Users Guide
Using Microsoft
®
Active Directory
®
105
Figure 8-3. Setting Up RAC Active Directory Objects in Multiple Domains
To set up the objects for this multiple domain scenario, perform the following tasks:
1
Ensure that the domain forest function is in Native or Windows 2003 mode.
2
Create two Association Objects, AO1 (of Universal scope) and AO2, in any domain. The figure shows
the objects in Domain2.
3
Create two RAC Device Objects, RAC1 and RAC2, to represent the two remote systems.
4
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and
Priv2 has Login privileges.
5
Group user1 and user2 into Group1. The group scope of Group1 must be Universal.
6
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and both
RAC1 and RAC2 as Products in AO1.
7
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RAC2 as
a Product in AO2.
For Server Administrator or IT Assistant, on the other hand, the users in a single Association can be in
separate domains without needing to be added to a universal group. The following is a very similar
example to show how Server Administrator or IT Assistant systems in separate domains affect the setup
of directory objects. Instead of RAC devices, you’ll have two systems running Server Administrator
AO1 AO2
Priv2Priv1Group1
RAC2RAC1User3User2User1
Domain2Domain1