Dell iDRAC8 - page 326

If you are using standard schema and all the users and role groups are in the same domain, Global

Catalog Address(es) are not required.

If you are using extended schema, the Global Catalog Address is not used.

How does standard schema query work?

iDRAC connects to the configured domain controller address(es) first. If the user and role groups are in

that domain, the privileges are saved.

If Global Controller Address(es) is configured, iDRAC continues to query the Global Catalog. If additional

privileges are retrieved from the Global Catalog, these privileges are accumulated.

Does iDRAC always use LDAP over SSL?

Yes. All the transportation is over secure port 636 and/or 3269. During test setting, iDRAC does a LDAP

Does iDRAC support the NetBIOS name?

Not in this release.

Why does it take up to four minutes to log in to iDRAC using Active Directory Single Sign–On or Smart

Card Login?

The Active Directory Single Sign–On or Smart Card log in normally takes less than 10 seconds, but it may

take up to four minutes to log in if you have specified the preferred DNS server and the alternate DNS

server, and the preferred DNS server has failed. DNS time-outs are expected when a DNS server is down.

iDRAC logs you in using the alternate DNS server.

The Active Directory is configured for a domain present in Windows Server 2008 Active Directory. A

child or sub domain is present for the domain, the user and group is present in the same child domain,

• Distribution — Distribution groups are intended to be used only as email distribution lists.

Always make sure that the group type is Security. You cannot use distribution groups to assign permission

on any object, however use them to filter group policy settings.