User's Manual
Using the iDRAC with Microsoft Active Directory 135
Frequently Asked Questions
Table 6-10 lists frequently asked questions and answers.
Table 6-10. Using iDRAC With Active Directory: FAQs
Question Answer
Can I log into the iDRAC using
Active Directory across multiple
trees?
Yes. The iDRAC's Active Directory querying
algorithm supports multiple trees in a single
forest.
Does the log in to the iDRAC using
Active Directory work in mixed
mode (that is, the domain
controllers in the forest run different
operating systems, such as Microsoft
Windows NT
®
4.0, Windows 2000,
or Windows Server 2003)?
Yes. In mixed mode, all objects used by the
iDRAC querying process (among user, RAC
Device Object, and Association Object) have
to be in the same domain.
The Dell-extended Active Directory Users and
Computers snap-in checks the mode and
limits users in order to create objects across
domains if in mixed mode.
Does using the iDRAC with Active
Directory support multiple domain
environments?
Yes. The domain forest function level must be
in Native mode or Windows 2003 mode. In
addition, the groups among Association
Object, RAC user objects, and RAC Device
Objects (including Association Object) must
be universal groups.
Can these Dell-extended objects
(Dell Association Object, Dell RAC
Device, and Dell Privilege Object)
be in different domains?
The Association Object and the Privilege
Object must be in the same domain. The Dell-
extended Active Directory Users and
Computers snap-in forces you to create these
two objects in the same domain. Other objects
can be in different domains.
Are there any restrictions on Domain
Controller SSL configuration?
Yes. All Active Directory servers’ SSL
certificates in the forest must be signed by the
same root CA since iDRAC only allows
uploading one trusted CA SSL certificate.