mirror of
https://github.com/samba-team/samba.git
synced 2025-02-23 09:57:40 +03:00
r20557: use ${DOMAINDN} instead of ${BASEDN}
metze (This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f)
This commit is contained in:
Stefan Metzmacher
Gerald (Jerry) Carter
parent
42a5a1c550
commit
8f0a0ebcb3
@ -57,7 +57,7 @@ objectClass: top
|
||||
objectClass: foreignSecurityPrincipal
|
||||
description: %s
|
||||
",
|
||||
sid, subobj.BASEDN, desc);
|
||||
sid, subobj.DOMAINDN, desc);
|
||||
/* deliberately ignore errors from this, as the records may
|
||||
already exist */
|
||||
ldb.add(add);
|
||||
@ -71,7 +71,7 @@ function setup_name_mapping(info, ldb, sid, unixname)
|
||||
{
|
||||
var attrs = new Array("dn");
|
||||
var res = ldb.search(sprintf("objectSid=%s", sid),
|
||||
info.subobj.BASEDN, ldb.SCOPE_SUBTREE, attrs);
|
||||
info.subobj.DOMAINDN, ldb.SCOPE_SUBTREE, attrs);
|
||||
if (res.length != 1) {
|
||||
info.message("Failed to find record for objectSid %s\n", sid);
|
||||
return false;
|
||||
@ -211,7 +211,7 @@ function ldb_erase_partitions(info, ldb, ldapbackend)
|
||||
var previous_remaining = 1;
|
||||
var current_remaining = 0;
|
||||
|
||||
if (ldapbackend && (basedn == info.subobj.BASEDN)) {
|
||||
if (ldapbackend && (basedn == info.subobj.DOMAINDN)) {
|
||||
/* Only delete objects that were created by provision */
|
||||
anything = "(objectcategory=*)";
|
||||
}
|
||||
@ -398,7 +398,7 @@ function setup_name_mappings(info, ldb)
|
||||
var attrs = new Array("objectSid");
|
||||
var subobj = info.subobj;
|
||||
|
||||
res = ldb.search("objectSid=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
|
||||
res = ldb.search("objectSid=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
|
||||
assert(res.length == 1 && res[0].objectSid != undefined);
|
||||
var sid = res[0].objectSid;
|
||||
|
||||
@ -450,7 +450,7 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
|
||||
assert(valid_netbios_name(subobj.DOMAIN));
|
||||
subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
|
||||
assert(valid_netbios_name(subobj.NETBIOSNAME));
|
||||
var rdns = split(",", subobj.BASEDN);
|
||||
var rdns = split(",", subobj.DOMAINDN);
|
||||
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
|
||||
|
||||
if (subobj.DOMAINGUID != undefined) {
|
||||
@ -502,13 +502,13 @@ function provision(subobj, message, blank, paths, session_info, credentials, lda
|
||||
message("Erasing data from partitions\n");
|
||||
ldb_erase_partitions(info, samdb, ldapbackend);
|
||||
|
||||
message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
|
||||
message("Adding DomainDN: " + subobj.DOMAINDN + " (permitted to fail)\n");
|
||||
var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
|
||||
message("Modifying baseDN: " + subobj.BASEDN + "\n");
|
||||
message("Modifying DomainDN: " + subobj.DOMAINDN + "\n");
|
||||
var modify_ok = setup_ldb_modify("provision_basedn_modify.ldif", info, samdb);
|
||||
if (!modify_ok) {
|
||||
if (!add_ok) {
|
||||
message("Failed to both add and modify " + subobj.BASEDN + " in target " + subobj.LDAPBACKEND + "\n");
|
||||
message("Failed to both add and modify " + subobj.DOMAINDN + " in target " + subobj.LDAPBACKEND + "\n");
|
||||
message("Perhaps you need to run the provision script with the --ldap-base-dn option, and add this record to the backend manually\n");
|
||||
};
|
||||
assert(modify_ok);
|
||||
@ -622,12 +622,12 @@ function provision_dns(subobj, message, paths, session_info, credentials)
|
||||
or may not have been specified, so fetch them from the database */
|
||||
|
||||
var attrs = new Array("objectGUID");
|
||||
res = ldb.search("objectGUID=*", subobj.BASEDN, ldb.SCOPE_BASE, attrs);
|
||||
res = ldb.search("objectGUID=*", subobj.DOMAINDN, ldb.SCOPE_BASE, attrs);
|
||||
assert(res.length == 1);
|
||||
assert(res[0].objectGUID != undefined);
|
||||
subobj.DOMAINGUID = res[0].objectGUID;
|
||||
|
||||
subobj.HOSTGUID = searchone(ldb, subobj.BASEDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
|
||||
subobj.HOSTGUID = searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID");
|
||||
assert(subobj.HOSTGUID != undefined);
|
||||
|
||||
setup_file("provision.zone",
|
||||
@ -640,8 +640,8 @@ function provision_dns(subobj, message, paths, session_info, credentials)
|
||||
/* Write out a DNS zone file, from the info in the current database */
|
||||
function provision_ldapbase(subobj, message, paths)
|
||||
{
|
||||
message("Setting up LDAP base entry: " + subobj.BASEDN + " \n");
|
||||
var rdns = split(",", subobj.BASEDN);
|
||||
message("Setting up LDAP base entry: " + subobj.DOMAINDN + " \n");
|
||||
var rdns = split(",", subobj.DOMAINDN);
|
||||
subobj.EXTENSIBLEOBJECT = "objectClass: extensibleObject";
|
||||
|
||||
subobj.RDN_DC = substr(rdns[0], strlen("DC="));
|
||||
@ -696,8 +696,8 @@ function provision_guess()
|
||||
strlower(subobj.HOSTNAME),
|
||||
subobj.DNSDOMAIN);
|
||||
rdn_list = split(".", subobj.DNSDOMAIN);
|
||||
subobj.BASEDN = "DC=" + join(",DC=", rdn_list);
|
||||
subobj.ROOTDN = subobj.BASEDN;
|
||||
subobj.DOMAINDN = "DC=" + join(",DC=", rdn_list);
|
||||
subobj.ROOTDN = subobj.DOMAINDN;
|
||||
subobj.CONFIGDN = "CN=Configuration," + subobj.ROOTDN;
|
||||
subobj.SCHEMADN = "CN=Schema," + subobj.CONFIGDN;
|
||||
subobj.LDAPBACKEND = "users.ldb";
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
dn: CN=Domain Controllers,${BASEDN}
|
||||
dn: CN=Domain Controllers,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: Domain Controllers
|
||||
@ -9,7 +9,7 @@ systemFlags: 2348810240
|
||||
objectCategory: CN=Container,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=ForeignSecurityPrincipals,${BASEDN}
|
||||
dn: CN=ForeignSecurityPrincipals,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: ForeignSecurityPrincipals
|
||||
@ -20,7 +20,7 @@ systemFlags: 2348810240
|
||||
objectCategory: CN=Container,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=System,${BASEDN}
|
||||
dn: CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: System
|
||||
@ -31,7 +31,7 @@ systemFlags: 2348810240
|
||||
objectCategory: CN=Container,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=RID Manager$,CN=System,${BASEDN}
|
||||
dn: CN=RID Manager$,CN=System,${DOMAINDN}
|
||||
objectclass: top
|
||||
objectclass: rIDManager
|
||||
cn: RID Manager$
|
||||
@ -43,7 +43,7 @@ isCriticalSystemObject: TRUE
|
||||
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
|
||||
rIDAvailablePool: 4611686014132423217
|
||||
|
||||
dn: CN=DomainUpdates,CN=System,${BASEDN}
|
||||
dn: CN=DomainUpdates,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: DomainUpdates
|
||||
@ -51,7 +51,7 @@ instanceType: 4
|
||||
showInAdvancedViewOnly: TRUE
|
||||
objectCategory: CN=Container,${SCHEMADN}
|
||||
|
||||
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN}
|
||||
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
cn: Windows2003Update
|
||||
@ -60,7 +60,7 @@ showInAdvancedViewOnly: TRUE
|
||||
objectCategory: CN=Container,${SCHEMADN}
|
||||
revision: 8
|
||||
|
||||
dn: CN=Infrastructure,${BASEDN}
|
||||
dn: CN=Infrastructure,${DOMAINDN}
|
||||
objectclass: top
|
||||
objectclass: infrastructureUpdate
|
||||
cn: Infrastructure
|
||||
@ -71,7 +71,7 @@ objectCategory: CN=Infrastructure-Update,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
|
||||
|
||||
dn: CN=Builtin,${BASEDN}
|
||||
dn: CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: builtinDomain
|
||||
cn: Builtin
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
################################
|
||||
## Domain Naming Context
|
||||
################################
|
||||
dn: ${BASEDN}
|
||||
dn: ${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: domain
|
||||
objectClass: domainDNS
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
###############################
|
||||
# Domain Naming Context
|
||||
###############################
|
||||
dn: ${BASEDN}
|
||||
dn: ${DOMAINDN}
|
||||
changetype: modify
|
||||
replace: dnsDomain
|
||||
dnsDomain: ${DNSDOMAIN}
|
||||
@ -58,7 +58,7 @@ replace: msDS-Behavior-Version
|
||||
msDS-Behavior-Version: 0
|
||||
-
|
||||
replace: ridManagerReference
|
||||
ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
|
||||
ridManagerReference: CN=RID Manager$,CN=System,${DOMAINDN}
|
||||
-
|
||||
replace: uASCompat
|
||||
uASCompat: 1
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
dn: CN=Computers,${BASEDN}
|
||||
dn: CN=Computers,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
dn: CN=Computers,${BASEDN}
|
||||
dn: CN=Computers,${DOMAINDN}
|
||||
changetype: modify
|
||||
replace: description
|
||||
description: Default container for upgraded computer accounts
|
||||
|
||||
@ -53,7 +53,7 @@ instanceType: 4
|
||||
showInAdvancedViewOnly: TRUE
|
||||
systemFlags: 3
|
||||
objectCategory: CN=Cross-Ref,${SCHEMADN}
|
||||
nCName: ${BASEDN}
|
||||
nCName: ${DOMAINDN}
|
||||
nETBIOSName: ${DOMAIN}
|
||||
dnsRoot: ${DNSDOMAIN}
|
||||
|
||||
@ -93,7 +93,7 @@ showInAdvancedViewOnly: TRUE
|
||||
systemFlags: 1375731712
|
||||
objectCategory: CN=Server,${SCHEMADN}
|
||||
dNSHostName: ${DNSNAME}
|
||||
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
|
||||
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
||||
|
||||
dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
|
||||
objectClass: top
|
||||
|
||||
@ -46,7 +46,7 @@ passwordAttribute: krb5key
|
||||
dn: cn=ROOTDSE
|
||||
subschemaSubentry: CN=Aggregate,${SCHEMADN}
|
||||
dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
|
||||
defaultNamingContext: ${BASEDN}
|
||||
defaultNamingContext: ${DOMAINDN}
|
||||
rootDomainNamingContext: ${ROOTDN}
|
||||
configurationNamingContext: ${CONFIGDN}
|
||||
schemaNamingContext: ${SCHEMADN}
|
||||
|
||||
@ -1,13 +1,13 @@
|
||||
dn: @PARTITION
|
||||
partition: ${SCHEMADN}:schema.ldb
|
||||
partition: ${CONFIGDN}:configuration.ldb
|
||||
partition: ${BASEDN}:${LDAPBACKEND}
|
||||
partition: ${DOMAINDN}:${LDAPBACKEND}
|
||||
replicateEntries: @SUBCLASSES
|
||||
replicateEntries: @ATTRIBUTES
|
||||
replicateEntries: @INDEXLIST
|
||||
modules:${SCHEMADN}:objectguid
|
||||
modules:${CONFIGDN}:objectguid
|
||||
modules:${BASEDN}:${LDAPMODULES}
|
||||
modules:${DOMAINDN}:${LDAPMODULES}
|
||||
|
||||
#Add modules to the list to activate them by default
|
||||
#beware often order is important
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
dn: CN=Administrator,CN=Users,${BASEDN}
|
||||
dn: CN=Administrator,CN=Users,${DOMAINDN}
|
||||
objectClass: user
|
||||
cn: Administrator
|
||||
description: Built-in account for administering the computer/domain
|
||||
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
||||
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
|
||||
memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
|
||||
memberOf: CN=Schema Admins,CN=Users,${BASEDN}
|
||||
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
|
||||
memberOf: CN=Domain Admins,CN=Users,${DOMAINDN}
|
||||
memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN}
|
||||
memberOf: CN=Schema Admins,CN=Users,${DOMAINDN}
|
||||
memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
|
||||
userAccountControl: 66048
|
||||
objectSid: ${DOMAINSID}-500
|
||||
adminCount: 1
|
||||
@ -15,25 +15,25 @@ sAMAccountName: Administrator
|
||||
isCriticalSystemObject: TRUE
|
||||
sambaPassword: ${ADMINPASS}
|
||||
|
||||
dn: CN=Guest,CN=Users,${BASEDN}
|
||||
dn: CN=Guest,CN=Users,${DOMAINDN}
|
||||
objectClass: user
|
||||
cn: Guest
|
||||
description: Built-in account for guest access to the computer/domain
|
||||
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
||||
memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
|
||||
userAccountControl: 66082
|
||||
primaryGroupID: 514
|
||||
objectSid: ${DOMAINSID}-501
|
||||
sAMAccountName: Guest
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Administrators
|
||||
description: Administrators have complete and unrestricted access to the computer/domain
|
||||
member: CN=Domain Admins,CN=Users,${BASEDN}
|
||||
member: CN=Enterprise Admins,CN=Users,${BASEDN}
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
member: CN=Domain Admins,CN=Users,${DOMAINDN}
|
||||
member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
|
||||
member: CN=Administrator,CN=Users,${DOMAINDN}
|
||||
objectSid: S-1-5-32-544
|
||||
adminCount: 1
|
||||
sAMAccountName: Administrators
|
||||
@ -68,7 +68,7 @@ privilege: SeNetworkLogonRight
|
||||
privilege: SeRemoteInteractiveLogonRight
|
||||
|
||||
|
||||
dn: CN=${NETBIOSNAME},CN=Domain Controllers,${BASEDN}
|
||||
dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN}
|
||||
objectClass: computer
|
||||
cn: ${NETBIOSNAME}
|
||||
userAccountControl: 532480
|
||||
@ -90,12 +90,12 @@ servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
|
||||
${HOSTGUID_ADD}
|
||||
|
||||
dn: CN=Users,CN=Builtin,${BASEDN}
|
||||
dn: CN=Users,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Users
|
||||
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
|
||||
member: CN=Domain Users,CN=Users,${BASEDN}
|
||||
member: CN=Domain Users,CN=Users,${DOMAINDN}
|
||||
objectSid: S-1-5-32-545
|
||||
sAMAccountName: Users
|
||||
sAMAccountType: 536870912
|
||||
@ -104,13 +104,13 @@ groupType: 2147483653
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Guests,CN=Builtin,${BASEDN}
|
||||
dn: CN=Guests,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Guests
|
||||
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
|
||||
member: CN=Domain Guests,CN=Users,${BASEDN}
|
||||
member: CN=Guest,CN=Users,${BASEDN}
|
||||
member: CN=Domain Guests,CN=Users,${DOMAINDN}
|
||||
member: CN=Guest,CN=Users,${DOMAINDN}
|
||||
objectSid: S-1-5-32-546
|
||||
sAMAccountName: Guests
|
||||
sAMAccountType: 536870912
|
||||
@ -119,7 +119,7 @@ groupType: 2147483653
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Print Operators,CN=Builtin,${BASEDN}
|
||||
dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Print Operators
|
||||
@ -136,7 +136,7 @@ privilege: SeLoadDriverPrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: CN=Backup Operators,CN=Builtin,${BASEDN}
|
||||
dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Backup Operators
|
||||
@ -154,7 +154,7 @@ privilege: SeRestorePrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: CN=Replicator,CN=Builtin,${BASEDN}
|
||||
dn: CN=Replicator,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Replicator
|
||||
@ -168,7 +168,7 @@ groupType: 2147483653
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
|
||||
dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Remote Desktop Users
|
||||
@ -181,7 +181,7 @@ groupType: 2147483653
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
|
||||
dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Network Configuration Operators
|
||||
@ -194,7 +194,7 @@ groupType: 2147483653
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
|
||||
dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Performance Monitor Users
|
||||
@ -207,7 +207,7 @@ groupType: 2147483653
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
|
||||
dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Performance Log Users
|
||||
@ -220,7 +220,7 @@ groupType: 2147483653
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=krbtgt,CN=Users,${BASEDN}
|
||||
dn: CN=krbtgt,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
@ -238,7 +238,7 @@ servicePrincipalName: kadmin/changepw
|
||||
isCriticalSystemObject: TRUE
|
||||
sambaPassword: ${KRBTGTPASS}
|
||||
|
||||
dn: CN=Domain Computers,CN=Users,${BASEDN}
|
||||
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Computers
|
||||
@ -248,7 +248,7 @@ sAMAccountName: Domain Computers
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Domain Controllers,CN=Users,${BASEDN}
|
||||
dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Controllers
|
||||
@ -258,30 +258,30 @@ adminCount: 1
|
||||
sAMAccountName: Domain Controllers
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Schema Admins,CN=Users,${BASEDN}
|
||||
dn: CN=Schema Admins,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Schema Admins
|
||||
description: Designated administrators of the schema
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
member: CN=Administrator,CN=Users,${DOMAINDN}
|
||||
objectSid: ${DOMAINSID}-518
|
||||
adminCount: 1
|
||||
sAMAccountName: Schema Admins
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Enterprise Admins,CN=Users,${BASEDN}
|
||||
dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Enterprise Admins
|
||||
description: Designated administrators of the enterprise
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
member: CN=Administrator,CN=Users,${DOMAINDN}
|
||||
memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
|
||||
objectSid: ${DOMAINSID}-519
|
||||
adminCount: 1
|
||||
sAMAccountName: Enterprise Admins
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Cert Publishers,CN=Users,${BASEDN}
|
||||
dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Cert Publishers
|
||||
@ -293,50 +293,50 @@ sAMAccountName: Cert Publishers
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Domain Admins,CN=Users,${BASEDN}
|
||||
dn: CN=Domain Admins,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Admins
|
||||
description: Designated administrators of the domain
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
||||
member: CN=Administrator,CN=Users,${DOMAINDN}
|
||||
memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
|
||||
objectSid: ${DOMAINSID}-512
|
||||
adminCount: 1
|
||||
sAMAccountName: Domain Admins
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Domain Users,CN=Users,${BASEDN}
|
||||
dn: CN=Domain Users,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Users
|
||||
description: All domain users
|
||||
memberOf: CN=Users,CN=Builtin,${BASEDN}
|
||||
memberOf: CN=Users,CN=Builtin,${DOMAINDN}
|
||||
objectSid: ${DOMAINSID}-513
|
||||
sAMAccountName: Domain Users
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Domain Guests,CN=Users,${BASEDN}
|
||||
dn: CN=Domain Guests,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Domain Guests
|
||||
description: All domain guests
|
||||
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
||||
memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
|
||||
objectSid: ${DOMAINSID}-514
|
||||
sAMAccountName: Domain Guests
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
||||
dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Group Policy Creator Owners
|
||||
description: Members in this group can modify group policy for the domain
|
||||
member: CN=Administrator,CN=Users,${BASEDN}
|
||||
member: CN=Administrator,CN=Users,${DOMAINDN}
|
||||
objectSid: ${DOMAINSID}-520
|
||||
sAMAccountName: Group Policy Creator Owners
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
|
||||
dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: RAS and IAS Servers
|
||||
@ -349,7 +349,7 @@ groupType: 2147483652
|
||||
objectCategory: CN=Group,${SCHEMADN}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
dn: CN=Server Operators,CN=Builtin,${BASEDN}
|
||||
dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Server Operators
|
||||
@ -370,7 +370,7 @@ privilege: SeRestorePrivilege
|
||||
privilege: SeShutdownPrivilege
|
||||
privilege: SeInteractiveLogonRight
|
||||
|
||||
dn: CN=Account Operators,CN=Builtin,${BASEDN}
|
||||
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: group
|
||||
cn: Account Operators
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
dn: CN=Users,${BASEDN}
|
||||
dn: CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
dn: CN=Users,${BASEDN}
|
||||
dn: CN=Users,${DOMAINDN}
|
||||
changetype: modify
|
||||
replace: description
|
||||
description: Default container for upgraded user accounts
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user