DRAC and AD

Not necessarily. There are two different communications channels, each with it's own set of options. When you browse to a newly installed DRAC you'll get a "Security Alert" pop up saying "The name on the security certificate is invalid or does not match the name of the site". Creating and installing a certificate from the internal CA would make this message go away. Really your choice from an experience point of view. Next, assuming you've configured and enabled Active Directory when you enter your username and password the DRAC will become a client and make a request to the Active Directory server with those credentials. For a secure connection on this channel, the DRAC's original design required a domain forrest root CA certifcate so that it could validate the authenticity of the AD server. With the newest iDRAC6 there is however an option to trust, i.e. not do this check http://support.dell.com/support/edocs/software/smdrac3/idrac/idrac10mono/en/ug/html/racugc7.htm#wp71022, step 6.