Which Entries and Attributes in AD are used by RHEV-M 3.0?

Latest response

 

We are just getting started with AD.

 

In the RHEV 3.0 Installation Guide (Appendix B, Section 2), it states that the RHEV-M Admin User in AD should have been delegated control over the Domain to:

 

  • Join a computer to the domain
  • Modify the membership of a group

Our AD admin is asking which entries and attributes in AD are used by RHEV-M.  Any information about this would be greatly appreciated.

Responses

RHEV-M sends queries to AD to verify a user's credentials and the user's group affinity. The idea behind joining computers to a domain is that a RHEV user based in AD that initiates a VM deployment from templates, that are sysprepped, should have the permission to add the deployed VMs to the AD domain automatically. If you don't need that functionality, then you can skip the requirement. As for group memberships it's also so that an AD based RHEV admin user can change groups that are used with RHEV.

 

One thing to keep in mind - RHEV uses UPN notations, and AD builtin users don't have those. So if you want a full AD admin, you can't just use the builtin domain administrator credentials, you have to copy those into a new user, that has a UPN, and use that user instead of the builtin administrator.