Installation Manual

ManualsBrandsTechMikeNY ManualsComputers & AccessoriesTechMikeNY High-End PowerEdge R620 Server 2X 2.90Ghz E5-2690 8C 384GB 8X 512GB SSD (Certified Refurbished)

141

142

143

144

145

146

147

148

149

150

Configuring Active Directory With Extended Schema Using RACADM

To configure Active Directory with Extended Schema using the RACADM:

1. Open a command prompt and enter the following RACADM commands:

– Using config command:

racadm config -g cfgActiveDirectory -o cfgADEnable 1

racadm config -g cfgActiveDirectory -o cfgADType 1

racadm config -g cfgActiveDirectory -o cfgADRacName <RAC common name>

racadm config -g cfgActiveDirectory -o cfgADRacDomain <fully qualified

rac domain name>

racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully

qualified domain name or IP Address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully

qualified domain name or IP Address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully

qualified domain name or IP Address of the domain controller>

– Using set command:

racadm set iDRAC.ActiveDirectory.Enable 1

racadm set iDRAC.ActiveDirectory.Schema 2

racadm set iDRAC.ActiveDirectory.RacName <RAC common name>

racadm set iDRAC.ActiveDirectory.RacDomain <fully qualified rac domain

name>

racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified

domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified

domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified

domain name or IP address of the domain controller>

NOTE: You must configure at least one of the three addresses. iDRAC7 attempts to connect to each of the

configured addresses one-by-one until it makes a successful connection. With Extended Schema, these are

the FQDN or IP addresses of the domain controllers where this iDRAC7 device is located.

To disable the certificate validation during SSL handshake (optional):

– Using config command: racadm config -g cfgActiveDirectory -o

cfgADCertValidationEnable 0

– Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0

NOTE: In this case, you do not have to upload a CA certificate.

To enforce the certificate validation during SSL handshake (optional):

– Using config command: racadm config -g cfgActiveDirectory -o

cfgADCertValidationEnable 1

– Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1

In this case, you must upload a CA certificate:

racadm sslcertupload -t 0x2 -f <ADS root CA certificate>

NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN.

Make sure that DNS is configured correctly under Overview → iDRAC Settings → Network.

Using the following RACADM command may be optional:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2. If DHCP is enabled on iDRAC7 and you want to use the DNS provided by the DHCP server, enter the following

RACADM command:

143