iDRAC user password change procedure 2023

Just chiming back in for anyone else that ended up stumbling upon this post. The solution I ended up going with was to set the root/password is as follows.

• Ansible playbook to build an inventory from the current contents of OME.
• Ansible playbook to store a new password for each iDRAC in a secure location, and set the new root/password on each iDRAC.
• Do an Onboard on all the iDRACs in OME using a domain service account that has access to the iDRACs.
• Rince and repeat on a schedule 

I didn't really want to do the domain SA since that is another thing to manage (another password to change on a schedule), but not the worst option and at least I can use the same account for discovery so things keep flowing smoothly.

I did the following:

1. In the devices tab select all the servers you want to change the password. And choose Export all in the More Actions

2. Only keep the ip or name column and save them to a file serversidrac.txt

3. Run the follwing racadm command:

FOR /f "delims=" %G in (d:\temp\serversidrac.txt) DO racadm -r %G  -u root -p calvin set iDRAC.Users.2.Password "Thisisthenewpassword!"

3. Run the discovery in OME for all the devices you changed the password for. Just copy the contents of the serversidrac.txt file and fill in the new credentials.

I am considering changing the password as well. Fortunately, we're running OME 4.0.1, so updating the root password on most devices will not affect the server connection since the custom OME user is used (Credential Type = Internal). However, on other iDRAC devices, they do not have the license to enable the custom OME account creation, so I will end up selecting the devices where 'Credential Type' is "Discovery", exporting, then going to More Actions > RACADM CLI

Depending on the iDRAC version, I will need to enter one of these two commands:

set iDRAC.Users.2.Password "password-here"
config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 "password-here"

Hello I think what you need to do is change/fix/edit the OME host file or register the OME IP in the DNS server record.
Respectfully, 

@DELL-Young E​ I don't know who that suggestion was for, but my instance of OME is in DNS and has an alias, so no issues there. I was simply sharing what I will do to update the iDRAC root password - there are no issues.

Hello,thanks for waiting.

Regarding your query, removing and re-discovering the devices with the new iDRAC password is the only option whenever a password change is made.

However, in OME 4.0, there’s a new feature called iDRAC Password Rotation where the customer can opt-in on the password management & select a rotation schedule in preference.

Then OME will create a service account & rotates its password with system generated password on the set schedule.

For more information, please refer to the following references to see if this is something that would meet your needs.

OpenManage Enterprise 4.0: iDRAC Password Management and Rotation

Announcing iDRAC Credential Management in OpenManage Enterprise 4.0 | Dell Technologies Info Hub

Respectfully,

@DELL-Young E​ I understand the new feature, as I mentioned it in the previous post. However, some devices still communicate to OME with the "Discovered" credentials. While going through the process, I found that https://www.dell.com/support/manuals/en-us/dell-openmanage-enterprise/ome_p_40_users_guide/onboarding-devices?guid=guid-1810a484-56cc-4b8a-9228-b23eec4b464e&lang=en-us states, "Onboarding jobs can be used to update management credentials of devices when the device credentials differ from what was used during discovery."

Instead of removing the devices which are assigned to various Static Groups and have custom configurations, running another Onboard task after updating the root password reestablished the connection again.