Introduction
The purpose of this document is to talk about the ACS - Active Directory integration issue being faced on ACS 5.3.
Problem
After applying patch 3 or later on ACS 5.3, the Active Directory may show as disconnected or may fail to join.
Explanation
Recently it has been noticed that after applying patch 3 or later, ACS 5.3 leaves the Active Directory domain and joins it back. If the service account password has expired or has been changed (since the last ACS AD join) then ACS will fail to join the Active Directory back.
It is also noted that if the service account username or password contains a dollar sign ($), ACS 5.3 will come back stating that the password is incorrect. This is documented as a bug CSCtz76233.
In order to resolve the issue please ensure that the service account password is correct, not expired and the username or password do not contain the dollar sign ($) before applying the patch 3 or above on the ACS 5.3.
Reference
Please refer to ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example for detailed information on how to integrate ACS 5.x to AD.
This doc is created with info from Vivek Santuka.