Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC6 for Blade Servers Version 3.5
131132133134135136137138139140
Using iDRAC6 Directory Service 135
When adding Universal Groups from separate domains, create an Association
Object with Universal Scope. The Default Association objects created by the
Dell Schema Extender Utility are Domain Local Groups and will not work
with Universal Groups from other domains.
Users, user groups, or nested user groups from any domain can be added into
the Association Object. Extended Schema solutions support any user group
type and any user group nesting across multiple domains allowed by
Microsoft Active Directory.
Accumulating Privileges Using Extended Schema
The Extended Schema Authentication mechanism supports Privilege
Accumulation from different privilege objects associated with the same user
through different Association Objects. In other words, Extended Schema
Authentication accumulates privileges to allow the user the super set of all
assigned privileges corresponding to the different privilege objects associated
with the same user.
Figure 6-2 provides an example of accumulating privileges using Extended
Schema.
Figure 6-2. Privilege Accumulation for a User
A01 A02
Group1 Priv1 Priv2
User1 User2 iDRAC1 iDRAC2
Domain 2Domain 1