Set the Identity source of your network administration policy to Active directory rather than Internal. (Probably called 'AD1'). If you want to use _both_ then create an Identity Store Sequence first, that checks internal followed by AD, and use that...
I ran into this issue on a 5508 controller using v6.0-something (6.0.182 i think). Turned out to be a bug (CSCta53985) fixed in 6.0.188. Upgraded to 6.0.188 and have successfully used ACS 5.1 to MAC filter SSID using WPA2 PSK.see the 6.0.188 release ...
I worked around a similar constraint by having our AD admins create the computer object with the name of the ACS system, then give my AD account rights over that object. Then I was able to join ACS to AD using my own AD credentials.