ACS 5.3 - how to join to domain

Martin Kyrc · ‎06-05-2012

Hello,

can anybody clarify me how it is possible join ACS 5.3 to windows domain?

from cisco doc:

Active Directory Domain Name: Name of the AD domain to join ACS to.

Username: Predefined user in AD. AD account required for domain access in ACS should have either of

the following:

• Add workstations to domain user right in corresponding domain.

• Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).

Password: Enter the user password. The password should have minimum of 8 characters with the combination of atleast one lower case alphabet, one upper case alphabet, one numeral, and one special character. All special characters are supported.

That means:

- Active directory must be windows DOMAIN name, or AD-server dns name?

- username must be domain user, or domain administrator?

another settings:

- time on ad-server and acs must be synced (I'm using the same NTP)

- ip name-server for acs must be AD-server?

I can't join ACS to ad-domain. error message is 'can not resolve network address', but from acs-cli it is possible. where can be a problem?

--

martin

mauzamor · ‎06-05-2012

Hi there,

In the Active Directory Domain Name field you enter the domain name, for example: cisco.com

The username field, it will be better if you try with a domain admin account, otherwise you can use a domain user but with privilege enough to add/delete computer objects.

The time zone and clock must be synchronized using NTP or manual clock configuration should work as well.

The ip name-server must be your DNS server, if your AD-server is the same DNS then use the AD-server.