Problems with AD account to join ACS 5.2 to an AD Domain

anamaria.fuentes · ‎12-05-2010

I have problems with AD account to join ACS to an AD Domain because in the AD domain was created an account with the following features:

Predefined user in AD. AD account required for domain access in ACS should have either of the following:
•Add workstations to domain user right in corresponding domain.
•Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).

When I save changes for join to domain appears the following message:

I want to know if I should use an administrator account for join ACS to AD domain or how can I correct this error?

Thanks for your help

Tiago Antunes · ‎12-06-2010

Hi Ana,

I would try with an admin account.

If it works then you know the problem is on the account.

If it also does not work, then it can be related to a network problem...timesynch, required ports not allowed between ACS and AD, etc...

The support bundle can show us exactly what is happening.

These are the required ports between AD and ACS for AD integration:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1248491.

HTH,

Tiago

--

If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

anamaria.fuentes · ‎12-06-2010

Hi,

I tested with an admin account and it functions correctly but I need find a document where is expressed that account must have administrator privileges.

Thanks for your help