3 files changed, 31 insertions, 21 deletions

diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 5aabd36c1a..4b2ce7cd22 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1101,9 +1101,10 @@ def setup_self_join(samdb, names, machinepass, dnspass,
               "RIDALLOCATIONEND": str(next_rid + 100 + 499),
               })
 
-    # This is partially Samba4 specific and should be replaced by the correct
+    setup_ad_dns(samdb, names)
+    # This is Samba4 specific and should be replaced by the correct
     # DNS AD-style setup
-    setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), {
+    setup_add_ldif(samdb, setup_path("provision_dns_add_samba.ldif"), {
               "DNSDOMAIN": names.dnsdomain,
               "DOMAINDN": names.domaindn,
               "DNSPASS_B64": b64encode(dnspass.encode('utf-16-le')),
@@ -1113,6 +1114,13 @@ def setup_self_join(samdb, names, machinepass, dnspass,
               })
 
 
+def setup_ad_dns(samdb, names):
+    setup_add_ldif(samdb, setup_path("provision_dns_add.ldif"), {
+              "DOMAINDN": names.domaindn,
+              "DNSNAME" : '%s.%s' % (
+                  names.netbiosname.lower(), names.dnsdomain.lower())
+              })
+
 def getpolicypath(sysvolpath, dnsdomain, guid):
     """Return the physical path of policy given its guid.
 
diff --git a/source4/setup/provision_dns_add.ldif b/source4/setup/provision_dns_add.ldif
index 2263fcbdb7..3039bc0485 100644
--- a/source4/setup/provision_dns_add.ldif
+++ b/source4/setup/provision_dns_add.ldif
@@ -15,6 +15,10 @@ dn: CN=MicrosoftDNS,CN=System,${DOMAINDN}
 objectClass: container
 displayName: DNS Servers
 
+
+dn: DC=${DNSNAME},CN=MicrosoftDNS,CN=System,${DOMAINDN}
+objectClass: dnsZone
+
 dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,${DOMAINDN}
 objectClass: dnsZone
 
@@ -86,22 +90,3 @@ dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,${DOMAINDN
 objectClass: dnsNode
 dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwDqAHg==
 
-
-# NOTE: This account is SAMBA4 specific!
-# we have it to avoid the need for the bind daemon to
-# have access to the whole secrets.keytab for the domain,
-# otherwise bind could impersonate any user
-dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account for ${HOSTNAME}
-userAccountControl: 512
-accountExpires: 9223372036854775807
-sAMAccountName: dns-${HOSTNAME}
-servicePrincipalName: DNS/${DNSNAME}
-servicePrincipalName: DNS/${DNSDOMAIN}
-clearTextPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE
-
diff --git a/source4/setup/provision_dns_add_samba.ldif b/source4/setup/provision_dns_add_samba.ldif
new file mode 100644
index 0000000000..6c664d910b
--- /dev/null
+++ b/source4/setup/provision_dns_add_samba.ldif
@@ -0,0 +1,17 @@
+# NOTE: This account is SAMBA4 specific!
+# we have it to avoid the need for the bind daemon to
+# have access to the whole secrets.keytab for the domain,
+# otherwise bind could impersonate any user
+dn: CN=dns-${HOSTNAME},CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account for ${HOSTNAME}
+userAccountControl: 512
+accountExpires: 9223372036854775807
+sAMAccountName: dns-${HOSTNAME}
+servicePrincipalName: DNS/${DNSNAME}
+servicePrincipalName: DNS/${DNSDOMAIN}
+clearTextPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE