Users Guide
Figure 1. Configuration of iDRAC with active directory standard schema
In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group.
To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific
iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to 15
role groups in each iDRAC. Table reference no shows the default role group privileges.
Table 24. Default role group privileges
Role Groups Default Privilege Level Permissions Granted Bit Mask
Role Group 1 None Log in to iDRAC, Configure
iDRAC, Configure Users, Clear
Logs, Execute Server Control
Commands, Access Virtual
Console, Access Virtual
Media, Test Alerts, Execute
Diagnostic Commands
0x000001ff
Role Group 2 None Log in to iDRAC, Configure
iDRAC, Execute Server
Control Commands, Access
Virtual Console, Access
Virtual Media, Test Alerts,
Execute Diagnostic
Commands
0x000000f9
Role Group 3 None Log in to iDRAC 0x00000001
Role Group 4 None No assigned permissions 0x00000000
Role Group 5 None No assigned permissions 0x00000000
NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.
Single domain versus multiple domain scenarios
If all the login users and role groups, including the nested groups, are in the same domain, then only the domain controllers’
addresses must be configured on iDRAC. In this single domain scenario, any group type is supported.
If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server
addresses must be configured on iDRAC. In this multiple domain scenario, all the role groups and nested groups, if any, must be
a Universal Group type.
148
Configuring user accounts and privileges