Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5.3 - how to join to domain


can anybody clarify me how it is possible join ACS 5.3 to windows domain?

from cisco doc:

Active Directory Domain Name: Name of the AD domain to join ACS to.

Username: Predefined user in AD. AD account required for domain access in ACS should have either of

the following:

• Add workstations to domain user right in corresponding domain.

• Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).

Password: Enter the user password. The password should have minimum of 8 characters with the combination of atleast one lower case alphabet, one upper case alphabet, one numeral, and one special character. All special characters are supported.

That means:

- Active directory must be windows DOMAIN name, or AD-server dns name?

- username must be domain user, or domain administrator?

another settings:

- time on ad-server and acs must be synced (I'm using the same NTP)

- ip name-server for acs must be AD-server?

I can't join ACS to ad-domain. error message is 'can not resolve network address', but from acs-cli it is possible. where can be a problem?



Everyone's tags (2)

ACS 5.3 - how to join to domain

Hi there,

In the Active Directory Domain Name field you enter the domain name, for example:

The username field, it will be better if you try with a domain admin account, otherwise you can use a domain user but with privilege enough to add/delete computer objects.

The time zone and clock must be synchronized using NTP or manual clock configuration should work as well.

The ip name-server must be your DNS server, if your AD-server is the same DNS then use the AD-server.