Users Guide
Using Microsoft Active Directory 171
To set up the objects for this multiple domain scenario, perform the
following tasks:
1
Ensure that the domain forest function is in Native or Windows 2003
mode.
2
Create two Association Objects, AO1 and AO2, in any domain. The figure
shows the objects in Domain1.
3
Create two Server Administrator Products, sys1 and sys2, to represent the
two systems. Sys1 is in Domain1 and sys2 is in Domain2.
4
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all
privileges (Administrator) and Priv2 has Login privileges.
5
Group sys2 into Group1. The group scope of Group1 must be universal.
6
Add User1 and User2 as Members in Association Object 1 (AO1), Priv1 as
Privilege Objects in AO1, and both sys1 and Group1 as Products in AO1.
7
Add User3 as a Member in Association Object 2 (AO2), Priv2 as a Privilege
object in AO2, and Group1 as a Product in AO2.
Note that neither of the Association objects needs to be of Universal scope in
this case.
Configuring Active Directory to Access Your Systems
Before you can use Active Directory to access your systems, you must
configure both the Active Directory software and the systems.
1
Extend the Active Directory schema (see "Extending the Active Directory
Schema").
2
Extend the Active Directory Users and Computers Snap-in (see
"Installing the Dell Extension to the Active Directory Users and
Computers Snap-In").
3
Add system users and their privileges to Active Directory (see "Adding
Users and Privileges to Active Directory").
4
For RAC systems only, enable SSL on each of your domain controllers (see
"Enabling SSL on a Domain Controller (RAC Only)").
5
Configure the system’s Active Directory properties using either the
Web-based interface or the CLI (see "Configuring Your Systems or
Devices").