122 Using iDRAC6 With Microsoft Active DirectoryPrerequisites for Enabling Active DirectoryAuthentication for iDRAC6To use the Active Directory authentication feature of iDRAC6, you musthave already deployed an Active Directory infrastructure. See the Microsoftwebsite for information on how to set up an Active Directory infrastructure,if you don't already have one.iDRAC6 uses the standard Public Key Infrastructure (PKI) mechanism toauthenticate securely into the Active Directory; therefore, you would alsorequire an integrated PKI into the Active Directory infrastructure.See the Microsoft website for more information on the PKI setup.To correctly authenticate to all the domain controllers, you also need to enablethe Secure Socket Layer (SSL) on all domain controllers that iDRAC6 connectsto. See "Enabling SSL on a Domain Controller" for more specific information.Supported Active Directory AuthenticationMechanismsYou can use Active Directory to define user access on iDRAC6 through twomethods: you can use the extended schema solution, which Dell hascustomized to add Dell-defined Active Directory objects. Or, you can use thestandard schema solution, which uses Active Directory group objects only.See the sections that follow for more information about these solutions.When using Active Directory to configure access to iDRAC6, you mustchoose either the extended schema or the standard schema solution.The advantages of using the extended schema solution are:• All of the access control objects are maintained in Active Directory.• Maximum flexibility is provided in configuring user access on differentiDRAC6 cards with varying privilege levels.The advantage of using the standard schema solution is that no schemaextension is required because all of the necessary object classes are providedby Microsoft’s default configuration of the Active Directory schema.