Users Guide
124 Using Microsoft Active Directory
3
Create two RAC Device Objects, RAC1 and RAC2, to represent the two
remote systems.
4
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all
privileges (Administrator) and Priv2 has Login privileges.
5
Group User1 and User2 into Group1. The group scope of Group1 must
be Universal.
6
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege
Objects in AO1, and both RAC1 and RAC2 as Products in AO1.
7
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege
Objects in AO2, and RAC2 as a Product in AO2.
For Server Administrator or IT Assistant, on the other hand, the users in a
single Association can be in separate domains without needing to be added to
a universal group. The following is a very similar example to show how Server
Administrator or IT Assistant systems in separate domains affect the setup of
directory objects. Instead of RAC devices, you’ll have two systems running
Server Administrator (Server Administrator Products sys1 and sys2). Sys1 and
sys2 are in different domains. You can use any existing Users or Groups that
you have in Active Directory. Figure 9-4 shows how to set up the Server
Administrator Active Directory objects for this example.