Users Guide

102 Using the DRAC 5 With Microsoft Active Directory
Overview of the RAC Schema Extensions
To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of
properties that can be configured by the user depending on the desired results. Dell has extended the
schema to include an Association, Device, and Privilege property. The Association property is used to link
together the users or groups with a specific set of privileges to one or more RAC devices. This model
provides an Administrator maximum flexibility over the different combinations of users, RAC privileges,
and RAC devices on the network without adding too much complexity.
Active Directory Object Overview
For each of the physical RACs on the network that you want to integrate with Active Directory for
Authentication and Authorization, create at least one Association Object and one RAC Device Object.
You can create multiple Association Objects, and each Association Object can be linked to as many users,
groups of users, or RAC Device Objects as required. The users and RAC Device Objects can be members
of any domain in the enterprise.
However, each Association Object can be linked (or, may link users, groups of users, or RAC Device
Objects) to only one Privilege Object. This example allows an Administrator to control each user’s
privileges on specific RACs.
The RAC Device object is the link to the RAC firmware for querying Active Directory for authentication
and authorization. When a RAC is added to the network, the Administrator must configure the RAC
and its device object with its Active Directory name so users can perform authentication and
authorization with Active Directory. Additionally, the Administrator must add the RAC to at least one
Association Object in order for users to authenticate.
Figure 6-1 illustrates that the Association Object provides the connection that is needed for all of the
Authentication and Authorization.