Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.3 and AD connection with new DC

Hi, the customer has ACS 5.3 and it was connected with AD successfully.

Now the customer has changed the DC name and ACS still refers to the old name.

How to force the new DC discovery without clear all the configurations ?

Without DC discovery, I have the disconnect status, but I'm still able to browse AD groups.

Thank you in advance

greatings

Rs

Everyone's tags (3)
7 REPLIES

ACS 5.3 and AD connection with new DC

Rs,

There is not a way to change the domain, you will have to remove the policies and reset the domain connection to the new domain, pull the groups and create policies based on these groups. There are other underlying processes that use this information and using any shortcut can cause some nightmares when troubleshooting.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

ACS 5.3 and AD connection with new DC

Tarik, I don't need to change the domain, we have only new domain controller servers for the same domain.

ACS is still able to browse the AD group, but it is disconnected because the domain controller has changed the hostname and ACS still searches the old name for kerberos.

I think it is a bit heavy to remove all the ACS configuration for every domain maintenance operation.

thank you in advance

rs

Cisco Employee

ACS 5.3 and AD connection with new DC

The issue you are referring to is resolved in ACS 5.4. Then configuration and join/leave operations will be separated. I know this doesn't help you current situation.......

ACS 5.3 and AD connection with new DC

rs,

If you changed the hostname then I would suggest rebooting the ACS so it re-discovers the domain, also make sure that there arent any old records in dns that have the old name.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

ACS 5.3 and AD connection with new DC

Tarik, the reboot has not solved the problem so l'll verify with domain administrator.

I'd like a cli command to verify deeper the ACS discovered info, after the reboot.

thanks

rs

New Member

ACS 5.3 and AD connection with new DC

Hi, today ACS is in "connected status" and AD authentication runs well.

Without ACS cli commands to analyze the ACS status, I cannot say anything else, but now it's running.

thanks

rs

New Member

ACS 5.3 and AD connection with new DC

Is there a forecast for ACS 5.4 availability ?

thanks

rs

694
Views
4
Helpful
7
Replies
CreatePlease login to create content