Dell POWEREDGE M1000E User Manual

Directory name so that users can perform authentication and authorization with Active Directory. Additionally, the
administrator must add the RAC to at least one association object for users to authenticate.
The following figure shows that the association object provides the connection that is needed for the authentication and
authorization.

NOTE: The RAC privilege object applies to DRAC 4, DRAC 5, and CMC.

You can create as many or as few association objects as required. However, you must create at least one Association
Object, and you must have one RAC device object for each RAC (CMC) on the network that you want to integrate with
Active Directory.

The Association Object allows as many or as few users and/or groups as well as RAC Device Objects. However, the
Association Object only includes one Privilege Object per Association Object. The Association Object connects the

Users

who have

Privileges

on RACs (CMCs).

Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For example, you have
two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). You want to give user1
and user2 an administrator privilege to both CMCs and give user3 a login privilege to the RAC2 card. The following figure
illustrates how you set up the Active Directory objects in this scenario.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default
Association objects created by the Dell Schema Extender Utility are Domain Local Groups and does not work with
Universal Groups from other domains.

132