Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failed to enumerate windows groups


We are running two domain controllers within our environment and we have set up a ACS with version 4.0 for user authentication. Assumpt that one domain is named as (Windows 2003 server) and another as (Windows 2008 server). ACS now is a member of domain and these 2 domains are configured to trust each other.

We have no issue Enumerating windows groups on domain Unfortunately when we attempt to enumerate windows groups on domain, we are receiving an error indicating "failed to enumerate windows groups. if you are using active directory consult installation guide for information".

I did capture traffic between ACS and domain and figured out that status_Access_denied error took place When ACS attempted to authenticate to domain through protocol SAMR.

Is there anything we can do to resolved this issue? Your suggestion will be most appreciated.

Thank you!
Cisco Employee

Re: Failed to enumerate windows groups


Make sure that the remote domain name ( you specified in the database group mapping screen is the NETBIOS name, not the AD domain name. If you enter "" as the domain name, it will fail.

If this is already OK, then you have a permissions issues. The ACS services (running on member server) must be running as a user that can read all user/group properties on the target domain. Normally this user should be a part Domain Admin group.

In the below listed link please focus on the Step 2 Add CISCO workstation.

Step 2 Add CISCO workstation

In the local domain, and in each trusted domain and child domain that ACS will use to authenticate users, ensure that:

•A computer account named CISCO exists.

•All users that Windows will authenticate have permission to log in to the computer named CISCO.



Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
CreatePlease login to create content