mirror of
https://github.com/samba-team/samba.git
synced 2025-01-27 14:04:05 +03:00
712a149802
On Windows dcpromo imports nextRid from the local SAM, which means it's not hardcoded to 1000. The initlal rIDAvailablePool starts at nextRid + 100. I also found that the RID Set of the local dc should be created via provision and not at runtime, when the first rid is needed. (Tested with dcpromo on w2k8r2, while disabling the DNS check box). After provision we should have this (assuming nextRid=1000): rIDAllocationPool: 1100-1599 rIDPrevAllocationPool: 1100-1599 rIDUsedPool: 0 rIDNextRID: 1100 rIDAvailablePool: 1600-1073741823 Because provision sets rIDNextRid=1100, the first created account (typically DNS related accounts) will get 1101 as rid! metze
71 lines
2.4 KiB
Plaintext
71 lines
2.4 KiB
Plaintext
# Accounts for selfjoin (joins DC to itself)
|
|
|
|
# Object under "Domain Controllers"
|
|
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
objectClass: computer
|
|
accountExpires: 9223372036854775807
|
|
dNSHostName: ${DNSNAME}
|
|
# "MSDFSR-ComputerReferenceBL" doesn't exist since we still miss DFSR support
|
|
isCriticalSystemObject: TRUE
|
|
localPolicyFlags: 0
|
|
operatingSystem: Samba
|
|
operatingSystemVersion: ${SAMBA_VERSION_STRING}
|
|
primaryGroupID: 516
|
|
sAMAccountName: ${NETBIOSNAME}$
|
|
# "servicePrincipalName"s for FRS and DFSR don't exit since we still miss DFRS support
|
|
# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
|
|
# "ldap/../DomainDnsZones", "DNS/..") don't exist since we don't support AD DNS
|
|
servicePrincipalName: GC/${DNSNAME}/${REALM}
|
|
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
|
servicePrincipalName: HOST/${NETBIOSNAME}
|
|
servicePrincipalName: HOST/${DNSNAME}
|
|
servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
|
# "servicePrincipalName"s with GUIDs are located in
|
|
# "provision_self_join_modify.ldif"
|
|
servicePrincipalName: ldap/${DNSNAME}/${DOMAIN}
|
|
servicePrincipalName: ldap/${NETBIOSNAME}
|
|
servicePrincipalName: ldap/${DNSNAME}
|
|
servicePrincipalName: ldap/${DNSNAME}/${REALM}
|
|
userAccountControl: 532480
|
|
userPassword:: ${MACHINEPASS_B64}
|
|
objectSID: ${DOMAINSID}-${DCRID}
|
|
|
|
# Here are missing the objects for the NTFRS subscription since we don't
|
|
# support this technique yet.
|
|
|
|
# Objects under "Configuration/Sites/<Default sitename>/Servers"
|
|
|
|
dn: ${SERVERDN}
|
|
objectClass: top
|
|
objectClass: server
|
|
systemFlags: 1375731712
|
|
dNSHostName: ${DNSNAME}
|
|
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
|
|
dn: CN=NTDS Settings,${SERVERDN}
|
|
objectClass: top
|
|
objectClass: applicationSettings
|
|
objectClass: nTDSDSA
|
|
dMDLocation: ${SCHEMADN}
|
|
hasMasterNCs: ${CONFIGDN}
|
|
hasMasterNCs: ${SCHEMADN}
|
|
hasMasterNCs: ${DOMAINDN}
|
|
invocationId: ${INVOCATIONID}
|
|
msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
|
|
msDS-HasDomainNCs: ${DOMAINDN}
|
|
# "msDS-HasInstantiatedNCs"s for DNS don't exist since we don't support AD DNS
|
|
msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
|
|
msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN}
|
|
msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN}
|
|
# "msDS-hasMasterNCs"s for DNS don't exist since we don't support AD DNS
|
|
msDS-hasMasterNCs: ${CONFIGDN}
|
|
msDS-hasMasterNCs: ${SCHEMADN}
|
|
msDS-hasMasterNCs: ${DOMAINDN}
|
|
options: 1
|
|
systemFlags: 33554432
|
|
${NTDSGUID}
|