Active Directory Integration in a Dell Remote Access Cards is relatively simple.
One requirement to watch out for, is the need of Active Directory root certificate on your Active Directory Server. Without it, many devices and appliances will be unable to communicate with your AD Server, as is the case of Dell RACs and OpenManage Enterprise
There are multiple ways to configure Active Directory integration, such as RACADM, through the Web Interface, via Template deployments, and even scripts that leverage RACADM or the Redfish REST API.
In this example, I will show a relatively straightforward way of configuring your Dell RAC for integration with AD.
Note: The commands below can be executed from a “Remote” Command Line, however, for simplicity’s sake, I have connected to the DRAC using SSH.
How to configure AD using RACADM
Obtain Active Directory information for the Domain Controller and Global Catalog
#racadm get IDRAC.ActiveDirectory.DomainController1 #racadm get IDRAC.ActiveDirectory.DomainController2 #racadm get IDRAC.ActiveDirectory.GlobalCatalog1 #racadm get IDRAC.ActiveDirectory.GlobalCatalog2
Obtain Group information
#racadm get IDRAC.ADGroup.1.Name
These steps will overwrite any settings that were found using the commands provided above.
The example commands below have the following settings:
- DC Host Name: WIN-1HRHC8JTEF5.Sysman.local
- DNS/Global Catalog Server: 10.0.157.231 (Same as Domain controller)
- Domain Sysman.local
In most instances, the Domain Controller (DC) has the role of Global Catalog (GC) server and has the domain information.
Enable and Configure the DRAC for Active Directory
#racadm set IDRAC.ActiveDirectory.Enable 1 [Key=IDRAC.Embedded.1#ActiveDirectory.1] Object value modified successfully
#racadm set IDRAC.ActiveDirectory.DomainController1 WIN-1HRHC8JTEF5.Sysman.local [Key=IDRAC.Embedded.1#ActiveDirectory.1] Object value modified successfully
#racadm set IDRAC.ActiveDirectory.GlobalCatalog1 WIN-1HRHC8JTEF5.Sysman.local [Key=IDRAC.Embedded.1#ActiveDirectory.1] Object value modified successfully
Configure the DRAC for AD Standard Schema integration
#racadm set iDRAC.ActiveDirectory.Schema 2 [Key=iDRAC.Embedded.1#ActiveDirectory.1] Object value modified successfully
Configure Standard Schema Settings (group)
#racadm set IDRAC.ADGroup.1.Name "Domain Admins" [Key=IDRAC.Embedded.1#ADGroup.1] Object value modified successfully
/admin1-> racadm set IDRAC.ADGroup.1.Domain Sysman.local [Key=IDRAC.Embedded.1#ADGroup.1] Object value modified successfully
#racadm set iDRAC.ADGroup.1.Privilege 0x1ff [Key=iDRAC.Embedded.1#ADGroup.1] Object value modified successfully
Set user Domain
#racadm config -g cfgUserDomain -i 1 -o cfgUserDomainName Sysman.local Object value modified successfully
This section has information on what things to look if there are problems logging after following the steps provided above.
Ensure the DRAC is enrolled to a DNS server to resolve names, such as the domain name Fully Qualified Name (FQDN)
#racadm config -g cfgLanNetworking -o cfgDNSServer1 10.0.157.231 Object value modified successfully
#racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 Object value modified successfully
# racadm config -g CfgUserAdmin -o CfgUserAdminPassword -i 2 P@ssw0rd Object value modified successfully
#racadm -config -g cfgActiveDirectory -o cfgADCertValidationEnable 1
Additional Troubleshooting Notes:
If there are issues logging on with AD credentials, run the “Test AD settings” option through the DRAC GUI under Directory Services .
Also, ensure that the Group Name for the user in the IDRAC AD configuration page is using the same capitalization as the Group Name from the Domain Controller. This is the only part that I have found to be case sensitive.