Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC8 with Lifecycle Controller Version 2.05.05.05

121

122

123

124

125

126

127

128

129

130

Configuring Active Directory With Extended Schema Using RACADM

To configure Active Directory with Extended Schema using the RACADM:

1. Open a command prompt and enter the following RACADM commands:

• Using config command:

racadm config -g cfgActiveDirectory -o cfgADEnable 1

racadm config -g cfgActiveDirectory -o cfgADType 1

racadm config -g cfgActiveDirectory -o cfgADRacName <RAC common name>

racadm config -g cfgActiveDirectory -o cfgADRacDomain <fully qualified rac domain name>

racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully qualified domain

name or IP Address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully qualified domain

name or IP Address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully qualified domain

name or IP Address of the domain controller>

• Using set command:

racadm set iDRAC.ActiveDirectory.Enable 1

racadm set iDRAC.ActiveDirectory.Schema 2

racadm set iDRAC.ActiveDirectory.RacName <RAC common name>

racadm set iDRAC.ActiveDirectory.RacDomain <fully qualified rac domain name>

racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified domain name or IP

address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified domain name or IP

address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified domain name or IP

address of the domain controller>

NOTE:

You must configure at least one of the three addresses. iDRAC attempts to connect to each of the configured

addresses one-by-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP

addresses of the domain controllers where this iDRAC device is located.

To disable the certificate validation during SSL handshake (optional):

• Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0

• Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0

NOTE:

In this case, you do not have to upload a CA certificate.

To enforce the certificate validation during SSL handshake (optional):

• Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1

• Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1

In this case, you must upload a CA certificate:

racadm sslcertupload -t 0x2 -f <ADS root CA certificate>

NOTE:

If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure

that DNS is configured correctly under Overview > iDRAC Settings > Network.

Using the following RACADM command may be optional:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following RACADM command:

• Using config command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1

• Using set command: racadm set iDRAC.IPv4.DNSFromDHCP 1

3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following RACADM commands:

• Using config command:

racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0

racadm config -g cfgLanNetworking -o cfgDNSServer1 <primary DNS IP address>

racadm config -g cfgLanNetworking -o cfgDNSServer2 <secondary DNS IP address>

Configuring User Accounts and Privileges

129