Users Guide
3. Click the Privilege Object tab to add the privilege object to the association that denes the user’s or user group’s privileges
when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object.
Adding iDRAC devices or iDRAC device groups
To add iDRAC devices or iDRAC device groups:
1. Select the Products tab and click Add.
2. Enter iDRAC devices or iDRAC device group name and click OK.
3. In the Properties window, click Apply and click OK.
4. Click the Products tab to add one iDRAC device connected to the network that is available for the dened users or user
groups. You can add multiple iDRAC devices to an Association Object.
Conguring Active Directory with Extended schema using iDRAC web interface
To congure Active Directory with extended schema using Web interface:
NOTE: For information about the various elds, see the
iDRAC Online Help
.
1. In the iDRAC Web interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Microsoft
Active Directory.
The Active Directory summary page is displayed.
2. Click Congure Active Directory.
The Active Directory Conguration and Management Step 1 of 4 page is displayed.
3. Optionally, enable certicate validation and upload the CA-signed digital certicate used during initiation of SSL connections
when communicating with the Active Directory (AD) server.
4. Click Next.
The Active Directory Conguration and Management Step 2 of 4 page is displayed.
5. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait
for responses from AD during login process.
NOTE:
• If certicate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that
DNS is congured correctly under Overview → iDRAC Settings → Network
• If the user and iDRAC objects are in dierent domains, then do not select the User Domain from Login option. Instead
select Specify a Domain option and enter the domain name where the iDRAC object is available.
6. Click Next. The Active Directory Conguration and Management Step 3 of 4 page is displayed.
7. Select Extended Schema and click Next.
The Active Directory Conguration and Management Step 4 of 4 page is displayed.
8. Enter the name and location of the iDRAC device object in Active Directory (AD) and click Finish.
The Active Directory settings for extended schema mode is congured.
Conguring Active Directory with Extended schema using RACADM
To congure Active Directory with Extended Schema using the RACADM:
1. Use the following commands:
racadm set iDRAC.ActiveDirectory.Enable 1
racadm set iDRAC.ActiveDirectory.Schema 2
racadm set iDRAC.ActiveDirectory.RacName <RAC common name>
racadm set iDRAC.ActiveDirectory.RacDomain <fully qualified rac domain name>
racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified domain name or IP
address of the domain controller>
racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified domain name or IP
address of the domain controller>
racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified domain name or IP
address of the domain controller>
• Enter the Fully Qualied Domain Name (FQDN) of the domain controller, not the FQDN of the domain. For example, enter
servername.dell.com instead of dell.com.
143