Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC7/8 with Lifecycle Controller Version 2.50.50.50

151

152

153

154

155

156

157

158

159

160

Conguring Active Directory with Extended schema using RACADM

To congure Active Directory with Extended Schema using the RACADM:

1 Use the following commands:

racadm set iDRAC.ActiveDirectory.Enable 1

racadm set iDRAC.ActiveDirectory.Schema 2

racadm set iDRAC.ActiveDirectory.RacName <RAC common name>

racadm set iDRAC.ActiveDirectory.RacDomain <fully qualified rac domain name>

racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified domain name or IP

address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified domain name or IP

address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified domain name or IP

address of the domain controller>

• Enter the Fully Qualied Domain Name (FQDN) of the domain controller, not the FQDN of the domain. For example, enter

servername.dell.com instead of dell.com.

• You must provide at least one of the three addresses. iDRAC attempts to connect to each of the congured addresses one-by-one

until it makes a successful connection. With Extended Schema, these are the FQDN or IP addresses of the domain controllers

where this iDRAC device is located.

• To disable the certicate validation during SSL handshake, use the following command:

racadm set iDRAC.ActiveDirectory.CertValidationEnable 0

In this case, you do not have to upload a CA certicate.

• To enforce the certicate validation during SSL handshake (optional):

racadm set iDRAC.ActiveDirectory.CertValidationEnable 1

In this case, you must upload a CA certicate using the following command:

racadm sslcertupload -t 0x2 -f <ADS root CA certificate>

NOTE

: If certicate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Ensure

that DNS is congured correctly under Overview > iDRAC Settings > Network.

Using the following RACADM command may be optional:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2 If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command:

racadm set iDRAC.IPv4.DNSFromDHCP 1

3 If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command:

racadm set iDRAC.IPv4.DNSFromDHCP 0

racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 <primary DNS IP address>

racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 <secondary DNS IP address>

4 If you want to congure a list of user domains so that you only need to enter the user name during log in to iDRAC web interface, use

the following command:

racadm set iDRAC.UserDomain.<index>.Name <fully qualified domain name or IP Address of the

domain controller>

You can congure up to 40 user domains with index numbers between 1 and 40.

Testing Active Directory settings

You can test the Active Directory settings to verify whether your conguration is correct, or to diagnose the problem with a failed Active

Directory log in.

Conguring

user accounts and privileges 153