Users Guide
Using iDRAC6 With Microsoft Active Directory 117
Figure 6-1 illustrates that the Association Object provides the connection
that is needed for all of the Authentication and Authorization.
Figure 6-1. Typical Setup for Active Directory Objects
You can create as many or as few association objects as required. However,
you must create at least one Association Object, and you must have one
iDRAC6 Device Object for each iDRAC6 device on the network that you
want to integrate with Active Directory for Authentication and Authorization
with iDRAC6.
The Association Object allows for as many or as few users and/or groups as
well as iDRAC6 Device Objects. However, the Association Object only
includes one Privilege Object per Association Object. The Association Object
connects the Users who have Privileges on the iDRAC6 devices.
The Dell extension to the ADUC MMC Snap-in only allows associating the
Privilege Object and iDRAC6 Objects from the same domain with the
Association Object. The Dell extension does not allow a group or an iDRAC6
object from other domains to be added as a product member of the
Association Object.
Users, user groups, or nested user groups from any domain can be added into
the Association Object. Extended Schema solutions support any user group
type and any user group nesting across multiple domains allowed by
Microsoft Active Directory.
iDRAC
Association Object
User(s)
Group(s)
Privilege Object
iDRAC
Device Object(s)