Using the iDRAC6 Directory Service 149Identifiers (OIDs) so that when companies add extensions to the schema,they can be guaranteed to be unique and not to conflict with each other.To extend the schema in Microsoft's Active Directory, Dell received uniqueOIDs, unique name extensions, and uniquely linked attribute IDs for theattributes and classes that are added into the directory service.Dell extension: dellDell base OID: 1.2.840.113556.1.8000.1280RAC LinkID range:12070 to 12079Overview of the iDRAC Schema ExtensionsTo provide the greatest flexibility in the multitude of customer environments,Dell provides a group of properties that can be configured by the userdepending on the desired results. Dell has extended the schema to include anAssociation, Device, and Privilege property. The Association property is usedto link together the users or groups with a specific set of privileges to one ormore iDRAC devices. This model provides an Administrator maximumflexibility over the different combinations of users, iDRAC privileges, andiDRAC devices on the network without adding too much complexity.Active Directory Object OverviewFor each physical iDRAC on the network that you want to integrate withActive Directory for Authentication and Authorization, create at least oneAssociation Object and one iDRAC Device Object. You can create multipleAssociation Objects, and each Association Object can be linked to as manyusers, groups of users, or iDRAC Device Objects as required. The users andiDRAC user groups can be members of any domain in the enterprise.However, each Association Object can be linked (or, may link users, groups ofusers, or iDRAC Device Objects) to only one Privilege Object. This exampleallows an Administrator to control each user’s privileges on specific iDRACs.The iDRAC Device object is the link to the iDRAC firmware for queryingActive Directory for authentication and authorization. When a iDRAC isadded to the network, the Administrator must configure the iDRAC and itsdevice object with its Active Directory name so users can performauthentication and authorization with Active Directory. Additionally, theAdministrator must add the iDRAC to at least one Association Object inorder for users to authenticate.