03-16-2012 03:39 PM - last edited on 03-25-2019 05:28 PM by ciscomoderator
I need to change the username and password ACS uses to connect to AD. I do a "clear configuration" and reboot and am unable to join the ACS appliance back into my AD with a different username and password. I am able to rejoin the ACS machine to the domain using the original username and pass. Any ideas on how to clear all of the AD config off of the appliance and start fresh and use a new account to join AD?
03-17-2012 04:23 AM
hello
i recently had to change the AD username/password on ACS 5.3. The AD admin created the new account and delegated Create and Delete permissions for the new account over the OU containing the ACS server.
hth
andy
03-17-2012 01:42 PM
What message are you getting when it fails? Much similar to the post by Andy here is the documentation that notes the requirements for the account needed to join ACS:
Predefined user in AD. AD account required for domain access in ACS should have either of the following:
•Add workstations to domain user right in corresponding domain.
•Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).
We recommend that you disable the lockout policy for the ACS account and configure the AD infrastructure to send alerts to the admin if a wrong password is used for that account. This is because if you enter a wrong password, ACS will not create or modify its machine account when it is necessary and therefore possibly deny all authentications.
Thanks,
Tarik Admani
03-19-2012 08:40 AM
The error I get is:
This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page.
I wonder if there is something wrong inside ACS?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: