Hi Mike,
Can you please define what you exactly mean by authentication and authorization?
The ACS checks the AD for a specific user if it is available and if the credentials are correct. If it is then on the AD you will probably find a successful authentication on the logs, but form the user perspective, the user does not know about if it is authenticated or not at this stage.
Now, the ACS knows the credentials are correct and then check the policy rules that are configured. depending on the policy rules it will tell the user if it is successfully authenticated or not.
In the policy, you control success of failure of the authentication of the client depending on the AD group.
If what I explained above is not what you are looking for please elaborate more about your request so we better understand your concern.
Regards,
Rating useful replies is more useful than saying "Thank you"
Rating useful replies is more useful than saying "Thank you"