I have just installed ACS 5.1 as a VM instance to provide TACACS AAA. So far things are working fine with local authentication and I now wish to have my users authenticate via AD. Looking at the user guide on page 8-39 it looks like I need to create an AD identity store and join the ACS server to the domain. Is this correct? and is the AD user name password required a one time thing to join the ACS server to the domain or a special account that must be created for the AD server?
Yes, that is correct.
ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time. Another one is a valid DNS server which can resolve internal names.
Both of them will be configured from the CLI:
And yes the admin username/password you use would be a one time. It could be an existing admin account, Just make sure whatever admin credentials you are using on ACS to integrate with AD should have privileges to add computer on the domain.
We will never recommend you to delete the admin account after integrating ACS with AD.
Do rate helpful posts-