Installation manual

102 Using Microsoft Active Directory

Overview of the Active Directory Schema Extensions

Dell created classes, or groups of objects, that can be configured by the user to

meet their unique needs. New classes in the schema include an Association,

a Product, and a Privilege class. An association object links the user or group

to a given set of privileges and to systems (Product Objects) in your network.

This model gives an administrator control over the different combinations of

user, privilege, and system or RAC device on the network, without

adding complexity.

Active Directory Object Overview

For each of the systems that you want to integrate with Active Directory for

authentication and authorization, there must be at least one Association

Object and one Product Object. The Product Object represents the system.

The Association Object links it with users and privileges. You can create as

many Association Objects as you need.

Each Association Object can be linked to as many users, groups of users, and

Product Objects as required. The users and Product Objects can be from any

domain. However, each Association Object may only link to one Privilege

Object. This behavior allows an administrator to control users and their rights

on specific systems.

The Product Object links the system to Active Directory for authentication

and authorization queries. When a system is added to the network, the

administrator must configure the system and its product object with its

Active Directory name so that users can perform authentication and

authorization with Active Directory. The administrator must also add the

system to at least one Association Object for users to authenticate.

Figure 8-1 illustrates that the Association Object provide the connection that

is needed for all of the authentication and authorization.