We are looking to have our cisco vpn client users authenticate to AD. We don't want to add the users in ACS but still point our ASA > ACS > AD. I.e, we don't want to add a new employee into ACS but still permit him to VPN (ACS)in and auth against AD. I know we can point ASA to IAS directly and bypass ACS.
I have this problem too.