Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC9 - 3.0x Series

121

122

123

124

125

126

127

128

129

130

In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give

this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and

the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC.

Table reference no shows the default role group privileges.

Table 21. Default role group privileges

Role Groups Default Privilege Level Permissions Granted Bit Mask

Role Group 1 None Log in to iDRAC, Configure

iDRAC, Configure Users, Clear

Logs, Execute Server Control

Commands, Access Virtual

Console, Access Virtual Media,

Test Alerts, Execute Diagnostic

Commands

0x000001ff

Role Group 2 None Log in to iDRAC, Configure

iDRAC, Execute Server Control

Commands, Access Virtual

Console, Access Virtual Media,

Test Alerts, Execute Diagnostic

Commands

0x000000f9

Role Group 3 None Log in to iDRAC 0x00000001

Role Group 4 None No assigned permissions 0x00000000

Role Group 5 None No assigned permissions 0x00000000

NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.

Single domain versus multiple domain scenarios

If all the login users and role groups, including the nested groups, are in the same domain, then only the domain controllers’ addresses must

be configured on iDRAC. In this single domain scenario, any group type is supported.

If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses must be

configured on iDRAC. In this multiple domain scenario, all the role groups and nested groups, if any, must be a Universal Group type.

Configuring Standard schema Active Directory

Before configuring the standard schema Active Directory, ensure that:

• You have the iDRAC enterprise license.

• The configuration is performed on a server that is used as the Domain Controller.

• The dat, time and time zone on the server are correct.

• The iDRAC network settings are configured, or in iDRAC web interface go to iDRAC Settings > Connectivity > Network >

Common Settings to configure the network settings.

To configure iDRAC for an Active Directory login access:

1. On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in.

2. Create the iDRAC groups and users.

3. Configure the group name, domain name, and the role privileges on iDRAC using the iDRAC web interface or RACADM.

Configuring Active Directory with Standard schema using iDRAC web

interface

NOTE:

For information about the various fields, see the

iDRAC Online Help

1. In the iDRAC web interface, go to iDRAC Settings > Users > Directory Services.

Configuring user accounts and privileges

125