Highlighted
STF0
1 Nickel

Configure AD on multipme iDRAC

Dear gents,

I`m looking into configuring remotely Active Directory with standard schema on our servers (generally iDRAC 7 and 8), but not entirely sure where to begin. I`ve successfully used this script in the past for various configuration changes, however I don`t know how to configure the role groups via racadm.

I`ve been playing around a bit and only found the following paramenters:

/admin1-> racadm getconfig -g cfgActiveDirectory
cfgADEnable=1
cfgADRacDomain=
cfgADRacName=
cfgADAuthTimeout=120
cfgADType=2
cfgADDomainController1=xxxxxxxxxx
cfgADDomainController2=xxxxxxxxxxx
cfgADDomainController3=
cfgADGlobalCatalog1=xxxxxxxxxxxx
cfgADGlobalCatalog2=xxxxxxxxxx
cfgADGlobalCatalog3=
cfgADCertValidationEnable=0
cfgADSSOEnable=0
cfgADDcSRVLookupEnable=0
cfgADDcSRVLookupbyUserdomain=1
cfgADDcSRVLookupDomainName=
cfgADGcSRVLookupEnable=0
cfgADGcRootDomain=

Tags (1)
0 Kudos
3 Replies

RE: Configure AD on multipme iDRAC

You can use below command to configure Active Directory role groups in iDRAC

racadm getconfig -g cfgStandardSchema -i 1

You can run below command to get help

racadm help cfgStandardSchema

There are 5 index for this command each index represent each role group in iDRAC

Note : getconfig and config are deprecated commands. These commands will work with current iDRAC firmware/ If you have latest iDRAC firmware installed on the server, then you can use below new commands(get and set) to configure iDRAC Active directory

racadm get idrac.ActiveDirectory

racadm get idrac.ADGroup.1

racadm set idrac.ActiveDirectory.Enable Enabled

racadm set idrac.ADGroup.1.Domain testDomain.com

racadm help idrac.activeDirectory

racadm help idrac.ADGroup

Thanks-


Shine

0 Kudos
STF0
1 Nickel

RE: Configure AD on multipme iDRAC

Hi Shine,

Thanks for the reply. 

I`m configuring the iDRACs with the following commands (ensured DNS and NTP configured properly before):

racadm set idrac.ActiveDirectory.Enable 1
racadm set idrac.ActiveDirectory.DCLookupDomainName our.domain
racadm set idrac.ActiveDirectory.DomainController1 dc1.our.domain
racadm set idrac.ActiveDirectory.DomainController2 dc2.our.domain
racadm set idrac.ActiveDirectory.GlobalCatalog1 gc1.our.domain
racadm set idrac.ActiveDirectory.GlobalCatalog2 gc2.our.domain
racadm set idrac.ActiveDirectory.Schema 2
racadm set idrac.ADgroup.1.Domain our.domain
racadm set idrac.ADgroup.1.Name OUR_GROUP
racadm set idrac.ADgroup.1.Privilege 0x1ff

So far so good, I can log on to the iDRACs with my_user@our.domain, but I didn`t find the command to set the User Domain Name, therefore the our.domain isn`t available in the drop down list of domains at the login screen. 

Does anybody know a solution for this? 

Thanks

0 Kudos

RE: Configure AD on multipme iDRAC

You can use below command to set domain name

racadm set idrac.UserDomain.1.Name test1.com

racadm set idrac.UserDomain.2.Name test2.com

You can specify up to 40 domains in iDRAC.

Thanks-


Shine

0 Kudos