8-52
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter8 Managing Users and Identity Stores
Managing External Identity Stores
Step4 Click:
Join to join the selected nodes to the AD domain. The status of the nodes are changed according to
the join results.
Test Connection to test the connection to ensure that the entered credentials are correct and the AD
domain is reachable. A message appears informing you whether the AD server is routable within the
network and also authenticating the given AD username and password. The Test Connection results
are displayed in a separate dialog box as a table.
Cancel to cancel the connection.
Disconnecting Nodes from the AD Domain
To disconnect a single node or multiple nodes from an AD Domain, complete the following steps:
Step1 Select Users and Identity Stores > External Identity Stores > Active Directory.
The Active Directory page appears.
Step2 Select a single node or multiple nodes and click Leave.
The Leave Connection page appears.
Step3 Complete the fields in the Leave Connection page as described in Tab le 8-12
Table8-11 Join/Test Connection Page
Option Description
Active Directory Domain
Name
Name of the AD domain to which you want to join ACS.
Username Enter the username of a predefined AD user. An AD account which is required for the domain
access in ACS, should have either of the following:
Add workstations to the domain user in the corresponding domain.
Create Computer Objects or Delete Computer Objects permission on corresponding
computers container where ACS machine's account is pr ecreated (created before joining
ACS machine to the domain).
Cisco recommends that you disable the lockout policy for the ACS account and c onfigure the
AD infrastructure to send alerts to the administrator if a wrong password is used for that
account. This is because, if you enter a wrong password, ACS will not create or modify its
machine account when it is necessary and therefore possibly deny all authentications.
Password Enter the user password. The password should have a minimum of 8 characters, using a
combination of at least one lower case letter, one upper case letter, one numeral, and one
special character. All special characters are supported.