Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS 5.1 and AD Join

This is probably a stupid question, but I am an ACS noob, so forgive me.

I am deploying ACS 5.1 to a AD network and had a question regarding the join process to AD.  The User Guide states to use a "predefined user in AD with permission to add machines to the AD domain".

Can the machine account for ACS be predefined in AD and then connect using any valid creds, or is the condition specified the only way ACS will join the AD domain?

Thanks for any help you can provide.

Community Member

Re: ACS 5.1 and AD Join


I never tried what you are trying to accomplish but as I know machine account can't list other users and attributes from AD. ACS need to have account defined in its gui which is used to list/check/verify groups and so on.


Cisco Employee

Re: ACS 5.1 and AD Join

You need to create username and pwd for ACS in AD. ACS will use that account to query AD for groups, users, etc. The account needs permissions to add machines because it will join the acs server to your domain.

Community Member

Re: ACS 5.1 and AD Join

Yes you can pre-create the machine account, and that appears to

be the only write access the ACS needs. I went round and round with TAC re this, they saying

it was only supported if the ACS had a Domain Admin account, but it's not neccessary, once the ACS is in the domain, it only reads.

Cisco Employee

Re: ACS 5.1 and AD Join

That is correct there is no need for it to be a domain admin account. Our ACS account is only a domain user

CreatePlease to create content