Users Guide

120 Using Microsoft

Active Directory

Overview of the Active Directory Schema Extensions

Dell created Classes, or groups of objects, that can be configured by the user to meet their unique needs.

New Classes in the schema include an Association, a Product, and a Privilege class. An Association object

links the users or groups to a given set of privileges and to systems (Product Objects) in your network.

This model gives an administrator control over the different combinations of users, privileges, and

systems or RAC devices on the network, without adding complexity.

Active Directory Object Overview

For each of the systems that you want to integrate with Active Directory for authentication and

authorization, there must be at least one Association Object and one Product Object. The Product

Object represents the system. The Association Object links it with users and privileges. You can create as

many Association Objects as you need.

Each Association Object can be linked to as many users, groups of users, and Product Objects as desired.

The users and Product Objects can be from any domain. However, each Association Object may only link

to one Privilege Object. This behavior allows an Administrator to control which users have which rights

on specific systems.

The Product Object links the system to Active Directory for authentication and authorization queries.

When a system is added to the network, the Administrator must configure the system and its product

object with its Active Directory name so that users can perform authentication and authorization with

Active Directory. The Administrator must also add the system to at least one Association Object in order

for users to authenticate.

Figure 8-1 illustrates that the Association Object provides the connection that is needed for all of the

authentication and authorization.