mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:provision - Some rework (continuation)
- Fix up "servicePrincipalNames" attributes on the DC object - Add some informative comments (most in "provision_self_join.ldif") - Add also comments where objects are missing which we may add later when we support the feature (mainly for FRS) - Add "domain updates" objects also under "CN=Configuration" (they exist twice) - Add the default services under "Services" to allow interoperability with some MS client tools - Smaller changes
This commit is contained in:
parent
aadf5e3910
commit
fa4023d6f7
@ -978,6 +978,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
|
||||
"DOMAINDN": names.domaindn})
|
||||
message("Setting up sam.ldb data")
|
||||
setup_add_ldif(samdb, setup_path("provision.ldif"), {
|
||||
"CREATTIME": str(int(time.time()) * 1e7), # seconds -> ticks
|
||||
"DOMAINDN": names.domaindn,
|
||||
"NETBIOSNAME": names.netbiosname,
|
||||
"DEFAULTSITE": names.sitename,
|
||||
@ -1005,10 +1006,10 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
|
||||
policyguid_dc=policyguid_dc,
|
||||
setup_path=setup_path,
|
||||
domainControllerFunctionality=domainControllerFunctionality)
|
||||
# add the NTDSGUID based SPNs
|
||||
|
||||
ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
|
||||
names.ntdsguid = samdb.searchone(basedn=ntds_dn, attribute="objectGUID",
|
||||
expression="", scope=SCOPE_BASE)
|
||||
names.ntdsguid = samdb.searchone(basedn=ntds_dn,
|
||||
attribute="objectGUID", expression="", scope=SCOPE_BASE)
|
||||
assert isinstance(names.ntdsguid, str)
|
||||
|
||||
except:
|
||||
|
@ -5,24 +5,25 @@
|
||||
dn: CN=Builtin,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: builtinDomain
|
||||
creationTime: ${CREATTIME}
|
||||
forceLogoff: -9223372036854775808
|
||||
isCriticalSystemObject: TRUE
|
||||
lockoutDuration: -18000000000
|
||||
lockOutObservationWindow: -18000000000
|
||||
lockoutThreshold: 0
|
||||
maxPwdAge: -37108517437440
|
||||
minPwdAge: 0
|
||||
minPwdLength: 0
|
||||
modifiedCount: 1
|
||||
modifiedCountAtLastProm: 0
|
||||
nextRid: 1000
|
||||
pwdProperties: 0
|
||||
pwdHistoryLength: 0
|
||||
objectSid: S-1-5-32
|
||||
pwdHistoryLength: 0
|
||||
pwdProperties: 0
|
||||
serverState: 1
|
||||
uASCompat: 1
|
||||
modifiedCount: 1
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
showInAdvancedViewOnly: FALSE
|
||||
systemFlags: -1946157056
|
||||
uASCompat: 1
|
||||
|
||||
dn: CN=Deleted Objects,${DOMAINDN}
|
||||
objectClass: top
|
||||
@ -366,6 +367,8 @@ objectClass: nTFRSSettings
|
||||
systemFlags: -1946157056
|
||||
isCriticalSystemObject: TRUE
|
||||
|
||||
# Here are missing the FRS objects since we don't support this technique yet
|
||||
|
||||
dn: CN=FileLinks,CN=System,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: fileLinkTracking
|
||||
|
@ -15,6 +15,8 @@ isDeleted: TRUE
|
||||
isCriticalSystemObject: TRUE
|
||||
systemFlags: -1946157056
|
||||
|
||||
# Extended rights
|
||||
|
||||
dn: CN=Extended-Rights,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
@ -637,6 +639,8 @@ appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2
|
||||
localizationDisplayId: 28
|
||||
validAccesses: 256
|
||||
|
||||
# Forest updates
|
||||
|
||||
dn: CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
@ -645,6 +649,154 @@ dn: CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=6b800a81-affe-4a15-8e41-6ea0c7aa89e4,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=dd07182c-3174-4c95-902a-d64fee285bbf,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=ffa5ee3c-1405-476d-b344-7ad37d69cc25,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=099f1587-af70-49c6-ab6c-7b3e82be0fe2,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=1a3f6b15-55f2-4752-ba27-3d38a8232c4d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=dee21a17-4e8e-4f40-a58c-c0c009b685a7,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=9bd98bb4-4047-4de5-bf4c-7bd1d0f6d21d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=3fe80fbf-bf39-4773-b5bd-3e5767a30d2d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=f02915e2-9141-4f73-b8e7-2804662782da,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=39902c52-ef24-4b4b-8033-2c9dfdd173a2,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=20bf09b4-6d0b-4cd1-9c09-4231edf1209b,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=94f238bb-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=94f238bc-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=94f238bd-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=94f238be-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=94f238bf-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=94f238c0-831c-11d6-977b-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=eda27b47-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=eda27b48-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=eda27b49-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=eda27b4a-e610-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=26d9c510-e61a-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=26d9c511-e61a-11d6-9793-00c04f613221,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=3467dae5-dedd-4648-9066-f48ac186b20a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=33b7ee33-1386-47cf-baa1-b03e06473253,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=e9ee8d55-c2fb-4723-a333-c80ff4dfbf45,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=ccfae63a-7fb5-454c-83ab-0e8e1214974e,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=ad3c7909-b154-4c16-8bf7-2c3a7870bb3d,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=26ad2ebf-f8f5-44a4-b97c-a616c8b9d09a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=4444c516-f43a-4c12-9c4b-b5c064941d61,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=436a1a4b-f41a-46e6-ac86-427720ef29f3,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=b2b7fb45-f50d-41bc-a73b-8f580f3b636a,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=1bdf6366-c3db-4d0b-b8cb-f99ba9bce20f,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=63c0f51a-067c-4640-8a4f-044fb33f1049,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=dae441c0-366e-482e-98d9-60a99a1898cc,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=7dd09ca6-f0d6-43bf-b7f8-ef348f435617,CN=Operations,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=Windows2003Update,CN=ForestUpdates,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
@ -662,6 +814,8 @@ description: Quota specifications container
|
||||
msDS-TombstoneQuotaFactor: 100
|
||||
systemFlags: -2147483648
|
||||
|
||||
# Partitions
|
||||
|
||||
dn: CN=Partitions,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: crossRefContainer
|
||||
@ -669,6 +823,8 @@ systemFlags: -2147483648
|
||||
msDS-Behavior-Version: ${FOREST_FUNCTIONALALITY}
|
||||
showInAdvancedViewOnly: TRUE
|
||||
|
||||
# Partitions for DNS are missing since we don't support AD DNS
|
||||
|
||||
dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: crossRef
|
||||
@ -699,11 +855,91 @@ l: Physical Locations tree root
|
||||
|
||||
# Schema located in "ad-schema/*.txt"
|
||||
|
||||
# Services
|
||||
|
||||
dn: CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
systemFlags: -2147483648
|
||||
|
||||
dn: CN=MsmqServices,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: mSMQEnterpriseSettings
|
||||
mSMQVersion: 200
|
||||
|
||||
dn: CN=NetServices,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=Certificate Templates,CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=Enrollment Services,CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=Certification Authorities,CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=AIA,CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=CDP,CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=KRA,CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=OID,CN=Public Key Services,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: msPKI-Enterprise-Oid
|
||||
|
||||
dn: CN=RRAS,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
|
||||
dn: CN=IdentityDictionary,CN=RRAS,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: rRASAdministrationDictionary
|
||||
msRRASVendorAttributeEntry: 311:6:803:RADIUS Accouting
|
||||
msRRASVendorAttributeEntry: 311:6:802:RADIUS Authentication
|
||||
msRRASVendorAttributeEntry: 311:6:801:NT Domain Authentication
|
||||
msRRASVendorAttributeEntry: 311:6:714:Point to point parallel connection
|
||||
msRRASVendorAttributeEntry: 311:6:713:Point to point serial connection
|
||||
msRRASVendorAttributeEntry: 311:6:712:Generic LAN
|
||||
msRRASVendorAttributeEntry: 311:6:711:Generic WAN
|
||||
msRRASVendorAttributeEntry: 311:6:710:X.25
|
||||
msRRASVendorAttributeEntry: 311:6:709:IrDA
|
||||
msRRASVendorAttributeEntry: 311:6:708:Switched 56
|
||||
msRRASVendorAttributeEntry: 311:6:707:SONET
|
||||
msRRASVendorAttributeEntry: 311:6:706:Modem
|
||||
msRRASVendorAttributeEntry: 311:6:705:ISDN
|
||||
msRRASVendorAttributeEntry: 311:6:704:ATM
|
||||
msRRASVendorAttributeEntry: 311:6:703:Frame Relay
|
||||
msRRASVendorAttributeEntry: 311:6:702:Layer 2 Tunneling Protocol
|
||||
msRRASVendorAttributeEntry: 311:6:701:Point-to-Point Tunneling Protocol
|
||||
msRRASVendorAttributeEntry: 311:6:604:Network Address and Port Translation
|
||||
msRRASVendorAttributeEntry: 311:6:603:Demand Dial Router
|
||||
msRRASVendorAttributeEntry: 311:6:602:Remote Access Server
|
||||
msRRASVendorAttributeEntry: 311:6:601:LAN-to- LAN Router
|
||||
msRRASVendorAttributeEntry: 311:6:503:AppleTalk Forwarding Enabled
|
||||
msRRASVendorAttributeEntry: 311:6:502:IPX Forwarding Enabled
|
||||
msRRASVendorAttributeEntry: 311:6:501:IP Forwarding Enabled
|
||||
msRRASVendorAttributeEntry: 311:5:2:IPX SAP
|
||||
msRRASVendorAttributeEntry: 311::5:1:IPX RIP
|
||||
msRRASVendorAttributeEntry: 311:1:10:IGMP Only
|
||||
msRRASVendorAttributeEntry: 311:0:13:OSPF
|
||||
msRRASVendorAttributeEntry: 311:0:8:RIP (version 1 or 2)
|
||||
|
||||
dn: CN=Windows NT,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: container
|
||||
@ -711,7 +947,9 @@ objectClass: container
|
||||
dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: nTDSService
|
||||
sPNMappings: host=ldap,dns,cifs,http
|
||||
msDS-Other-Settings: DisableVLVSupport=0
|
||||
msDS-Other-Settings: DynamicObjectMinTTL=900
|
||||
msDS-Other-Settings: DynamicObjectDefaultTTL=86400
|
||||
|
||||
dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
|
||||
objectClass: top
|
||||
@ -734,6 +972,8 @@ lDAPAdminLimits: MaxConnIdleTime=900
|
||||
lDAPAdminLimits: InitRecvTimeout=120
|
||||
lDAPAdminLimits: MaxConnections=5000
|
||||
|
||||
# Sites
|
||||
|
||||
dn: CN=Sites,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: sitesContainer
|
||||
@ -759,6 +999,7 @@ objectClass: top
|
||||
objectClass: interSiteTransport
|
||||
transportAddressAttribute: dNSHostName
|
||||
transportDLLName: ismip.dll
|
||||
systemFlags: -2147483648
|
||||
|
||||
dn: CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,${CONFIGDN}
|
||||
objectClass: top
|
||||
@ -785,3 +1026,7 @@ objectClass: top
|
||||
objectClass: serversContainer
|
||||
systemFlags: 33554432
|
||||
|
||||
dn: CN=Subnets,CN=Sites,${CONFIGDN}
|
||||
objectClass: top
|
||||
objectClass: subnetContainer
|
||||
systemFlags: -1073741824
|
||||
|
@ -1,41 +1,43 @@
|
||||
# Join the DC to itself
|
||||
# Accounts for selfjoin (joins DC to itself)
|
||||
|
||||
# Object under "Domain Controllers"
|
||||
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
objectClass: computer
|
||||
userAccountControl: 532480
|
||||
localPolicyFlags: 0
|
||||
primaryGroupID: 516
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: ${NETBIOSNAME}$
|
||||
dNSHostName: ${DNSNAME}
|
||||
# "frsComputerReferenceBL" doesn't exist since we still miss FRS support
|
||||
isCriticalSystemObject: TRUE
|
||||
localPolicyFlags: 0
|
||||
operatingSystem: Samba
|
||||
operatingSystemVersion: ${SAMBA_VERSION_STRING}
|
||||
dNSHostName: ${DNSNAME}
|
||||
userPassword:: ${MACHINEPASS_B64}
|
||||
servicePrincipalName: HOST/${DNSNAME}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${REALM}
|
||||
primaryGroupID: 516
|
||||
# "rIDSetReferences" doesn't exist since we still miss distributed RIDs
|
||||
sAMAccountName: ${NETBIOSNAME}$
|
||||
# "servicePrincipalName" for FRS doesn't exit since we still miss FRS support
|
||||
# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
|
||||
# "ldap/../DomainDnsZones", "DNS/..") don't exist since we don't support AD DNS
|
||||
servicePrincipalName: GC/${DNSNAME}/${REALM}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN}
|
||||
isCriticalSystemObject: TRUE
|
||||
servicePrincipalName: HOST/${NETBIOSNAME}
|
||||
servicePrincipalName: HOST/${DNSNAME}
|
||||
servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
||||
# "servicePrincipalName"s with GUIDs are located in
|
||||
# "provision_self_join_modify.ldif"
|
||||
servicePrincipalName: ldap/${DNSNAME}/${DOMAIN}
|
||||
servicePrincipalName: ldap/${NETBIOSNAME}
|
||||
servicePrincipalName: ldap/${DNSNAME}
|
||||
servicePrincipalName: ldap/${DNSNAME}/${REALM}
|
||||
userAccountControl: 532480
|
||||
userPassword:: ${MACHINEPASS_B64}
|
||||
|
||||
#Provide a account for DNS keytab export
|
||||
dn: CN=dns,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
description: DNS Service Account
|
||||
userAccountControl: 514
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: dns
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
userPassword:: ${DNSPASS_B64}
|
||||
isCriticalSystemObject: TRUE
|
||||
# Here are missing the objects for the NTFRS subscription and the RID set since
|
||||
# we don't support those techniques (FRS, distributed RIDs) yet.
|
||||
|
||||
# Objects under "Configuration/Sites/<Default sitename>/Servers"
|
||||
|
||||
dn: ${SERVERDN}
|
||||
objectClass: top
|
||||
@ -48,14 +50,34 @@ dn: CN=NTDS Settings,${SERVERDN}
|
||||
objectClass: top
|
||||
objectClass: applicationSettings
|
||||
objectClass: nTDSDSA
|
||||
options: 1
|
||||
systemFlags: 33554432
|
||||
dMDLocation: ${SCHEMADN}
|
||||
invocationId: ${INVOCATIONID}
|
||||
msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
|
||||
msDS-hasMasterNCs: ${CONFIGDN}
|
||||
msDS-hasMasterNCs: ${SCHEMADN}
|
||||
msDS-hasMasterNCs: ${DOMAINDN}
|
||||
hasMasterNCs: ${CONFIGDN}
|
||||
hasMasterNCs: ${SCHEMADN}
|
||||
hasMasterNCs: ${DOMAINDN}
|
||||
invocationId: ${INVOCATIONID}
|
||||
msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
|
||||
msDS-HasDomainNCs: ${DOMAINDN}
|
||||
# "msDS-HasInstantiatedNCs"s for DNS don't exist since we don't support AD DNS
|
||||
msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
|
||||
msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN}
|
||||
msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN}
|
||||
# "msDS-hasMasterNCs"s for DNS don't exist since we don't support AD DNS
|
||||
msDS-hasMasterNCs: ${CONFIGDN}
|
||||
msDS-hasMasterNCs: ${SCHEMADN}
|
||||
msDS-hasMasterNCs: ${DOMAINDN}
|
||||
options: 1
|
||||
systemFlags: 33554432
|
||||
|
||||
# Provides an account for DNS keytab export
|
||||
dn: CN=dns,CN=Users,${DOMAINDN}
|
||||
objectClass: top
|
||||
objectClass: person
|
||||
objectClass: organizationalPerson
|
||||
objectClass: user
|
||||
description: DNS Service Account
|
||||
userAccountControl: 514
|
||||
accountExpires: 9223372036854775807
|
||||
sAMAccountName: dns
|
||||
servicePrincipalName: DNS/${DNSDOMAIN}
|
||||
userPassword:: ${DNSPASS_B64}
|
||||
isCriticalSystemObject: TRUE
|
||||
|
Loading…
Reference in New Issue
Block a user