Install Guide
Figure 4. Setting up Server Administrator Active Directory Objects In Multiple Domains
Setting Up Server Administrator Active Directory Objects For Multiple
Domain
To set up the objects for this multiple domain scenario, perform the following tasks:
1 Ensure that the domain forest function is in Native mode.
2 Create two Association Objects, AO1 and AO2, in any domain. The gure shows the objects in Domain1.
3 Create two Server Administrator Products, sys1 and sys2, to represent the two systems. sys1 is in Domain1 and sys2 is in Domain2.
4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and Priv2 has Login privileges.
5 Group sys2 into Group1. The group scope of Group1 must be Universal.
6 Add User1 and User2 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and both sys1 and Group1 as
Products in AO1.
7 Add User3 as a Member in Association Object 2 (AO2), Priv2 as a Privilege object in AO2, and Group1 as a Product in AO2.
NOTE
: Neither of the Association objects needs to be of Universal scope.
Conguring Active Directory To Access The Systems
Before you can use Active Directory to access the systems, you must congure both the Active Directory software and the systems.
1 Extend the Active Directory schema.
2 Extend the Active Directory Users and Computers Snap-in.
3 Add system users and their privileges to Active Directory.
4 For RAC systems, enable SSL on each of the domain controllers.
5 Congure the system’s Active Directory properties using either the Web-based interface or the CLI.
Related Links:
• Extending the Active Directory Schema
• Installing the Extension to the Active Directory Users and Computers Snap-In
• Adding Users and Privileges to Active Directory
• Conguring the Systems or Devices
Using Microsoft Active Directory
39