Users Guide
154 Using Microsoft Active Directory
5
Group User1 and User2 into Group1. The group scope of Group1 must
be Universal.
6
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege
Objects in AO1, and both RAC1 and RAC2 as Products in AO1.
7
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege
Objects in AO2, and RAC2 as a Product in AO2.
For Server Administrator or IT Assistant, on the other hand, the users in a
single Association can be in separate domains without needing to be added to
a universal group. The following is a very similar example to show how Server
Administrator or IT Assistant systems in separate domains affect the setup of
directory objects. Instead of RAC devices, you’ll have two systems running
Server Administrator (Server Administrator Products sys1 and sys2). Sys1 and
sys2 are in different domains. You can use any existing Users or Groups that
you have in Active Directory. Figure 10-4 shows how to set up the Server
Administrator Active Directory objects for this example.
Figure 10-4. Setting Up Server Administrator Active Directory Objects in Multiple
Domains
AO1 AO2
Priv2Priv1Group1
Group1sys1User3User2User1 sys2
Domain 1 Domain 2