Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.

Figure 7-1. Typical Setup for Active Directory Objects

iDRAC Association Object

User(s)

Privilege Object

iDRAC

Group(s)

Device Object(s)

 

You can create as many or as few association objects as required. However,

you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC on the network that you want to integrate with Active Directory for Authentication and Authorization with the iDRAC.

The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the Users who have Privileges on the iDRACs.

The Dell extension to the Active Directory Users and Computers MMC Snap-in only allows associating the Privilege Object and iDRAC Objects from the same domain with the Association Object. The Dell extension does not allow a group or an iDRAC object from other domains to be added as a product member of the Association Object.

Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory.

150

Using the iDRAC6 Directory Service

Page 150
Image 150
Dell IDRAC6 manual 150, Typical Setup for Active Directory Objects