Users Guide
100 Using the DRAC 5 With Microsoft Active Directory
Supported Active Directory Authentication
Mechanisms
You can use Active Directory to define user access on the DRAC 5 through
two methods: you can use a standard schema solution, which uses Active
Directory group objects only or you can use the extended schema solution,
which Dell has customized to add Dell-defined Active Directory objects. For
more information about these solutions, see the sections below.
When using Active Directory to configure access to the DRAC 5, you must
choose either the extended schema or the standard schema solution.
The advantages of using the standard schema solution are:
• No schema extension is required because standard schema uses Active
Directory objects only.
• Configuration on Active Directory side is simple.
The advantages of using the extended schema solution are:
• All of the access control objects are maintained in Active Directory.
• Maximum flexibility in configuring user access on different DRAC 5 cards
with different privilege levels.
Standard Schema Active Directory Overview
As shown in Figure 6-1, using standard schema for Active Directory
integration requires configuration on both Active Directory and the DRAC 5.
On the Active Directory side, a standard group object is used as a role group.
A user who has DRAC 5 access will be a member of the role group. In order to
give this user access to a specific DRAC 5 card, the role group name and its
domain name need to be configured on the specific DRAC 5 card. Unlike the
extended schema solution, the role and the privilege level is defined on each
DRAC 5 card, not in the Active Directory. Up to five role groups can be
configured and defined in each DRAC 5. Table 6-12 shows the privileges level
of the role groups and Table 6-1shows the default role group settings.