Hello and welcome back in this video. We'll be taking a look at the directory services integration feature of the IRA to get started. Let's cover a couple of prerequisites. We aren't going to be covering how to configure these processes, but we want to make sure to cover the requirements needed in order to use this feature. First will be LAS for current and future versions.
This will be a requirement due to security concerns to enable LAS, you will need to acquire a root C A certificate and install this to each domain controller. You will be enabling LAS on. Please review the documentation provided by Microsoft for more info on this configuration. Additionally, for communication to work, we will want port 6 36 and 32 69 open from the track to the DC. The next thing that must be done on the domain controller is the configuration of the security groups.
The groups we set up on the IRA must match a group and active directory. The user accounts we will be using to log into the IRA must be associated to this active directory group. As an example. Review the picture on this slide. This shows the active directory group and associated user that we will be utilizing in this video. Once logged into our IRA, we will then need to click on the Ira settings button.
Then click users click on directory services, highlight the Microsoft active directory option and then click enable click edit to start the wizard for basic setup certificate validation is not required. This is separate from the certificate requirement for LDA S which is a requirement. We will not be covering single sign on or key tab in this video. So simply click next to continue here. We will click add and type our user domain name. Next, we need to configure the domain controllers to use.
You can choose to utilize DNS but I will be using a single IP for this demonstration here, you can choose between standard and extended schema. The standard option is fine for a basic setup as all the necessary object classes are provided by default as stated in the highlighted text above. If you wish to use the extended schema, you must first run the Dell E MC utility programs that will add new object classes to the schema as well as functionality to the active directory users and computers snap in. This is not something that we'll be covering in this video. Next, we will provide the global catalog.
You can use DNS. If you wish, I will again be using the IP address, scroll down and we will configure a role group for our users. Here, we must provide the exact name of the group from active directory, as well as the domain name. The role groups have pre configured levels of access. However, we can customize this further by changing which boxes are selected after configuring your role groups. Click, save to finish, set up next. We should click the test button and confirm our settings.
This is a very helpful tool If directory services is not working after typing the user's UPN and password click test, scrolling down, we see that many tests have passed including user authentication. However, the authorization test has failed. When we look at the test log, we can see that the user is not a member of the configured group. What you have just witnessed is an example of having the incorrect group name in the role groups to rectify this. Let's go back and edit that group name here.
I will remove the I in the name as the group is actually called Dra admins. After saving and going back to the test section, we can see that the test will pass correctly this time. Once a user passes the final authorization test, we can see the privileges they gain for managing the I drag. As a final step, we will confirm our login works by changing the domain selection and entering our credentials. This will now conclude our tutorial on directory services integration.
Thank you for watching.
