For each of the physical Remote Console Switches on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least one RCS Device Object to represent the physical switch and one Association Object. The Association object is used to link together the users or groups with a specific set of privileges to one or more SIPs. This model provides an Administrator maximum flexibility over the different combinations of users, RCS privileges, and SIPs on the RCS without adding too much complexity.
The RCS Device Object is the link to the RCS for querying Active Directory for authentication and authorization. When an RCS is added to the network, the Administrator must configure the RCS and its device object with its Active Directory name so that users can perform authentication and authorization with Active Directory. The Administrator will also need to add the RCS to at least one Association Object in order for users to authenticate.
You can create as many Association Objects as you want, and each Association Object can be linked to as many users, groups of users, or RCS Device Objects as desired. The users and RCS Device Objects can be members of any domain in the enterprise.
However, each Association Object may be linked (or, may link users, groups of users, or RCS Device Objects) to only one Privilege Object. A Privilege Object allows an Administrator to control which users have what kind of privileges on specific SIPs.
Figure
5
‑
8 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization.
Figure 5‑8. Typical Setup for Active Directory Objects 
You can create as many or as few association objects as you want or need. However, you must create at least one Association Object, and you must have one RCS Device Object for each RCS on the network that you want to integrate with Active Directory for Authentication and Authorization with the RCS. The Association Object allows for as many or as few users and/or groups as well as RCS Device Objects. However, the Association Object only has one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RCSs.
In addition, you can set up Active Directory objects in a single domain or in multiple domains. For example, you have two Remote Console Switches (RCS1 and RCS2) and three existing Active Directory users (user1, user2, and user3). You want to give user1 and user2 an administrator privilege to both Remote Console Switches and give user3 a login privilege to the RCS2.
Setting Up Active Directory Objects in a Single Domain |
3
|
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges.
|
|
5
|
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RCS1 and RCS2 as RCS Devices in AO1.
|
|
6
|
Add user3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RCS2 as RCS Devices in AO2.
|
See "Adding Remote Console Switch Users and Privileges to Active Directory with Dell Schema Extensions" for detailed instructions.
Figure
5
‑
10 shows how you can set up the Active Directory Objects in multiple domains. In this scenario, you have two Remote Console Switches (RCS1 and RCS2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. You want to give user1 and user 2 an administrator privilege to both Remote Console Switches and give user3 a login privilege to the RCS2.
Setting Up Active Directory Objects in Multiple Domains |
2
|
Create two Association Objects, AO1 (of Universal scope) and AO2, in any domain. The figure shows the objects in Domain2.
|
|
4
|
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges.
|
|
6
|
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RCS1, RCS2 as RCS Devices in AO1.
|
|
7
|
Add user3 as a Member in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RCS2 as RCS Devices in AO2.
|