From 4e31942d1fe0baf8f0f296275ac128deaca8982b Mon Sep 17 00:00:00 2001 From: Rob van der Linde Date: Mon, 19 Feb 2024 14:47:57 +1300 Subject: [PATCH] netcmd: models: add default SDDL to group_msa_membership LA can be used for the administrator and Windows will expand that on save, making the group_sddl method redundant. Signed-off-by: Rob van der Linde Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall --- python/samba/netcmd/domain/models/user.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/samba/netcmd/domain/models/user.py b/python/samba/netcmd/domain/models/user.py index 1af9576f643..95b300e2970 100644 --- a/python/samba/netcmd/domain/models/user.py +++ b/python/samba/netcmd/domain/models/user.py @@ -99,7 +99,8 @@ class GroupManagedServiceAccount(User): """A GroupManagedServiceAccount is a type of User with additional fields.""" managed_password_interval = IntegerField("msDS-ManagedPasswordInterval") dns_host_name = StringField("dNSHostName") - group_msa_membership = SDDLField("msDS-GroupMSAMembership") + group_msa_membership = SDDLField("msDS-GroupMSAMembership", + default="O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LA)") managed_password_id = BinaryField("msDS-ManagedPasswordId", readonly=True, hidden=True) managed_password_previous_id = BinaryField("msDS-ManagedPasswordPreviousId",