Table of Contents
Advertisement
Figure 4. Setting up Server Administrator Active Directory Objects In Multiple Domains
Setting Up Server Administrator Active Directory Objects For Multiple Domain
To set up the objects for this multiple domain scenario, perform the following tasks:
1.
Ensure that the domain forest function is in Native mode.
2.
Create two Association Objects, AO1 and AO2, in any domain. The figure shows the objects in Domain1.
3.
Create two Server Administrator Products, sys1 and sys2, to represent the two systems. sys1 is in Domain1 and
sys2 is in Domain2.
4.
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and Priv2 has Login
privileges.
5.
Group sys2 into Group1. The group scope of Group1 must be Universal.
6.
Add User1 and User2 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and both sys1
and Group1 as Products in AO1.
7.
Add User3 as a Member in Association Object 2 (AO2), Priv2 as a Privilege object in AO2, and Group1 as a Product
in AO2.
NOTE: Neither of the Association objects needs to be of Universal scope.
Configuring Active Directory To Access The Systems
Before you can use Active Directory to access the systems, you must configure both the Active Directory software and
the systems.
1.
Extend the Active Directory schema.
2.
Extend the Active Directory Users and Computers Snap-in.
3.
Add system users and their privileges to Active Directory.
4.
For RAC systems, enable SSL on each of the domain controllers.
5.
Configure the system's Active Directory properties using either the Web-based interface or the CLI.
Related Links:
•
Extending the Active Directory Schema
73
Advertisement
Table of Contents
