Owners Manual
may only link to one Privilege Object. This behavior allows an administrator to control users and their
rights on specific systems.
The Product Object links the system to Active Directory for authentication and authorization queries.
When a system is added to the network, the administrator must configure the system and its product
object with its Active Directory name so that users can perform authentication and authorization with
Active Directory. The administrator must also add the system to at least one Association Object for users
to authenticate.
The following figure illustrates that the Association Object provide the connection that is needed for all of
the authentication and authorization.
Figure 1. Typical Setup for Active Directory Objects
In addition, you can set up Active Directory objects in a single domain or in multiple domains. Setting up
objects in a single domain does not vary, whether you are setting up RAC, or Server Administrator
objects. When multiple domains are involved, however, there are some differences.
The following figure shows the set up of the Active Directory objects in a single domain. In this scenario,
you have two DRAC 4 cards (RAC1 and RAC2) and three existing Active Directory users (User1, User2, and
User3). You want to give User1 and User2 administrator privilege on both DRAC 4 cards and give User3
login privilege on the RAC2 card.
37