https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194004#M364143 <HTML><HEAD></HEAD><BODY><P>Is there a 2 way trust with the two domains, have you checked that the user that ACS uses to read and query the Domains lies on both domains and has read privileges?</P></BODY></HTML> Tue, 03 Feb 2009 01:59:20 GMT Ivan Martinon 2009-02-03T01:59:20Z https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194003#M364142 <P>Can one ACS server authenticate users against two different AD domains? The server is a member server of one domain. We are not able to enumerate the groups from the second domain. There is a two way trust between the domains. </P> Tue, 26 Mar 2019 00:25:43 GMT https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194003#M364142 ursshared 2019-03-26T00:25:43Z https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194004#M364143 <HTML><HEAD></HEAD><BODY><P>Is there a 2 way trust with the two domains, have you checked that the user that ACS uses to read and query the Domains lies on both domains and has read privileges?</P></BODY></HTML> Tue, 03 Feb 2009 01:59:20 GMT https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194004#M364143 Ivan Martinon 2009-02-03T01:59:20Z https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194005#M364144 <HTML><HEAD></HEAD><BODY><P>We authenticate multiple domains like this, We have a proxy domain that contains the acs remote agents. The proxy domain trusts the domains to be authenticated against. In ACS you will be able to see all of the domains that the proxy trusts. When you go about mapping domain groups to acs groups you have to manually add the group name. ACS can enumerate the group to authenticate users, but ACS cannot seem to traverse multiple domains during the setup phase. Hope this helps.</P><P>Bob </P></BODY></HTML> Thu, 05 Mar 2009 23:43:11 GMT https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194005#M364144 frbilbrey 2009-03-05T23:43:11Z https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194006#M364145 <HTML><HEAD></HEAD><BODY><P>are the users in multiple groups in the multiple domains, if so mapping should be done differently than you would if users were in a single group so that users are properly mapped to a group </P></BODY></HTML> Fri, 06 Mar 2009 23:12:38 GMT https://community.cisco.com/t5/network-access-control/acs-and-two-windows-active-directory-domains/m-p/1194006#M364145 aneelaka 2009-03-06T23:12:38Z