Using config command:
racadm config -g cfgActiveDirectory -o cfgADEnable 1
racadm config -g cfgActiveDirectory -o cfgADType 1
racadm config -g cfgActiveDirectory -o cfgADRacName <RAC common name>
racadm config -g cfgActiveDirectory -o cfgADRacDomain <fully qualified
rac domain name>
racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully
qualified domain name or IP Address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully
qualified domain name or IP Address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully
qualified domain name or IP Address of the domain controller>
Using set command:
racadm set iDRAC.ActiveDirectory.Enable 1
racadm set iDRAC.ActiveDirectory.Schema 2
racadm set iDRAC.ActiveDirectory.RacName <RAC common name>
racadm set iDRAC.ActiveDirectory.RacDomain <fully qualified rac domain
name>
racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified
domain name or IP address of the domain controller>
racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified
domain name or IP address of the domain controller>
racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified
domain name or IP address of the domain controller>
NOTE: You must configure at least one of the three addresses. iDRAC attempts to connect to
each of the configured addresses one-by-one until it makes a successful connection. With
Extended Schema, these are the FQDN or IP addresses of the domain controllers where this
iDRAC device is located.
To disable the certificate validation during SSL handshake (optional):
Using config command: racadm config -g cfgActiveDirectory -o
cfgADCertValidationEnable 0
Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0
NOTE: In this case, you do not have to upload a CA certificate.
To enforce the certificate validation during SSL handshake (optional):
Using config command: racadm config -g cfgActiveDirectory -o
cfgADCertValidationEnable 1
Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1
In this case, you must upload a CA certificate:
racadm sslcertupload -t 0x2 -f <ADS root CA certificate>
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and
the FQDN. Make sure that DNS is configured correctly under OverviewiDRAC Settings
Network.
Using the following RACADM command may be optional:
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the
following RACADM command:
160