Dell Remote Access Controller 4 Firmware Version 1.30 Universal Remote User Manual


 
86 Using the DRAC 4 With Microsoft
®
Active Directory
www.dell.com | support.dell.com
Overview of the RAC Schema Extensions
To provide the greatest flexibility in the multitude of customer environments, Dell provides a
group of objects that can be configured by the user depending on the desired results. Dell has
extended the schema to include an Association, Device, and Privilege object. The Association
object is used to link together the users or groups with a specific set of privileges to one or more
RAC devices. This model provides an Administrator maximum flexibility over the different
combinations of users, RAC privileges, and RAC devices on the network without adding too
much complexity.
Active Directory Object Overview
For each of the physical RACs on the network that you want to integrate with Active Directory
for Authentication and Authorization, you must create at least one Association Object and one
RAC Device Object. You can create as many Association Objects as you want, and each
Association Object can be linked to as many users, groups of users, or RAC Device Objects as
desired. The users and RAC Device Objects can be members of any domain in the enterprise.
However, each Association Object may be linked (or, may link users, groups of users, or RAC
Device Objects) to only one Privilege Object. This allows an Administrator to control which
users have what kind of privileges on specific RACs.
The RAC Device Object is the link to the RAC firmware for querying Active Directory for
authentication and authorization. When a RAC is added to the network, the Administrator
must configure the RAC and its device object with its Active Directory name so that users can
perform authentication and authorization with Active Directory. The Administrator will also
need to add the RAC to at least one Association Object in order for users to authenticate.
Figure 5-1 illustrates that the Association Object provides the connection that is needed for all
of the Authentication and Authorization.