Users Guide
108 Using the DRAC 5 With Microsoft Active Directory
Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For
example, you have two DRAC 5 cards (RAC1 and RAC2) and three existing Active Directory users
(user1, user2, and user3). You want to give user1 and user2 an administrator privilege to both DRAC 5
cards and give user3 a login privilege to the RAC2 card. Figure 6-2 shows how you set up the Active
Directory objects in this scenario.
When adding Universal Groups from separate domains, create an Association Object with Universal
Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local
Groups and will not work with Universal Groups from other domains.
Figure 6-2. Setting Up Active Directory Objects in a Single Domain
To configure the objects for the single domain scenario, perform the following tasks:
1
Create two Association Objects.
2
Create two RAC Device Objects, RAC1 and RAC2, to represent the two DRAC 5 cards.
3
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and
Priv2 has login privileges.
4
Group user1 and user2 into Group1.
5
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1,
RAC2 as RAC Devices in AO1.
6
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RAC2 as
RAC Devices in AO2.
AO1 AO2
Priv2Priv1Group1
RAC2RAC1User3User2User1