Users Guide
Supported Active Directory authentication mechanisms
You can use Active Directory to dene iDRAC user access using two methods:
• Standard schema solution, which uses Microsoft’s default Active Directory group objects only.
• Extended schema solution, which has customized Active Directory objects. All the access control objects are maintained in Active
Directory. It provides maximum exibility to congure user access on dierent iDRACs with varying privilege levels.
Related link
Standard schema Active Directory overview
Extended schema Active Directory overview
Standard schema Active Directory overview
As shown in the following gure, using standard schema for Active Directory integration requires conguration on both Active Directory and
iDRAC.
Figure 1. Conguration of iDRAC with active directory standard schema
In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give
this user access to a specic iDRAC, the role group name and its domain name need to be congured on the specic iDRAC. The role and
the privilege level are dened on each iDRAC and not in the Active Directory. You can congure up to ve role groups in each iDRAC. Table
reference no shows the default role group privileges.
Table 22. Default role group privileges
Role Groups Default Privilege Level Permissions Granted Bit Mask
Role Group 1 None Log in to iDRAC, Congure
iDRAC, Congure Users, Clear
Logs, Execute Server Control
Commands, Access Virtual
Console, Access Virtual Media,
0x000001
140 Conguring user accounts and privileges