Change username in Active Directory config in ACS 5.3

ursshared · ‎03-16-2012

I need to change the username and password ACS uses to connect to AD. I do a "clear configuration" and reboot and am unable to join the ACS appliance back into my AD with a different username and password. I am able to rejoin the ACS machine to the domain using the original username and pass. Any ideas on how to clear all of the AD config off of the appliance and start fresh and use a new account to join AD?

andrewswanson · ‎03-17-2012

hello

i recently had to change the AD username/password on ACS 5.3. The AD admin created the new account and delegated Create and Delete permissions for the new account over the OU containing the ACS server.

hth

andy

Tarik Admani · ‎03-17-2012

What message are you getting when it fails? Much similar to the post by Andy here is the documentation that notes the requirements for the account needed to join ACS:

Predefined user in AD. AD account required for domain access in ACS should have either of the following:

•Add workstations to domain user right in corresponding domain.

•Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).

We recommend that you disable the lockout policy for the ACS account and configure the AD infrastructure to send alerts to the admin if a wrong password is used for that account. This is because if you enter a wrong password, ACS will not create or modify its machine account when it is necessary and therefore possibly deny all authentications.

Thanks,

Tarik Admani

ursshared · ‎03-19-2012

The error I get is:

This System Failure occurred: {0}. Your changes have not been saved.Click OK to return to the list page.

I wonder if there is something wrong inside ACS?