I have a lab set up to test ACL's with AD users/groups.

Current setup:

3 VMware instances on one host machine:

Microsoft Server 2012 with Active Directory and DNS

Cisco Context Directory Agent

Windows 7 

This host is connected to the "Server" interface of the firewall and both 

DC/DNS = 192.168.1.100

CDA = 192.168.1.200

Windows 7 = Varied (change to test IP Mapping of CDA)

Host = 192.168.1.10

ASA = 192.168.1.1

I have full communication between all devices, firewalls disabled on host machines, and full any/any rules on the firewall to prevent any traffic from being blocked as I troubleshoot this.

The agent is connected up to the domain controller and does correctly map users to IP's as I log in/out.

The ASA has the agent configured and tests just fine when I use the Test button in ASDM.

From the ASA CLI I am able to query AD and pull a list of AD groups and users.

I have ACL's created that use the domain\user as the source with any/any just trying to see if anything will match. 

When I go to monitoring>Identity>Users the users that I have in the ACL's appear as inactive.

Any assistance with this would be greatly appreciated.  Previously I had this lab set up with the AD Agent and was able to get this to work with on-demand mode but not full-download.  Now with CDA I am unable to get either going.

Thanks