If you use Active Directory service software, you can configure it to control access to your network. Dell has modified the Active Directory database to support remote management authentication and authorization. Dell OpenManage™ IT Assistant and Dell OpenManage Server Administrator, as well as Dell™ remote access controllers, can now interface with Active Directory. With this tool, you can add and control users and privileges from one central database.
NOTE: Using Active Directory to recognize RAC, IT Assistant, or Server Administrator users is supported on the Microsoft Windows® 2000 and Windows Server™ 2003 operating systems.
Active Directory Schema Extensions
The Active Directory data exists in a distributed database of Attributes and Classes. An example of a Active Directory Class is the User class. Some example Attributes of the user class might be the user's first name, last name, phone number, and so on. Every Attribute or Class that is added to an existing Active Directory schema must be defined with a unique ID. To maintain unique IDs throughout the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs).
The Active Directory schema defines the rules for what data can be included in the database. To extend the schema in Active Directory, Dell received unique OIDs, unique name extensions, and unique linked attribute IDs for the new attributes and classes in the directory service.
Dell extension is: dell
Dell base OID is: 1.2.840.113556.1.8000.1280
Dell LinkID range is: 12070 to 12079
The Active Directory OID database maintained by Microsoft can be viewed at msdn.microsoft.com/certification/ADAcctInfo.asp by entering our extension, Dell.
Overview of the Active Directory Schema Extensions
Dell created Classes, or groups of objects, that can be configured by the user to meet their unique needs. New Classes in the schema include an Association, a Product, and a Privilege class. An Association object links the users or groups to a given set of privileges and to systems (Product Objects) in your network. This model gives an administrator control over the different combinations of users, privileges, and systems or RAC devices on the network, without adding complexity.
Active Directory Object Overview
For each of the systems that you want to integrate with Active Directory for Authentication and Authorization, there must be at least one Association Object and one Product Object. The Product Object represents the system. The Association Object links it with users and privileges. You can create as many Association Objects as you need.
Each Association Object can be linked to as many users, groups of users, and Product Objects as desired. The users and Product Objects can be from any domain. However, each Association Object may only link to one Privilege Object. This behavior allows an Administrator to control which users have which rights on specific systems.
The Product Object links the system to Active Directory for authentication and authorization queries. When a system is added to the network, the Administrator must configure the system and its product object with its Active Directory name so that users can perform authentication and authorization with Active Directory. The Administrator must also add the system to at least one Association Object in order for users to authenticate.
Figure 9-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.
Figure 9-1. Typical Setup for Active Directory Objects
In addition, you can set up Active Directory objects in a single domain or in multiple domains. Setting up objects in a single domain does not vary, whether you are setting up RAC, Server
Administrator, or IT Assistant objects. When multiple domains are involved, however, there are some differences.
For example, you have two DRAC 4 cards (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). You want to give user1 and user2 an Administrator privilege on both DRAC 4 cards and give user3 a Login privilege on the RAC2 card. Figure 9-2 shows how you set up the Active Directory objects in this scenario.
Figure 9-2. Setting Up Active Directory Objects in a Single Domain
To set up the objects for the single domain scenario, perform the following tasks:
Create two Association Objects.
Create two RAC Product Objects, RAC1 and RAC2, to represent the two DRAC 4 cards.
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator)
and Priv2 has Login privileges.
Group user1 and user2 into Group1.
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1,
and RAC1, RAC2 as RAC Products in AO1.
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and
RAC2 as RAC Products in AO2.
Figure 9-3 shows how to setup the Active Directory objects in multiple domains for RAC. In this scenario, you have two DRAC 4 cards (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, but user2 and user3 are in Domain2. You want to give user1 and user2 Administrator privileges on both the RAC1 and the RAC2 card and give user3 a Login privilege on the RAC2 card.
Figure 9-3. Setting Up RAC Active Directory Objects in Multiple Domains
To set up the objects for this multiple domain scenario, perform the following tasks:
Ensure that the domain forest function is in Native or Windows 2003 mode.
Create two Association Objects, AO1 (of Universal scope) and AO2, in any domain. The
figure shows the objects in Domain2.
Create two RAC Device Objects, RAC1 and RAC2, to represent the two remote systems.
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator)
and Priv2 has Login privileges.
Group user1 and user2 into Group1. The group scope of Group1 must be Universal.
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1,
and both RAC1 and RAC2 as Products in AO1.
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and
RAC2 as a Product in AO2.
For Server Administrator or IT Assistant, on the other hand, the users in a single Association can be in separate domains without needing to be added to a universal group. The following is a very similar example to show how Server Administrator or IT Assistant systems in separate domains affect the setup of directory objects. Instead of RAC devices, you'll have two systems running Server Administrator (Server Administrator Products sys1 and sys2). Sys1 and sys2 are in different domains. You can use any existing Users or Groups that you have in Active Directory. Figure 9-4 shows how to set up the Server Administrator Active Directory objects for this example.
Figure 9-4. Setting Up Server Administrator Active Directory Objects in Multiple Domains
To set up the objects for this multiple domain scenario, perform the following tasks:
Ensure that the domain forest function is in Native or Windows 2003 mode.
Create two Association Objects, AO1 and AO2, in any domain. The figure shows the objects
in Domain1.
Create two Server Administrator Products, sys1 and sys2, to represent the two systems. Sys1 is
in Domain1 and sys2 is in Domain2.
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator)
and Priv2 has Login privileges.
Group sys2 into Group1. The group scope of Group1 must be universal.
Add user1 and user2 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in
AO1, and both sys1 and Group1 as Products in AO1.
Add User3 as a Member in Association Object 2 (AO2), Priv2 as a Privilege object in AO2, and
Group1 as a Product in AO2.
Note that neither of the Association objects needs to be of Universal scope in this case.
Configuring Active Directory to Access Your Systems
Before you can use Active Directory to access your systems, you must configure both the Active Directory software and the systems.
Configure the system's Active Directory properties using either the Web-based interface or
the CLI (see "Configuring Your Systems or Devices").
Extending the Active Directory Schema
RAC, Server Administrator, and IT Assistant schema extensions are available. You only need to extend the schema for software or hardware that you are using. Each extension must be applied individually to receive the benefit of its software-specific settings. Extending your Active Directory schema will add schema classes and attributes, example privileges and association objects, and a Dell organizational unit to the schema.
NOTE: Before you extend the schema, you must have Schema Admin privileges on the Schema Master Flexible Single Master Operation (FSMO) Role Owner of the domain forest.
You can extend your schema using two different methods. You can use the Dell Schema Extender utility, or you can use the Lightweight Directory Interchange Format (LDIF) script file.
NOTE: The Dell organizational unit will not be added if you use the LDIF script file.
The LDIF script files and Dell Schema Extender are located on your Dell PowerEdge Installation and Server Management CD in the following respective directories:
CD drive:\support\OMActiveDirectory Tools\installation type\LDIF Files
CD drive:\support\OMActiveDirectory Tools\installation type\Schema Extender
where installation type will be either RAC4, RAC3, Server Administrator, or IT Assistant version 7.0 or later, depending on your choice of schema extension.
To use the LDIF files, see the instructions in the readme that is in the LDIF files directory. To use the Dell Schema Extender to extend the Active Directory Schema, perform the steps in "Using the Dell Schema Extender."
You can copy and run the Schema Extender or LDIF files from any location.
Using the Dell Schema Extender
NOTICE: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure that the Dell Schema Extender utility functions properly, do not modify the name or the contents of this file.
Click Next on the Welcome screen.
Read the warning and click Next again.
Either select Use Current Log In Credentials or enter a user name and password with schema
administrator rights.
Click Next to run the Dell Schema Extender.
Click Finish.
To verify the schema extension, use the Active Directory Schema Snap-in in the Microsoft Management Console (MMC) to verify the existence of the following classes (listed in Table 9-1, Table 9-6, Table 9-7, Table 9-9, Table 9-10, Table 9-11, and Table 9-12) and attributes (listed in Table 9-13, Table 9-14, and Table 9-15). See your Microsoft documentation for more information on how to enable and use the Active Directory Schema Snap-in in the MMC.
Table 9-1. Class Definitions for Classes Added to the Active Directory Schema
Class Name
Assigned Object Identification Number (OID)
Class Type
dellRacDevice
1.2.840.113556.1.8000.1280.1.1.1.1
Structural Class
dellAssociationObject
1.2.840.113556.1.8000.1280.1.1.1.2
Structural Class
dellRAC4Privileges
1.2.840.113556.1.8000.1280.1.1.1.3
Auxiliary Class
dellPrivileges
1.2.840.113556.1.8000.1280.1.1.1.4
Structural Class
dellProduct
1.2.840.113556.1.8000.1280.1.1.1.5
Structural Class
dellRAC3Privileges
1.2.840.113556.1.8000.1280.1.1.1.6
Auxiliary Class
dellOmsa2AuxClass
1.2.840.113556.1.8000.1280.1.2.1.1
Auxiliary Class
dellOmsaApplication
1.2.840.113556.1.8000.1280.1.2.1.2
Structural Class
dellIta7AuxClass
1.2.840.113556.1.8000.1280.1.3.1.1
Auxiliary Class
dellItaApplication
1.2.840.113556.1.8000.1280.1.3.1.2
Structural Class
Table 9-2. dellRacDevice Class
OID
1.2.840.113556.1.8000.1280.1.1.1.1
Description
This class represents the Dell RAC device. The RAC Device must be configured as dellRacDevice in Active Directory. This configuration enables the DRAC 4 to send LDAP queries to Active Directory.
Class Type
Structural Class
SuperClasses
dellProduct
Attributes
dellSchemaVersion
dellRacType
Table 9-3. dellAssociationObject Class
OID
1.2.840.113556.1.8000.1280.1.1.1.2
Description
This class represents the Dell Association Object. The Association Object provides the connection between the users and the devices or products.
Class Type
Structural Class
SuperClasses
Group
Attributes
dellProductMembers
dellPrivilegeMember
Table 9-4. dellRAC4Privileges Class
OID
1.2.840.113556.1.8000.1280.1.1.1.3
Description
This class is used to define the privileges (Authorization Rights) for the DRAC 4 device.
Class Type
Auxiliary Class
SuperClasses
None
Attributes
dellIsLoginUser
dellIsCardConfigAdmin
dellIsUserConfigAdmin
dellIsLogClearAdmin
dellIsServerResetUser
dellIsConsoleRedirectUser
dellIsVirtualMediaUser
dellIsTestAlertUser
dellIsDebugCommandAdmin
Table 9-5. dellPrivileges Class
OID
1.2.840.113556.1.8000.1280.1.1.1.4
Description
This class is used as a container Class for the Dell Privileges (Authorization Rights).
Class Type
Structural Class
SuperClasses
User
Attributes
dellRAC4Privileges
dellRAC3Privileges
dellOmsaAuxClass
dellItaAuxClass
Table 9-6. dellProduct Class
OID
1.2.840.113556.1.8000.1280.1.1.1.5
Description
This is the main class from which all Dell products are derived.
Class Type
Structural Class
SuperClasses
Computer
Attributes
dellAssociationMembers
Table 9-7. dellRAC3Privileges Class
OID
1.2.840.113556.1.8000.1280.1.1.1.6
Description
This class is used to define the privileges (Authorization Rights) for the DRAC III, DRAC III/XT, ERA, ERA/O, and ERA/MC devices.
Class Type
Auxiliary Class
SuperClasses
None
Attributes
dellIsLoginUser
Table 9-8. dellOmsa2AuxClass Class
OID
1.2.840.113556.1.8000.1280.1.2.1.1
Description
This class is used to define the privileges (Authorization Rights) for Server Administrator.
Class Type
Auxiliary Class
SuperClasses
None
Attributes
dellOmsaIsReadOnlyUser
dellOmsaIsReadWriteUser
dellOmsaIsAdminUser
Table 9-9. dellOmsaApplication Class
OID
1.2.840.113556.1.8000.1280.1.2.1.2
Description
This class represents the Server Administrator application. Server Administrator must be configured as dellOmsaApplication in Active Directory. This configuration enables the Server Administrator application to send LDAP queries to Active Directory.
Class Type
Structural Class
SuperClasses
dellProduct
Attributes
dellAssociationMembers
Table 9-10. dellIta7AuxClass Class
OID
1.2.840.113556.1.8000.1280.1.3.1.1
Description
This class is used to define the privileges (Authorization Rights) for IT Assistant.
Class Type
Auxiliary Class
SuperClasses
None
Attributes
dellItaIsReadOnlyUser
dellItaIsReadWriteUser
dellItaIsAdminUser
Table 9-11. dellItaApplication Class
OID
1.2.840.113556.1.8000.1280.1.3.1.2
Description
This class represents the IT Assistant application. IT Assistant must be configured as dellItaApplication in Active Directory. This configuration enables IT Assistant to send LDAP queries to Active Directory.
Class Type
Structural Class
SuperClasses
dellProduct
Attributes
dellAssociationMembers
Table 9-12. General Attributes Added to the Active Directory Schema
Attribute Name/Description
Assigned OID/Syntax Object Identifier
Single Valued
dellPrivilegeMember
List of dellPrivilege Objects that belong to this Attribute.
1.2.840.113556.1.8000.1280.1.1.2.1
Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)
FALSE
dellProductMembers
List of dellRacDevices Objects that belong to this role. This attribute is the forward link to the dellAssociationMembers backward link.
Link ID: 12070
1.2.840.113556.1.8000.1280.1.1.2.2
Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)
FALSE
dellAssociationMembers
List of dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers Linked attribute.
Link ID: 12071
1.2.840.113556.1.8000.1280.1.1.2.14
Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)
FALSE
Table 9-13. RAC-specific Attributes Added to the Active Directory Schema
Installing the Dell Extension to the Active Directory Users and Computers Snap-In
When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers snap-in so that the administrator can manage Products, Users and User Groups, Associations, and Privileges. You only need to extend the snap-in once, even if you have added more than one schema extension. You must install the snap-in on each system that you intend to use for managing these objects. The Dell Extension to the Active Directory Users and Computers Snap-In is an option that can be installed when you install your systems management software using the Dell PowerEdge Installation and Server Management CD.
NOTE: You must install the Administrator Pack on each management station that is managing the new Active Directory objects. The installation is described in the following section, "Opening the Active Directory Users and Computers Snap-In." If you do not install the Administrator Pack, then you cannot view the new object in the container.
NOTE: For more information about the Active Directory Users and Computers snap-in, see your Microsoft documentation.
Opening the Active Directory Users and Computers Snap-In
To open the Active Directory Users and Computers snap-in, perform the following steps:
If you are on the domain controller, click StartAdmin Tools® Active Directory Users and
Computers. If you are not on the domain controller, you must have the appropriate Microsoft
administrator pack installed on your local system. To install this administrator pack, click
Start®Run, type MMC and press Enter.
The Microsoft Management Console (MMC) window opens.
Click File (or Console on systems running Windows 2000) in the Console 1 window.
Click Add/Remove Snap-in.
Select the Active Directory Users and Computers snap-in and click Add.
Click Close and click OK.
Adding Users and Privileges to Active Directory
The Dell-extended Active Directory Users and Computers snap-in allows you to add DRAC, Server Administrator, and IT Assistant users and privileges by creating RAC, Association, and Privilege objects. To add an object, perform the steps in the applicable subsection.
Creating a Product Object
NOTE: Server Administrator and IT Assistant users must use Universal-type Product Groups to span domains with their product objects.
In the Console Root (MMC) window, right-click a container.
Select New.
Select a RAC, Server Administrator, or IT Assistant object, depending on which you have installed.
Privilege Objects must be created in the same domain as the Association Object to which they are associated.
In the Console Root (MMC) window, right-click a container.
Select New.
Select a RAC, Server Administrator, or IT Assistant object, depending on which you have installed.
The New Object window opens.
Type in a name for the new object.
Select the appropriate Privilege Object.
Click OK.
Right-click the privilege object that you created and select Properties.
Click the appropriate Privileges tab and select the privileges that you want the user to have
(for more information, see Table 9-1 and Table 9-10).
Creating an Association Object
The Association Object is derived from a Group and must contain a group Type. The Association Scope specifies the Security Group Type for the Association Object. When you create an Association Object, you must choose the Association Scope that applies to the type of objects you intend to add. Selecting Universal, for example, means that Association Objects are only available when the Active Directory Domain is functioning in Native Mode or above.
In the Console Root (MMC) window, right-click a container.
Select New.
Select a RAC, Server Administrator, or IT Assistant object, depending on which you have installed.
The New Object window opens.
Type in a name for the new object.
Select Association Object.
Select the scope for the Association Object.
Click OK.
Adding Objects to an Association Object
By using the Association Object Properties window, you can associate users or user groups, privilege objects, systems, RAC devices, and system or device groups.
NOTE: RAC users must use Universal Groups to span domains with their users or RAC objects.
You can add groups of Users and Products. You can create Dell-related groups in the same way that you created other groups.
To add Users or User Groups:
Right-click the Association Object and select Properties.
Select the Users tab and click Add.
Type the User or User Group name or browse to select one and click OK.
Click the Privilege Object tab to add the privilege object to the association that defines the user's or user group's privileges when authenticating to a system.
NOTE: You can add only one Privilege Object to an association object.
To add a privilege:
Select the Privileges Object tab and click Add.
Type the Privilege Object name or browse for one and click OK.
Click the Products tab to add one or more systems or devices to the association. The associated objects specify the products connected to the network that are available for the defined users or user groups.
NOTE: You can add multiple systems or RAC devices to an Association Object.
To add Products:
Select the Products tab and click Add.
Type the system, device, or group name and click OK.
In the Properties window, click Apply and then OK.
Enabling SSL on a Domain Controller (RAC Only)
If you plan to use Microsoft Enterprise Root CA to automatically assign all your domain controllers SSL certificates, you must perform the following steps to enable SSL on each domain controller.
Install a Microsoft Enterprise Root CA on a Domain Controller.
Select Start®Control Panel® Add or Remove Programs.
Select Add/Remove Windows Components.
In the Windows ComponentsWizard, select the Certificate Services check box.
Select Enterprise root CA as CA Type and click Next.
Enter Common name for this CA, click Next, and click Finish.
Enable SSL on each of your domain controllers by installing the SSL certificate for
each controller.
Expand the Public Key Policies folder, right-click Automatic Certificate Request
Settings and click Automatic Certificate Request.
In the Automatic Certificate Request Setup Wizard, click Next and select
Domain Controller.
Click Next and click Finish.
Exporting the Domain Controller Root CA Certificate (RAC Only)
NOTE: The following steps may vary slightly if you are using Windows 2000.
Go to the domain controller on which you installed the Microsoft Enterprise CA service.
Click Start® Run.
Type mmc and click OK.
In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and
select Add/Remove Snap-in.
In the Add/Remove Snap-in window, click Add.
In the Standalone Snap-in window, select Certificates and click Add.
Select Computer account and click Next.
Select Local Computer and click Finish.
Click OK.
In the Console 1 window, expand the Certificates folder, expand the Personal folder, and
click the Certificates folder.
Locate and right-click the root CA certificate, select All Tasks, and click Export.
In the Certificate Export Wizard, click Next and select No do not export the private key.
Click Next and select Base-64 encoded X.509 (.cer) as the format.
Click Next and save the certificate to a location of your choice. You will need to upload this
certificate to the DRAC 4. To do this, go to the DRAC 4 Web-based interface®
Configuration tab® Active Directory page. Or, you can use the racadm CLI commands (see
"Configuring the DRAC 4 Active Directory Settings Using the racadm CLI").
Click Finish and click OK.
Importing the DRAC 4 Firmware SSL Certificate to All Domain Controllers Trusted Certificate Lists
NOTE: If the DRAC 4 firmware SSL certificate is signed by a well-known CA, you do not need to perform the steps described in this section.
NOTE: The following steps may vary slightly if you are using Windows 2000.
The DRAC 4 SSL certificate is the same certificate that is used for the DRAC 4 Web server.
All DRAC 4 controllers are shipped with a default self-signed certificate. You can get this
certificate from the DRAC 4 by selecting Download DRAC 4 Server Certificate (see the
DRAC 4 Web-based interface Configuration tab and the Active Directory subtab).
On the domain controller, open an MMC Console window and select Certificates® Trusted
Root Certification Authorities.
Right-click Certificates, select All Tasks and click Import.
Click Next and browse to the SSL certificate file.
Install the RAC SSL Certificate in each domain controller's Trusted Root
Certification Authority.
If you have installed your own certificate, ensure that the CA signing your certificate is in the Trusted Root Certification Authority list. If the CA is not in the list, you must install it on all your Domain Controllers.
Click Next and select whether you would like Windows to automatically select the certificate
store based on the type of certificate, or browse to a store of your choice.
NOTE: The systems on which Server Administrator and/or IT Assistant are installed must be a part of the Active Directory domain and should also have computer accounts on the domain.
Configuring Active Directory Using CLI on Systems Running Server Administrator
You can use the omconfig preferences dirservice command to configure the Active Directory service. The productoem.ini file is modified to reflect these changes. If the adproductname is not present in the productoem.ini file, a default name will be assigned. The default value will be system name-software-product name, where system nameis the name of the system running Server Administrator, and software-product name refers to the name of the software product defined in omprv32.ini (that is, computerName-omsa).
NOTE: This command is applicable only on systems running the Windows operating system.
NOTE: Restart the Server Administrator service after you have configured Active Directory.
Table 9-16 shows the valid parameters for the command.
Table 9-16. Active Directory Service Configuration Parameters
name=value pair
Description
prodname=<text>
Specifies the software product to which you want to apply the Active Directory configuration changes. Prodnamerefers to the name of the product defined in omprv32.ini. For Server Administrator, it is omsa.
enable=<true | false>
true: Enables Active Directory service authentication support.
false: Disables Active Directory service authentication support
adprodname=<text>
Specifies the name of the product as defined in the Active Directory service. This name links the product with the Active Directory privilege data for user authentication.
Configuring Active Directory on Systems Running IT Assistant
By default, the Active Directory product name corresponds to the machinename-ita, where machinename is the name of the system on which IT Assistant is installed. To configure a different name, locate the itaoem.ini file in your installation directory. Edit the file to add the line "adproductname=text" where text is the name of the product object that you created in Active Directory. For example, the itaoem.ini file will contain the following syntax if the Active Directory product name is configured to mgmtStationITA.
productname=IT Assistant
startmenu=Dell OpenManage Applications
autdbid=ita
accessmask=3
startlink=ITAUIServlet
adsupport=true
adproductname=mgmtStationITA
NOTE: Restart the IT Assistant services after saving the itaoem.ini file to the disk.
Configuring the DRAC 4 Using the Web-Based Interface
Log in to the Web-based interface using the default user, root, and its password.
Click the Configuration tab and select the Active Directory.
Type the Root Domain Name. The Root Domain Name is the fully qualified root domain
name for the forest.
Type the DRAC 4 Domain Name (for example, drac4.com). Do not use the
NetBIOS name. The DRAC 4 Domain Name is the fully qualified domain name of the
subdomain where the RAC Device Object is located.
Click Apply to save the Active Directory settings.
Click Upload Active Directory CA Certificate to upload your domain forest Root CA
certificate into the DRAC 4. Your domain forest domain controllers' SSL certificates need to
have signed this root CA certificate. Have the root CA certificate available on your local
system (see "Exporting the Domain Controller Root CA Certificate (RAC Only)"). Specify
the full path and filename of the root CA certificate and click Upload to upload the root
CA certificate to the DRAC 4 firmware. The DRAC 4 Web server automatically restarts after
you click Upload. You must log in again to complete the DRAC 4 Active Directory
feature configuration.
Click the Configuration tab and select Network.
If DRAC 4 NIC DHCP is enabled, place a check next to Use DHCP to obtain DNS server
address. If you want to input a DNS server IP address manually, remove the check next to Use
DHCP to obtain DNS server address and input your primary and alternate DNS Server
IP addresses.
Click Apply to complete the DRAC 4 Active Directory feature configuration.
Configuring the DRAC 4 Active Directory Settings Using the racadm CLI
Using the following commands to configure the DRAC 4 Active Directory feature using the racadm CLI instead of the Web-based interface.
Open a command prompt and type the following racadm commands:
