summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/setup/provision.ldif14
-rw-r--r--source4/setup/provision_computers_modify.ldif2
-rw-r--r--source4/setup/provision_configuration.ldif10
-rw-r--r--source4/setup/provision_group_policy.ldif6
-rw-r--r--source4/setup/provision_rootdse_add.ldif1
-rw-r--r--source4/setup/provision_users.ldif36
-rw-r--r--source4/setup/provision_users_modify.ldif2
7 files changed, 39 insertions, 32 deletions
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 1afe72f6e2..e5b20d03e1 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -3,7 +3,7 @@ objectClass: top
objectClass: organizationalUnit
cn: Domain Controllers
description: Default container for domain controllers
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
@@ -12,7 +12,7 @@ objectClass: top
objectClass: container
cn: ForeignSecurityPrincipals
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
@@ -21,14 +21,14 @@ objectClass: top
objectClass: container
cn: System
description: Builtin system settings
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=RID Manager$,CN=System,${DOMAINDN}
objectclass: top
objectclass: rIDManager
cn: RID Manager$
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
rIDAvailablePool: 4611686014132423217
@@ -48,7 +48,7 @@ dn: CN=Infrastructure,${DOMAINDN}
objectclass: top
objectclass: infrastructureUpdate
cn: Infrastructure
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
@@ -56,7 +56,7 @@ dn: CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: builtinDomain
cn: Builtin
-forceLogoff: 9223372036854775808
+forceLogoff: -9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
@@ -73,10 +73,12 @@ uASCompat: 1
modifiedCount: 1
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
+systemFlags: -1946157056
dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+systemFlags: -1946157056
dn: CN=IP Security,CN=System,${DOMAINDN}
objectClass: top
diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif
index 3bb4074d42..110c44c356 100644
--- a/source4/setup/provision_computers_modify.ldif
+++ b/source4/setup/provision_computers_modify.ldif
@@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE
-
replace: systemFlags
-systemFlags: 2348810240
+systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index fff380505f..e84ac8517e 100644
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -5,7 +5,7 @@ dn: CN=Partitions,${CONFIGDN}
objectClass: top
objectClass: crossRefContainer
cn: Partitions
-systemFlags: 2147483648
+systemFlags: -2147483648
msDS-Behavior-Version: 0
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
@@ -38,25 +38,25 @@ dn: CN=Sites,${CONFIGDN}
objectClass: top
objectClass: sitesContainer
cn: Sites
-systemFlags: 2181038080
+systemFlags: -2113929216
dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: site
cn: ${DEFAULTSITE}
-systemFlags: 2181038080
+systemFlags: 1107296256
dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: serversContainer
cn: Servers
-systemFlags: 2181038080
+systemFlags: 33554432
dn: CN=Services,${CONFIGDN}
objectClass: top
objectClass: container
cn: Services
-systemFlags: 2147483648
+systemFlags: -2147483648
dn: CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif
index 98c09b997e..d6a4659250 100644
--- a/source4/setup/provision_group_policy.ldif
+++ b/source4/setup/provision_group_policy.ldif
@@ -1,5 +1,6 @@
dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
objectClass: top
+objectClass: leaf
objectClass: domainPolicy
isCriticalSystemObject: TRUE
@@ -15,7 +16,7 @@ objectClass: groupPolicyContainer
displayName: Default Domain Policy
gPCFunctionalityVersion: 2
gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
-versionNumber: 1
+versionNumber: 65543
flags: 0
gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
@@ -25,11 +26,14 @@ gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1
1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
11D1-A7CC-0000F87571E3}]
nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: -1946157056
dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+systemFlags: -1946157056
dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+systemFlags: -1946157056
diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif
index a5319f653b..e4e4309a90 100644
--- a/source4/setup/provision_rootdse_add.ldif
+++ b/source4/setup/provision_rootdse_add.ldif
@@ -7,6 +7,7 @@ rootDomainNamingContext: ${ROOTDN}
configurationNamingContext: ${CONFIGDN}
schemaNamingContext: ${SCHEMADN}
supportedLDAPVersion: 3
+supportedLDAPVersion: 2
dnsHostName: ${DNSNAME}
ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
serverName: ${SERVERDN}
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index c61cb805c4..88146d8cac 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -208,7 +208,7 @@ member: CN=Administrator,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-544
adminCount: 1
sAMAccountName: Administrators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeSecurityPrivilege
@@ -244,7 +244,7 @@ description: Users are prevented from making accidental or intentional system-wi
member: CN=Domain Users,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-545
sAMAccountName: Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -257,7 +257,7 @@ member: CN=Domain Guests,CN=Users,${DOMAINDN}
member: CN=Guest,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-546
sAMAccountName: Guests
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -269,7 +269,7 @@ description: Members can administer domain printers
objectSid: S-1-5-32-550
adminCount: 1
sAMAccountName: Print Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeLoadDriverPrivilege
@@ -284,7 +284,7 @@ description: Backup Operators can override security restrictions for the sole pu
objectSid: S-1-5-32-551
adminCount: 1
sAMAccountName: Backup Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
@@ -300,7 +300,7 @@ description: Supports file replication in a domain
objectSid: S-1-5-32-552
adminCount: 1
sAMAccountName: Replicator
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -311,7 +311,7 @@ cn: Remote Desktop Users
description: Members in this group are granted the right to logon remotely
objectSid: S-1-5-32-555
sAMAccountName: Remote Desktop Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -322,7 +322,7 @@ cn: Network Configuration Operators
description: Members in this group can have some administrative privileges to manage configuration of networking features
objectSid: S-1-5-32-556
sAMAccountName: Network Configuration Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -333,7 +333,7 @@ cn: Performance Monitor Users
description: Members of this group have remote access to monitor this computer
objectSid: S-1-5-32-558
sAMAccountName: Performance Monitor Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -344,7 +344,7 @@ cn: Performance Log Users
description: Members of this group have remote access to schedule logging of performance counters on this computer
objectSid: S-1-5-32-559
sAMAccountName: Performance Log Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -356,7 +356,7 @@ description: Members can administer domain servers
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
@@ -374,7 +374,7 @@ description: Members can administer domain user and group accounts
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight
@@ -386,7 +386,7 @@ cn: Pre-Windows 2000 Compatible Access
description: A backward compatibility group which allows read access on all users and groups in the domain
objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeRemoteInteractiveLogonRight
@@ -399,7 +399,7 @@ cn: Incoming Forest Trust Builders
description: Members of this group can create incoming, one-way trusts to this forest
objectSid: S-1-5-32-557
sAMAccountName: Incoming Forest Trust Builders
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -410,7 +410,7 @@ cn: Windows Authorization Access Group
description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
objectSid: S-1-5-32-560
sAMAccountName: Windows Authorization Access Group
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -421,7 +421,7 @@ cn: Terminal Server License Servers
description: Terminal Server License Servers
objectSid: S-1-5-32-561
sAMAccountName: Terminal Server License Servers
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -432,7 +432,7 @@ cn: Distributed COM Users
description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
objectSid: S-1-5-32-562
sAMAccountName: Distributed COM Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
@@ -440,7 +440,7 @@ dn: CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: container
cn: WellKnown Security Principals
-systemFlags: 2147483648
+systemFlags: -2147483648
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif
index 06954c44f0..a7e8a4336a 100644
--- a/source4/setup/provision_users_modify.ldif
+++ b/source4/setup/provision_users_modify.ldif
@@ -7,7 +7,7 @@ replace: showInAdvancedViewOnly
showInAdvancedViewOnly: FALSE
-
replace: systemFlags
-systemFlags: 2348810240
+systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE