Users Guide
2. Create two Association Objects, AO1 and AO2, in any domain. The figure shows the objects in Domain1.
3. Create two Server Administrator Products, sys1 and sys2, to represent the two systems. Sys1 is in Domain1 and sys2 is in Domain2.
4. Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and Priv2 has Login privileges.
5. Group sys2 into Group1. The group scope of Group1 must be universal.
6. Add User1 and User2 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and both sys1 and Group1 as Products in AO1.
7. Add User3 as a Member in Association Object 2 (AO2), Priv2 as a Privilege object in AO2, and Group1 as a Product in AO2.
Note that neither of the Association objects needs to be of Universal scope in this case.
Configuring Active Directory to Access Your Systems
Before you can use Active Directory to access your systems, you must configure both the Active Directory software and the systems.
1. Extend the Active Directory schema (see "Extending the Active Directory Schema").
2. Extend the Active Directory Users and Computers Snap-in (see "Installing the Dell Extension to the Active Directory Users and Computers Snap-In").
3. Add system users and their privileges to Active Directory (see "Adding Users and Privileges to Active Directory").
4. For RAC systems only, enable SSL on each of your domain controllers (see "Enabling SSL on a Domain Controller (RAC Only)").
5. Configure the system's Active Directory properties using either the Web-based interface or the CLI (see "Configuring Your Systems or Devices").
Extending the Active Directory Schema
RAC, Server Administrator, and IT Assistant schema extensions are available. You only need to extend the schema for software or hardware that you are
using. Each extension must be applied individually to receive the benefit of its software-specific settings. Extending your Active Directory schema will add
schema classes and attributes, example privileges and association objects, and a Dell organizational unit to the schema.
You can extend your schema using two different methods. You can use the Dell Schema Extender utility, or you can use the Lightweight Directory Interchange
Format (LDIF) script file.
The LDIF script files and Dell Schema Extender are located on your DellPowerEdge™InstallationandServerManagementCD in the following respective
directories:
l CD drive:\support\OMActiveDirectory Tools\installation type\LDIF Files
l CD drive:\support\OMActiveDirectory Tools\installation type\Schema Extender
Installation typewillbeeitherRAC4,RAC3,ServerAdministrator,orITAssistantversion7.0orlater,dependingonyourchoiceofschemaextension.
To use the LDIF files, see the instructions in the readme that is in the LDIF files directory. To use the Dell Schema Extender to extend the Active Directory
Schema, perform the steps in "Using the Dell Schema Extender."
You can copy and run the Schema Extender or LDIF files from any location.
Using the Dell Schema Extender
1. Click Next on the Welcome screen.
2. Read the warning and click Next again.
3. Either select Use Current Log In Credentials or enter a user name and password with schema administrator rights.
NOTE: Before you extend the schema, you must have Schema Admin privileges on the Schema Master Flexible Single Master Operation (FSMO) Role
Owner of the domain forest.
NOTE: The Dell organizational unit will not be added if you use the LDIF script file.
NOTICE: The Dell Schema Extender uses the SchemaExtenderOem.ini file.ToensurethattheDellSchemaExtenderutilityfunctionsproperly,donot
modify the name or the contents of this file.