sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-04 08:22:08 +03:00
Code Activity

samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only

Browse Source 
This skips handling the ForestDNSZone when we are setting up a subdomain.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
This commit is contained in:
Andrew Bartlett
2013-09-09 11:54:23 +12:00
committed by Stefan Metzmacher
parent d5077baee2
commit af3138e9b6
11 changed files with 99 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/samba/join.py
View File

@ -24,6 +24,7 @@ from samba import gensec, Ldb, drs_utils
import ldb, samba, sys, uuid import ldb, samba, sys, uuid
from samba.ndr import ndr_pack from samba.ndr import ndr_pack
from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs from samba.dcerpc import security, drsuapi, misc, nbt, lsa, drsblobs
from samba.dsdb import DS_DOMAIN_FUNCTION_2003
from samba.credentials import Credentials, DONT_USE_KERBEROS from samba.credentials import Credentials, DONT_USE_KERBEROS
from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN from samba.provision import secretsdb_self_join, provision, provision_fill, FILL_DRS, FILL_SUBDOMAIN
from samba.provision.common import setup_path from samba.provision.common import setup_path
@ -765,6 +766,7 @@ class dc_join(object):
presult = provision_fill(ctx.local_samdb, secrets_ldb, presult = provision_fill(ctx.local_samdb, secrets_ldb,
ctx.logger, ctx.names, ctx.paths, domainsid=security.dom_sid(ctx.domsid), ctx.logger, ctx.names, ctx.paths, domainsid=security.dom_sid(ctx.domsid),
domainguid=domguid, domainguid=domguid,
dom_for_fun_level=DS_DOMAIN_FUNCTION_2003,
targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN, targetdir=ctx.targetdir, samdb_fill=FILL_SUBDOMAIN,
machinepass=ctx.acct_pass, serverrole="active directory domain controller", machinepass=ctx.acct_pass, serverrole="active directory domain controller",
lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6, lp=ctx.lp, hostip=ctx.names.hostip, hostip6=ctx.names.hostip6,

9
python/samba/netcmd/domain.py
View File

@ -67,11 +67,14 @@ from samba.dsdb import (
from samba.credentials import DONT_USE_KERBEROS from samba.credentials import DONT_USE_KERBEROS
from samba.provision import ( from samba.provision import (
provision, provision,
ProvisioningError
)
from samba.provision.common import (
FILL_FULL, FILL_FULL,
FILL_NT4SYNC, FILL_NT4SYNC,
FILL_DRS, FILL_DRS
ProvisioningError, )
)
def get_testparm_var(testparm, smbconf, varname): def get_testparm_var(testparm, smbconf, varname):
cmd = "%s -s -l --parameter-name='%s' %s 2>/dev/null" % (testparm, varname, smbconf) cmd = "%s -s -l --parameter-name='%s' %s 2>/dev/null" % (testparm, varname, smbconf)

12
python/samba/provision/__init__.py
View File

@ -101,7 +101,11 @@ from samba.provision.common import (
setup_path, setup_path,
setup_add_ldif, setup_add_ldif,
setup_modify_ldif, setup_modify_ldif,
) FILL_FULL,
FILL_SUBDOMAIN,
FILL_NT4SYNC,
FILL_DRS
)
from samba.provision.sambadns import ( from samba.provision.sambadns import (
get_dnsadmins_sid, get_dnsadmins_sid,
setup_ad_dns, setup_ad_dns,
@ -1462,10 +1466,6 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid,
return samdb return samdb
FILL_FULL = "FULL"
FILL_SUBDOMAIN = "SUBDOMAIN"
FILL_NT4SYNC = "NT4SYNC"
FILL_DRS = "DRS"
SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)" SYSVOL_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)"
POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)" POLICIES_ACL = "O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001301bf;;;PA)"
SYSVOL_SERVICE="sysvol" SYSVOL_SERVICE="sysvol"
@ -1795,7 +1795,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
setup_ad_dns(samdb, secrets_ldb, domainsid, names, paths, lp, logger, setup_ad_dns(samdb, secrets_ldb, domainsid, names, paths, lp, logger,
hostip=hostip, hostip6=hostip6, dns_backend=dns_backend, hostip=hostip, hostip6=hostip6, dns_backend=dns_backend,
dnspass=dnspass, os_level=dom_for_fun_level, dnspass=dnspass, os_level=dom_for_fun_level,
targetdir=targetdir, site=DEFAULTSITE) targetdir=targetdir, site=DEFAULTSITE, fill_level=samdb_fill)
domainguid = samdb.searchone(basedn=samdb.get_default_basedn(), domainguid = samdb.searchone(basedn=samdb.get_default_basedn(),
attribute="objectGUID") attribute="objectGUID")

5
python/samba/provision/common.py
View File

@ -31,6 +31,11 @@ import os
from samba import read_and_sub_file from samba import read_and_sub_file
from samba.param import setup_dir from samba.param import setup_dir
FILL_FULL = "FULL"
FILL_SUBDOMAIN = "SUBDOMAIN"
FILL_NT4SYNC = "NT4SYNC"
FILL_DRS = "DRS"
def setup_path(file): def setup_path(file):
"""Return an absolute path to the provision tempate file specified by file""" """Return an absolute path to the provision tempate file specified by file"""

64
python/samba/provision/sambadns.py
View File

@ -48,7 +48,11 @@ from samba.provision.common import (
setup_path, setup_path,
setup_add_ldif, setup_add_ldif,
setup_modify_ldif, setup_modify_ldif,
setup_ldb setup_ldb,
FILL_FULL,
FILL_SUBDOMAIN,
FILL_NT4SYNC,
FILL_DRS,
) )
@ -230,13 +234,18 @@ class AgingEnabledTimeProperty(dnsp.DnsProperty):
def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
serverdn): serverdn, fill_level):
domainzone_dn = "DC=DomainDnsZones,%s" % domaindn domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
forestzone_dn = "DC=ForestDnsZones,%s" % forestdn forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
descriptor = get_dns_partition_descriptor(domainsid) descriptor = get_dns_partition_descriptor(domainsid)
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), { setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"DOMAINZONE_DN": domainzone_dn, "ZONE_DN": domainzone_dn,
"FORESTZONE_DN": forestzone_dn, "SECDESC" : b64encode(descriptor)
})
if fill_level != FILL_SUBDOMAIN:
setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), {
"ZONE_DN": forestzone_dn,
"SECDESC" : b64encode(descriptor) "SECDESC" : b64encode(descriptor)
}) })
@ -252,23 +261,34 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn,
protected1_desc = get_domain_delete_protected1_descriptor(domainsid) protected1_desc = get_domain_delete_protected1_descriptor(domainsid)
protected2_desc = get_domain_delete_protected2_descriptor(domainsid) protected2_desc = get_domain_delete_protected2_descriptor(domainsid)
setup_add_ldif(samdb, setup_path("provision_dnszones_add.ldif"), { setup_add_ldif(samdb, setup_path("provision_dnszones_add.ldif"), {
"DOMAINZONE_DN": domainzone_dn, "ZONE_DN": domainzone_dn,
"FORESTZONE_DN": forestzone_dn, "ZONE_GUID": domainzone_guid,
"DOMAINZONE_GUID": domainzone_guid, "ZONE_DNS": domainzone_dns,
"FORESTZONE_GUID": forestzone_guid,
"DOMAINZONE_DNS": domainzone_dns,
"FORESTZONE_DNS": forestzone_dns,
"CONFIGDN": configdn, "CONFIGDN": configdn,
"SERVERDN": serverdn, "SERVERDN": serverdn,
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc), "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc), "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc),
}) })
setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), { setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), {
"CONFIGDN": configdn, "CONFIGDN": configdn,
"SERVERDN": serverdn, "SERVERDN": serverdn,
"DOMAINZONE_DN": domainzone_dn, "ZONE_DN": domainzone_dn,
"FORESTZONE_DN": forestzone_dn, })
if fill_level != FILL_SUBDOMAIN:
setup_add_ldif(samdb, setup_path("provision_dnszones_add.ldif"), {
"ZONE_DN": forestzone_dn,
"ZONE_GUID": forestzone_guid,
"ZONE_DNS": forestzone_dns,
"CONFIGDN": configdn,
"SERVERDN": serverdn,
"LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc),
"INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc),
})
setup_modify_ldif(samdb, setup_path("provision_dnszones_modify.ldif"), {
"CONFIGDN": configdn,
"SERVERDN": serverdn,
"ZONE_DN": forestzone_dn,
}) })
@ -928,21 +948,23 @@ def fill_dns_data_legacy(samdb, domainsid, forestdn, dnsdomain, site, hostname,
def create_dns_partitions(samdb, domainsid, names, domaindn, forestdn, def create_dns_partitions(samdb, domainsid, names, domaindn, forestdn,
dnsadmins_sid): dnsadmins_sid, fill_level):
# Set up additional partitions (DomainDnsZones, ForstDnsZones) # Set up additional partitions (DomainDnsZones, ForstDnsZones)
setup_dns_partitions(samdb, domainsid, domaindn, forestdn, setup_dns_partitions(samdb, domainsid, domaindn, forestdn,
names.configdn, names.serverdn) names.configdn, names.serverdn, fill_level)
# Set up MicrosoftDNS containers # Set up MicrosoftDNS containers
add_dns_container(samdb, domaindn, "DC=DomainDnsZones", domainsid, add_dns_container(samdb, domaindn, "DC=DomainDnsZones", domainsid,
dnsadmins_sid) dnsadmins_sid)
if fill_level != FILL_SUBDOMAIN:
add_dns_container(samdb, forestdn, "DC=ForestDnsZones", domainsid, add_dns_container(samdb, forestdn, "DC=ForestDnsZones", domainsid,
dnsadmins_sid, forest=True) dnsadmins_sid, forest=True)
def fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn, def fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn,
dnsdomain, dnsforest, hostname, hostip, hostip6, dnsdomain, dnsforest, hostname, hostip, hostip6,
domainguid, ntdsguid, dnsadmins_sid, autofill=True): domainguid, ntdsguid, dnsadmins_sid, autofill=True,
fill_level=FILL_FULL):
"""Fill data in various AD partitions """Fill data in various AD partitions
:param samdb: LDB object connected to sam.ldb file :param samdb: LDB object connected to sam.ldb file
@ -974,7 +996,8 @@ def fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn,
add_dc_domain_records(samdb, domaindn, "DC=DomainDnsZones", site, add_dc_domain_records(samdb, domaindn, "DC=DomainDnsZones", site,
dnsdomain, hostname, hostip, hostip6) dnsdomain, hostname, hostip, hostip6)
##### Set up DC=ForestDnsZones,<DOMAINDN> if fill_level != FILL_SUBDOMAIN:
##### Set up DC=ForestDnsZones,<FORESTDN>
# Add _msdcs record # Add _msdcs record
add_msdcs_record(samdb, forestdn, "DC=ForestDnsZones", dnsforest) add_msdcs_record(samdb, forestdn, "DC=ForestDnsZones", dnsforest)
@ -987,7 +1010,7 @@ def fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn,
def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
dns_backend, os_level, site, dnspass=None, hostip=None, hostip6=None, dns_backend, os_level, site, dnspass=None, hostip=None, hostip6=None,
targetdir=None): targetdir=None, fill_level=FILL_FULL):
"""Provision DNS information (assuming GC role) """Provision DNS information (assuming GC role)
:param samdb: LDB object connected to sam.ldb file :param samdb: LDB object connected to sam.ldb file
@ -1062,13 +1085,14 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,
# Create DNS partitions # Create DNS partitions
logger.info("Creating DomainDnsZones and ForestDnsZones partitions") logger.info("Creating DomainDnsZones and ForestDnsZones partitions")
create_dns_partitions(samdb, domainsid, names, domaindn, forestdn, create_dns_partitions(samdb, domainsid, names, domaindn, forestdn,
dnsadmins_sid) dnsadmins_sid, fill_level)
# Populating dns partitions # Populating dns partitions
logger.info("Populating DomainDnsZones and ForestDnsZones partitions") logger.info("Populating DomainDnsZones and ForestDnsZones partitions")
fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn, fill_dns_data_partitions(samdb, domainsid, site, domaindn, forestdn,
dnsdomain, dnsforest, hostname, hostip, hostip6, dnsdomain, dnsforest, hostname, hostip, hostip6,
domainguid, names.ntdsguid, dnsadmins_sid) domainguid, names.ntdsguid, dnsadmins_sid,
fill_level=fill_level)
if dns_backend.startswith("BIND9_"): if dns_backend.startswith("BIND9_"):
setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, setup_bind9_dns(samdb, secretsdb, domainsid, names, paths, lp, logger,

3
python/samba/upgrade.py
View File

@ -26,7 +26,8 @@ import pwd
from samba import Ldb, registry from samba import Ldb, registry
from samba.param import LoadParm from samba.param import LoadParm
from samba.provision import provision, FILL_FULL, ProvisioningError, setsysvolacl from samba.provision import provision, ProvisioningError, setsysvolacl
from samba.provision.common import FILL_FULL
from samba.samba3 import passdb from samba.samba3 import passdb
from samba.samba3 import param as s3param from samba.samba3 import param as s3param
from samba.dcerpc import lsa, samr, security from samba.dcerpc import lsa, samr, security

3
python/samba/upgradehelpers.py
View File

@ -31,8 +31,9 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
import ldb import ldb
from samba.provision import (provision_paths_from_lp, from samba.provision import (provision_paths_from_lp,
getpolicypath, set_gpos_acl, create_gpo_struct, getpolicypath, set_gpos_acl, create_gpo_struct,
FILL_FULL, provision, ProvisioningError, provision, ProvisioningError,
setsysvolacl, secretsdb_self_join) setsysvolacl, secretsdb_self_join)
from samba.provision.common import FILL_FULL
from samba.dcerpc import xattr, drsblobs, security from samba.dcerpc import xattr, drsblobs, security
from samba.dcerpc.misc import SEC_CHAN_BDC from samba.dcerpc.misc import SEC_CHAN_BDC
from samba.ndr import ndr_unpack from samba.ndr import ndr_unpack

5
source4/scripting/bin/samba_upgradedns
View File

@ -46,7 +46,8 @@ from samba.provision import (
interface_ips_v6 ) interface_ips_v6 )
from samba.provision.common import ( from samba.provision.common import (
setup_path, setup_path,
setup_add_ldif ) setup_add_ldif,
FILL_FULL)
from samba.provision.sambadns import ( from samba.provision.sambadns import (
ARecord, ARecord,
AAAARecord, AAAARecord,
@ -339,7 +340,7 @@ if __name__ == '__main__':
logger.debug("IPv6 addresses: %s" % hostip6) logger.debug("IPv6 addresses: %s" % hostip6)
create_dns_partitions(ldbs.sam, domainsid, names, domaindn, forestdn, create_dns_partitions(ldbs.sam, domainsid, names, domaindn, forestdn,
dnsadmins_sid) dnsadmins_sid, FILL_FULL)
logger.info("Populating DNS partitions") logger.info("Populating DNS partitions")
fill_dns_data_partitions(ldbs.sam, domainsid, site, domaindn, forestdn, fill_dns_data_partitions(ldbs.sam, domainsid, site, domaindn, forestdn,

51
source4/setup/provision_dnszones_add.ldif
View File

@ -1,7 +1,7 @@
################################# #################################
# Required objectclasses # Required objectclasses
################################# #################################
dn: CN=Deleted Objects,${DOMAINZONE_DN} dn: CN=Deleted Objects,${ZONE_DN}
objectClass: top objectClass: top
objectClass: container objectClass: container
description: Deleted objects description: Deleted objects
@ -9,71 +9,34 @@ isDeleted: TRUE
isCriticalSystemObject: TRUE isCriticalSystemObject: TRUE
systemFlags: -1946157056 systemFlags: -1946157056
dn: CN=LostAndFound,${DOMAINZONE_DN} dn: CN=LostAndFound,${ZONE_DN}
objectClass: top objectClass: top
objectClass: lostAndFound objectClass: lostAndFound
isCriticalSystemObject: TRUE isCriticalSystemObject: TRUE
systemFlags: -1946157056 systemFlags: -1946157056
nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR} nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR}
dn: CN=Infrastructure,${DOMAINZONE_DN} dn: CN=Infrastructure,${ZONE_DN}
objectClass: top objectClass: top
objectClass: infrastructureUpdate objectClass: infrastructureUpdate
isCriticalSystemObject: TRUE isCriticalSystemObject: TRUE
systemFlags: -1946157056 systemFlags: -1946157056
nTSecurityDescriptor:: ${INFRASTRUCTURE_DESCRIPTOR} nTSecurityDescriptor:: ${INFRASTRUCTURE_DESCRIPTOR}
dn: CN=NTDS Quotas,${DOMAINZONE_DN} dn: CN=NTDS Quotas,${ZONE_DN}
objectClass: top objectClass: top
objectClass: msDS-QuotaContainer objectClass: msDS-QuotaContainer
isCriticalSystemObject: TRUE isCriticalSystemObject: TRUE
systemFlags: -1946157056 systemFlags: -1946157056
dn: CN=Deleted Objects,${FORESTZONE_DN}
objectClass: top
objectClass: container
description: Deleted objects
isDeleted: TRUE
isCriticalSystemObject: TRUE
systemFlags: -1946157056
dn: CN=LostAndFound,${FORESTZONE_DN}
objectClass: top
objectClass: lostAndFound
isCriticalSystemObject: TRUE
systemFlags: -1946157056
nTSecurityDescriptor:: ${LOSTANDFOUND_DESCRIPTOR}
dn: CN=Infrastructure,${FORESTZONE_DN}
objectClass: top
objectClass: infrastructureUpdate
isCriticalSystemObject: TRUE
systemFlags: -1946157056
nTSecurityDescriptor:: ${INFRASTRUCTURE_DESCRIPTOR}
dn: CN=NTDS Quotas,${FORESTZONE_DN}
objectClass: top
objectClass: msDS-QuotaContainer
isCriticalSystemObject: TRUE
systemFlags: -1946157056
################################# #################################
# Configure partitions # Configure partitions
################################# #################################
dn: CN=${DOMAINZONE_GUID},CN=Partitions,${CONFIGDN} dn: CN=${ZONE_GUID},CN=Partitions,${CONFIGDN}
objectClass: top objectClass: top
objectClass: crossRef objectClass: crossRef
nCName: ${DOMAINZONE_DN} nCName: ${ZONE_DN}
dnsRoot: ${DOMAINZONE_DNS} dnsRoot: ${ZONE_DNS}
systemFlags: 5 systemFlags: 5
msDS-NC-Replica-Locations: CN=NTDS Settings,${SERVERDN} msDS-NC-Replica-Locations: CN=NTDS Settings,${SERVERDN}
dn: CN=${FORESTZONE_GUID},CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRef
nCName: ${FORESTZONE_DN}
dnsRoot: ${FORESTZONE_DNS}
systemFlags: 5
msDS-NC-Replica-Locations: CN=NTDS Settings,${SERVERDN}

31
source4/setup/provision_dnszones_modify.ldif
View File

@ -1,36 +1,21 @@
dn: ${DOMAINZONE_DN} dn: ${ZONE_DN}
changetype: modify changetype: modify
add: wellKnownObjects add: wellKnownObjects
wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${DOMAINZONE_DN} wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${ZONE_DN}
wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${DOMAINZONE_DN} wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${ZONE_DN}
wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINZONE_DN} wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${ZONE_DN}
wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${DOMAINZONE_DN} wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${ZONE_DN}
dn: CN=Infrastructure,${DOMAINZONE_DN} dn: CN=Infrastructure,${ZONE_DN}
changetype: modify changetype: modify
add: fSMORoleOwner add: fSMORoleOwner
fSMORoleOwner: CN=NTDS Settings,${SERVERDN} fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
dn: CN=Infrastructure,${FORESTZONE_DN}
changetype: modify
add: fSMORoleOwner
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
dn: ${FORESTZONE_DN}
changetype: modify
add: wellKnownObjects
wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${FORESTZONE_DN}
wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${FORESTZONE_DN}
wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${FORESTZONE_DN}
wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${FORESTZONE_DN}
dn: CN=NTDS Settings,${SERVERDN} dn: CN=NTDS Settings,${SERVERDN}
changetype: modify changetype: modify
add: msDS-HasInstantiatedNCs add: msDS-HasInstantiatedNCs
msDS-HasInstantiatedNCs: B:8:0000000D:${DOMAINZONE_DN} msDS-HasInstantiatedNCs: B:8:0000000D:${ZONE_DN}
msDS-HasInstantiatedNCs: B:8:0000000D:${FORESTZONE_DN}
- -
add: msDS-hasMasterNCs add: msDS-hasMasterNCs
msDS-hasMasterNCs: ${DOMAINZONE_DN} msDS-hasMasterNCs: ${ZONE_DN}
msDS-hasMasterNCs: ${FORESTZONE_DN}
- -

9
source4/setup/provision_dnszones_partitions.ldif
View File

@ -1,7 +1,7 @@
################################ ################################
## DNSZones Naming Context ## DNSZones Naming Context
################################ ################################
dn: ${DOMAINZONE_DN} dn: ${ZONE_DN}
objectClass: top objectClass: top
objectClass: domainDNS objectClass: domainDNS
description: Microsoft DNS Directory description: Microsoft DNS Directory
@ -9,10 +9,3 @@ msDS-NcType: 0
instanceType: 13 instanceType: 13
ntSecurityDescriptor:: ${SECDESC} ntSecurityDescriptor:: ${SECDESC}
dn: ${FORESTZONE_DN}
objectClass: top
objectClass: domainDNS
description: Microsoft DNS Directory
msDS-NcType: 0
instanceType: 13
ntSecurityDescriptor:: ${SECDESC}