Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Setting up ACS 5.3

Hi All

I have just been tasked with setting up the ACS 5.3  and am having

a few problems getting things started.

Here is  a question from my server team -

ACS specifies an account to join the machine to the domain. Will this account then be the account that it communicates to AD on once it has joined the domain or is there somewhere we need to put AD credentials for LDAP lookup? Our AD administrator is happy to join it the domain but does not want ACS then running under his account”

In other words we dont want to use an admin account but surely

we only need an ordinary account that reads ad for authentication ?

Can anyone clear this one up ?


Everyone's tags (5)

Setting up ACS 5.3

Here are the account guidelines for joining ACS to AD, Once ACS joins to AD it will authenticate users through the workstation account that is created when its joined. The only time the ACS needs the credentials of the account is when the box joins to AD.


Predefined user in AD. AD account required for domain access in ACS should have either of the following:

Add workstations to domain user right in corresponding domain.

Create  Computer Objects or Delete Computer Objects permission on corresponding  computers container where ACS machine's account is precreated (created  before joining ACS machine to the domain).

We  recommend that you disable the lockout policy for the ACS account and  configure the AD infrastructure to send alerts to the admin if a wrong  password is used for that account. This is because if you enter a wrong  password, ACS will not create or modify its machine account when it is  necessary and therefore possibly deny all authentications.


Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Setting up ACS 5.3

Thanks Tarik

CreatePlease to create content