summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/libjs/provision.js45
-rwxr-xr-xsource4/setup/provision9
-rw-r--r--source4/setup/provision.ldif206
-rw-r--r--source4/setup/provision_computers_add.ldif3
-rw-r--r--source4/setup/provision_computers_modify.ldif19
-rw-r--r--source4/setup/provision_configuration.ldif182
-rw-r--r--source4/setup/provision_users_add.ldif3
-rw-r--r--source4/setup/provision_users_modify.ldif23
8 files changed, 273 insertions, 217 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index b267cde575..c14a9da55f 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -180,7 +180,6 @@ function ldb_erase(ldb)
ldb.del(res[i].dn);
}
-
var res = ldb.search("(&(|(objectclass=*)(dn=*))(!(dn=@BASEINFO)))", basedn, ldb.SCOPE_SUBTREE, attrs);
if (res.length != 0) {
ldb_delete(ldb);
@@ -192,7 +191,7 @@ function ldb_erase(ldb)
/*
erase an ldb, removing all records
*/
-function ldb_erase_partitions(info, ldb)
+function ldb_erase_partitions(info, ldb, ldapbackend)
{
var rootDSE_attrs = new Array("namingContexts");
var lp = loadparm_init();
@@ -205,15 +204,21 @@ function ldb_erase_partitions(info, ldb)
return;
}
for (j=0; j<res[0].namingContexts.length; j++) {
+ var anything = "(|(objectclass=*)(dn=*))";
var attrs = new Array("dn");
var basedn = res[0].namingContexts[j];
var k;
var previous_remaining = 1;
var current_remaining = 0;
- for (k=0; k < 10 && (previous_remaining != current_remaining); k++) {
+ if (ldapbackend && (basedn == info.subobj.BASEDN)) {
+ /* Only delete objects that were created by provision */
+ anything = "(objectcategory=*)";
+ }
+
+ for (k=0; k < 10 && (previous_remaining != current_remaining); k++) {
/* and the rest */
- var res2 = ldb.search("(|(objectclass=*)(dn=*))", basedn, ldb.SCOPE_SUBTREE, attrs);
+ var res2 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
var i;
if (typeof(res2) == "undefined") {
info.message("ldb search failed: " + ldb.errstring() + "\n");
@@ -225,7 +230,7 @@ function ldb_erase_partitions(info, ldb)
ldb.del(res2[i].dn);
}
- var res3 = ldb.search("(|(objectclass=*)(dn=*))", basedn, ldb.SCOPE_SUBTREE, attrs);
+ var res3 = ldb.search(anything, basedn, ldb.SCOPE_SUBTREE, attrs);
if (typeof(res3) == "undefined") {
info.message("ldb search failed: " + ldb.errstring() + "\n");
continue;
@@ -430,7 +435,7 @@ function setup_name_mappings(info, ldb)
/*
provision samba4 - caution, this wipes all existing data!
*/
-function provision(subobj, message, blank, paths, session_info, credentials)
+function provision(subobj, message, blank, paths, session_info, credentials, ldapbackend)
{
var lp = loadparm_init();
var sys = sys_init();
@@ -495,7 +500,7 @@ function provision(subobj, message, blank, paths, session_info, credentials)
message("Setting up sam.ldb attributes\n");
setup_add_ldif("provision_init.ldif", info, samdb, false);
message("Erasing data from partitions\n");
- ldb_erase_partitions(info, samdb);
+ ldb_erase_partitions(info, samdb, ldapbackend);
message("Adding baseDN: " + subobj.BASEDN + " (permitted to fail)\n");
var add_ok = setup_add_ldif("provision_basedn.ldif", info, samdb, true);
@@ -528,8 +533,34 @@ function provision(subobj, message, blank, paths, session_info, credentials)
setup_add_ldif("display_specifiers.ldif", info, samdb, false);
message("Setting up sam.ldb templates\n");
setup_add_ldif("provision_templates.ldif", info, samdb, false);
+
+ message("Adding users container (permitted to fail)\n");
+ var add_ok = setup_add_ldif("provision_users_add.ldif", info, samdb, true);
+ message("Modifying users container\n");
+ var modify_ok = setup_ldb_modify("provision_help_users_mod.ldif", info, samdb);
+ if (!modify_ok) {
+ if (!add_ok) {
+ message("Failed to both add and modify the users container\n");
+ assert(modify_ok);
+ }
+ assert(modify_ok);
+ }
+ message("Adding computers container (permitted to fail)\n");
+ var add_ok = setup_add_ldif("provision_computers_add.ldif", info, samdb, true);
+ message("Modifying computers container\n");
+ var modify_ok = setup_ldb_modify("provision_computers_modify.ldif", info, samdb);
+ if (!modify_ok) {
+ if (!add_ok) {
+ message("Failed to both add and modify the computers container\n");
+ assert(modify_ok);
+ }
+ assert(modify_ok);
+ }
+
message("Setting up sam.ldb data\n");
setup_add_ldif("provision.ldif", info, samdb, false);
+ message("Setting up sam.ldb configuration data\n");
+ setup_add_ldif("provision_configuration.ldif", info, samdb, false);
if (blank != false) {
message("Setting up sam.ldb index\n");
diff --git a/source4/setup/provision b/source4/setup/provision
index 229deb1622..163cb93274 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -28,9 +28,9 @@ options = GetOptions(ARGV,
'wheel=s',
'users=s',
'quiet',
- 'blank',
+ 'blank',
'ldap-base',
- 'ldap-backend=s');
+ 'ldap-backend=s');
if (options == undefined) {
println("Failed to parse options");
@@ -43,7 +43,7 @@ libinclude("provision.js");
/*
print a message if quiet is not set
*/
-function message()
+function message()
{
if (options["quiet"] == undefined) {
print(vsprintf(arguments));
@@ -117,6 +117,7 @@ if (options["ldap-backend"] != undefined) {
var blank = (options["blank"] != undefined);
var ldapbase = (options["ldap-base"] != undefined);
+var ldapbackend = (options["ldap-backend"] != undefined);
if (!provision_validate(subobj, message)) {
return -1;
@@ -130,7 +131,7 @@ message("Using administrator password: %s\n", subobj.ADMINPASS);
if (ldapbase) {
provision_ldapbase(subobj, message, paths);
} else {
- provision(subobj, message, blank, paths, system_session, creds);
+ provision(subobj, message, blank, paths, system_session, creds, ldapbackend);
provision_dns(subobj, message, paths, system_session, creds);
}
message("All OK\n");
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 4526ee515c..910a2db669 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -1,27 +1,3 @@
-dn: CN=Users,${BASEDN}
-objectClass: top
-objectClass: container
-cn: Users
-description: Default container for upgraded user accounts
-instanceType: 4
-showInAdvancedViewOnly: FALSE
-systemFlags: 2348810240
-objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-isCriticalSystemObject: TRUE
-allowedChildClassesEffective: user
-allowedChildClassesEffective: group
-
-dn: CN=Computers,${BASEDN}
-objectClass: top
-objectClass: container
-cn: Computers
-description: Default container for upgraded computer accounts
-instanceType: 4
-showInAdvancedViewOnly: FALSE
-systemFlags: 2348810240
-objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-isCriticalSystemObject: TRUE
-
dn: CN=Domain Controllers,${BASEDN}
objectClass: top
objectClass: container
@@ -119,185 +95,3 @@ modifiedCount: 1
objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-###############################
-# Configuration Naming Context
-###############################
-dn: CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: configuration
-cn: Configuration
-instanceType: 13
-showInAdvancedViewOnly: TRUE
-objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
-subRefs: CN=Schema,CN=Configuration,${BASEDN}
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-
-dn: CN=Partitions,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: crossRefContainer
-cn: Partitions
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 2147483648
-objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
-msDS-Behavior-Version: 0
-fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-
-dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: crossRef
-cn: Enterprise Configuration
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 1
-objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
-nCName: CN=Configuration,${BASEDN}
-dnsRoot: ${DNSDOMAIN}
-
-dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: crossRef
-cn: Enterprise Schema
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 1
-objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
-nCName: CN=Schema,CN=Configuration,${BASEDN}
-dnsRoot: ${DNSDOMAIN}
-
-dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: crossRef
-cn: ${DOMAIN}
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 3
-objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
-nCName: ${BASEDN}
-nETBIOSName: ${DOMAIN}
-dnsRoot: ${DNSDOMAIN}
-
-dn: CN=Sites,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: sitesContainer
-cn: Sites
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 2181038080
-objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
-
-dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: site
-cn: ${DEFAULTSITE}
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 2181038080
-objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
-
-dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: serversContainer
-cn: Servers
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 2181038080
-objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
-
-dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: server
-cn: ${NETBIOSNAME}
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 1375731712
-objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
-dNSHostName: ${DNSNAME}
-serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
-
-dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: applicationSettings
-objectClass: nTDSDSA
-cn: NTDS Settings
-options: 1
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 33554432
-objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
-dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
-objectGUID: ${INVOCATIONID}
-invocationId: ${INVOCATIONID}
-msDS-Behavior-Version: 2
-
-dn: CN=Services,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: container
-cn: Services
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-systemFlags: 2147483648
-objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-
-dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: container
-cn: Windows NT
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-
-dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: nTDSService
-cn: Directory Service
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
-sPNMappings: host=ldap,dns,cifs,http
-
-dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: container
-cn: Query-Policies
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
-
-dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: queryPolicy
-cn: Default Query Policy
-instanceType: 4
-showInAdvancedViewOnly: TRUE
-objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN}
-lDAPAdminLimits: MaxValRange=1500
-lDAPAdminLimits: MaxReceiveBuffer=10485760
-lDAPAdminLimits: MaxDatagramRecv=4096
-lDAPAdminLimits: MaxPoolThreads=4
-lDAPAdminLimits: MaxResultSetSize=262144
-lDAPAdminLimits: MaxTempTableSize=10000
-lDAPAdminLimits: MaxQueryDuration=120
-lDAPAdminLimits: MaxPageSize=1000
-lDAPAdminLimits: MaxNotificationPerConn=5
-lDAPAdminLimits: MaxActiveQueries=20
-lDAPAdminLimits: MaxConnIdleTime=900
-lDAPAdminLimits: InitRecvTimeout=120
-lDAPAdminLimits: MaxConnections=5000
-
-
-###############################
-# Schema Naming Context
-###############################
-dn: CN=Schema,CN=Configuration,${BASEDN}
-objectClass: top
-objectClass: dMD
-cn: Schema
-instanceType: 13
-showInAdvancedViewOnly: TRUE
-objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
-objectVersion: 30
diff --git a/source4/setup/provision_computers_add.ldif b/source4/setup/provision_computers_add.ldif
new file mode 100644
index 0000000000..c89742fe3f
--- /dev/null
+++ b/source4/setup/provision_computers_add.ldif
@@ -0,0 +1,3 @@
+dn: CN=Computers,${BASEDN}
+objectClass: top
+objectClass: container
diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif
new file mode 100644
index 0000000000..0ba101a33c
--- /dev/null
+++ b/source4/setup/provision_computers_modify.ldif
@@ -0,0 +1,19 @@
+dn: CN=Computers,${BASEDN}
+changetype: modify
+replace: description
+description: Default container for upgraded computer accounts
+-
+replace: instanceType
+instanceType: 4
+-
+replace: showInAdvancedViewOnly
+showInAdvancedViewOnly: FALSE
+-
+replace: systemFlags
+systemFlags: 2348810240
+-
+replace: objectCategory
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+-
+replace: isCriticalSystemObject
+isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
new file mode 100644
index 0000000000..d76b7afc72
--- /dev/null
+++ b/source4/setup/provision_configuration.ldif
@@ -0,0 +1,182 @@
+###############################
+# Configuration Naming Context
+###############################
+dn: CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: configuration
+cn: Configuration
+instanceType: 13
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
+subRefs: CN=Schema,CN=Configuration,${BASEDN}
+masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+
+dn: CN=Partitions,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: crossRefContainer
+cn: Partitions
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 2147483648
+objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
+msDS-Behavior-Version: 0
+fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+
+dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: crossRef
+cn: Enterprise Configuration
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
+nCName: CN=Configuration,${BASEDN}
+dnsRoot: ${DNSDOMAIN}
+
+dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: crossRef
+cn: Enterprise Schema
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 1
+objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
+nCName: CN=Schema,CN=Configuration,${BASEDN}
+dnsRoot: ${DNSDOMAIN}
+
+dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: crossRef
+cn: ${DOMAIN}
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 3
+objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
+nCName: ${BASEDN}
+nETBIOSName: ${DOMAIN}
+dnsRoot: ${DNSDOMAIN}
+
+dn: CN=Sites,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: sitesContainer
+cn: Sites
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 2181038080
+objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: site
+cn: ${DEFAULTSITE}
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 2181038080
+objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: serversContainer
+cn: Servers
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 2181038080
+objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: server
+cn: ${NETBIOSNAME}
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 1375731712
+objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
+dNSHostName: ${DNSNAME}
+serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
+
+dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: applicationSettings
+objectClass: nTDSDSA
+cn: NTDS Settings
+options: 1
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 33554432
+objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
+dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
+objectGUID: ${INVOCATIONID}
+invocationId: ${INVOCATIONID}
+msDS-Behavior-Version: 2
+
+dn: CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Services
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 2147483648
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Windows NT
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: nTDSService
+cn: Directory Service
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
+sPNMappings: host=ldap,dns,cifs,http
+
+dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Query-Policies
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: queryPolicy
+cn: Default Query Policy
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN}
+lDAPAdminLimits: MaxValRange=1500
+lDAPAdminLimits: MaxReceiveBuffer=10485760
+lDAPAdminLimits: MaxDatagramRecv=4096
+lDAPAdminLimits: MaxPoolThreads=4
+lDAPAdminLimits: MaxResultSetSize=262144
+lDAPAdminLimits: MaxTempTableSize=10000
+lDAPAdminLimits: MaxQueryDuration=120
+lDAPAdminLimits: MaxPageSize=1000
+lDAPAdminLimits: MaxNotificationPerConn=5
+lDAPAdminLimits: MaxActiveQueries=20
+lDAPAdminLimits: MaxConnIdleTime=900
+lDAPAdminLimits: InitRecvTimeout=120
+lDAPAdminLimits: MaxConnections=5000
+
+
+###############################
+# Schema Naming Context
+###############################
+dn: CN=Schema,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: dMD
+cn: Schema
+instanceType: 13
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
+masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
+objectVersion: 30
diff --git a/source4/setup/provision_users_add.ldif b/source4/setup/provision_users_add.ldif
new file mode 100644
index 0000000000..56a2623cfc
--- /dev/null
+++ b/source4/setup/provision_users_add.ldif
@@ -0,0 +1,3 @@
+dn: CN=Users,${BASEDN}
+objectClass: top
+objectClass: container
diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif
new file mode 100644
index 0000000000..b979ecbb05
--- /dev/null
+++ b/source4/setup/provision_users_modify.ldif
@@ -0,0 +1,23 @@
+dn: CN=Users,${BASEDN}
+changetype: modify
+replace: description
+description: Default container for upgraded user accounts
+-
+replace: instanceType
+instanceType: 4
+-
+replace: showInAdvancedViewOnly
+showInAdvancedViewOnly: FALSE
+-
+replace: systemFlags
+systemFlags: 2348810240
+-
+replace: objectCategory
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+-
+replace: isCriticalSystemObject
+isCriticalSystemObject: TRUE
+-
+replace: allowedChildClassesEffective
+allowedChildClassesEffective: user
+allowedChildClassesEffective: group