ACS Express 5.0 binding user for Active Directory

Unanswered Question
Jun 16th, 2009
User Badges:

Hi,


I have a few questions regarding ACS Express' binding user for Active Directory integration:

1. Does the user have to be a service account in Active Directory?

2. Let's say the AD administrator pre-created the computer account manually, does the binding user still need admin rights?

3. Once the ACS Express successfully joined the domain, can we convert the binding user to a normal user (non-admin)?


I tried searching for a more detailed explanation on this, but couldn't find any. Any help will be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
sadbulali Mon, 06/22/2009 - 11:06
User Badges:
  • Bronze, 100 points or more

When ACS Express is configured to use Active Directory (AD) as an external database, the ACS Express appliance must be joined to the AD domain. AD controls who is allowed to join computers to the domain.

1. Any user with a valid domain account can add a computer to the domain.

This is the default configuration for Windows Active Directory. It permits any successfully authenticated user to add as many as 10 computers to the domain. Many enterprises leave their domains set up this way so that administrative access is not required for a computer to join the domain.

2. Permission to add a computer to the domain is restricted to a privileged set of users.

When permission to add a computer to a domain is restricted, a user adding the computer must log in with an account that has appropriate administrative rights and provide a password. If your organization restricts who can add computers to the domain, joining the ACS Express appliance to the domain might require explicit permissions. For example, adding computers to the domain might be restricted to users in the Domain Administrators group or delegated within Organizational Units to specifically designated users or groups.



dany.datacraft Tue, 06/23/2009 - 18:55
User Badges:

Hi,


Thanks for the reminder. I have this from the user guide, however, it doesn't really answer my questions above...


1 point for you.

Actions

This Discussion

 

 

Trending Topics - Security & Network