Table of Contents
Advertisement
Figure 1. Configuration of iDRAC with active directory standard schema
In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To
give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC.
The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups
in each iDRAC. Table reference no shows the default role group privileges.
Table 21. Default role group privileges
Role Groups
Role Group 1
Role Group 2
Role Group 3
Role Group 4
Role Group 5
NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.
Single domain versus multiple domain scenarios
If all the login users and role groups, including the nested groups, are in the same domain, then only the domain controllers'
addresses must be configured on iDRAC. In this single domain scenario, any group type is supported.
If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses
must be configured on iDRAC. In this multiple domain scenario, all the role groups and nested groups, if any, must be a Universal
Group type.
Default Privilege Level
None
None
None
None
None
Permissions Granted
Log in to iDRAC, Configure
iDRAC, Configure Users, Clear
Logs, Execute Server Control
Commands, Access Virtual
Console, Access Virtual Media,
Test Alerts, Execute Diagnostic
Commands
Log in to iDRAC, Configure
iDRAC, Execute Server Control
Commands, Access Virtual
Console, Access Virtual Media,
Test Alerts, Execute Diagnostic
Commands
Log in to iDRAC
No assigned permissions
No assigned permissions
Bit Mask
0x000001ff
0x000000f9
0x00000001
0x00000000
0x00000000
133
Advertisement
Table of Contents
Troubleshooting
