Troubleshooting

ManualsBrandsDell ManualsSoftwareDell Chassis Management Controller Version 4.31

Microsoft® Active Directory® Theory and Operation with the Dell™ Chassis Management Controller

Your workstation must look up your domain name in DNS. Use an IP address to the domain, if you do

not have DNS setup. It looks up the name of the group or groups in LDAP to find the user that is

requesting access to the Dell Chassis Management Controller. If the user is in a group, the permissions

are set according what permissions have been set on the Dell Chassis Management Controller, then the

authentication to the Dell Chassis Management Controller occurs and access is granted.

Extended schema

All of the extended schema management occurs on the domain controller server in Active Directory >

Users and Computers. Update the Active Directory schema with the tools from the OpenManage Server

Administrator DVD (OMSA), to use the extended schema. You must have the schema administrator

privilege to update the Active Directory schema. In additions, you must install the Active Directory

Users and Computers plugin. This lets you see the new objects that were added to DS by the schema

update.

Folder Names and Installation Types Under the DVD folders: Table 1.

sysmgmt\ManagmentStation\support\OMActiveDirectory_Tools\

Folder name

Installation type

ITA7

IT Assistant version 7.0 or later

OMSA

Dell OpenManage Server Administrator

KVM

KVM devices

RAC3

RAC 3 (version 3)

Remote_Management

RAC 4, RAC 5, Dell Chassis Management

Controller, and iDRAC on xx0x modular

systems.

Remote_Management_Advanced

iDRAC on xx1x systems

Note: Only iDRAC6 is supported on xx1x

systems.

Microsoft Domain setup for both TFA and SSO

To setup the two factor authentication (TFA) and single sign on (SSO) environment requires the

following:

Only TFA:

 Only Internet Explorer 7 and later is supported for these TFA environments.

 Smart card login should be working with Active Directory login on workstations for use

with TFA and SSO.

o Pintool is needed for earlier versions of Windows, See Microsoft article

KB909520.

o Windows 7 may require drivers for the smart cards and/or readers. Drivers can

be obtained from: http://catalog.update.microsoft.com/v7/site/home.aspx.

o You may also check with your vendor.

 Test Smart Card Login with Active Directory user, to make sure it works.

 Set up a Smart Card Enrollment Agent (workstation) to enroll smart card users for the

domain.