Users Guide
136 Using iDRAC6 Directory Service
The figure shows two Association Objects—A01 and A02. User1 is associated
to iDRAC2 through both association objects. Therefore, User1 has
accumulated privileges that are the result of combining the privileges set for
objects Priv1 and Priv2 on iDRAC2.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs
and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test
Alerts. As a result, User1 now has the privilege set: Login to iDRAC,
Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the
combined privilege set of Priv1 and Priv2.
Extended Schema Authentication accumulates privileges to allow the user
the maximum set of privileges possible considering the assigned privileges of
the different privilege objects associated to the same user.
In this configuration, User1 has both Priv1 and Priv2 privileges on iDRAC2.
User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both
iDRAC1 and iDRAC2. In addition, this figure shows that User1 can be in a
different domain and can be a member of a group.
Configuring Extended Schema Active Directory to
Access iDRAC6
Before using Active Directory to access iDRAC6, configure the Active
Directory software and iDRAC6 by performing the following steps in order:
1
Extend the Active Directory schema (see "Extending the Active Directory
Schema" on page 137.)
2
Extend the Active Directory Users and Computers Snap-in (see "Installing
the Dell Extension to the Active Directory Users and Computers Snap-In"
on page 143).
3
Add iDRAC6 users and their privileges to Active Directory (see "Adding
iDRAC6 Users and Privileges to Active Directory" on page 144).
4
Configure iDRAC6 Active Directory properties using either iDRAC6 Web
interface or the RACADM (see "Configuring Microsoft Active Directory
With Extended Schema Using iDRAC6 Web Interface" on page 146 or
"Configuring Active Directory With Extended Schema Using RACADM"
on page 149).