racadm config -g cfgStandardSchema -i <index> -o
cfgSSADRoleGroupPrivilege <Bit Mask Value for specific RoleGroup
permissions>
racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully
qualified domain name or IP address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully
qualified domain name or IP address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully
qualified domain name or IP address of the domain controller>
NOTE: Enter the FQDN of the domain controller, not the FQDN of the domain. For example,
enter servername.dell.com instead of dell.com.
NOTE:
At least one of the three addresses is required to be configured. CMC attempts to connect
to each of the configured addresses one-by-one until it makes a successful connection.
With Standard Schema, these are the addresses of the domain controllers where the user
accounts and the role groups are located.
racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog1 <fully
qualified domain name or IP address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog2 <fully
qualified domain name or IP address of the domain controller>
racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog3 <fully
qualified domain name or IP address of the domain controller>
NOTE:
The Global Catalog server is only required for standard schema when the user accounts and
role groups are in different domains. In multiple domain case, only the Universal Group can
be used.
NOTE:
The FQDN or IP address that you specify in this field should match the Subject or Subject
Alternative Name field of your domain controller certificate if you have certificate validation
enabled.
If you want to disable the certificate validation during the SSL handshake, run the following RACADM
command:
• Using the config command: racadm config -g cfgActiveDirectory -o
cfgADCertValidationEnable 0
In this case, you do not have to upload the Certificate Authority (CA) certificate.
To enforce the certificate validation during SSL handshake (optional):
• Using the config command: racadm config -g cfgActiveDirectory -o
cfgADCertValidationEnable 1
In this case, you must upload the CA certificate using the following RACADM command:
racadm sslcertupload -t 0x2 -f <ADS root CA certificate>
129