Manualshelf

Install Guide

ManualsBrandsDell ManualsActive System ManagerOpenManage Server Administrator Version 9.2.1
31323334353637383940
Using Microsoft Active Directory
If you use Active Directory service software, congure it to control access to the network. The Active Directory database is modied to
support remote management authentication and authorization. Server Administrator, as well as Integrated Remote Access Controllers
(iDRAC), Remote Access Controllers (RAC), can now interface with Active Directory. With this tool, you can add and control users and
privileges from one central database.
Topics:
Active Directory Schema Extensions
Extending The Active Directory Schema
Active Directory Schema Extensions
The Active Directory data exists in a distributed database of Attributes and Classes. An example of a Active Directory Class is the User
class. Some example Attributes of the user class might be the user’s rst name, last name, phone number, and so on. Dene every
Attribute or Class that is added to an existing Active Directory schema with a unique ID. To maintain unique IDs throughout the industry,
Microsoft maintains a database of Active Directory Object Identiers (OIDs).
The Active Directory schema denes the rules for what data can be included in the database. To extend the schema in Active Directory,
install the latest received unique OIDs, unique name extensions, and unique linked attribute IDs for the new attributes and classes in the
directory service from the Dell EMC OpenManage Systems Management Tools and Documentation software.
Extension : dell
Base OID : 1.2.840.113556.1.8000.1280
Link ID range :12070 to 12079
Overview Of The Active Directory Schema Extensions
Customized classes, or groups of objects can be created and congured by the user to meet their unique needs. New classes in the
schema include an Association, a Product, and a Privilege class. An association object links the user or group to a given set of privileges and
to systems (Product Objects) in the network. This model gives an administrator control over the dierent combinations of user, privilege,
and system or RAC device on the network, without adding complexity.
Active Directory Object Overview
For each of the systems that you want to integrate with Active Directory for authentication and authorization, there must be at least one
Association Object and one Product Object. The Product Object represents the system. The Association Object links it with users and
privileges. You can create as many Association Objects as you need.
Each Association Object can be linked to as many users, groups of users, and Product Objects as required. The users and Product Objects
can be from any domain. However, each Association Object may only link to one Privilege Object. This behavior allows an administrator to
control users and their rights on specic systems.
The Product Object links the system to Active Directory for authentication and authorization queries. When a system is added to the
network, the administrator must congure the system and its product object with its Active Directory name so that users can perform
5
Using Microsoft Active Directory 35