Active Directory® Client Profile Document Number: DCIM1007 Document Type: Specification Document Status: Published Document Language: E Date: 2008-11-10 Version: 2.0.
Active Directory® Client Profile THIS PROFILE IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. ABSENT A SEPERATE AGREEMENT BETWEEN YOU AND DELL™ WITH REGARD TO FEEDBACK TO DELL ON THIS PROFILE SPECIFICATION, YOU AGREE ANY FEEDBACK YOU PROVIDE TO DELL REGARDING THIS PROFILE SPECIFICATION WILL BE OWNED AND CAN BE FREELY USED BY DELL. © 2008 Dell Inc. All rights reserved.
Active Directory® Client Profile CONTENTS Foreword ....................................................................................................................................................... 5 Introduction ................................................................................................................................................... 6 1 Scope .......................................................................................................................................
Active Directory® Client Profile Tables Table 1 – Related Profiles ............................................................................................................................. 9 Table 2 – EnabledState Value Description ................................................................................................. 13 Table 3 – DCIM_OEMActiveDirectoryService.RequestStateChange( ) Method: Return Code Values...... 13 Table 4 – DCIM_OEMActiveDirectoryService.
Active Directory® Client Profile Foreword The Active Directory® Client Profile (DCIM1007) was prepared by the Dell CIM Review Board. Version 2.0.
Active Directory® Client Profile Introduction This specification identifies the necessary classes, properties, methods, and values to be instantiated and manipulated to represent and manage an Active Directory client modeled using the DMTF Common Information Model (CIM) core and extended model definitions. This document is intended for implementers who write CIM-based providers or consumers of management interfaces representing the component described herein. 6 Version 2.0.
Active Directory® Client Profile Active Directory® Client Profile 1 Scope The Active Directory® Client Profile extends the management capabilities of referencing profiles by adding the capability to represent the configuration of Active Directory client service and the groups managed by the service. The Active Directory client service and groups are modeled as referencing the security principals and profile versioning for the schema implementation version information.
Active Directory® Client Profile 3.4 mandatory indicates requirements to be followed strictly in order to conform to the document and from which no deviation is permitted 3.5 may indicates a course of action permissible within the limits of the document 3.6 need not indicates a course of action permissible within the limits of the document 3.7 optional indicates a course of action permissible within the limits of the document 3.
Active Directory® Client Profile Organization: Dell CIM Schema Version: 2.15.0 Central Class: DCIM_OEMActiveDirectoryService Scoping Class: CIM_ComputerSystem The Active Directory® Client Profile extends the management capability of the referencing profiles by adding the capability to describe the Active Directory client configuration. DCIM_OEMActiveDirectory shall be the Central Class. CIM_ComputerSystem shall be the Scoping Class.
Active Directory® Client Profile ComputerSystem DCIM_OEMActiveDirectoryCapabilities (See Referencing Profile) 1 (See Profile Registration Profile) 1 1 RegisteredProfile ElementCapabilites HostedService 0..1 ElementConformsToProfile (See Profile Registration Profile) 1..* 1..* 1..* DCIM_OEMActiveDirectoryService 1 OwningCollectionElement (See Simple Identity Management Profile) Identity (See Simple Identity Management Profile) ServiceAffectsElement 1..* * 1..
Active Directory® Client Profile 6.2 Methodology Active Directory client implementations may perform discovery and searches on the Active Directory server in different ways. Some use only the dhcp servers to retrieve domain controllers, with the root domain as a starting point. Others connect to pre-configured Domain Controllers, each containing a single domain. Search algorithms may use LDAP-enabled Access Control Subsystems (LACS), or only the extension objects. The DCIM_OEMActiveDirectoryCapabilities.
Active Directory® Client Profile There shall be at most one DCIM_OEMActiveDirectoryCapabilities instance associated with a given DCIM_OEMActiveDirectoryService instance. 7.3.1 DCIM_OEMActiveDirectoryCapabilities.RequestedStatesSupported DCIM_OEMActiveDirectoryCapabilities.RequestedStatesSupported is an array that contains the supported requested states for the DCIM_OEMActiveDirectoryService instance.
Active Directory® Client Profile 7.5.1 RequestedState – 12 (Not Applicable) value When Active Directory client state management is not supported, the value of the DCIM_OEMActiveDirectoryService.RequestedState property shall be 12 (Not Applicable). 7.5.2 RequestedState – 5 (No Change) value When Active Directory client state management is supported, the initial value of the DCIM_OEMActiveDirectoryService.RequestedState property shall be 5 (No Change). 7.6 DCIM_OEMActiveDirectoryService.
Active Directory® Client Profile Table 4 – DCIM_OEMActiveDirectoryService.
Active Directory® Client Profile 8.3 CIM_ElementCapabilities Operations Table 5 lists operations that either have special requirements beyond those from DSP0200 or shall not be supported. Table 5 – CIM_ElementCapabilities Operations Operation Requirement Messages EnumerateInstances Unspecified None EnumerateInstanceNames Unspecified None Associators Unspecified None AssociatorNames Unspecified None References Unspecified None ReferenceNames Unspecified None 8.
Active Directory® Client Profile 8.7 DCIM_OEMActiveDirectoryService Operations Table 8 lists operations that either have special requirements beyond those from DSP0200 or shall not be supported. Table 8 – DCIM_OEMActiveDirectoryService Operations Operation Requirement Messages ModifyInstance Mandatory. See section 8.7.1. None 8.7.
Active Directory® Client Profile instance with the RegisteredName property set to “Active Directory Client”, the client can retrieve profile2. profile2 shows the version of the current Active Directory® Client Profile implementation. The prefix CIM_ has been removed from the names of the classes in the figure.
Active Directory® Client Profile adcap2 : AccountManagementCapabilities Methodology : 4 (LACS - Domain Controller Based) NumberOfDomainControllersSupported : 3 ElementCapabilites NumberOfGlobalCatalogsSupported : 3 HostedService chassismgr1 : ComputerSystem adcap1 : AccountManagementCapabilities adservice1 : DCIM_OEMActiveDirectoryService SchemaType : 2 (Standard) DomainControllerAddresses :{“XYZ”} ElementCapabilities HostedService OwningCollectionElement acctmgmtsrvc1 : AccountManagementService adg
Active Directory® Client Profile 10 CIM Elements Table 10 shows the instances of CIM Elements for this profile. Instances of the CIM Elements shall be implemented as described in Table 10. Sections 7 (“Implementation Requirements”) and 8 (“Methods”) may impose additional requirements on these elements. Table 10 – CIM Elements: Active Directory® Client Profile Element Name Requirement Description CIM_ElementCapabilities Conditional See section 10.1.
Active Directory® Client Profile Properties Requirement NumberOfDomainControllersSupported Mandatory NumberOfGlobalCatalogsSupported Mandatory 10.3 Notes CIM_HostedService CIM_HostedService associates a DCIM_OEMActiveDirectoryService instance with the CIM_RedundancySet instance. Table 13 – Class: CIM_HostedService Properties Notes Description Antecedent Mandatory Key: Shall reference the Scoping Instance.
Active Directory® Client Profile 10.6 DCIM_OEMActiveDirectoryService DCIM_OEMActiveDirectoryService is represents the Active Directory client.
Active Directory® Client Profile ANNEX A (informative) Change Log Version Date Description 1.0.0 2/12/2009 Initial version. 2.0.0 2/12/2009 Added configuration interfaces for the new authorization methodology on the Active Directory. 22 Version 2.0.
Active Directory® Client Profile ANNEX B (informative) DCIM Extension MOF NOTE: This may not be the most up-to-date MOF. Please, for implementation purposes refer to the MOF published separately from the profiles. // Copyright (c) 2008 Dell Inc. All rights reserved. // ================================================================== // DCIM_OEMActiveDirectoryService // ================================================================== [Experimental, Version ( "1.0.
Active Directory® Client Profile "supported."), ValueMap { "1", "2", "3", "5", "6..32767", "32768..65535" }, Values { "Other", "Enabled", "Disabled", "Not Applicable", "DMTF Reserved", "Vendor Reserved" }, ModelCorrespondence { "CIM_EnabledLogicalElement.OtherEnabledState" }] uint16 EnabledState = 5; [Override, Description ( "A user-friendly name for the object.
Active Directory® Client Profile "EnabledState property has value 2(\"Enabled\"), then the " "RootDomain, DeviceObjectDomain, DeviceObjectName properties " "shall not be NULL. \n" "2 (\"Standard\") value shall denote that Active Directory " "service schema contains no vendor schema extension. \n" "If SchemaType property has value 2(\"Standard\") and the " "EnabledState property has value 2(\"Enabled\"), then the " "RootDomain shall not be NULL, as well as, the ElementName " "and RoleGroupDomain properties o
Active Directory® Client Profile "property allows the third party authentication service on " "the manged system to find the corresponding Active Directory " "object within the domain specified by the DeviceObjectDomain " "property. This property is relevant when SchemaType " "property has value 1 (\"Extended\").
Active Directory® Client Profile "the host name of the server on which the Global Catalog of the " "domain resides.\n " "The maximum length of this property array shall be the value of " "the NumberOfGlobalCatalogsSupported of the associated " "DCIM_OEMActiveDirectoryCapabilities instance, if the " "NumberOfGlobalCatalogsSupported is not equal to 0.\n "), ModelCorrespondence { "DCIM_OEMActiveDirectoryCapabilities.
Active Directory® Client Profile "based solely on the domain and object name information, and " "does not utilize LACS - LDAP-enabled Access Control Subsystem.\n " "3 (\"non-LACS - Domain Controller Based\") value identifies " "that the Active Directory client is going to utilize search " "mechanism based on the domain and object name information as " "well as Domain Controller information, and does not utilize " "LACS - LDAP-enabled Access Control Subsystem.\n " "4 (\"LACS - Domain Controller Based\") valu
Active Directory® Client Profile "DCIM_OEMActiveDirectoryService.GlobalCatalogAddresses " "property array. The value 0 shall mean \"Unknown\"."), ModelCorrespondence { "DCIM_OEMActiveDirectoryService.GlobalCatalogAddresses"}] uint16 NumberOfGlobalCatalogsSupported; }; // Copyright (c) 2008 Dell Inc. All rights reserved.
Active Directory® Client Profile ANNEX C (informative) Acknowledgments The authors wish to acknowledge the following people. Editor: • Khachatur Papanyan – Dell Inc. Contributors: 30 • Khachatur Papanyan – Dell Inc. • Meghna Taneja – Dell Inc. • Ryan Phillips – Dell Inc. Version 2.0.