4 files changed, 18 insertions, 29 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 62ca9282d1..bb47d2bd5c 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -793,7 +793,6 @@ def setup_self_join(samdb, names,
               "DEFAULTSITE": names.sitename,
               "DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
               "MACHINEPASS_B64": b64encode(machinepass),
-              "DNSPASS_B64": b64encode(dnspass),
               "REALM": names.realm,
               "DOMAIN": names.domain,
               "DOMAINSID": str(domainsid),
@@ -825,7 +824,8 @@ def setup_self_join(samdb, names,
               "DEFAULTSITE": names.sitename,
               "SERVERDN": names.serverdn,
               "NETBIOSNAME": names.netbiosname,
-              "NTDSGUID": names.ntdsguid
+              "NTDSGUID": names.ntdsguid,
+              "DNSPASS_B64": b64encode(dnspass),
               })
 
 
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index db29d3a108..eb7bd02db6 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -431,8 +431,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN}
 objectClass: top
 objectClass: rIDManager
 systemFlags: -1946157056
-# we have granted up to 1499 to ourselves in a RID Set
-rIDAvailablePool: 1500-1073741823
+rIDAvailablePool: 1000-1073741823
 isCriticalSystemObject: TRUE
 
 dn: CN=RpcServices,CN=System,${DOMAINDN}
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 0ad1b90fdb..48f7157679 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -15,7 +15,6 @@ localPolicyFlags: 0
 operatingSystem: Samba
 operatingSystemVersion: ${SAMBA_VERSION_STRING}
 primaryGroupID: 516
-rIDSetReferences: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
 sAMAccountName: ${NETBIOSNAME}$
 # "servicePrincipalName" for FRS doesn't exit since we still miss FRS support
 # "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
@@ -33,16 +32,7 @@ servicePrincipalName: ldap/${DNSNAME}
 servicePrincipalName: ldap/${DNSNAME}/${REALM}
 userAccountControl: 532480
 userPassword:: ${MACHINEPASS_B64}
-objectSID: ${DOMAINSID}-1001
-
-dn: CN=RID Set,CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN}
-objectClass: top
-objectClass: rIDSet
-rIDAllocationPool: 1000-1499
-rIDPreviousAllocationPool: 1000-1499
-rIDUsedPool: 0
-rIDNextRID: 1001
-
+objectSID: ${DOMAINSID}-1000
 
 # Here are missing the objects for the NTFRS subscription and the RID set since
 # we don't support those techniques (FRS, distributed RIDs) yet.
@@ -78,17 +68,3 @@ msDS-hasMasterNCs: ${DOMAINDN}
 options: 1
 systemFlags: 33554432
 ${NTDSGUID}
-
-# Provides an account for DNS keytab export
-dn: CN=dns,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account
-userAccountControl: 514
-accountExpires: 9223372036854775807
-sAMAccountName: dns
-servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index dfcca728f2..394398a9b9 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -33,3 +33,17 @@ changetype: modify
 add: servicePrincipalName
 servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
 servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
+
+dn: CN=dns,CN=Users,${DOMAINDN}
+changetype: add
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+servicePrincipalName: DNS/${DNSDOMAIN}
+userPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE