summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-07-21 02:12:20 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:29:51 -0500
commit6173fad23171add5b1d143f6c15fb36842811135 (patch)
tree708eae4a7cae97c56125be9597682506766949d0 /source4
parent7a8ac7588720ebd1ea61a539ca4040d322c4fcf2 (diff)
downloadsamba-6173fad23171add5b1d143f6c15fb36842811135.tar.gz
samba-6173fad23171add5b1d143f6c15fb36842811135.tar.bz2
samba-6173fad23171add5b1d143f6c15fb36842811135.zip
r8660: Use templates for the initial provision of user and computer accounts.
This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1)
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c17
-rw-r--r--source4/scripting/libjs/provision.js2
-rw-r--r--source4/setup/provision.ldif232
-rw-r--r--source4/setup/provision_templates.ldif150
4 files changed, 164 insertions, 237 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 3a0368db69..40b6b72713 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -347,7 +347,7 @@ static int samldb_copy_template(struct ldb_module *module, struct ldb_message *m
if (strcasecmp(el->name, "cn") == 0 ||
strcasecmp(el->name, "name") == 0 ||
strcasecmp(el->name, "sAMAccountName") == 0 ||
- strcasecmp(el->name, "objectGUID")) {
+ strcasecmp(el->name, "objectGUID") == 0) {
continue;
}
for (j = 0; j < el->num_values; j++) {
@@ -395,7 +395,7 @@ static struct ldb_message *samldb_fill_group_object(struct ldb_module *module, c
return NULL;
}
- if (samldb_copy_template(module, msg2, "(&(name=TemplateGroup)(objectclass=groupTemplate))") != 0) {
+ if (samldb_copy_template(module, msg2, "(&(CN=TemplateGroup)(objectclass=groupTemplate))") != 0) {
ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_group_object: Error copying template!\n");
return NULL;
}
@@ -473,9 +473,16 @@ static struct ldb_message *samldb_fill_user_or_computer_object(struct ldb_module
return NULL;
}
- if (samldb_copy_template(module, msg2, "(&(name=TemplateUser)(objectclass=userTemplate))") != 0) {
- ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying template!\n");
- return NULL;
+ if (samldb_find_attribute(msg, "objectclass", "computer") == NULL) {
+ if (samldb_copy_template(module, msg2, "(&(CN=TemplateMemberServer)(objectclass=userTemplate))") != 0) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying computer template!\n");
+ return NULL;
+ }
+ } else {
+ if (samldb_copy_template(module, msg2, "(&(CN=TemplateUser)(objectclass=userTemplate))") != 0) {
+ ldb_debug(module->ldb, LDB_DEBUG_WARNING, "samldb_fill_user_or_computer_object: Error copying user template!\n");
+ return NULL;
+ }
}
if ( ! samldb_get_rdn_and_basedn(msg2, msg2->dn, &rdn, &basedn)) {
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index db71392d8c..38f3fc066e 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -246,6 +246,8 @@ function provision(subobj, message)
setup_ldb("hklm.ldif", "hklm.ldb", subobj);
message("Setting up sam.ldb attributes\n");
setup_ldb("provision_init.ldif", "sam.ldb", subobj);
+ message("Setting up sam.ldb templates\n");
+ setup_ldb("provision_templates.ldif", "sam.ldb", subobj, NULL, false);
message("Setting up sam.ldb data\n");
setup_ldb("provision.ldif", "sam.ldb", subobj, data, false);
message("Setting up rootdse.ldb\n");
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index bc4505e8a4..10ea5248c8 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -191,7 +191,6 @@ objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
-instanceType: 4
uSNCreated: 1
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
@@ -201,21 +200,10 @@ memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Administrator
userAccountControl: 0x10200
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
objectSid: ${DOMAINSID}-500
adminCount: 1
accountExpires: -1
-logonCount: 0
sAMAccountName: Administrator
-sAMAccountType: 0x30000000
-objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unicodePwd: ${ADMINPASS}
unixName: ${ROOT}
@@ -227,26 +215,14 @@ objectClass: organizationalPerson
objectClass: user
cn: Guest
description: Built-in account for guest access to the computer/domain
-instanceType: 4
uSNCreated: 1
memberOf: CN=Guests,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Guest
userAccountControl: 0x10222
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
primaryGroupID: 514
objectSid: ${DOMAINSID}-501
-accountExpires: -1
-logonCount: 0
sAMAccountName: Guest
-sAMAccountType: 0x30000000
-objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
dn: CN=Administrators,CN=Builtin,${BASEDN}
@@ -257,7 +233,6 @@ description: Administrators have complete and unrestricted access to the compute
member: CN=Domain Admins,CN=Users,${BASEDN}
member: CN=Enterprise Admins,CN=Users,${BASEDN}
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Administrators
@@ -302,7 +277,6 @@ objectClass: group
cn: Users
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
member: CN=Domain Users,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Users
@@ -321,7 +295,6 @@ cn: Guests
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
member: CN=Domain Guests,CN=Users,${BASEDN}
member: CN=Guest,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Guests
@@ -339,7 +312,6 @@ objectClass: top
objectClass: group
cn: Print Operators
description: Members can administer domain printers
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Print Operators
@@ -360,7 +332,6 @@ objectClass: top
objectClass: group
cn: Backup Operators
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Backup Operators
@@ -382,7 +353,6 @@ objectClass: top
objectClass: group
cn: Replicator
description: Supports file replication in a domain
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Replicator
@@ -400,7 +370,6 @@ objectClass: top
objectClass: group
cn: Remote Desktop Users
description: Members in this group are granted the right to logon remotely
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Remote Desktop Users
@@ -417,7 +386,6 @@ objectClass: top
objectClass: group
cn: Network Configuration Operators
description: Members in this group can have some administrative privileges to manage configuration of networking features
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Network Configuration Operators
@@ -434,7 +402,6 @@ objectClass: top
objectClass: group
cn: Performance Monitor Users
description: Members of this group have remote access to monitor this computer
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Performance Monitor Users
@@ -451,7 +418,6 @@ objectClass: top
objectClass: group
cn: Performance Log Users
description: Members of this group have remote access to schedule logging of performance counters on this computer
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Performance Log Users
@@ -467,33 +433,24 @@ dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
objectClass: top
objectClass: person
objectClass: organizationalPerson
-objectClass: user
objectClass: computer
cn: ${NETBIOSNAME}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: ${NETBIOSNAME}
objectGUID: ${HOSTGUID}
userAccountControl: 532480
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
lastLogon: 127273269057298624
localPolicyFlags: 0
pwdLastSet: 127258826171655328
primaryGroupID: 516
objectSid: ${DOMAINSID}-1000
accountExpires: 9223372036854775807
-logonCount: 30
sAMAccountName: ${NETBIOSNAME}$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0
dNSHostName: ${DNSNAME}
-objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unicodePwd: ${MACHINEPASS}
servicePrincipalName: HOST/${DNSNAME}
@@ -507,28 +464,18 @@ objectClass: organizationalPerson
objectClass: user
cn: krbtgt
description: Key Distribution Center Service Account
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
showInAdvancedViewOnly: TRUE
name: krbtgt
userAccountControl: 514
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
pwdLastSet: 127258826179466560
-primaryGroupID: 513
objectSid: ${DOMAINSID}-502
adminCount: 1
accountExpires: 9223372036854775807
-logonCount: 0
sAMAccountName: krbtgt
sAMAccountType: 805306368
servicePrincipalName: kadmin/changepw
-objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unicodePwd: ${KRBTGTPASS}
@@ -537,14 +484,11 @@ objectClass: top
objectClass: group
cn: Domain Computers
description: All workstations and servers joined to the domain
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Domain Computers
objectSid: ${DOMAINSID}-515
sAMAccountName: Domain Computers
-sAMAccountType: 0x10000000
-groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -553,16 +497,12 @@ objectClass: top
objectClass: group
cn: Domain Controllers
description: All domain controllers in the domain
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Domain Controllers
objectSid: ${DOMAINSID}-516
adminCount: 1
sAMAccountName: Domain Controllers
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
dn: CN=Schema Admins,CN=Users,${BASEDN}
@@ -571,16 +511,12 @@ objectClass: group
cn: Schema Admins
description: Designated administrators of the schema
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Schema Admins
objectSid: ${DOMAINSID}-518
adminCount: 1
sAMAccountName: Schema Admins
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -590,7 +526,6 @@ objectClass: group
cn: Enterprise Admins
description: Designated administrators of the enterprise
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
@@ -598,9 +533,6 @@ name: Enterprise Admins
objectSid: ${DOMAINSID}-519
adminCount: 1
sAMAccountName: Enterprise Admins
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -609,14 +541,11 @@ objectClass: top
objectClass: group
cn: Cert Publishers
description: Members of this group are permitted to publish certificates to the Active Directory
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Cert Publishers
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
-sAMAccountType: 0x20000000
-groupType: 0x80000004
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -626,7 +555,6 @@ objectClass: group
cn: Domain Admins
description: Designated administrators of the domain
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
uSNChanged: 1
@@ -634,9 +562,6 @@ name: Domain Admins
objectSid: ${DOMAINSID}-512
adminCount: 1
sAMAccountName: Domain Admins
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -645,16 +570,12 @@ objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
-instanceType: 4
uSNCreated: 1
memberOf: CN=Users,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Domain Users
objectSid: ${DOMAINSID}-513
sAMAccountName: Domain Users
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${USERS}
@@ -663,16 +584,12 @@ objectClass: top
objectClass: group
cn: Domain Guests
description: All domain guests
-instanceType: 4
uSNCreated: 1
memberOf: CN=Guests,CN=Builtin,${BASEDN}
uSNChanged: 1
name: Domain Guests
objectSid: ${DOMAINSID}-514
sAMAccountName: Domain Guests
-sAMAccountType: 0x10000000
-groupType: 0x80000002
-objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
@@ -681,14 +598,11 @@ objectClass: group
cn: Group Policy Creator Owners
description: Members in this group can modify group policy for the domain
member: CN=Administrator,CN=Users,${BASEDN}
-instanceType: 4
uSNCreated: 1
uSNChanged: 1
name: Group Policy Creator Owners
objectSid: ${DOMAINSID}-520
sAMAccountName: Group Policy Creator Owners
-sAMAccountType: 0x10000000
-groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
unixName: ${WHEEL}
@@ -752,152 +666,6 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight
-dn: CN=Templates,${BASEDN}
-objectClass: top
-objectClass: container
-cn: Templates
-description: Container for SAM account templates
-instanceType: 4
-uSNCreated: 1
-uSNChanged: 1
-showInAdvancedViewOnly: TRUE
-name: Templates
-systemFlags: 0x8c000000
-objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-isCriticalSystemObject: TRUE
-
-###
-# note! the template users must not match normal searches. Be careful
-# with what classes you put them in
-###
-
-dn: CN=TemplateUser,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateUser
-name: TemplateUser
-instanceType: 4
-userAccountControl: 0x202
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000000
-
-dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateMemberServer
-name: TemplateMemberServer
-instanceType: 4
-userAccountControl: 0x1002
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000001
-
-dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateDomainController
-name: TemplateDomainController
-instanceType: 4
-userAccountControl: 0x2002
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000001
-
-dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: userTemplate
-cn: TemplateTrustingDomain
-name: TemplateTrustingDomain
-instanceType: 4
-userAccountControl: 0x820
-badPwdCount: 0
-codePage: 0
-countryCode: 0
-badPasswordTime: 0
-lastLogoff: 0
-lastLogon: 0
-pwdLastSet: 0
-primaryGroupID: 513
-accountExpires: -1
-logonCount: 0
-sAMAccountType: 0x30000002
-
-dn: CN=TemplateGroup,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: groupTemplate
-cn: TemplateGroup
-name: TemplateGroup
-instanceType: 4
-groupType: 0x80000002
-sAMAccountType: 0x10000000
-
-dn: CN=TemplateAlias,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: aliasTemplate
-cn: TemplateAlias
-name: TemplateAlias
-instanceType: 4
-groupType: 0x80000004
-sAMAccountType: 0x10000000
-
-dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: foreignSecurityPrincipalTemplate
-cn: TemplateForeignSecurityPrincipal
-name: TemplateForeignSecurityPrincipal
-
-dn: CN=TemplateSecret,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: leaf
-objectClass: Template
-objectClass: secretTemplate
-cn: TemplateSecret
-name: TemplateSecret
-instanceType: 4
-
-dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: leaf
-objectClass: Template
-objectClass: trustedDomainTemplate
-cn: TemplateTrustedDomain
-name: TemplateTrustedDomain
-instanceType: 4
-
###############################
# Configuration Naming Context
###############################
diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif
new file mode 100644
index 0000000000..43901a41e8
--- /dev/null
+++ b/source4/setup/provision_templates.ldif
@@ -0,0 +1,150 @@
+dn: CN=Templates,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Templates
+description: Container for SAM account templates
+instanceType: 4
+uSNCreated: 1
+uSNChanged: 1
+showInAdvancedViewOnly: TRUE
+name: Templates
+systemFlags: 0x8c000000
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+isCriticalSystemObject: TRUE
+
+###
+# note! the template users must not match normal searches. Be careful
+# with what classes you put them in
+###
+
+dn: CN=TemplateUser,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateUser
+name: TemplateUser
+instanceType: 4
+userAccountControl: 0x202
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000000
+objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateMemberServer
+name: TemplateMemberServer
+instanceType: 4
+userAccountControl: 0x1002
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000001
+objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateDomainController
+name: TemplateDomainController
+instanceType: 4
+userAccountControl: 0x2002
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000001
+objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateTrustingDomain
+name: TemplateTrustingDomain
+instanceType: 4
+userAccountControl: 0x820
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000002
+
+dn: CN=TemplateGroup,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: groupTemplate
+cn: TemplateGroup
+name: TemplateGroup
+instanceType: 4
+groupType: 0x80000002
+sAMAccountType: 0x10000000
+objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateAlias,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: aliasTemplate
+cn: TemplateAlias
+name: TemplateAlias
+instanceType: 4
+groupType: 0x80000004
+sAMAccountType: 0x10000000
+
+dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: foreignSecurityPrincipalTemplate
+cn: TemplateForeignSecurityPrincipal
+name: TemplateForeignSecurityPrincipal
+
+dn: CN=TemplateSecret,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: leaf
+objectClass: Template
+objectClass: secretTemplate
+cn: TemplateSecret
+name: TemplateSecret
+instanceType: 4
+
+dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: leaf
+objectClass: Template
+objectClass: trustedDomainTemplate
+cn: TemplateTrustedDomain
+name: TemplateTrustedDomain
+instanceType: 4
+