EAP-TLS does not rely on AD. CA root cert is installed on ACS for trust and identity.you can elect to Perform Binary Certificate Comparison with Certificate retrieved from LDAP or Active Directory Users and Identity Stores > Certificate Authenticatio...
There is no upgrade path from 5.1 to 5.2 that involves patching. It is a complete rebuild. I simply mount the ISO locally and install it over the network, But I am using VMWare not appliance.jk
This can be done 2 ways.1. make the ASA authenticate to CSACS and have the CSACS look to MS AD for external auth credentials... this is very common.2. make the ASA authenticate to directly to MS AD via MS IAS (radius)... now called Network Policy Ser...