Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
629
Views
0
Helpful
5
Replies

ACS 4.1 replication issue and full replication

r.spiandorello
Level 1
Level 1

ā€Ž06-21-2010 07:20 AM - edited ā€Ž03-10-2019 05:12 PM

Hi,

how to force a full replication in ACS 4.1 ?

Sometimes, I cannot find some users only in the secondary ACS and the primary ACS doesn't replicate them again (because no changes made on primary ACS).

thank you in advance

rs 

Labels:
0 Helpful
5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

ā€Ž06-21-2010 07:17 PM

If few users are not getting mapped then these users might be mapped as dynamically users and later on someone might have done some changes under user profile and it started appearing as static users but in actual acs never changes the  flag value of dynamically mapped users.


If they are static users and you didn't change any thing then the only option left to delete and readd the user. It wll work for sure.


ACS replication components.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SCAdv.html#wp756374

HTH

Jatin



Do rate helpful posts-

~Jatin
0 Helpful

Jagdeep Gambhir
Level 10
Level 10

ā€Ž06-22-2010 02:39 AM

Hi RS,

It seems you are talking about dynamic users (User that are stored in AD). Dynamic users are not replicated and there is no need to worry about. Backup ACS will show those user once they are authenticated by secondary server.


This is how it works


--> USER1-------> Got authenticated via Primary ACS---> This user will show up in user database and further it will not be replicated to secondary ACS, so --> Secondary ACS will not show USER1 in its database.


Now our primary server goes down.


---> User1 tries to login again ---> Will be authenticated via Secondary ACS---> Now you will see this user in its database.


Hope that helps!



Regards,

~JG


Do rate helpful posts





0 Helpful

r.spiandorello
Level 1
Level 1
In response to Jagdeep Gambhir

ā€Ž06-22-2010 02:50 AM

Hi, I agree with you, they would seem dynamic user, imported with unknown ures policy, but they are users with windows password only.

How to see a list of dynamic users only in ACS 4.1 to verify their nature ?

thanks

rs

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to r.spiandorello

ā€Ž06-22-2010 04:40 AM

When you click on user setup and then list all user. It will show you all the users ACS has authenticated. Users who are labelled with "dynamic" word are called dynamically mapped from AD.


HTH

Jatin


Do rate helpful users-

~Jatin
0 Helpful

r.spiandorello
Level 1
Level 1
In response to Jatin Katyal

ā€Ž06-22-2010 05:48 AM

Ok, I confirm you those users were not dynamically imported, but statically defined.

thank you in advance

greatings

rs

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents