Re: ACS Express 5.0 binding user for Active Directory
When ACS Express is configured to use Active Directory (AD) as an external database, the ACS Express appliance must be joined to the AD domain. AD controls who is allowed to join computers to the domain.
1. Any user with a valid domain account can add a computer to the domain.
This is the default configuration for Windows Active Directory. It permits any successfully authenticated user to add as many as 10 computers to the domain. Many enterprises leave their domains set up this way so that administrative access is not required for a computer to join the domain.
2. Permission to add a computer to the domain is restricted to a privileged set of users.
When permission to add a computer to a domain is restricted, a user adding the computer must log in with an account that has appropriate administrative rights and provide a password. If your organization restricts who can add computers to the domain, joining the ACS Express appliance to the domain might require explicit permissions. For example, adding computers to the domain might be restricted to users in the Domain Administrators group or delegated within Organizational Units to specifically designated users or groups.