mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
[SAMBA 4 directory] Refactoring and clean up of directory structure
- Adds more system objects which make sense to have them in SAMBA 4 also to have them when we add more and more services related to the directory (volume support, DFS, replication service, COM...) - Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes are set correctly on each object
This commit is contained in:
parent
7889823783
commit
2fc5331e5c
@ -1,61 +1,6 @@
|
||||
dn: OU=Domain Controllers,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
cn: Domain Controllers
|
||||
description: Default container for domain controllers
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
||||
dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: ForeignSecurityPrincipals
|
||||
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
||||
dn: CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: System
|
||||
description: Builtin system settings
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=RID Manager$,CN=System,${DOMAINDN}
|
||||
objectclass: top
|
||||
objectclass: rIDManager
|
||||
cn: RID Manager$
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
rIDAvailablePool: 4611686014132423217
|
||||
|
||||
dn: CN=DomainUpdates,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: DomainUpdates
|
||||
|
||||
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: Windows2003Update
|
||||
revision: 8
|
||||
|
||||
dn: CN=Infrastructure,${DOMAINDN}
|
||||
objectclass: top
|
||||
objectclass: infrastructureUpdate
|
||||
cn: Infrastructure
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
|
||||
dn: CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: builtinDomain
|
||||
cn: Builtin
|
||||
forceLogoff: -9223372036854775808
|
||||
lockoutDuration: -18000000000
|
||||
lockOutObservationWindow: -18000000000
|
||||
@ -71,21 +16,186 @@ objectSid: S-1-5-32
|
||||
serverState: 1
|
||||
uASCompat: 1
|
||||
modifiedCount: 1
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
systemFlags: -1946157056
|
||||
|
||||
dn: CN=Policies,CN=System,${DOMAINDN}
|
||||
dn: OU=Domain Controllers,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
description: Default container for domain controllers
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
||||
dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
||||
dn: CN=Infrastructure,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: infrastructureUpdate
|
||||
systemFlags: -1946157056
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=LostAndFound,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: lostAndFound
|
||||
description: Default container for orphaned objects
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=NTDS Quotas,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: msDS-QuotaContainer
|
||||
description: Quota specifications container
|
||||
msDS-TombstoneQuotaFactor: 100
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Program Data,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
description: Default location for storage of application data.
|
||||
|
||||
dn: CN=Microsoft,CN=Program Data,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
description: Default location for storage of Microsoft application data.
|
||||
|
||||
dn: CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
description: Builtin system settings
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=AdminSDHolder,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=IP Security,CN=System,${DOMAINDN}
|
||||
dn: CN=ComPartitions,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=ComPartitionSets,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: leaf
|
||||
objectClass: domainPolicy
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=AppCategories,CN=Default Domain Policy,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: classStore
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Dfs-Configuration,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: dfsConfiguration
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
||||
dn: CN=DomainUpdates,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=Operations,CN=DomainUpdates,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
revision: 8
|
||||
|
||||
dn: CN=File Replication Service,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: applicationSettings
|
||||
objectClass: nTFRSSettings
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=FileLinks,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: fileLinkTracking
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: fileLinkTracking
|
||||
objectClass: linkTrackObjectMoveTable
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=VolumeTable,CN=FileLinks,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: fileLinkTracking
|
||||
objectClass: linkTrackVolumeTable
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=IP Security,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Meetings,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Policies,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=RAS and IAS Servers Access Check,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=RID Manager$,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: rIDManager
|
||||
systemFlags: -1946157056
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
rIDAvailablePool: 4611686014132423217
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=RpcServices,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
objectClass: rpcContainer
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Server,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: securityObject
|
||||
objectClass: samServer
|
||||
systemFlags: -1946157056
|
||||
revision: 65543
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=WinsockServices,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
isCriticalSystemObject: TRUE
|
||||
|
@ -67,9 +67,6 @@ fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
replace: systemFlags
|
||||
systemFlags: -1946157056
|
||||
-
|
||||
replace: isCriticalSystemObject
|
||||
isCriticalSystemObject: TRUE
|
||||
-
|
||||
replace: subRefs
|
||||
subRefs: ${CONFIGDN}
|
||||
-
|
||||
@ -84,4 +81,7 @@ wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${
|
||||
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
|
||||
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
|
||||
-
|
||||
replace: isCriticalSystemObject
|
||||
isCriticalSystemObject: TRUE
|
||||
-
|
||||
${DOMAINGUID_MOD}
|
||||
|
@ -3,11 +3,11 @@ changetype: modify
|
||||
replace: description
|
||||
description: Default container for upgraded computer accounts
|
||||
-
|
||||
replace: showInAdvancedViewOnly
|
||||
showInAdvancedViewOnly: FALSE
|
||||
-
|
||||
replace: systemFlags
|
||||
systemFlags: -1946157056
|
||||
-
|
||||
replace: isCriticalSystemObject
|
||||
isCriticalSystemObject: TRUE
|
||||
-
|
||||
replace: showInAdvancedViewOnly
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
@ -8,6 +8,7 @@ cn: Partitions
|
||||
systemFlags: -2147483648
|
||||
msDS-Behavior-Version: ${FOREST_FUNCTIONALALITY}
|
||||
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
||||
showInAdvancedViewOnly: TRUE
|
||||
|
||||
dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
|
||||
objectClass: top
|
||||
|
@ -1,14 +1,3 @@
|
||||
dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: leaf
|
||||
objectClass: domainPolicy
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=AppCategories,CN=Default Domain Policy,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: classStore
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
@ -15,7 +15,6 @@ sAMAccountName: ${NETBIOSNAME}$
|
||||
operatingSystem: Samba
|
||||
operatingSystemVersion: ${SAMBA_VERSION_STRING}
|
||||
dNSHostName: ${DNSNAME}
|
||||
isCriticalSystemObject: TRUE
|
||||
userPassword:: ${MACHINEPASS_B64}
|
||||
servicePrincipalName: HOST/${DNSNAME}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}
|
||||
@ -23,6 +22,7 @@ servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
#Provide a account for DNS keytab export
|
||||
dn: CN=dns,CN=Users,${DOMAINDN}
|
||||
@ -36,9 +36,8 @@ userAccountControl: 514
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: dns
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
isCriticalSystemObject: TRUE
|
||||
userPassword:: ${DNSPASS_B64}
|
||||
showInAdvancedViewOnly: TRUE
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: ${SERVERDN}
|
||||
objectClass: top
|
||||
|
@ -7,8 +7,8 @@ objectSid: ${DOMAINSID}-500
|
||||
adminCount: 1
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: Administrator
|
||||
isCriticalSystemObject: TRUE
|
||||
userPassword:: ${ADMINPASS_B64}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Guest,CN=Users,${DOMAINDN}
|
||||
objectClass: user
|
||||
@ -45,8 +45,8 @@ adminCount: 1
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: krbtgt
|
||||
servicePrincipalName: kadmin/changepw
|
||||
isCriticalSystemObject: TRUE
|
||||
userPassword:: ${KRBTGTPASS_B64}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
@ -187,16 +187,6 @@ sAMAccountName: Event Log Readers
|
||||
groupType: -2147483644
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: IIS_IUSRS
|
||||
description: IIS_IUSRS
|
||||
objectSid: ${DOMAINSID}-568
|
||||
sAMAccountName: IIS_IUSRS
|
||||
groupType: -2147483644
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
@ -210,7 +200,6 @@ adminCount: 1
|
||||
sAMAccountName: Administrators
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeSecurityPrivilege
|
||||
privilege: SeBackupPrivilege
|
||||
privilege: SeRestorePrivilege
|
||||
@ -235,6 +224,7 @@ privilege: SeEnableDelegationPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
privilege: SeNetworkLogonRight
|
||||
privilege: SeRemoteInteractiveLogonRight
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Users,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
@ -271,10 +261,10 @@ adminCount: 1
|
||||
sAMAccountName: Print Operators
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeLoadDriverPrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
@ -286,11 +276,11 @@ adminCount: 1
|
||||
sAMAccountName: Backup Operators
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeBackupPrivilege
|
||||
privilege: SeRestorePrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Replicator,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
@ -358,13 +348,13 @@ adminCount: 1
|
||||
sAMAccountName: Server Operators
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeBackupPrivilege
|
||||
privilege: SeSystemtimePrivilege
|
||||
privilege: SeRemoteShutdownPrivilege
|
||||
privilege: SeRestorePrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
@ -376,8 +366,8 @@ adminCount: 1
|
||||
sAMAccountName: Account Operators
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeInteractiveLogonRight
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
@ -388,9 +378,9 @@ objectSid: S-1-5-32-554
|
||||
sAMAccountName: Pre-Windows 2000 Compatible Access
|
||||
systemFlags: -1946157056
|
||||
groupType: -2147483643
|
||||
isCriticalSystemObject: TRUE
|
||||
privilege: SeRemoteInteractiveLogonRight
|
||||
privilege: SeChangeNotifyPrivilege
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
|
@ -3,11 +3,11 @@ changetype: modify
|
||||
replace: description
|
||||
description: Default container for upgraded user accounts
|
||||
-
|
||||
replace: showInAdvancedViewOnly
|
||||
showInAdvancedViewOnly: FALSE
|
||||
-
|
||||
replace: systemFlags
|
||||
systemFlags: -1946157056
|
||||
-
|
||||
replace: isCriticalSystemObject
|
||||
isCriticalSystemObject: TRUE
|
||||
-
|
||||
replace: showInAdvancedViewOnly
|
||||
showInAdvancedViewOnly: FALSE
|
||||
|
@ -220,7 +220,6 @@ objectClass: classSchema
|
||||
subClassOf: top
|
||||
governsID: 1.3.6.1.4.1.7165.4.2.2
|
||||
rDNAttID: cn
|
||||
showInAdvancedViewOnly: TRUE
|
||||
adminDisplayName: Samba4-Local-Domain
|
||||
adminDescription: Samba4-Local-Domain
|
||||
systemMayContain: msDS-Behavior-Version
|
||||
@ -243,7 +242,6 @@ subClassOf: top
|
||||
governsID: 1.3.6.1.4.1.7165.4.2.1
|
||||
mayContain: msDS-ObjectReferenceBL
|
||||
rDNAttID: cn
|
||||
showInAdvancedViewOnly: TRUE
|
||||
adminDisplayName: Samba4TopTop
|
||||
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
|
||||
objectClassCategory: 3
|
||||
@ -344,7 +342,6 @@ objectClass: classSchema
|
||||
subClassOf: top
|
||||
governsID: 1.3.6.1.4.1.7165.4.2.3
|
||||
rDNAttID: cn
|
||||
showInAdvancedViewOnly: TRUE
|
||||
adminDisplayName: Samba4TopExtra
|
||||
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
|
||||
objectClassCategory: 2
|
||||
|
Loading…
Reference in New Issue
Block a user