Users Guide

However, each association object can be linked (or, may link users, groups of users, or RAC device

objects) to only one privilege object. This example allows an administrator to control each user’s

privileges on specific CMCs.

The RAC device object is the link to RAC firmware for querying Active Directory for authentication and

authorization. When a RAC is added to the network, the administrator must configure the RAC and its

device object with its Active Directory name so that users can perform authentication and authorization

with Active Directory. Additionally, the administrator must add the RAC to at least one association object

for users to authenticate.

The following figure shows that the association object provides the connection that is needed for the

authentication and authorization.

NOTE: The RAC privilege object applies to DRAC 4, DRAC 5, and CMC.

You can create as many or as few association objects as required. However, you must create at least one

Association Object, and you must have one RAC device object for each RAC (CMC) on the network that

you want to integrate with Active Directory.

The Association Object allows as many or as few users and/or groups as well as RAC Device Objects.

However, the Association Object only includes one Privilege Object per Association Object. The

Association Object connects the Users who have Privileges on RACs (CMCs).

Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For

example, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2,

and user3). You want to give user1 and user2 an administrator privilege to both CMCs and give user3 a

objects in this scenario.

When adding Universal Groups from separate domains, create an Association Object with Universal

Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local

Groups and does not work with Universal Groups from other domains.

157