Dell EMC OpenManage Installation Guide — Microsoft Windows Version 9.3.1

Active Directory Object Overview

For each of the systems that you want to integrate with Active Directory for authentication and authorization, there must be at least one Association Object and one Product Object. The Product Object represents the system. The Association Object links it with users and privileges. You can create as many Association Objects as you need.

Each Association Object can be linked to as many users, groups of users, and Product Objects as required. The users and Product Objects can be from any domain. However, each Association Object may only link to one Privilege Object. This behavior allows an administrator to control users and their rights on specific systems.

The Product Object links the system to Active Directory for authentication and authorization queries. When a system is added to the network, the administrator must configure the system and its product object with its Active Directory name so that users can perform authentication and authorization with Active Directory. The administrator must also add the system to at least one Association Object for users to authenticate.

The following figure illustrates that the Association Object provide the connection that is needed for all of the authentication and authorization.

In addition, you can set up Active Directory objects in a single domain or in multiple domains. Setting up objects in a single domain does not vary, whether you are setting up RAC, or Server Administrator objects. When multiple domains are involved, however, there are some differences.

The following figure shows the set up of the Active Directory objects in a single domain. In this scenario, you have two DRAC 4 cards (RAC1 and RAC2) and three existing Active Directory users (User1, User2, and User3). You want to give User1 and User2 administrator privilege on both DRAC 4 cards and give User3 login privilege on the RAC2 card.