User's Manual
Using the iDRAC with Microsoft Active Directory 119
Does using the iDRAC with Active
Directory support multiple domain
environments?
Yes. The domain forest function level must be
in Native mode or Windows 2003 mode. In
addition, the groups among Association
Object, RAC user objects, and RAC Device
Objects (including Association Object) must
be universal groups.
Can these Dell-extended objects
(Dell Association Object, Dell RAC
Device, and Dell Privilege Object)
be in different domains?
The Association Object and the Privilege
Object must be in the same domain. The Dell-
extended Active Directory Users and
Computers snap-in forces you to create these
two objects in the same domain. Other objects
can be in different domains.
Are there any restrictions on Domain
Controller SSL configuration?
Yes. All Active Directory servers’ SSL
certificates in the forest must be signed by the
same root CA since iDRAC only allows
uploading one trusted CA SSL certificate.
I created and uploaded a new RAC
certificate and now the Web
interface does not launch.
If you use Microsoft Certificate Services to
generate the RAC certificate, one possible
cause of this is you inadvertently chose User
Certificate instead of Web Certificate when
creating the certificate.
To recover, generate a CSR and then create a
new web certificate from Microsoft Certificate
Services and load it using the RACADM CLI
from the managed server by using the
following RACADM commands:
racadm sslcsrgen [-g] [-u] [-f
{filename}]
racadm sslcertupload -t 1 -f
{web_sslcert}
Table 6-10. Using iDRAC With Active Directory: Frequently Asked
Questions (continued)
Question Answer