cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7814
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

Users are still present in the Access Control Server (ACS) after removal from the Active Directory (AD).

Resolution

Cisco Secure ACS for Windows always checks AD for a username and password combination. This is the only change that ACS ever recognizes from AD. For example, if a user account becomes invalid on AD, ACS queries AD upon a new authentication and AD responds with a Fail message.

For more information, refer to the Windows Authentication of Unknown Users section of Cisco Secure ACS for Windows version 3.3 User Guide: Unknown User Policy.

Users cannot apply a specific Network Access Restriction (NAR) to any AD user authenticated using Cisco Secure ACS for Windows. However, you  can use the group mapping feature of Cisco Secure ACS for Windows to apply a specific NAR to any AD user authenticated with Cisco Secure ACS for Windows.

For more information, refer to NAC Group Mapping section of Cisco Secure ACS for Windows version 3.3 User Guide: User Group Mapping and Specification.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: