- Cisco Employee,
The purpose of this document is to talk about the ACS - Active Directory integration issue being faced on ACS 5.3.
After applying patch 3 or later on ACS 5.3, the Active Directory may show as disconnected or may fail to join.
Recently it has been noticed that after applying patch 3 or later, ACS 5.3 leaves the Active Directory domain and joins it back. If the service account password has expired or has been changed (since the last ACS AD join) then ACS will fail to join the Active Directory back.
It is also noted that if the service account username or password contains a dollar sign ($), ACS 5.3 will come back stating that the password is incorrect. This is documented as a bug CSCtz76233.
In order to resolve the issue please ensure that the service account password is correct, not expired and the username or password do not contain the dollar sign ($) before applying the patch 3 or above on the ACS 5.3.
Please refer to ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example for detailed information on how to integrate ACS 5.x to AD.
This doc is created with info from Vivek Santuka.