mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
8bf517d340
Give the possibility to specify controls when loading ldif files. Relax control is specified by default for all ldb_add_diff (request Andrew B). Set domainguid if specified at the creation of object instead of modifying afterward Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
85 lines
2.8 KiB
Plaintext
85 lines
2.8 KiB
Plaintext
# Accounts for selfjoin (joins DC to itself)
|
|
|
|
# Object under "Domain Controllers"
|
|
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
objectClass: computer
|
|
accountExpires: 9223372036854775807
|
|
dNSHostName: ${DNSNAME}
|
|
# "frsComputerReferenceBL" doesn't exist since we still miss FRS support
|
|
isCriticalSystemObject: TRUE
|
|
localPolicyFlags: 0
|
|
operatingSystem: Samba
|
|
operatingSystemVersion: ${SAMBA_VERSION_STRING}
|
|
primaryGroupID: 516
|
|
# "rIDSetReferences" doesn't exist since we still miss distributed RIDs
|
|
sAMAccountName: ${NETBIOSNAME}$
|
|
# "servicePrincipalName" for FRS doesn't exit since we still miss FRS support
|
|
# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
|
|
# "ldap/../DomainDnsZones", "DNS/..") don't exist since we don't support AD DNS
|
|
servicePrincipalName: GC/${DNSNAME}/${REALM}
|
|
servicePrincipalName: HOST/${DNSNAME}/${DOMAIN}
|
|
servicePrincipalName: HOST/${NETBIOSNAME}
|
|
servicePrincipalName: HOST/${DNSNAME}
|
|
servicePrincipalName: HOST/${DNSNAME}/${REALM}
|
|
# "servicePrincipalName"s with GUIDs are located in
|
|
# "provision_self_join_modify.ldif"
|
|
servicePrincipalName: ldap/${DNSNAME}/${DOMAIN}
|
|
servicePrincipalName: ldap/${NETBIOSNAME}
|
|
servicePrincipalName: ldap/${DNSNAME}
|
|
servicePrincipalName: ldap/${DNSNAME}/${REALM}
|
|
userAccountControl: 532480
|
|
userPassword:: ${MACHINEPASS_B64}
|
|
|
|
# Here are missing the objects for the NTFRS subscription and the RID set since
|
|
# we don't support those techniques (FRS, distributed RIDs) yet.
|
|
|
|
# Objects under "Configuration/Sites/<Default sitename>/Servers"
|
|
|
|
dn: ${SERVERDN}
|
|
objectClass: top
|
|
objectClass: server
|
|
systemFlags: 1375731712
|
|
dNSHostName: ${DNSNAME}
|
|
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
|
|
|
|
dn: CN=NTDS Settings,${SERVERDN}
|
|
objectClass: top
|
|
objectClass: applicationSettings
|
|
objectClass: nTDSDSA
|
|
dMDLocation: ${SCHEMADN}
|
|
hasMasterNCs: ${CONFIGDN}
|
|
hasMasterNCs: ${SCHEMADN}
|
|
hasMasterNCs: ${DOMAINDN}
|
|
invocationId: ${INVOCATIONID}
|
|
msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
|
|
msDS-HasDomainNCs: ${DOMAINDN}
|
|
# "msDS-HasInstantiatedNCs"s for DNS don't exist since we don't support AD DNS
|
|
msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
|
|
msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN}
|
|
msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN}
|
|
# "msDS-hasMasterNCs"s for DNS don't exist since we don't support AD DNS
|
|
msDS-hasMasterNCs: ${CONFIGDN}
|
|
msDS-hasMasterNCs: ${SCHEMADN}
|
|
msDS-hasMasterNCs: ${DOMAINDN}
|
|
options: 1
|
|
systemFlags: 33554432
|
|
${NTDSGUID}
|
|
|
|
# Provides an account for DNS keytab export
|
|
dn: CN=dns,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
description: DNS Service Account
|
|
userAccountControl: 514
|
|
accountExpires: 9223372036854775807
|
|
sAMAccountName: dns
|
|
servicePrincipalName: DNS/${DNSDOMAIN}
|
|
userPassword:: ${DNSPASS_B64}
|
|
isCriticalSystemObject: TRUE
|