Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS Express 5.0 binding user for Active Directory


I have a few questions regarding ACS Express' binding user for Active Directory integration:

1. Does the user have to be a service account in Active Directory?

2. Let's say the AD administrator pre-created the computer account manually, does the binding user still need admin rights?

3. Once the ACS Express successfully joined the domain, can we convert the binding user to a normal user (non-admin)?

I tried searching for a more detailed explanation on this, but couldn't find any. Any help will be appreciated.

New Member

Re: ACS Express 5.0 binding user for Active Directory

When ACS Express is configured to use Active Directory (AD) as an external database, the ACS Express appliance must be joined to the AD domain. AD controls who is allowed to join computers to the domain.

1. Any user with a valid domain account can add a computer to the domain.

This is the default configuration for Windows Active Directory. It permits any successfully authenticated user to add as many as 10 computers to the domain. Many enterprises leave their domains set up this way so that administrative access is not required for a computer to join the domain.

2. Permission to add a computer to the domain is restricted to a privileged set of users.

When permission to add a computer to a domain is restricted, a user adding the computer must log in with an account that has appropriate administrative rights and provide a password. If your organization restricts who can add computers to the domain, joining the ACS Express appliance to the domain might require explicit permissions. For example, adding computers to the domain might be restricted to users in the Domain Administrators group or delegated within Organizational Units to specifically designated users or groups.

New Member

Re: ACS Express 5.0 binding user for Active Directory


Thanks for the reminder. I have this from the user guide, however, it doesn't really answer my questions above...

1 point for you.