Dell’s VAS software works very well, but is under-documented and the search engine on their support site leaves much to be desired. This post is intended to link to the important documents.

To automate VAS installs using Puppet or other automation you’ll need to enable password-less joins using a keytab with credentials capable of creating the machine instance.
https://support.software.dell.com/authentication-services/kb/25091

If the account already exists, you can use this process to get the credentials:
https://support.software.dell.com/authentication-services/kb/84233

User Personality Mode is documented at https://support.software.dell.com/kb/SOL104539

To use the User Personality Mode you’ll need to load the schema. This is not loaded by default. The schema is on the CD in the \windows\ldif directory. Load it in using this command:
https://support.software.dell.com/authentication-services/kb/74043

You must specify the UPM container when joining the machine to the domain:
http://documents.software.dell.com/doc58462
https://support.software.dell.com/authentication-services/kb/39636

You can create Unix Personalities using the command line uptool
https://support.software.dell.com/authentication-services/kb/40040

If you want to authenticate users using a one-way trust or a completely untrusted domain, you’ll need a service account to perform lookups in the domain. This is documented here:
https://support.software.dell.com/kb/SOL65747
https://support.software.dell.com/kb/SOL97961

If you can’t get a login to create a service account, you can have someone else create the service account. Once that account is created you can use this command to create the keytab necessary for oneway auth.
https://support.software.dell.com/authentication-services/kb/122644

Search for 4.1 specific answers: http://documents.software.dell.com/Search.aspx?q=vastool&product=64&version=117