Users Guide
Using the DRAC 5 With Microsoft Active Directory 103
Figure 6-1. Typical Setup for Active Directory Objects
NOTE: The RAC privilege object applies to both DRAC 4 and DRAC 5.
You can create as many or as few association objects as required. However, you must create at least one
Association Object, and you must have one RAC Device Object for each RAC (DRAC 5) on the network
that you want to integrate with Active Directory for Authentication and Authorization with the RAC
(DRAC 5).
The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects.
However, the Association Object only includes one Privilege Object per Association Object. The
Association Object connects the "Users" who have "Privileges" on the RACs (DRAC 5s).
Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For
example, you have two DRAC 5 cards (RAC1 and RAC2) and three existing Active Directory users
(user1, user2, and user3). You want to give user1 and user2 an administrator privilege to both DRAC 5
cards and give user3 a login privilege to the RAC2 card. Figure 6-2 shows how you set up the Active
Directory objects in this scenario.
When adding Universal Groups from separate domains, create an Association Object with Universal
Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local
Groups and will not work with Universal Groups from other domains.
Association Object
User(s) Group(s) Privilege Object RAC Device Object(s)
RAC Privilege Object