07-02-2020 04:38 PM
Solved! Go to Solution.
07-02-2020 07:26 PM
IB1 - You configure Active Directory in ACS through the Users and Identity Stores > External Identity Stores > Active Directory menu. Beware that it's not just a case of changing to the new Active Directory though. If I recall correctly, you will need to re-import all the AD groups that are referred to in policies and update them in all the service policies. However, ACS is now end of life so you should really be migrating to ISE as soon as possible. Hope this helps.
07-08-2020 06:14 PM
If you're not joining a different domain and simply want ACS to communicate with a specific Domain Controller as the primary one, this may be something you would just configure in AD Sites & Services.
Unless I'm mistaken, ACS acts the same as ISE when integrated with AD. It joins the domain as a computer account, so it uses AD's built-in mechanisms for determining the order in which to communicate with DCs and what to do in case of a DC failure. Make sure you've added the subnet where ACS resides into your Sites and that your Domain Controllers are setup appropriately in the domain.
07-02-2020 07:26 PM
IB1 - You configure Active Directory in ACS through the Users and Identity Stores > External Identity Stores > Active Directory menu. Beware that it's not just a case of changing to the new Active Directory though. If I recall correctly, you will need to re-import all the AD groups that are referred to in policies and update them in all the service policies. However, ACS is now end of life so you should really be migrating to ISE as soon as possible. Hope this helps.
07-08-2020 05:39 AM
Thank you for the information and the recommendation about migrating. It's helpful.
07-08-2020 06:14 PM
If you're not joining a different domain and simply want ACS to communicate with a specific Domain Controller as the primary one, this may be something you would just configure in AD Sites & Services.
Unless I'm mistaken, ACS acts the same as ISE when integrated with AD. It joins the domain as a computer account, so it uses AD's built-in mechanisms for determining the order in which to communicate with DCs and what to do in case of a DC failure. Make sure you've added the subnet where ACS resides into your Sites and that your Domain Controllers are setup appropriately in the domain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide