ACS 5.3 - AD credentials

Document

Fri, 05/11/2012 - 08:06
May 11th, 2012

Hi All

Apparently you need the following to connect the ACS to the AD Domain -

Add workstations to domain user right in corresponding domain.

Create Computer Objects or Delete Computer Objects permission on corresponding

computers container where ACS machine's account is precreated (created before joining

ACS machine to the domain).

I am being asked by the AD guy why we need this sort of permission

Does anyone Know ?

Steve

Loading.
mauzamor Fri, 05/11/2012 - 08:06

Hi,

Those privileges are required because during the ACS-AD integration the ACS must create a Computer account under Domain Computers in AD, this is because for Microsoft AD all the authentication requests must come from a computer, so this ACS computer account is used for that purpose.

This is something that we cannot avoid and you will notice that without those privileges the ACS will not join with AD, you will start getting error messages. Let me know if you need more information.

Actions

This Document