User's Manual

ManualsBrandsDell ManualsSoftwareLifecycle Controller 2 Version 1.0.8

100

Back to Contents Page

 Using the DRAC 4 With Microsoft Active Directory

Dell™RemoteAccessController4User'sGuide

Active Directory Schema Extensions

Overview of the RAC Schema Extensions

Active Directory Object Overview

Configuring Active Directory to Access Your DRAC 4

Extending the Active Directory Schema

Installing the Dell Extension to the Active Directory Users and Computers Snap-In

Opening the Active Directory Users and Computers Snap-In

Adding DRAC 4 Users and Privileges to Active Directory

Enabling SSL on a Domain Controller

Exporting the Domain Controller Root CA Certificate

Importing the DRAC 4 Firmware SSL Certificate to All Domain Controllers Trusted Certificate Lists

Configuring the DRAC 4

Using Active Directory to Log In To the DRAC 4

Frequently Asked Questions

A directory service is used to maintain a common database of all information needed for controlling users, computers, printers, etc. on a network.

If your company uses the Microsoft®Active Directory service software, it can be configured to give you access to the DRAC 4, allowing you to add and control

DRAC 4 user privileges to your existing users in your Active Directory software.

Active Directory Schema Extensions

The Active Directory data simply explained can be conceptualized as a distributed database of Attributes and Classes. The rules for what data can be added or

included in the database is the Active Directory schema. An example of a Class that is stored is the user class. Some example attributes of the user class might

be the user's first name, last name, phone number, and so on. Companies can extend the Active Directory database by adding their own unique Attributes and

Classes to solve environment–specific needs. Dell has extended the schema to include the necessary changes to support remote management Authentication

and Authorization.

Every Attribute or Class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry,

Microsoft maintains a database of Active Directory Object Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to

be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and

unique linked attribute IDs for our attributes and classes that are added into the directory service.

Dell extension is: dell

Dell base OID is: 1.2.840.113556.1.8000.1280

RAC LinkID range is: 12070 to 12079

The Active Directory OID database maintained by Microsoft can be viewed at <http://msdn.microsoft.com/certification/ADAcctInfo.asp> by entering our

extension Dell.

Overview of the RAC Schema Extensions

To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of objects that can be configured by the user depending on

the desired results. Dell has extended the schema to include an Association, Device, and Privilege object. The Association object is used to link together the

users or groups with a specific set of privileges to one or more RAC devices. This model provides an Administrator maximum flexibility over the different

combinations of users, RAC privileges, and RAC devices on the network without adding too much complexity.

Active Directory Object Overview

For each of the physical RACs on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least

one Association Object and one RAC Device Object. You can create as many Association Objects as you want, and each Association Object can be linked to as

many users, groups of users, or RAC Device Objects as desired. The users and RAC Device Objects can be members of any domain in the enterprise.

However, each Association Object may be linked (or, may link users, groups of users, or RAC Device Objects) to only one Privilege Object. This allows an

Administrator to control which users have what kind of privileges on specific RACs.

The RAC Device object is the link to the RAC firmware for querying Active Directory for authentication and authorization. When a RAC is added to the network,

the Administrator must configure the RAC and its device object with its Active Directory name so that users can perform authentication and authorization with

Active Directory. The Administrator will also need to add the RAC to at least one Association Object in order for users to authenticate.

Figure 5-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.

Figure 5-1.

NOTE: Using Active Directory to recognize DRAC 4 users is supported on the Microsoft Windows®2000 and Windows Server 2003 operating systems.