Manualshelf

Installation Manual

ManualsBrandsTechMikeNY ManualsComputers & AccessoriesTechMikeNY High-End PowerEdge R620 Server 2X 2.90Ghz E5-2690 8C 384GB 8X 512GB SSD (Certified Refurbished)
131132133134135136137138139140
The Dell extension to the ADUC MMC Snap-in only allows associating the Privilege Object and iDRAC7 Objects from the
same domain with the Association Object. The Dell extension does not allow a group or an iDRAC7 object from other
domains to be added as a product member of the Association Object.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default
Association objects created by the Dell Schema Extender Utility are Domain Local Groups and does not work with
Universal Groups from other domains.
Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema
solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active
Directory.
Accumulating Privileges Using Extended Schema
The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects
associated with the same user through different Association Objects. In other words, Extended Schema Authentication
accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege
objects associated with the same user.
The following figure provides an example of accumulating privileges using Extended Schema.
Figure 3. Privilege Accumulation for a User
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC72 through both association
objects.
Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible
considering the assigned privileges of the different privilege objects associated to the same user.
In this example, User1 has both Priv1 and Priv2 privileges on iDRAC72. User1 has Priv1 privileges on iDRAC71 only. User2
has Priv1 privileges on both iDRAC71 and iDRAC72. In addition, this figure shows that User1 can be in a different domain
and can be a member of a group.
Configuring Extended Schema Active Directory
To configure Active Directory to access iDRAC7:
1. Extend the Active Directory schema.
2. Extend the Active Directory Users and Computers Snap-in.
135