Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

ACS 5.3 - AD credentials

Hi All

Apparently you need the following to connect the ACS to the AD Domain -

Add workstations to domain user right in corresponding domain.

Create Computer Objects or Delete Computer Objects permission on corresponding

computers container where ACS machine's account is precreated (created before joining

ACS machine to the domain).

I am being asked by the AD guy why we need this sort of permission

Does anyone Know ?


Version history
Revision #:
1 of 1
Last update:
‎05-11-2012 06:33 AM
Updated by:
Labels (1)
Everyone's tags (6)


Those privileges are required because during the ACS-AD integration the ACS must create a Computer account under Domain Computers in AD, this is because for Microsoft AD all the authentication requests must come from a computer, so this ACS computer account is used for that purpose.

This is something that we cannot avoid and you will notice that without those privileges the ACS will not join with AD, you will start getting error messages. Let me know if you need more information.