Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure Cisco Secure ACS for Windows to check Active Directory for changes

Core issue

Users are still present in the Access Control Server (ACS) after removal from the Active Directory (AD).

Resolution

Cisco Secure ACS for Windows always checks AD for a username and password combination. This is the only change that ACS ever recognizes from AD. For example, if a user account becomes invalid on AD, ACS queries AD upon a new authentication and AD responds with a Fail message.

For more information, refer to the Windows Authentication of Unknown Users section of Cisco Secure ACS for Windows version 3.3 User Guide: Unknown User Policy.

Users cannot apply a specific Network Access Restriction (NAR) to any AD user authenticated using Cisco Secure ACS for Windows. However, you  can use the group mapping feature of Cisco Secure ACS for Windows to apply a specific NAR to any AD user authenticated with Cisco Secure ACS for Windows.

For more information, refer to NAC Group Mapping section of Cisco Secure ACS for Windows version 3.3 User Guide: User Group Mapping and Specification.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:04 PM
Updated by:
 
Labels (1)