If I understand you correctly from your post, is that you have Win2k3 and ACS 4.2 configured as you see correct. You can map the local ACS groups to the appropriate AD groups but the users cannot login with their AD credentials. Is that correct? What are you trying to log into? Switches, wireless.....etc
There is no agent that you need to install but you need to make some changes on the AD side.
Have you configured a workstation in active directory with a name of CISCO?
If you navigate to external user database/database configuration/windows database on the ACS and scroll to the bottom of that screen you'll see a setting called "Windows Authentication Configuration" You'll see a "default "Cisco"" listed there. You need a workstation configured in active directory to match that of the ACS.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...