s4-provision: LDIF files to set up AD DNS schema

This files set up DomainDnsZones and ForestDnsZones partitions and
other configuration parameters for replication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

5 files changed, 129 insertions, 3 deletions

diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index cb049b0c1e..9fab2b5672 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -1019,7 +1019,7 @@ systemFlags: -2147483648
 msDS-Behavior-Version: ${FOREST_FUNCTIONALITY}
 showInAdvancedViewOnly: TRUE
 
-# Partitions for DNS are missing since we don't support AD DNS
+# Partitions for DNS are missing here, they are added from provision_dnszones.ldif
 
 dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
 objectClass: top
diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif
new file mode 100644
index 0000000000..ee1a3eb99f
--- /dev/null
+++ b/source4/setup/provision_dnszones_add.ldif
@@ -0,0 +1,74 @@
+#################################
+# Required objectclasses
+#################################
+dn: CN=Deleted Objects,${DOMAINZONE_DN}
+objectClass: top
+objectClass: container
+description: Deleted objects
+isDeleted: TRUE
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=LostAndFound,${DOMAINZONE_DN}
+objectClass: top
+objectClass: lostAndFound
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=Infrastructure,${DOMAINZONE_DN}
+objectClass: top
+objectClass: infrastructureUpdate
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=NTDS Quotas,${DOMAINZONE_DN}
+objectClass: top
+objectClass: msDS-QuotaContainer
+description: Quota specifications container
+isCriticalSystemObject: TRUE
+msDS-TombstoneQuotaFactor: 100
+
+
+dn: CN=Deleted Objects,${FORESTZONE_DN}
+objectClass: top
+objectClass: container
+description: Deleted objects
+isDeleted: TRUE
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=LostAndFound,${FORESTZONE_DN}
+objectClass: top
+objectClass: lostAndFound
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=Infrastructure,${FORESTZONE_DN}
+objectClass: top
+objectClass: infrastructureUpdate
+isCriticalSystemObject: TRUE
+systemFlags: -1946157056
+
+dn: CN=NTDS Quotas,${FORESTZONE_DN}
+objectClass: top
+objectClass: msDS-QuotaContainer
+description: Quota specifications container
+isCriticalSystemObject: TRUE
+msDS-TombstoneQuotaFactor: 100
+
+#################################
+# Configure partitions
+#################################
+dn: CN=${DOMAINZONE_GUID},CN=Partitions,${CONFIGDN}
+objectClass: top
+objectClass: crossRef
+nCName: ${DOMAINZONE_DN}
+dnsRoot: ${DOMAINZONE_DNS}
+systemFlags: 5
+
+dn: CN=${FORESTZONE_GUID},CN=Partitions,${CONFIGDN}
+objectClass: top
+objectClass: crossRef
+nCName: ${FORESTZONE_DN}
+dnsRoot: ${FORESTZONE_DNS}
+systemFlags: 5
diff --git a/source4/setup/provision_dnszones_modify.ldif b/source4/setup/provision_dnszones_modify.ldif
new file mode 100644
index 0000000000..0dc942ff1e
--- /dev/null
+++ b/source4/setup/provision_dnszones_modify.ldif
@@ -0,0 +1,36 @@
+dn: ${DOMAINZONE_DN}
+changetype: modify
+add: wellKnownObjects
+wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${DOMAINZONE_DN}
+wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${DOMAINZONE_DN}
+wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINZONE_DN}
+wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${DOMAINZONE_DN}
+
+dn: CN=Infrastructure,${DOMAINZONE_DN}
+changetype: modify
+add: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+
+dn: CN=Infrastructure,${FORESTZONE_DN}
+changetype: modify
+add: fSMORoleOwner
+fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
+
+dn: ${FORESTZONE_DN}
+changetype: modify
+add: wellKnownObjects
+wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${FORESTZONE_DN}
+wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${FORESTZONE_DN}
+wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${FORESTZONE_DN}
+wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${FORESTZONE_DN}
+
+dn: CN=NTDS Settings,${SERVERDN}
+changetype: modify
+add: msDS-HasInstantiatedNCs
+msDS-HasInstantiatedNCs: B:8:0000000D:${DOMAINZONE_DN}
+msDS-HasInstantiatedNCs: B:8:0000000D:${FORESTZONE_DN}
+-
+add: msDS-hasMasterNCs
+msDS-hasMasterNCs: ${DOMAINZONE_DN}
+msDS-hasMasterNCs: ${FORESTZONE_DN}
+-
diff --git a/source4/setup/provision_dnszones_partitions.ldif b/source4/setup/provision_dnszones_partitions.ldif
new file mode 100644
index 0000000000..bb16332b11
--- /dev/null
+++ b/source4/setup/provision_dnszones_partitions.ldif
@@ -0,0 +1,16 @@
+################################
+## DNSZones Naming Context
+################################
+dn: ${DOMAINZONE_DN}
+objectClass: top
+objectClass: domainDNS
+description: Microsoft DNS Directory
+msDS-NcType: 0
+instanceType: 13
+
+dn: ${FORESTZONE_DN}
+objectClass: top
+objectClass: domainDNS
+description: Microsoft DNS Directory
+msDS-NcType: 0
+instanceType: 13
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 2630de88d0..9124ab50ef 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -44,11 +44,11 @@ hasMasterNCs: ${DOMAINDN}
 invocationId: ${INVOCATIONID}
 msDS-Behavior-Version: ${DOMAIN_CONTROLLER_FUNCTIONALITY}
 msDS-HasDomainNCs: ${DOMAINDN}
-# "msDS-HasInstantiatedNCs"s for DNS don't exist since we don't support AD DNS
+# "msDS-HasInstantiatedNCs"s for DNS is added from provision_dnszones_modify.ldif
 msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
 msDS-HasInstantiatedNCs: B:8:0000000D:${SCHEMADN}
 msDS-HasInstantiatedNCs: B:8:00000005:${DOMAINDN}
-# "msDS-hasMasterNCs"s for DNS don't exist since we don't support AD DNS
+# "msDS-hasMasterNCs"s for DNS is added from provision_dnszones_modify.ldif
 msDS-hasMasterNCs: ${CONFIGDN}
 msDS-hasMasterNCs: ${SCHEMADN}
 msDS-hasMasterNCs: ${DOMAINDN}