Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 Join AD Permissions Level requirement.

I've been testing new ACS 5.1 (appliances) and have an issue with joining to my AD.  Only the top level administrator account will join the domain successfully (not any standard for adding a computer to AD).  If anyone knows the 'correct' permissions level to set in AD, I would appreciate it.

The account tests good (test button), but when saving to join the Domain permanent, get error pop-up of:

-- Error while configuring Acgtive Directory: Using writable domain controller: HDQNCDC4.corp.maxxim.com Unexpected configuration or network error. Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.  Join to domain 'corp.maxxxim.com', zone 'null' failed. --

The app-account created for the ACS5.1 has permissions to create/delete Computers on all domains. 

Our AD support summary:

It looks like the device is actually trying to write to Active Directory. This would be a concern and not the norm…..usually just a read function. Especially if the device is just passing through the credentials. When you open the case can you please ask Cisco what is being written to Active Directory and why. Also ask them the exact permissions required of the account needed for your device.

2 REPLIES
Cisco Employee

Re: ACS 5.1 Join AD Permissions Level requirement.

The account use to join ACS 5.1 to the domain should have Authenticate User or  Computer Objects and Delete Computer Objects permission or any  permission to add machines to the AD domain

New Member

Re: ACS 5.1 Join AD Permissions Level requirement.

The account does have these permissions. Still get the same error.  See attached screen shot.  Does Authenticated Users need special permissions ?

1077
Views
0
Helpful
2
Replies
CreatePlease login to create content