ACS 5.1 and AD Join

Unanswered Question
Sep 1st, 2010

This is probably a stupid question, but I am an ACS noob, so forgive me.

I am deploying ACS 5.1 to a AD network and had a question regarding the join process to AD.  The User Guide states to use a "predefined user in AD with permission to add machines to the AD domain".

Can the machine account for ACS be predefined in AD and then connect using any valid creds, or is the condition specified the only way ACS will join the AD domain?

Thanks for any help you can provide.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Przemyslaw Konitz Thu, 09/02/2010 - 00:50


I never tried what you are trying to accomplish but as I know machine account can't list other users and attributes from AD. ACS need to have account defined in its gui which is used to list/check/verify groups and so on.


Neno Spasov Fri, 09/03/2010 - 04:42

You need to create username and pwd for ACS in AD. ACS will use that account to query AD for groups, users, etc. The account needs permissions to add machines because it will join the acs server to your domain.

bruceboardman Fri, 09/03/2010 - 11:52

Yes you can pre-create the machine account, and that appears to

be the only write access the ACS needs. I went round and round with TAC re this, they saying

it was only supported if the ACS had a Domain Admin account, but it's not neccessary, once the ACS is in the domain, it only reads.

Neno Spasov Fri, 09/03/2010 - 11:56

That is correct there is no need for it to be a domain admin account. Our ACS account is only a domain user


This Discussion