mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
271b5af92e
Rather than have the functional levels scattered in 4 different, unconnected locations, the provision script now sets it, and the rootdse module maintains it's copy only as a cached view onto the original values. We also use the functional level to determine if we should store AES Kerberos keys. Andrew Bartlett
88 lines
1.9 KiB
Plaintext
88 lines
1.9 KiB
Plaintext
###############################
|
|
# Domain Naming Context
|
|
###############################
|
|
dn: ${DOMAINDN}
|
|
changetype: modify
|
|
-
|
|
replace: forceLogoff
|
|
forceLogoff: -9223372036854775808
|
|
-
|
|
replace: lockoutDuration
|
|
lockoutDuration: -18000000000
|
|
-
|
|
replace: lockOutObservationWindow
|
|
lockOutObservationWindow: -18000000000
|
|
-
|
|
replace: lockoutThreshold
|
|
lockoutThreshold: 0
|
|
-
|
|
replace: maxPwdAge
|
|
maxPwdAge: -37108517437440
|
|
-
|
|
replace: minPwdAge
|
|
minPwdAge: 0
|
|
-
|
|
replace: minPwdLength
|
|
minPwdLength: 7
|
|
-
|
|
replace: modifiedCountAtLastProm
|
|
modifiedCountAtLastProm: 0
|
|
-
|
|
replace: nextRid
|
|
nextRid: 1000
|
|
-
|
|
replace: pwdProperties
|
|
pwdProperties: 1
|
|
-
|
|
replace: pwdHistoryLength
|
|
pwdHistoryLength: 24
|
|
-
|
|
replace: objectSid
|
|
objectSid: ${DOMAINSID}
|
|
-
|
|
replace: oEMInformation
|
|
oEMInformation: Provisioned by Samba4: ${LDAPTIME}
|
|
-
|
|
replace: serverState
|
|
serverState: 1
|
|
-
|
|
replace: nTMixedDomain
|
|
nTMixedDomain: 0
|
|
-
|
|
replace: msDS-Behavior-Version
|
|
msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY}
|
|
-
|
|
replace: ridManagerReference
|
|
ridManagerReference: CN=RID Manager$,CN=System,${DOMAINDN}
|
|
-
|
|
replace: uASCompat
|
|
uASCompat: 1
|
|
-
|
|
replace: modifiedCount
|
|
modifiedCount: 1
|
|
-
|
|
replace: fSMORoleOwner
|
|
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
|
|
-
|
|
replace: systemFlags
|
|
systemFlags: -1946157056
|
|
-
|
|
replace: isCriticalSystemObject
|
|
isCriticalSystemObject: TRUE
|
|
-
|
|
replace: subRefs
|
|
subRefs: ${CONFIGDN}
|
|
-
|
|
replace: gPLink
|
|
gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
|
|
-
|
|
replace: wellKnownObjects
|
|
wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN}
|
|
wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN}
|
|
wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN}
|
|
wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN}
|
|
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
|
|
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
|
|
-
|
|
${DOMAINGUID_MOD}
|