mirror of
https://github.com/samba-team/samba.git
synced 2025-02-01 05:47:28 +03:00
8bf517d340
Give the possibility to specify controls when loading ldif files. Relax control is specified by default for all ldb_add_diff (request Andrew B). Set domainguid if specified at the creation of object instead of modifying afterward Allow to specify objectGUID for NTDS object of the first DC this option is used during provision upgrade.
113 lines
2.9 KiB
Plaintext
113 lines
2.9 KiB
Plaintext
###############################
|
|
# Domain Naming Context
|
|
###############################
|
|
dn: ${DOMAINDN}
|
|
changetype: modify
|
|
-
|
|
# This should be 0x0001, but the 0 byte is not allowed - therefore encoded
|
|
replace: auditingPolicy
|
|
auditingPolicy:: AAE=
|
|
-
|
|
replace: creationTime
|
|
creationTime: ${CREATTIME}
|
|
-
|
|
replace: forceLogoff
|
|
forceLogoff: -9223372036854775808
|
|
-
|
|
# "fSMORoleOwner" filled in later
|
|
replace: gPLink
|
|
gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
|
|
-
|
|
replace: isCriticalSystemObject
|
|
isCriticalSystemObject: TRUE
|
|
-
|
|
replace: lockoutDuration
|
|
lockoutDuration: -18000000000
|
|
-
|
|
replace: lockOutObservationWindow
|
|
lockOutObservationWindow: -18000000000
|
|
-
|
|
replace: lockoutThreshold
|
|
lockoutThreshold: 0
|
|
-
|
|
# "masteredBy" filled in later
|
|
replace: maxPwdAge
|
|
maxPwdAge: -37108517437440
|
|
-
|
|
# FIXME: This should be "-864000000000" when we fully comply with passwords pol.
|
|
replace: minPwdAge
|
|
minPwdAge: 0
|
|
-
|
|
replace: minPwdLength
|
|
minPwdLength: 7
|
|
-
|
|
replace: modifiedCount
|
|
modifiedCount: 1
|
|
-
|
|
replace: modifiedCountAtLastProm
|
|
modifiedCountAtLastProm: 0
|
|
-
|
|
replace: msDS-AllUsersTrustQuota
|
|
msDS-AllUsersTrustQuota: 1000
|
|
-
|
|
replace: msDS-Behavior-Version
|
|
msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY}
|
|
-
|
|
replace: ms-DS-MachineAccountQuota
|
|
ms-DS-MachineAccountQuota: 10
|
|
-
|
|
# "msDs-masteredBy" filled in later
|
|
replace: msDS-PerUserTrustQuota
|
|
msDS-PerUserTrustQuota: 1
|
|
-
|
|
replace: msDS-PerUserTrustTombstonesQuota
|
|
msDS-PerUserTrustTombstonesQuota: 10
|
|
-
|
|
replace: nextRid
|
|
nextRid: 1000
|
|
-
|
|
replace: nTMixedDomain
|
|
nTMixedDomain: 0
|
|
-
|
|
replace: objectSid
|
|
objectSid: ${DOMAINSID}
|
|
-
|
|
# This exists only in SAMBA
|
|
replace: oEMInformation
|
|
oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}
|
|
-
|
|
replace: pwdProperties
|
|
pwdProperties: 1
|
|
-
|
|
replace: pwdHistoryLength
|
|
pwdHistoryLength: 24
|
|
-
|
|
replace: rIDManagerReference
|
|
rIDManagerReference: CN=RID Manager$,CN=System,${DOMAINDN}
|
|
-
|
|
replace: serverState
|
|
serverState: 1
|
|
-
|
|
replace: subRefs
|
|
subRefs: ${CONFIGDN}
|
|
-
|
|
replace: systemFlags
|
|
systemFlags: -1946157056
|
|
-
|
|
replace: uASCompat
|
|
uASCompat: 1
|
|
-
|
|
replace: wellKnownObjects
|
|
wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${DOMAINDN}
|
|
wellKnownObjects: B:32:f4be92a4c777485e878e9421d53087db:CN=Microsoft,CN=Program Data,${DOMAINDN}
|
|
wellKnownObjects: B:32:09460c08ae1e4a4ea0f64aee7daa1e5a:CN=Program Data,${DOMAINDN}
|
|
wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN}
|
|
wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${DOMAINDN}
|
|
wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN}
|
|
wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${DOMAINDN}
|
|
wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN}
|
|
wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN}
|
|
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
|
|
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
|
|
-
|