Intel SCS uses Active Directory (AD) for Kerberos authentication using Intel AMT objects. You must integrate Out of Band Management Component with AD if you want to add Kerberos users to the Intel AMT Access Control List. Kerberos users are users in the form of DOMAIN\username.
Integration with AD is also required when you want to use 802.1x authentication. The Intel AMT data that is stored in AD is used in certificate requests for that Intel AMT computer.
When AD integration is enabled, during setup and configuration of an Intel AMT device, Intel SCS creates a directory entry that is based on the Intel-Management-Engine class.
This directory entry contains the following data:
An AD object that represents the Intel AMT device.
An attribute for connecting the AD computer object to the Intel AMT object.
To integrate Intel SCS with AD, the OOB site server computer (by default, the Notification Server computer) must be a member of a domain.