Users Guide

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.00 with Dell OpenManage 5.1

111

112

113

114

115

116

117

118

119

120

118 Using the DRAC 5 With Microsoft Active Directory

where

username

is an ASCII string of 1–256 bytes.

White space and special characters (such as \, /, or @) cannot be used in the user name or the domain

name.

NOTE: You cannot specify NetBIOS domain names, such as Americas, as these names cannot be resolved.

Frequently Asked Questions

Table 6-8 lists frequently asked questions and answers.

Table 6-8. Using the DRAC 5 With Active Directory: Frequently Asked Questions

Question Answer

Can I log into the DRAC 5 using Active Directory

across multiple forests?

The DRAC 5’s Active Directory querying algorithm only

supports a single tree in a single forest.

Does the login to the DRAC 5 using Active

Directory work in mixed mode (that is, the

domain controllers in the forest run different

operating systems, such as Microsoft

Windows NT

4.0, Windows 2000, or Windows

Server 2003)?

Yes. In mixed mode, all objects used by the DRAC 5 querying

process (among user, RAC Device Object, and Association

Object) have to be in the same domain.

The Dell-extended Active Directory Users and Computers

snap-in checks the mode and limits users in order to create

objects across domains if in mixed mode.

Does using the DRAC 5 with Active Directory

support multiple domain environments?

Yes. The domain forest function level must be in Native mode

or Windows 2003 mode. In addition, the groups among

Association Object, RAC user objects, and RAC Device Objects

(including Association Object) must be universal groups.

Can these Dell-extended objects (Dell

Association Object, Dell RAC Device, and Dell

Privilege Object) be in different domains?

The Association Object and the Privilege Object must be in the

same domain. The Dell-extended Active Directory Users and

Computers snap-in forces you to create these two objects in the

same domain. Other objects can be in different domains.

Are there any restrictions on Domain Controller

SSL configuration?

Yes. All Active Directory servers’ SSL certificates in the forest

must be signed by the same root CA since DRAC 5 only allows

uploading one trusted CA SSL certificate.

I created and uploaded a new RAC certificate and

now the Web-based interface does not launch.

If you use Microsoft Certificate Services to generate the RAC

certificate, one possible cause of this is you inadvertently chose

User Certificate instead of Web Certificate when creating the

certificate. To recover, create a new Web certificate from

Microsoft Certificate Services and load it using RACADM from

the managed system by typing:

racadm sslcertupload -t 0x1 -f <web_sslcert>