain. In these operations, the Cisco ISE machine account is added or removed from the AD domain to establish communication between the ISE and AD.
The permission that is common to both Join and Leave operations is to create a Cisco ISE machine account in the domain if the machine account does not already exist. This permission is required because the Cisco ISE needs a machine account in the AD domain to perform various functions such as querying AD for user and group information, validating user credentials, and applying policies based on AD attributes.
Option A, which is to remove the Cisco ISE machine account from the domain, is not a permission but an action that is taken during the Leave operation to disconnect the Cisco ISE from the AD domain.
Option B, which is to search AD to see if a Cisco ISE machine account already exists, is not a permission but a prerequisite step that is performed before the Join operation to ensure that a duplicate machine account is not created.
Option C, which is to set attributes on the Cisco ISE machine account, is not a permission but a configuration step that is performed after the machine account is created during the Join operation. These attributes are used to define the role and scope of the Cisco ISE machine account in the AD domain.
Therefore, the correct answer is option D, which is to create a Cisco ISE machine account in the domain if the machine account does not already exist.