User1 is in Domain1, and user2 and user 3 are in Domain2. You want to give user1 and user 2 an administrator privilege to both Remote Console Switches and give user3 a login privilege to the RCS2.
Figure 9-8. Setting Up Active Directory Objects in Multiple Domains
Domain 1
Domain 2
AO1
AO2
Group1
Priv1
Priv2
User1
User2
User3
RCS1
RCS2
To set up the objects for the multiple domain scenario, perform the following tasks:
1Ensure that the domain forest function is in Native or Windows 2003 mode.
2Create two Association Objects, AO1 (of Universal scope) and AO2, in any domain. The figure shows the objects in Domain2.
3Create two RCS Device Objects, RCS1 and RCS2, to represent the two Remote Console Switches.
4Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges.
5Group user1 and user2 into Group1. The group scope of Group1 must be Universal.
6Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RCS1, RCS2 as RCS Devices in AO1.
201
LDAP Feature for the Remote Console Switch