Users Guide

126 Using Microsoft Active Directory

Overview of the Active Directory Schema Extensions

Dell created Classes, or groups of objects, that can be configured by the user to

meet their unique needs. New Classes in the schema include an Association,

a Product, and a Privilege class. An Association object links the users or

groups to a given set of privileges and to systems (Product Objects) in your

network. This model gives an administrator control over the different

combinations of users, privileges, and systems or RAC devices on the network,

without adding complexity.

Active Directory Object Overview

For each of the systems that you want to integrate with Active Directory for

authentication and authorization, there must be at least one Association

Object and one Product Object. The Product Object represents the system.

The Association Object links it with users and privileges. You can create as

many Association Objects as you need.

Each Association Object can be linked to as many users, groups of users, and

Product Objects as desired. The users and Product Objects can be from any

domain. However, each Association Object may only link to one Privilege

Object. This behavior allows an Administrator to control which users have

which rights on specific systems.

The Product Object links the system to Active Directory for authentication

and authorization queries. When a system is added to the network, the

Administrator must configure the system and its product object with its

Active Directory name so that users can perform authentication and

authorization with Active Directory. The Administrator must also add the

system to at least one Association Object in order for users to authenticate.

Figure 9-1 illustrates that the Association Object provides the connection

that is needed for all of the authentication and authorization.