No thats means ACS will not show the dynamically mapped user under users list unless they disconnet and authenticate again via ACS. It will remove all the dynamically mapped user from the ACS ( users exist on AD).
Dynamic user: If the user does not exist in the CS ACS local database, CS ACS marks that user as unknown and checks for an unknown user policy. If the unknown user policy is to fail the user, CS ACS fails the user. Otherwise, if external database is configured, CS ACS forwards that information to the configured external user database. CS ACS tries each external user database until the user succeeds or fails.If the authentication is successful, the user information goes into the cache of CSACS, which has a pointer for using the external user database. This user is known as a dynamic user.
The next time the dynamic user tries to authenticate, Cisco Secure ACS authenticates the user against the database that was successful the first time. These cached user entries are used to speed up the authentication process. Dynamic users are treated in the same way as known users.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...