Users Guide
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog
FQDN. Make sure that DNS is configured correctly under Overview → iDRAC Settings → Network.
7. Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed.
8. Select Standard Schema and click Next.
The Active Directory Configuration and Management Step 4a of 4 page is displayed.
9. Enter the location of Active Directory global catalog server(s) and specify privilege groups used to authorize users.
10. Click a Role Group to configure the control authorization policy for users under the standard schema mode.
The Active Directory Configuration and Management Step 4b of 4 page is displayed.
11. Specify the privileges and click Apply.
The settings are applied and the Active Directory Configuration and Management Step 4a of 4 page is displayed.
12. Click Finish. The Active Directory settings for standard schema are configured.
Configuring Active Directory with Standard schema using RACADM
1. Use the following commands:
racadm set iDRAC.ActiveDirectory.Enable 1
racadm set iDRAC.ActiveDirectory.Schema 2
racadm set iDRAC.ADGroup.Name <common name of the role group>
racadm set iDRAC.ADGroup.Domain <fully qualified domain name>
racadm set iDRAC.ADGroup.Privilege <Bit-mask value for specific RoleGroup permissions>
racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified domain name or IP
address of the domain controller>
racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified domain name or IP
address of the domain controller>
racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified domain name or IP
address of the domain controller>
racadm set iDRAC.ActiveDirectory.GlobalCatalog1 <fully qualified domain name or IP
address of the domain controller>
racadm set iDRAC.ActiveDirectory.GlobalCatalog2 <fully qualified domain name or IP
address of the domain controller>
racadm set iDRAC.ActiveDirectory.GlobalCatalog3 <fully qualified domain name or IP
address of the domain controller>
• Enter the Fully Qualified Domain Name (FQDN) of the domain controller, not the FQDN of the domain. For example, enter
servername.dell.com instead of dell.com.
• For bit-mask values for specific Role Group permissions, see Default role group privileges.
• You must provide at least one of the three domain controller addresses. iDRAC attempts to connect to each of the
configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses
of the domain controllers where the user accounts and the role groups are located.
• The Global Catalog server is only required for standard schema when the user accounts and role groups are in different
domains. In multiple domain case, only the Universal Group can be used.
• If certificate validation is enabled, the FQDN or IP address that you specify in this field must match the Subject or Subject
Alternative Name field of your domain controller certificate.
• To disable the certificate validation during SSL handshake, use the following command:
racadm set iDRAC.ActiveDirectory.CertValidationEnable 0
In this case, no Certificate Authority (CA) certificate needs to be uploaded.
• To enforce the certificate validation during SSL handshake (optional), use the following command:
racadm set iDRAC.ActiveDirectory.CertValidationEnable 1
In this case, you must upload the CA certificate using the following command:
racadm sslcertupload -t 0x2 -f <ADS root CA certificate>
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global
Catalog FQDN. Ensure that DNS is configured correctly under Overview → iDRAC Settings → Network.
Using the following RACADM command may be optional.
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command:
racadm set iDRAC.IPv4.DNSFromDHCP 1
127