From cf52d62ec998ae30f4460e75817b0503894aff5d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 5 Apr 2005 07:03:31 +0000 Subject: r6207: - clean up source topdir - move provision stuff to setup/ - remove unused scripts metze (This used to be commit c35887ca649675f28ca986713a08082420418d74) --- source4/setup/dcpromo.pl | 225 ++++++++ source4/setup/hklm.ldif | 32 ++ source4/setup/newuser.pl | 145 +++++ source4/setup/provision.ldif | 1246 ++++++++++++++++++++++++++++++++++++++++++ source4/setup/provision.pl | 443 +++++++++++++++ source4/setup/provision.zone | 32 ++ source4/setup/rootdse.ldif | 32 ++ source4/setup/rootdse.pl | 152 ++++++ source4/setup/secrets.ldif | 30 + 9 files changed, 2337 insertions(+) create mode 100755 source4/setup/dcpromo.pl create mode 100644 source4/setup/hklm.ldif create mode 100755 source4/setup/newuser.pl create mode 100644 source4/setup/provision.ldif create mode 100755 source4/setup/provision.pl create mode 100644 source4/setup/provision.zone create mode 100644 source4/setup/rootdse.ldif create mode 100755 source4/setup/rootdse.pl create mode 100644 source4/setup/secrets.ldif (limited to 'source4/setup') diff --git a/source4/setup/dcpromo.pl b/source4/setup/dcpromo.pl new file mode 100755 index 0000000000..56461ae825 --- /dev/null +++ b/source4/setup/dcpromo.pl @@ -0,0 +1,225 @@ +#!/usr/bin/perl -w + +################################################### +# package to generate samba ads configuration +# Copyright metze@samba.org 2004 + +# released under the GNU GPL + +use strict; +use Data::Dumper; + +sub print_options($$) { + my $ads = shift; + my $ctx = shift; + my @arr; + my $i; + my $len; + + print "options:\n"; + + @arr = @{$ctx}; + $len = $#arr; + for($i = 0; $i <= $len; $i++) { + my $val = $ctx->[$i]; + print "\t".$i.": ".$val->{TEXT}."\n"; + } + + print "choise []:"; +} + +sub read_option($$) { + my $ads = shift; + my $ctx = shift; + my $val; + + $val = ; + + return $val; +} + +sub call_option($$$) { + my $ads = shift; + my $ctx = shift; + my $switch = shift; + my $val; + my $funcref; + + $val = $ctx->[$switch]; + + $funcref = $val->{ACTION}; + + &$funcref($ads); +} + +sub ask_option($$) { + my $ads = shift; + my $ctx = shift; + my $ret; + + print_options($ads, $ctx); + + $ret = read_option($ads, $ctx); + + call_option($ads, $ctx, $ret); +} + +sub create_ads_tree($) { + my $ads = shift; + + print "Create ADS Domain:\n"; + print Dumper($ads); +} + +sub do_new_domain_in_entire_structure($) { + my $ads; + my $domain_dns; + my $domain_netbios; + + $ads->{NEW_DOMAIN} = 1; + $ads->{NEW_FOREST} = 1; + + print "full dns name of the new domain []:"; + $domain_dns = ; + chomp $domain_dns; + $ads->{FULL_DNS_NAME} = $domain_dns; + + print "netbios name of the new domain []:"; + $domain_netbios = ; + chomp $domain_netbios; + $ads->{NETBIOS} = $domain_netbios; + + create_ads_tree($ads); +} + +sub do_sub_domain_in_existing_structure($) { + my $ads = shift; + my $user_name; + my $user_domain; + my $user_password; + my $top_dns; + my $domain_dns; + my $domain_netbios; + my $db_folder; + my $db_logs; + my $sysvol_folder; + my $admin_password1; + my $admin_password2; + + $ads->{NEW_DOMAIN} = 1; + $ads->{NEW_FOREST} = 0; + + print "User Name []:"; + $user_name = ; + chomp $user_name; + $ads->{USER}{NAME} = $user_name; + + print "User Domain []:"; + $user_domain = ; + chomp $user_domain; + $ads->{USER}{DOMAIN} = $user_domain; + + print "User Password []:"; + $user_password = ; + chomp $user_password; + $ads->{USER}{PASSWORD} = $user_password; + + print "full dns name of the top domain []:"; + $top_dns = ; + chomp $top_dns; + $ads->{TOP_DNS_NAME} = $top_dns; + + print "suffix of the new domain []:"; + $domain_dns = ; + chomp $domain_dns; + $ads->{FULL_DNS_NAME} = $domain_dns.".".$top_dns; + + print "netbios name of the new domain []:"; + $domain_netbios = ; + chomp $domain_netbios; + $ads->{NETBIOS} = $domain_netbios; + + print "folder for database files []:"; + $db_folder = ; + chomp $db_folder; + $ads->{DB_FOLDER} = $db_folder; + + print "folder for database logs []:"; + $db_logs = ; + chomp $db_logs; + $ads->{DB_LOGS} = $db_logs; + + print "folder for SYSVOL []:"; + $sysvol_folder = ; + chomp $sysvol_folder; + $ads->{SYSVOL_FOLDER} = $sysvol_folder; + + # + # test DNS here + # + + # + # test mixed/native here + # + + print "Administrator password []:"; + $admin_password1 = ; + chomp $admin_password1; + print "retype Administrator password []:"; + $admin_password2 = ; + chomp $admin_password2; + if ($admin_password1 eq $admin_password2) { + $ads->{ADMIN_PASSWORD} = $admin_password1; + } else { + $ads->{ADMIN_PASSWORD} = ""; + } + + create_ads_tree($ads); +} + +sub do_sub_structure_in_global_structure($) { + print "go on with do_sub_structure_in_global_structure\n"; +} + +sub do_new_domain($) { + my $ads = shift; + my $ctx; + + $ctx->[0]{TEXT} = "new domain in entire structure"; + $ctx->[0]{ACTION} = \&do_new_domain_in_entire_structure; + + $ctx->[1]{TEXT} = "sub domain in existing structure"; + $ctx->[1]{ACTION} = \&do_sub_domain_in_existing_structure; + + $ctx->[2]{TEXT} = "sub structure in global structure"; + $ctx->[2]{ACTION} = \&do_sub_structure_in_global_structure; + + ask_option($ads ,$ctx); +} + +sub do_existing_domain($) { + print "go on with do existing domain\n"; +} + +sub ask_new_or_exist_domain($) { + my $ads = shift; + my $ctx; + + $ctx->[0]{TEXT} = "new domain"; + $ctx->[0]{ACTION} = \&do_new_domain; + + $ctx->[1]{TEXT} = "existing domain"; + $ctx->[1]{ACTION} = \&do_existing_domain; + + ask_option($ads, $ctx); +} + +sub main { + my $ads; + + $ads->{ADS_TREE} = 1; + + ask_new_or_exist_domain($ads); +} + +main(); diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif new file mode 100644 index 0000000000..a4ab32e233 --- /dev/null +++ b/source4/setup/hklm.ldif @@ -0,0 +1,32 @@ +dn: @INDEXLIST +@IDXATTR: key + +dn: key=control,key=currentcontrolset,key=system,hive= +key: control + +dn: key=services,key=control,key=currentcontrolset,key=system,hive= +key: services + +dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive= +value: ProductType +data: LanmanNT +type: 1 + +dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive= +key: productoptions + +dn: key=system,hive= +key: system + +dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive= +key: netlogon + +dn: key=services,key=currentcontrolset,key=system,hive= +key: services + +dn: key=print,key=control,key=currentcontrolset,key=system,hive= +key: print + +dn: key=currentcontrolset,key=system,hive= +key: currentcontrolset + diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl new file mode 100755 index 0000000000..6ddda5028e --- /dev/null +++ b/source4/setup/newuser.pl @@ -0,0 +1,145 @@ +#!/usr/bin/perl -w +# simple hack script to add a new user for Samba4 + + +use strict; +use Socket; +use Getopt::Long; + +my $opt_password; +my $opt_username; +my $opt_unixname; +my $opt_samdb = "/usr/local/samba/private/sam.ldb"; + + +# generate a random guid. Not a good algorithm. +sub randguid() +{ + my $r1 = int(rand(2**32)); + my $r2 = int(rand(2**16)); + my $r3 = int(rand(2**16)); + my $r4 = int(rand(2**16)); + my $r5 = int(rand(2**32)); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); +} + +# generate a random password. Poor algorithm :( +sub randpass() +{ + my $pass = ""; + my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; + for (my $i=0;$i<8;$i++) { + my $c = int(rand(length($chars))); + $pass .= substr($chars, $c, 1); + } + return $pass; +} + +sub search($$) +{ + my $expr = shift; + my $attrib = shift; + my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; + chomp $res; + return $res; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 newuser + +newuser.pl [options] + --username USERNAME choose new username + --password PASSWORD set password + --samdb DBPATH path to sam.ldb + +You must provide at least a username + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'username=s' => \$opt_username, + 'unixname=s' => \$opt_unixname, + 'password=s' => \$opt_password, + 'samdb=s' => \$opt_samdb + ); + +if ($opt_help || !$opt_username) { + ShowHelp(); +} + +if (!$opt_password) { + $opt_password = randpass(); + print "chose random password '$opt_password'\n"; +} + +if (!$opt_unixname) { + $opt_unixname = $opt_username; +} + +my $res = ""; + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + +$ENV{"LDB_URL"} = $opt_samdb; + +my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); +my $domain_dn = search("(objectClass=domainDNS)", "dn"); + +my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; +chomp $ldif; + +my $sid; + +# crude way of working out a rid +for (my $i=1001;$i<1100;$i++) { + if (search("objectSid=$domain_sid-$i","objectSid") eq "") { + $sid = "$domain_sid-$i"; + last; + } +} + +print "Chose new SID $sid\n"; + +my $dom_users = search("name=Domain Users", "dn"); + + +$ldif .= "sAMAccountName: $opt_username\n"; +$ldif .= "name: $opt_username\n"; +$ldif .= "objectSid: $sid\n"; +$ldif .= "objectGUID: " . randguid() . "\n"; +$ldif .= "memberOf: $dom_users\n"; +$ldif .= "userAccountControl: 0x10200\n"; +$ldif .= "sAMAccountType: 0x30000000\n"; +$ldif .= "objectClass: user\n"; +$ldif .= "unicodePwd: $opt_password\n"; +$ldif .= "unixName: $opt_unixname\n"; + +my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; + +open FILE, ">newuser.ldif"; +print FILE "dn: $user_dn"; +print FILE "$ldif\n"; +close FILE; + +open FILE, ">modgroup.ldif"; +print FILE " +dn: CN=Domain Users,CN=Users,$domain_dn +changetype: modify +add: member +member: $user_dn +"; +close FILE; + +system("ldbadd newuser.ldif"); +system("ldbmodify modgroup.ldif"); diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif new file mode 100644 index 0000000000..f6cce3e285 --- /dev/null +++ b/source4/setup/provision.ldif @@ -0,0 +1,1246 @@ +dn: @INDEXLIST +@IDXATTR: name +@IDXATTR: sAMAccountName +@IDXATTR: objectSid +@IDXATTR: objectClass +@IDXATTR: member +@IDXATTR: unixID +@IDXATTR: unixName +@IDXATTR: privilege + +dn: @ATTRIBUTES +realm: CASE_INSENSITIVE +userPrincipalName: CASE_INSENSITIVE +servicePrincipalName: CASE_INSENSITIVE +cn: CASE_INSENSITIVE +dc: CASE_INSENSITIVE +name: CASE_INSENSITIVE WILDCARD +dn: CASE_INSENSITIVE WILDCARD +sAMAccountName: CASE_INSENSITIVE WILDCARD +objectClass: CASE_INSENSITIVE +unicodePwd: HIDDEN +ntPwdHash: HIDDEN +ntPwdHistory: HIDDEN +lmPwdHash: HIDDEN +lmPwdHistory: HIDDEN +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN + +dn: @SUBCLASSES +top: domain +top: person +top: group +domain: domainDNS +domain: builtinDomain +person: organizationalPerson +organizationalPerson: user +user: computer +template: userTemplate +template: groupTemplate + +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: samldb,timestamps + +############################### +# Domain Naming Context +############################### +dn: ${BASEDN} +objectClass: top +objectClass: domain +objectClass: domainDNS +name: ${DOMAIN} +realm: ${REALM} +dnsDomain: ${DNSDOMAIN} +dc: ${DOMAIN} +objectGUID: ${DOMAINGUID} +creationTime: ${NTTIME} +forceLogoff: 0x8000000000000000 +lockoutDuration: -18000000000 +lockOutObservationWindow: -18000000000 +lockoutThreshold: 0 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +maxPwdAge: -37108517437440 +minPwdAge: 0 +minPwdLength: 7 +modifiedCountAtLastProm: 0 +nextRid: 1001 +pwdProperties: 1 +pwdHistoryLength: 24 +objectSid: ${DOMAINSID} +serverState: 1 +nTMixedDomain: 1 +msDS-Behavior-Version: 0 +ridManagerReference: CN=RID Manager$,CN=System,${BASEDN} +uASCompat: 1 +modifiedCount: 1 +objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +subRefs: CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Users,${BASEDN} +objectClass: top +objectClass: container +cn: Users +description: Default container for upgraded user accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Users +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Computers,${BASEDN} +objectClass: top +objectClass: container +cn: Computers +description: Default container for upgraded computer accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Computers +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: OU=Domain Controllers,${BASEDN} +objectClass: top +objectClass: organizationalUnit +ou: Domain Controllers +description: Default container for domain controllers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: Domain Controllers +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=ForeignSecurityPrincipals,${BASEDN} +objectClass: top +objectClass: container +cn: ForeignSecurityPrincipals +description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: FALSE +name: ForeignSecurityPrincipals +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: System +description: Builtin system settings +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: System +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=RID Manager$,CN=System,${BASEDN} +objectclass: top +objectclass: rIDManager +cn: RID Manager$ +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: RID Manager$ +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +rIDAvailablePool: 4611686014132423217 + +dn: CN=DomainUpdates,CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: DomainUpdates +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: DomainUpdates +objectGUID: ${NEWGUID} +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} +objectClass: top +objectClass: container +cn: Windows2003Update +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Windows2003Update +objectGUID: ${NEWGUID} +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +revision: 8 + +dn: CN=Infrastructure,${BASEDN} +objectclass: top +objectclass: infrastructureUpdate +cn: Infrastructure +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Infrastructure +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Builtin,${BASEDN} +objectClass: top +objectClass: builtinDomain +cn: Builtin +instanceType: 4 +showInAdvancedViewOnly: FALSE +name: Builtin +forceLogoff: 0x8000000000000000 +lockoutDuration: -18000000000 +lockOutObservationWindow: -18000000000 +lockoutThreshold: 0 +maxPwdAge: -37108517437440 +minPwdAge: 0 +minPwdLength: 0 +modifiedCountAtLastProm: 0 +nextRid: 1000 +pwdProperties: 0 +pwdHistoryLength: 0 +objectSid: S-1-5-32 +serverState: 1 +uASCompat: 1 +modifiedCount: 1 +objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Administrator,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Administrator +description: Built-in account for administering the computer/domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +memberOf: CN=Domain Admins,CN=Users,${BASEDN} +memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} +memberOf: CN=Schema Admins,CN=Users,${BASEDN} +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Administrator +objectGUID: ${NEWGUID} +userAccountControl: 0x10200 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +objectSid: ${DOMAINSID}-500 +adminCount: 1 +accountExpires: -1 +logonCount: 0 +sAMAccountName: Administrator +sAMAccountType: 0x30000000 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${ADMINPASS} +unixName: root + +dn: CN=Guest,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Guest +description: Built-in account for guest access to the computer/domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Guest +objectGUID: ${NEWGUID} +userAccountControl: 0x10222 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 514 +objectSid: ${DOMAINSID}-501 +accountExpires: -1 +logonCount: 0 +sAMAccountName: Guest +sAMAccountType: 0x30000000 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Administrators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Administrators +description: Administrators have complete and unrestricted access to the computer/domain +member: CN=Domain Admins,CN=Users,${BASEDN} +member: CN=Enterprise Admins,CN=Users,${BASEDN} +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Administrators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-544 +adminCount: 1 +sAMAccountName: Administrators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} +privilege: SeSecurityPrivilege +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeSystemtimePrivilege +privilege: SeShutdownPrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeTakeOwnershipPrivilege +privilege: SeDebugPrivilege +privilege: SeSystemEnvironmentPrivilege +privilege: SeSystemProfilePrivilege +privilege: SeProfileSingleProcessPrivilege +privilege: SeIncreaseBasePriorityPrivilege +privilege: SeLoadDriverPrivilege +privilege: SeCreatePagefilePrivilege +privilege: SeIncreaseQuotaPrivilege +privilege: SeChangeNotifyPrivilege +privilege: SeUndockPrivilege +privilege: SeManageVolumePrivilege +privilege: SeImpersonatePrivilege +privilege: SeCreateGlobalPrivilege +privilege: SeEnableDelegationPrivilege +privilege: SeInteractiveLogonRight +privilege: SeNetworkLogonRight +privilege: SeRemoteInteractiveLogonRight + + +dn: CN=Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Users +description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications +member: CN=Domain Users,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-545 +sAMAccountName: Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Guests,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Guests +description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted +member: CN=Domain Guests,CN=Users,${BASEDN} +member: CN=Guest,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Guests +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-546 +sAMAccountName: Guests +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${NOGROUP} + +dn: CN=Print Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Print Operators +description: Members can administer domain printers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Print Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-550 +adminCount: 1 +sAMAccountName: Print Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeLoadDriverPrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Backup Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Backup Operators +description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Backup Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-551 +adminCount: 1 +sAMAccountName: Backup Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Replicator,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Replicator +description: Supports file replication in a domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Replicator +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-552 +adminCount: 1 +sAMAccountName: Replicator +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Remote Desktop Users +description: Members in this group are granted the right to logon remotely +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Remote Desktop Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-555 +sAMAccountName: Remote Desktop Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Network Configuration Operators +description: Members in this group can have some administrative privileges to manage configuration of networking features +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Network Configuration Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-556 +sAMAccountName: Network Configuration Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Monitor Users +description: Members of this group have remote access to monitor this computer +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Performance Monitor Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-558 +sAMAccountName: Performance Monitor Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Log Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Log Users +description: Members of this group have remote access to schedule logging of performance counters on this computer +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Performance Log Users +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-559 +sAMAccountName: Performance Log Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +objectClass: computer +cn: ${NETBIOSNAME} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: ${NETBIOSNAME} +objectGUID: ${HOSTGUID} +userAccountControl: 532480 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 127273269057298624 +localPolicyFlags: 0 +pwdLastSet: 127258826171655328 +primaryGroupID: 516 +objectSid: ${DOMAINSID}-1000 +accountExpires: 9223372036854775807 +logonCount: 30 +sAMAccountName: ${NETBIOSNAME}$ +sAMAccountType: 805306369 +operatingSystem: Samba +operatingSystemVersion: 4.0 +dNSHostName: ${DNSNAME} +objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${JOINPASS} +servicePrincipalName: HOST/${DNSNAME} +servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: CIFS/${DNSNAME} +servicePrincipalName: CIFS/${NETBIOSNAME} +servicePrincipalName: LDAP/${DNSNAME} +servicePrincipalName: LDAP/${NETBIOSNAME} + +dn: CN=krbtgt,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: krbtgt +description: Key Distribution Center Service Account +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: krbtgt +objectGUID: ${NEWGUID} +userAccountControl: 514 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 127258826179466560 +primaryGroupID: 513 +objectSid: ${DOMAINSID}-502 +adminCount: 1 +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: krbtgt +sAMAccountType: 805306368 +servicePrincipalName: kadmin/changepw +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unicodePwd: ${RANDPASS} + +dn: CN=Domain Computers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Computers +description: All workstations and servers joined to the domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Domain Computers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-515 +sAMAccountName: Domain Computers +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Controllers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Controllers +description: All domain controllers in the domain +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Domain Controllers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-516 +adminCount: 1 +sAMAccountName: Domain Controllers +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Schema Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Schema Admins +description: Designated administrators of the schema +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Schema Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-518 +adminCount: 1 +sAMAccountName: Schema Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Enterprise Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Enterprise Admins +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Enterprise Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Cert Publishers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Cert Publishers +description: Members of this group are permitted to publish certificates to the Active Directory +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Cert Publishers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-517 +sAMAccountName: Cert Publishers +sAMAccountType: 0x20000000 +groupType: 0x80000004 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Admins +description: Designated administrators of the domain +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Admins +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-512 +adminCount: 1 +sAMAccountName: Domain Admins +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Domain Users,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Users +description: All domain users +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Users,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Users +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-513 +sAMAccountName: Domain Users +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${USERS} + +dn: CN=Domain Guests,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Guests +description: All domain guests +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +name: Domain Guests +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-514 +sAMAccountName: Domain Guests +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Group Policy Creator Owners +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,${BASEDN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Group Policy Creator Owners +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-520 +sAMAccountName: Group Policy Creator Owners +sAMAccountType: 0x10000000 +groupType: 0x80000002 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: RAS and IAS Servers +description: Servers in this group can access remote access properties of users +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: RAS and IAS Servers +objectGUID: ${NEWGUID} +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers +sAMAccountType: 0x20000000 +groupType: 0x80000004 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Server Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Server Operators +description: Members can administer domain servers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Server Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-549 +adminCount: 1 +sAMAccountName: Server Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeSystemtimePrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Account Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Account Operators +description: Members can administer domain user and group accounts +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +name: Account Operators +objectGUID: ${NEWGUID} +objectSid: S-1-5-32-548 +adminCount: 1 +sAMAccountName: Account Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeInteractiveLogonRight + +dn: CN=Templates,${BASEDN} +objectClass: top +objectClass: container +cn: Templates +description: Container for SAM account templates +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Templates +objectGUID: ${NEWGUID} +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +### +# note! the template users must not match normal searches. Be careful +# with what classes you put them in +### + +dn: CN=TemplateUser,CN=Templates,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: Template +objectClass: userTemplate +cn: TemplateUser +name: TemplateUser +instanceType: 4 +userAccountControl: 0x202 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000000 + +dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateMemberServer +name: TemplateMemberServer +instanceType: 4 +userAccountControl: 0x1002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 + +dn: CN=TemplateDomainController,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateDomainController +name: TemplateDomainController +instanceType: 4 +userAccountControl: 0x2002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 + +dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateTrustingDomain +name: TemplateTrustingDomain +instanceType: 4 +userAccountControl: 0x820 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000002 + +dn: CN=TemplateGroup,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: groupTemplate +cn: TemplateGroup +name: TemplateGroup +instanceType: 4 +groupType: 0x80000002 +sAMAccountType: 0x10000000 + +dn: CN=TemplateAlias,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: aliasTemplate +cn: TemplateAlias +name: TemplateAlias +instanceType: 4 +groupType: 0x80000004 +sAMAccountType: 0x10000000 + +dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: foreignSecurityPrincipalTemplate +cn: TemplateForeignSecurityPrincipal +name: TemplateForeignSecurityPrincipal + +dn: CN=TemplateSecret,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: secretTemplate +cn: TemplateSecret +name: TemplateSecret +instanceType: 4 + +dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: trustedDomainTemplate +cn: TemplateTrustedDomain +name: TemplateTrustedDomain +instanceType: 4 + +############################### +# Configuration Naming Context +############################### +dn: CN=Configuration,${BASEDN} +objectClass: top +objectClass: configuration +cn: Configuration +instanceType: 13 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Configuration +objectGUID: ${NEWGUID} +objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRefContainer +cn: Partitions +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Partitions +objectGUID: ${NEWGUID} +systemFlags: 0x80000000 +objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +msDS-Behavior-Version: 0 +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Configuration +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Enterprise Configuration +objectGUID: ${NEWGUID} +systemFlags: 0x00000001 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Schema +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Enterprise Schema +objectGUID: ${NEWGUID} +systemFlags: 0x00000001 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Schema,CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: ${DOMAIN} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: ${DOMAIN} +objectGUID: ${NEWGUID} +systemFlags: 0x00000003 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: ${BASEDN} +nETBIOSName: ${DOMAIN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: sitesContainer +cn: Sites +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Sites +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: site +cn: Sites +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Sites +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: serversContainer +cn: Servers +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Servers +objectGUID: ${NEWGUID} +systemFlags: 0x82000000 +objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: server +cn: ${NETBIOSNAME} +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: ${NETBIOSNAME} +objectGUID: ${NEWGUID} +systemFlags: 0x52000000 +objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +dNSHostName: ${DNSNAME} +serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} + +dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: applicationSettings +objectClass: nTDSDSA +cn: NTDS Settings +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: NTDS Settings +systemFlags: 0x02000000 +objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +dMDLocation: CN=Schema,CN=Configuration,${BASEDN} +objectGUID: ${INVOCATIONID} +invocationId: ${INVOCATIONID} +msDS-Behavior-Version: 2 + +############################### +# Schema Naming Context +############################### +dn: CN=Schema,CN=Configuration,${BASEDN} +objectClass: top +objectClass: dMD +cn: Schema +instanceType: 13 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Schema +objectGUID: ${NEWGUID} +objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectVersion: 30 diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl new file mode 100755 index 0000000000..4000ac3bde --- /dev/null +++ b/source4/setup/provision.pl @@ -0,0 +1,443 @@ +#!/usr/bin/perl -w + +use strict; +use Socket; +use Getopt::Long; + +my $opt_hostname = `hostname`; +chomp $opt_hostname; +my $opt_hostip; +my $opt_realm; +my $opt_domain; +my $opt_adminpass; +my $opt_nobody; +my $opt_nogroup; +my $opt_wheel; +my $opt_users; +my $dnsdomain; +my $netbiosname; +my $dnsname; +my $basedn; +my $defaultsite = "Default-First-Site-Name"; +my $usn = 1; + +# return the current NTTIME as an integer +sub nttime() +{ + my $t = time(); + $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)); + $t *= 1.0e7; + return sprintf("%lld", $t); +} + +# generate a random guid. Not a good algorithm. +sub randguid() +{ + my $r1 = int(rand(2**32)); + my $r2 = int(rand(2**16)); + my $r3 = int(rand(2**16)); + my $r4 = int(rand(2**16)); + my $r5 = int(rand(2**32)); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); +} + +my $opt_domainguid = randguid(); +my $opt_hostguid = randguid(); +my $opt_invocationid = randguid(); + +sub randsid() +{ + return sprintf("S-1-5-21-%d-%d-%d", + int(rand(10**8)), int(rand(10**8)), int(rand(10**8))); +} + +my $opt_domainsid = randsid(); + +# generate a random password. Poor algorithm :( +sub randpass() +{ + my $pass = ""; + my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; + for (my $i=0;$i<8;$i++) { + my $c = int(rand(length($chars))); + $pass .= substr($chars, $c, 1); + } + return $pass; +} + +my $joinpass = randpass(); + +sub ldaptime() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u%02u%02u.0Z", + $year+1900, $mon+1, $mday, $hour, $min, $sec; +} + +####################### +# substitute a single variable +sub substitute($) +{ + my $var = shift; + + if ($var eq "BASEDN") { + return $basedn; + } + + if ($var eq "DOMAINSID") { + return $opt_domainsid; + } + + if ($var eq "DOMAIN") { + return $opt_domain; + } + + if ($var eq "REALM") { + return $opt_realm; + } + + if ($var eq "DNSDOMAIN") { + return $dnsdomain; + } + + if ($var eq "HOSTNAME") { + return $opt_hostname; + } + + if ($var eq "NETBIOSNAME") { + return $netbiosname; + } + + if ($var eq "DNSNAME") { + return $dnsname; + } + + if ($var eq "HOSTIP") { + return $opt_hostip; + } + + if ($var eq "LDAPTIME") { + return ldaptime(); + } + + if ($var eq "NEWGUID") { + return randguid(); + } + + if ($var eq "NEWSCHEMAGUID") { + return randguid(); + } + + if ($var eq "DOMAINGUID") { + return $opt_domainguid; + } + + if ($var eq "HOSTGUID") { + return $opt_hostguid; + } + + if ($var eq "INVOCATIONID") { + return $opt_invocationid; + } + + if ($var eq "DEFAULTSITE") { + return $defaultsite; + } + + if ($var eq "ADMINPASS") { + return $opt_adminpass; + } + + if ($var eq "RANDPASS") { + return randpass(); + } + + if ($var eq "JOINPASS") { + return $joinpass; + } + + if ($var eq "NTTIME") { + return "" . nttime(); + } + + if ($var eq "WHEEL") { + return $opt_wheel; + } + + if ($var eq "NOBODY") { + return $opt_nobody; + } + + if ($var eq "NOGROUP") { + return $opt_nogroup; + } + + if ($var eq "USERS") { + return $opt_users; + } + + if ($var eq "USN") { + my $ret = $usn; + $usn = $ret + 1; + return $ret; + } + + die "ERROR: Uknown substitution variable $var\n"; +} + + +#################################################################### +# substitute all variables in a string +sub apply_substitutions($) +{ + my $data = shift; + my $res = ""; + while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { + my $sub = substitute($2); + $res .= "$1$sub"; + $data = $3; + } + $res .= $data; + return $res; +} + + +##################################################################### +# write a string into a file +sub FileSave($$) +{ + my($filename) = shift; + my($v) = shift; + local(*FILE); + open(FILE, ">$filename") || die "can't open $filename"; + print FILE $v; + close(FILE); +} + +##################################################################### +# read a file into a string +sub FileLoad($) +{ + my($filename) = shift; + local(*INPUTFILE); + open(INPUTFILE, $filename) || return undef; + my($saved_delim) = $/; + undef $/; + my($data) = ; + close(INPUTFILE); + $/ = $saved_delim; + return $data; +} + +####################################################################### +# add a foreign security principle +sub add_foreign($$$) +{ + my $sid = shift; + my $desc = shift; + my $unixname = shift; + return " +dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: $sid +description: $desc +instanceType: 4 +whenCreated: \${LDAPTIME} +whenChanged: \${LDAPTIME} +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: $sid +objectGUID: \${NEWGUID} +objectSid: $sid +objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN} +unixName: $unixname + +"; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 provisioning + +provision.pl [options] + --realm REALM set realm + --domain DOMAIN set domain + --domain-guid GUID set domainguid (otherwise random) + --domain-sid SID set domainsid (otherwise random) + --host-name HOSTNAME set hostname + --host-ip IPADDRESS set ipaddress + --host-guid GUID set hostguid (otherwise random) + --invocationid GUID set invocationid (otherwise random) + --adminpass PASSWORD choose admin password (otherwise random) + --nobody USERNAME choose 'nobody' user + --nogroup GROUPNAME choose 'nogroup' group + --wheel GROUPNAME choose 'wheel' privileged group + --users GROUPNAME choose 'users' group + +You must provide at least a realm and domain + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'realm=s' => \$opt_realm, + 'domain=s' => \$opt_domain, + 'domain-guid=s' => \$opt_domainguid, + 'domain-sid=s' => \$opt_domainsid, + 'host-name=s' => \$opt_hostname, + 'host-ip=s' => \$opt_hostip, + 'host-guid=s' => \$opt_hostguid, + 'invocationid=s' => \$opt_invocationid, + 'adminpass=s' => \$opt_adminpass, + 'nobody=s' => \$opt_nobody, + 'nogroup=s' => \$opt_nogroup, + 'wheel=s' => \$opt_wheel, + 'users=s' => \$opt_users, + ); + +if ($opt_help || + !$opt_realm || + !$opt_domain || + !$opt_hostname) { + ShowHelp(); +} + +$opt_realm=uc($opt_realm); +$opt_domain=uc($opt_domain); +$opt_hostname=lc($opt_hostname); +$netbiosname=uc($opt_hostname); + +if (!$opt_hostip) { + my $hip = gethostbyname($opt_hostname); + if (defined $hip) { + $opt_hostip = inet_ntoa($hip); + } else { + $opt_hostip = "<0.0.0.0>"; + } +} + +print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; + +if (!$opt_nobody) { + if (defined getpwnam("nobody")) { + $opt_nobody = "nobody"; + } +} + +if (!$opt_nogroup) { + if (defined getgrnam("nogroup")) { + $opt_nogroup = "nogroup"; + } elsif (defined getgrnam("nobody")) { + $opt_nogroup = "nobody"; + } +} + +if (!$opt_wheel) { + if (defined getgrnam("wheel")) { + $opt_wheel = "wheel"; + } elsif (defined getgrnam("root")) { + $opt_wheel = "root"; + } +} + +if (!$opt_users) { + if (defined getgrnam("users")) { + $opt_users = "users"; + } +} + +$opt_nobody || die "Unable to determine a user for 'nobody'\n"; +$opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; +$opt_users || die "Unable to determine a group for 'users'\n"; +$opt_wheel || die "Unable to determine a group for 'wheel'\n"; + +print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; + +print "generating ldif ...\n"; + +$dnsdomain = lc($opt_realm); +$dnsname = lc($opt_hostname).".".$dnsdomain; +$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); + +my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n"; + +$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); +$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); +$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}"); +$data .= add_foreign("S-1-5-18", "System", "root"); +$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}"); + +if (!$opt_adminpass) { + $opt_adminpass = randpass(); + print "chose random Administrator password '$opt_adminpass'\n"; +} + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + + +my $res = apply_substitutions($data); + +my $newdb = "newdb." . int(rand(1000)); + +print "Putting new database files in $newdb\n"; + +mkdir($newdb) || die "Unable to create temporary directory $newdb\n"; + +FileSave("$newdb/sam.ldif", $res); + +print "creating $newdb/sam.ldb ...\n"; + +system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; + +$data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; + +$res = apply_substitutions($data); + +FileSave("$newdb/rootdse.ldif", $res); + +print "creating $newdb/rootdse.ldb ...\n"; + +system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; + +$data = FileLoad("secrets.ldif") || die "Unable to load secrets.ldif\n"; + +$res = apply_substitutions($data); + +FileSave("$newdb/secrets.ldif", $res); + +print "creating $newdb/secrets.ldb ...\n"; + +system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; + +$data = FileLoad("provision.zone") || die "Unable to load provision.zone\n"; + +$res = apply_substitutions($data); + +print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; + +FileSave("$newdb/$dnsdomain.zone", $res); + +print "creating $newdb/hklm.ldb ... \n"; + +system("ldbadd -H $newdb/hklm.ldb hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; + +print " + +Installation: +- Please move $newdb/*.ldb to the private/ directory of your + Samba4 installation +- Please use $newdb/$dnsdomain.zone in BIND on your dns server +"; + + diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone new file mode 100644 index 0000000000..c0b941c822 --- /dev/null +++ b/source4/setup/provision.zone @@ -0,0 +1,32 @@ +; generate by provision.pl +$ORIGIN ${DNSDOMAIN} +$TTL 1W +@ IN SOA @ hostmaster ( + 42 ; serial (d. adams) + 2D ; refresh + 4H ; retry + 6W ; expiry + 1W ) ; minimum + IN NS ${HOSTNAME} + IN A ${HOSTIP} +; +${HOSTNAME} IN A ${HOSTIP} +${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} +; +; global catalog servers +_gc._tcp IN SRV 0 100 3268 ${HOSTNAME} +_ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} +; +; ldap servers +_ldap._tcp IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +; +; krb5 servers +_kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} +_kerberos._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} +_kerberos._udp IN SRV 0 100 88 ${HOSTNAME} diff --git a/source4/setup/rootdse.ldif b/source4/setup/rootdse.ldif new file mode 100644 index 0000000000..534249859a --- /dev/null +++ b/source4/setup/rootdse.ldif @@ -0,0 +1,32 @@ +dn: @INDEXLIST + +dn: @ATTRIBUTES +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN + +dn: @SUBCLASSES + +dn: @MODULES +@MODULE: timestamps + +dn: cn=rootDSE +currentTime: _DYNAMIC_ +subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} +dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} +namingContexts: ${BASEDN} +namingContexts: CN=Configuration,${BASEDN} +namingContexts: CN=Schema,CN=Configuration,${BASEDN} +defaultNamingContext: ${BASEDN} +rootDomainNamingContext: ${BASEDN} +configurationNamingContext: CN=Configuration,${BASEDN} +schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} +supportedLDAPVersion: 3 +highestCommittedUSN: _DYNAMIC_ +supportedSASLMechanisms: GSS-SPNEGO +dnsHostName: ${DNSNAME} +ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${DNSDOMAIN} +serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} +isSynchronized: _DYNAMIC_ +domainFunctionality: 0 +forestFunctionality: 0 +domainControllerFunctionality: 2 diff --git a/source4/setup/rootdse.pl b/source4/setup/rootdse.pl new file mode 100755 index 0000000000..799019fad8 --- /dev/null +++ b/source4/setup/rootdse.pl @@ -0,0 +1,152 @@ +#!/usr/bin/perl -w + +use strict; +use Getopt::Long; + +my $opt_hostname = `hostname`; +chomp $opt_hostname; +my $netbiosname; +my $opt_realm; +my $opt_domain; +my $dnsdomain; +my $dnsname; +my $basedn; + +sub ldaptime() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u%02u%02u.0Z", + $year+1900, $mon+1, $mday, $hour, $min, $sec; +} + +####################### +# substitute a single variable +sub substitute($) +{ + my $var = shift; + + if ($var eq "BASEDN") { + return $basedn; + } + + if ($var eq "NETBIOSNAME") { + return $netbiosname; + } + + if ($var eq "DNSNAME") { + return $dnsname; + } + + if ($var eq "DNSDOMAIN") { + return $dnsdomain; + } + + die "ERROR: Uknown substitution variable $var\n"; +} + +##################################################################### +# write a string into a file +sub FileSave($$) +{ + my($filename) = shift; + my($v) = shift; + local(*FILE); + open(FILE, ">$filename") || die "can't open $filename"; + print FILE $v; + close(FILE); +} + +##################################################################### +# read a file into a string +sub FileLoad($) +{ + my($filename) = shift; + local(*INPUTFILE); + open(INPUTFILE, $filename) || return undef; + my($saved_delim) = $/; + undef $/; + my($data) = ; + close(INPUTFILE); + $/ = $saved_delim; + return $data; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 provisioning + +rootdse.pl [options] + --realm REALM set realm + --domain DOMAIN set domain + --hostname HOSTNAME set hostname + +You must provide at least a realm and domain + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'realm=s' => \$opt_realm, + 'domain=s' => \$opt_domain, + 'hostname=s' => \$opt_hostname, + ); + +if ($opt_help || + !$opt_realm || + !$opt_domain || + !$opt_hostname) { + ShowHelp(); +} + +$opt_realm=uc($opt_realm); +$opt_domain=uc($opt_domain); +$opt_hostname=lc($opt_hostname); +$netbiosname=uc($opt_hostname); + +print "Provisioning host '$opt_hostname' with netbios name '$netbiosname' for domain '$opt_domain' in realm '$opt_realm'\n"; + +print "generating ldif ...\n"; + +$dnsdomain = lc($opt_realm); +$dnsname = $opt_hostname.".".$dnsdomain; +$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); + +my $data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; + +my $res = ""; + +print "applying substitutions ...\n"; + +while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { + my $sub = substitute($2); + $res .= "$1$sub"; + $data = $3; +} +$res .= $data; + +print "saving ldif to newrootdse.ldif ...\n"; + +FileSave("newrootdse.ldif", $res); + +unlink("newrootdse.ldb"); + +print "creating newrootdse.ldb ...\n"; + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin:../bin"; + +system("ldbadd -H newrootdse.ldb newrootdse.ldif"); + +print "done + +Please move newrootdse.ldb to rootdse.ldb in the private/ directory of your +Samba4 installation +"; + diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif new file mode 100644 index 0000000000..f44521a07b --- /dev/null +++ b/source4/setup/secrets.ldif @@ -0,0 +1,30 @@ +dn: @INDEXLIST +@IDXATTR: cn +@IDXATTR: flatname +@IDXATTR: realm + +dn: @ATTRIBUTES +realm: CASE_INSENSITIVE +flatname: CASE_INSENSITIVE +sAMAccountName: CASE_INSENSITIVE + +dn: CN=LSA Secrets +objectClass: top +objectClass: container +cn: LSA Secrets + +dn: CN=Primary Domains +objectClass: top +objectClass: container +cn: Primary Domains + +dn: flatname=${DOMAIN},CN=Primary Domains +objectClass: top +objectClass: primaryDomain +flatname: ${DOMAIN} +realm: ${REALM} +secret: ${JOINPASS} +sAMAccountName: ${NETBIOSNAME}$ +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} + -- cgit From 4f030437d02c2915628063badba6d2216a83876a Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 17 Apr 2005 00:45:49 +0000 Subject: r6361: Update howto and provisioning script with the moves made in r6207. (This used to be commit e2f127b4d822c98668e20e724a4ca91b320092b3) --- source4/setup/provision.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index 4000ac3bde..6d42b967a7 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -369,7 +369,7 @@ $dnsdomain = lc($opt_realm); $dnsname = lc($opt_hostname).".".$dnsdomain; $basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); -my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n"; +my $data = FileLoad("setup/provision.ldif") || die "Unable to load provision.ldif\n"; $data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); $data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); @@ -400,7 +400,7 @@ print "creating $newdb/sam.ldb ...\n"; system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; -$data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; +$data = FileLoad("setup/rootdse.ldif") || die "Unable to load rootdse.ldif\n"; $res = apply_substitutions($data); @@ -410,7 +410,7 @@ print "creating $newdb/rootdse.ldb ...\n"; system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; -$data = FileLoad("secrets.ldif") || die "Unable to load secrets.ldif\n"; +$data = FileLoad("setup/secrets.ldif") || die "Unable to load secrets.ldif\n"; $res = apply_substitutions($data); @@ -420,7 +420,7 @@ print "creating $newdb/secrets.ldb ...\n"; system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; -$data = FileLoad("provision.zone") || die "Unable to load provision.zone\n"; +$data = FileLoad("setup/provision.zone") || die "Unable to load provision.zone\n"; $res = apply_substitutions($data); @@ -430,7 +430,7 @@ FileSave("$newdb/$dnsdomain.zone", $res); print "creating $newdb/hklm.ldb ... \n"; -system("ldbadd -H $newdb/hklm.ldb hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; +system("ldbadd -H $newdb/hklm.ldb setup/hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; print " -- cgit From 13d31a48713e7542a6317448f4b6cc16810346ad Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 30 Apr 2005 12:30:36 +0000 Subject: r6534: Patch from lieschen to fix our vital user creation tools :-) Andrew Bartlett (This used to be commit 1a1f0bd33c8e9ad89df0073aa9c2e42822ec7903) --- source4/setup/newuser.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl index 6ddda5028e..a38067219e 100755 --- a/source4/setup/newuser.pl +++ b/source4/setup/newuser.pl @@ -40,7 +40,7 @@ sub search($$) { my $expr = shift; my $attrib = shift; - my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; + my $res = `ldbsearch -H $opt_samdb \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; chomp $res; return $res; } @@ -96,7 +96,7 @@ $ENV{"LDB_URL"} = $opt_samdb; my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); my $domain_dn = search("(objectClass=domainDNS)", "dn"); -my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; +my $ldif = `ldbsearch -H $opt_samdb 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; chomp $ldif; my $sid; -- cgit From 7fca1d46cea38229faf9a7092d86a452658f2ca0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 1 May 2005 19:08:35 +0000 Subject: r6564: - Fix bug in socket_wrapper - Add options --quiet and --outputdir options to the provisioning script - Add simple 'make test' and 'make test-swrap' (This used to be commit 7d2d4a57e0e58a51c76c2e86ea447e81a1d79544) --- source4/setup/provision.pl | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index 6d42b967a7..b515a5a9eb 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -14,6 +14,8 @@ my $opt_nobody; my $opt_nogroup; my $opt_wheel; my $opt_users; +my $opt_outputdir; +my $opt_quiet; my $dnsdomain; my $netbiosname; my $dnsname; @@ -274,11 +276,13 @@ provision.pl [options] --host-ip IPADDRESS set ipaddress --host-guid GUID set hostguid (otherwise random) --invocationid GUID set invocationid (otherwise random) + --outputdir OUTPUTDIR set output directory --adminpass PASSWORD choose admin password (otherwise random) --nobody USERNAME choose 'nobody' user --nogroup GROUPNAME choose 'nogroup' group --wheel GROUPNAME choose 'wheel' privileged group --users GROUPNAME choose 'users' group + --quiet Be quiet You must provide at least a realm and domain @@ -303,6 +307,8 @@ GetOptions( 'nogroup=s' => \$opt_nogroup, 'wheel=s' => \$opt_wheel, 'users=s' => \$opt_users, + 'outputdir=s' => \$opt_outputdir, + 'quiet' => \$opt_quiet ); if ($opt_help || @@ -326,7 +332,7 @@ if (!$opt_hostip) { } } -print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; +$opt_quiet or print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; if (!$opt_nobody) { if (defined getpwnam("nobody")) { @@ -361,9 +367,9 @@ $opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; $opt_users || die "Unable to determine a group for 'users'\n"; $opt_wheel || die "Unable to determine a group for 'wheel'\n"; -print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; +$opt_quiet or print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; -print "generating ldif ...\n"; +$opt_quiet or print "generating ldif ...\n"; $dnsdomain = lc($opt_realm); $dnsname = lc($opt_hostname).".".$dnsdomain; @@ -388,15 +394,21 @@ $ENV{"PATH"} .= ":bin:../bin"; my $res = apply_substitutions($data); -my $newdb = "newdb." . int(rand(1000)); +my $newdb = $opt_outputdir; -print "Putting new database files in $newdb\n"; +unless ($newdb) { + $newdb = "newdb." . int(rand(1000)); +} + +$opt_quiet or print "Putting new database files in $newdb\n"; -mkdir($newdb) || die "Unable to create temporary directory $newdb\n"; +unless ($opt_outputdir) { + mkdir($newdb) || die "Unable to create temporary directory $newdb\n"; +} FileSave("$newdb/sam.ldif", $res); -print "creating $newdb/sam.ldb ...\n"; +$opt_quiet or print "creating $newdb/sam.ldb ...\n"; system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; @@ -406,7 +418,7 @@ $res = apply_substitutions($data); FileSave("$newdb/rootdse.ldif", $res); -print "creating $newdb/rootdse.ldb ...\n"; +$opt_quiet or print "creating $newdb/rootdse.ldb ...\n"; system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; @@ -416,7 +428,7 @@ $res = apply_substitutions($data); FileSave("$newdb/secrets.ldif", $res); -print "creating $newdb/secrets.ldb ...\n"; +$opt_quiet or print "creating $newdb/secrets.ldb ...\n"; system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; @@ -424,20 +436,18 @@ $data = FileLoad("setup/provision.zone") || die "Unable to load provision.zone\n $res = apply_substitutions($data); -print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; +$opt_quiet or print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; FileSave("$newdb/$dnsdomain.zone", $res); -print "creating $newdb/hklm.ldb ... \n"; +$opt_quiet or print "creating $newdb/hklm.ldb ... \n"; system("ldbadd -H $newdb/hklm.ldb setup/hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; -print " +$opt_quiet or print " Installation: - Please move $newdb/*.ldb to the private/ directory of your Samba4 installation - Please use $newdb/$dnsdomain.zone in BIND on your dns server "; - - -- cgit From 85e9412c4786ede6f94d879185d493756d37eebe Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 1 May 2005 19:29:00 +0000 Subject: r6565: Cludge, cludge, cludge... We need to pass the 'secure channel type' to the NETLOGON layer, which must match the account type. (Yes, jelmer objects to this inclusion of the kitchen sink ;-) Andrew Bartlett (This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248) --- source4/setup/provision.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index f6cce3e285..466f567cda 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -51,6 +51,7 @@ objectClass: top objectClass: domain objectClass: domainDNS name: ${DOMAIN} +flatname: ${DOMAIN} realm: ${REALM} dnsDomain: ${DNSDOMAIN} dc: ${DOMAIN} -- cgit From b686e0b9266c0e6029d9f87f187e56c8d2429586 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 2 May 2005 12:34:44 +0000 Subject: r6571: create a simple smb.conf by provision.pl metze (This used to be commit af16ecb7ac6015b2f7fa70fc73e1ab69776c8079) --- source4/setup/provision.pl | 10 ++++++++++ source4/setup/provision.smb.conf | 4 ++++ 2 files changed, 14 insertions(+) create mode 100644 source4/setup/provision.smb.conf (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index b515a5a9eb..a87f2aef54 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -440,6 +440,14 @@ $opt_quiet or print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; FileSave("$newdb/$dnsdomain.zone", $res); +$data = FileLoad("setup/provision.smb.conf") || die "Unable to load provision.smb.conf\n"; + +$res = apply_substitutions($data); + +$opt_quiet or print "saving smb.conf to $newdb/smb.conf ...\n"; + +FileSave("$newdb/smb.conf", $res); + $opt_quiet or print "creating $newdb/hklm.ldb ... \n"; system("ldbadd -H $newdb/hklm.ldb setup/hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; @@ -449,5 +457,7 @@ $opt_quiet or print " Installation: - Please move $newdb/*.ldb to the private/ directory of your Samba4 installation +- Please move $newdb/smb.conf to the lib/ directory of your + Samba4 installation - Please use $newdb/$dnsdomain.zone in BIND on your dns server "; diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf new file mode 100644 index 0000000000..21b250a671 --- /dev/null +++ b/source4/setup/provision.smb.conf @@ -0,0 +1,4 @@ +[globals] + netbios name = ${HOSTNAME} + workgroup = ${DOMAIN} + realm = ${REALM} -- cgit From e4cdc5d75003de5da29ae2c7a4f7f82bf6efdbf8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 10 May 2005 08:50:58 +0000 Subject: r6697: fix from Sven (wAmpIre) Velt metze (This used to be commit db2f5619f8114b6454cc2541d80129e1ca5fa1a9) --- source4/setup/provision.zone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index c0b941c822..c79660869c 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -1,5 +1,5 @@ ; generate by provision.pl -$ORIGIN ${DNSDOMAIN} +$ORIGIN ${DNSDOMAIN}. $TTL 1W @ IN SOA @ hostmaster ( 42 ; serial (d. adams) -- cgit From e5124bffcac16ee927f0eebcd6d445456e904563 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 May 2005 09:49:45 +0000 Subject: r6698: Our domain join code requires that the secureChannelType be set. Type 6 is BDC, which is correct for a self-join. Andrew Bartlett (This used to be commit cd61ff80f886bcb4a8c6b681879ee269604e98f3) --- source4/setup/secrets.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index f44521a07b..69360f6bf2 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -24,6 +24,7 @@ objectClass: primaryDomain flatname: ${DOMAIN} realm: ${REALM} secret: ${JOINPASS} +secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} -- cgit From 51a3cfe35eca4b4793811d70877ca243f810a31e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 12 May 2005 09:13:53 +0000 Subject: r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query with this in uppercase) (This used to be commit f0c37555ff30c3e5ff4680d0b33bc105ebd3a0b1) --- source4/setup/provision.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 466f567cda..0ac412abd2 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -12,6 +12,7 @@ dn: @ATTRIBUTES realm: CASE_INSENSITIVE userPrincipalName: CASE_INSENSITIVE servicePrincipalName: CASE_INSENSITIVE +dnsDomain: CASE_INSENSITIVE cn: CASE_INSENSITIVE dc: CASE_INSENSITIVE name: CASE_INSENSITIVE WILDCARD -- cgit From 81a8af53b454ace427c3dd5325cde6cb71a4a18f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 17 May 2005 21:46:16 +0000 Subject: r6868: the @ATTRIBUTES object format has changed (This used to be commit 4401c74fbc630d7ab7983c5f901483f3d7ddd8fb) --- source4/setup/provision.ldif | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 0ac412abd2..ca0c7f9051 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -15,9 +15,12 @@ servicePrincipalName: CASE_INSENSITIVE dnsDomain: CASE_INSENSITIVE cn: CASE_INSENSITIVE dc: CASE_INSENSITIVE -name: CASE_INSENSITIVE WILDCARD -dn: CASE_INSENSITIVE WILDCARD -sAMAccountName: CASE_INSENSITIVE WILDCARD +name: CASE_INSENSITIVE +name: WILDCARD +dn: CASE_INSENSITIVE +dn: WILDCARD +sAMAccountName: CASE_INSENSITIVE +sAMAccountName: WILDCARD objectClass: CASE_INSENSITIVE unicodePwd: HIDDEN ntPwdHash: HIDDEN -- cgit From db169af3b71c7b9911a64873a5ec9b7d304acf35 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 18 May 2005 14:19:17 +0000 Subject: r6883: Move to what simo assures me is the 'correct' way to find the NetBIOS and long names for a domain. Add servicePrincipalName mapping table (administrator configurable), in the same spot as microsoft uses. Andrew Bartlett (This used to be commit c25e78b4b34384a3a79a920f50f01be696a048ba) --- source4/setup/provision.ldif | 52 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index ca0c7f9051..bce690c482 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -9,10 +9,10 @@ dn: @INDEXLIST @IDXATTR: privilege dn: @ATTRIBUTES -realm: CASE_INSENSITIVE userPrincipalName: CASE_INSENSITIVE servicePrincipalName: CASE_INSENSITIVE dnsDomain: CASE_INSENSITIVE +dnsRoot: CASE_INSENSITIVE cn: CASE_INSENSITIVE dc: CASE_INSENSITIVE name: CASE_INSENSITIVE @@ -56,7 +56,6 @@ objectClass: domain objectClass: domainDNS name: ${DOMAIN} flatname: ${DOMAIN} -realm: ${REALM} dnsDomain: ${DNSDOMAIN} dc: ${DOMAIN} objectGUID: ${DOMAINGUID} @@ -614,10 +613,6 @@ isCriticalSystemObject: TRUE unicodePwd: ${JOINPASS} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} -servicePrincipalName: CIFS/${DNSNAME} -servicePrincipalName: CIFS/${NETBIOSNAME} -servicePrincipalName: LDAP/${DNSNAME} -servicePrincipalName: LDAP/${NETBIOSNAME} dn: CN=krbtgt,CN=Users,${BASEDN} objectClass: top @@ -1229,6 +1224,51 @@ objectGUID: ${INVOCATIONID} invocationId: ${INVOCATIONID} msDS-Behavior-Version: 2 +dn: CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: container +cn: Services +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Services +systemFlags: 0x80000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectGUID: ${INVOCATIONID} + +dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: container +cn: Windows NT +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Windows NT +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectGUID: ${INVOCATIONID} + +dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: nTDSService +cn: Directory Service +instanceType: 4 +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +name: Directory Service +objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} +objectGUID: ${INVOCATIONID} +sPNMappings: host=ldap,dns,cifs + + ############################### # Schema Naming Context ############################### -- cgit From c69e1cf003983f817868031afc48da51c8e96b18 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 18 May 2005 14:29:23 +0000 Subject: r6884: the invocationID is only used as objectGUID on the NTDS Settings object on the first DC in the forest! metze (This used to be commit 8ea59f23728450cd42c221e69f375d6e390c4a79) --- source4/setup/provision.ldif | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index bce690c482..131ebe2b42 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1237,7 +1237,7 @@ showInAdvancedViewOnly: TRUE name: Services systemFlags: 0x80000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} +objectGUID: ${NEWGUID} dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top @@ -1251,7 +1251,7 @@ uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Windows NT objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} +objectGUID: ${NEWGUID} dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top @@ -1265,7 +1265,7 @@ uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Directory Service objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} +objectGUID: ${NEWGUID} sPNMappings: host=ldap,dns,cifs -- cgit From 47ab0ed8edd9d2c8b1ca76cfc3bb3f3ae0917f51 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 12 Jun 2005 06:35:18 +0000 Subject: r7499: ensure that the account we run tests as ("Administrator") maps to the unixName that we are running as in the test suite. Otherwise files are created as a user without any entry in the sam, so the ACL doesn't allow that user read permission when it should. This should fix the RAW-ACLS test in the build farm. (This used to be commit 30445483e4facb0a1d8a5979a2eac6c166193c09) --- source4/setup/provision.ldif | 2 +- source4/setup/provision.pl | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 131ebe2b42..c98a6153e0 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -298,7 +298,7 @@ sAMAccountType: 0x30000000 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unicodePwd: ${ADMINPASS} -unixName: root +unixName: ${ROOT} dn: CN=Guest,CN=Users,${BASEDN} objectClass: top diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index a87f2aef54..fccc555ce1 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -10,6 +10,7 @@ my $opt_hostip; my $opt_realm; my $opt_domain; my $opt_adminpass; +my $opt_root; my $opt_nobody; my $opt_nogroup; my $opt_wheel; @@ -171,6 +172,10 @@ sub substitute($) return $opt_nobody; } + if ($var eq "ROOT") { + return $opt_root; + } + if ($var eq "NOGROUP") { return $opt_nogroup; } @@ -278,6 +283,7 @@ provision.pl [options] --invocationid GUID set invocationid (otherwise random) --outputdir OUTPUTDIR set output directory --adminpass PASSWORD choose admin password (otherwise random) + --root USERNAME choose 'root' unix username --nobody USERNAME choose 'nobody' user --nogroup GROUPNAME choose 'nogroup' group --wheel GROUPNAME choose 'wheel' privileged group @@ -303,6 +309,7 @@ GetOptions( 'host-guid=s' => \$opt_hostguid, 'invocationid=s' => \$opt_invocationid, 'adminpass=s' => \$opt_adminpass, + 'root=s' => \$opt_root, 'nobody=s' => \$opt_nobody, 'nogroup=s' => \$opt_nogroup, 'wheel=s' => \$opt_wheel, @@ -334,6 +341,10 @@ if (!$opt_hostip) { $opt_quiet or print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; +if (!$opt_root) { + $opt_root = "root"; +} + if (!$opt_nobody) { if (defined getpwnam("nobody")) { $opt_nobody = "nobody"; @@ -380,7 +391,7 @@ my $data = FileLoad("setup/provision.ldif") || die "Unable to load provision.ldi $data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); $data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); $data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}"); -$data .= add_foreign("S-1-5-18", "System", "root"); +$data .= add_foreign("S-1-5-18", "System", "\${ROOT}"); $data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}"); if (!$opt_adminpass) { -- cgit From a828bccd3924369ddf086392fec113d3dca19bfa Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 18 Jun 2005 13:37:44 +0000 Subject: r7727: we need to mark some attributes as INTEGER, so that the standard searches that w2k does work. For example, w2k asks for sAMAccountType=805306369 which will only match if we know its an integer (This used to be commit 941509ee58253b671bb74b2d8d8667cc6a1a4328) --- source4/setup/provision.ldif | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c98a6153e0..c3968495e4 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -29,6 +29,10 @@ lmPwdHash: HIDDEN lmPwdHistory: HIDDEN createTimestamp: HIDDEN modifyTimestamp: HIDDEN +groupType: INTEGER +sAMAccountType: INTEGER +systemFlags: INTEGER +userAccountControl: INTEGER dn: @SUBCLASSES top: domain -- cgit From bdee131f30e1bef31498b08bb648ddee35ea4892 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 24 Jun 2005 00:18:20 +0000 Subject: r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c) --- source4/setup/provision.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c3968495e4..ce6d349aca 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,7 +1,7 @@ dn: @INDEXLIST @IDXATTR: name @IDXATTR: sAMAccountName -@IDXATTR: objectSid +@IDXATTR: objectSid_DISABLED_BY_TRIDGE @IDXATTR: objectClass @IDXATTR: member @IDXATTR: unixID -- cgit From a6e921fc814aa9ad4884371742d4c7dede655a6a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 24 Jun 2005 01:50:50 +0000 Subject: r7867: a couple of bug fixes for newuser.pl from kukks I'm looking forward to deleting this file when we can add users using the web intgerface (and maybe ejs scripts for the command line) (This used to be commit 836e5782fda9edef6746adc6453d8a40df2a1765) --- source4/setup/newuser.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl index a38067219e..d72c73a326 100755 --- a/source4/setup/newuser.pl +++ b/source4/setup/newuser.pl @@ -121,14 +121,14 @@ $ldif .= "objectGUID: " . randguid() . "\n"; $ldif .= "memberOf: $dom_users\n"; $ldif .= "userAccountControl: 0x10200\n"; $ldif .= "sAMAccountType: 0x30000000\n"; -$ldif .= "objectClass: user\n"; $ldif .= "unicodePwd: $opt_password\n"; $ldif .= "unixName: $opt_unixname\n"; my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; open FILE, ">newuser.ldif"; -print FILE "dn: $user_dn"; +print FILE "dn: $user_dn\n"; +print FILE "objectClass: user\n"; print FILE "$ldif\n"; close FILE; -- cgit From 3284fe857153819f0b51062b728609f73cd49a5a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 25 Jun 2005 05:03:29 +0000 Subject: r7900: the existing ltdb indexing code does in fact cope with binary fields, so re-enable indexing on objectSid (This used to be commit 5781c83ba4ef919520e9668a40aafc8f74fe5700) --- source4/setup/provision.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index ce6d349aca..c3968495e4 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,7 +1,7 @@ dn: @INDEXLIST @IDXATTR: name @IDXATTR: sAMAccountName -@IDXATTR: objectSid_DISABLED_BY_TRIDGE +@IDXATTR: objectSid @IDXATTR: objectClass @IDXATTR: member @IDXATTR: unixID -- cgit From 2f454d29059f02f1dd4c7e5a8069fd7042b8471f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 25 Jun 2005 14:18:34 +0000 Subject: r7907: the old solaris perl doesn't handle mkdir() without a mode (This used to be commit 54d698c4888ce453926aed6102621d20fe744031) --- source4/setup/provision.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index fccc555ce1..aae5f44d5d 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -414,7 +414,7 @@ unless ($newdb) { $opt_quiet or print "Putting new database files in $newdb\n"; unless ($opt_outputdir) { - mkdir($newdb) || die "Unable to create temporary directory $newdb\n"; + mkdir($newdb, 0755) || die "Unable to create temporary directory $newdb\n"; } FileSave("$newdb/sam.ldif", $res); -- cgit From 40f1ddfdede5eca533737945d3ca3fe43ad0b5f2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 26 Jun 2005 02:01:32 +0000 Subject: r7917: macosx doesn't have a group called 'users' (This used to be commit 2b39736c35168b2e6b1ef094de4d83b604ea39f1) --- source4/setup/provision.pl | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index aae5f44d5d..3eba4ac248 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -370,6 +370,8 @@ if (!$opt_wheel) { if (!$opt_users) { if (defined getgrnam("users")) { $opt_users = "users"; + } elsif (defined getgrnam("guest")) { + $opt_users = "guest"; } } -- cgit From 122bb5642cfda604d90acfcb05e43e1c1f68bcea Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 26 Jun 2005 04:58:26 +0000 Subject: r7921: fixed newuser script (letting samldb module allocate the sid) (This used to be commit 45d08e94d27f837ab7788471b07e8c0c9b061c39) --- source4/setup/newuser.pl | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl index d72c73a326..dc9613e4aa 100755 --- a/source4/setup/newuser.pl +++ b/source4/setup/newuser.pl @@ -99,24 +99,11 @@ my $domain_dn = search("(objectClass=domainDNS)", "dn"); my $ldif = `ldbsearch -H $opt_samdb 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; chomp $ldif; -my $sid; - -# crude way of working out a rid -for (my $i=1001;$i<1100;$i++) { - if (search("objectSid=$domain_sid-$i","objectSid") eq "") { - $sid = "$domain_sid-$i"; - last; - } -} - -print "Chose new SID $sid\n"; - my $dom_users = search("name=Domain Users", "dn"); $ldif .= "sAMAccountName: $opt_username\n"; $ldif .= "name: $opt_username\n"; -$ldif .= "objectSid: $sid\n"; $ldif .= "objectGUID: " . randguid() . "\n"; $ldif .= "memberOf: $dom_users\n"; $ldif .= "userAccountControl: 0x10200\n"; -- cgit From a6b242639d7b5c0f20202cc40efc9eab24316ae7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Jun 2005 05:28:09 +0000 Subject: r7939: fix default hostname in provision (This used to be commit 79d174005e3508745ea8b0bda2321abd184bf68b) --- source4/setup/provision.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index 3eba4ac248..c0b5a6ea0b 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -4,7 +4,7 @@ use strict; use Socket; use Getopt::Long; -my $opt_hostname = `hostname`; +my $opt_hostname = `hostname | cut -d. -f1`; chomp $opt_hostname; my $opt_hostip; my $opt_realm; -- cgit From 6861c9069a5da5060f8f3d6ff70c24896310c3fc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 27 Jun 2005 05:46:45 +0000 Subject: r7940: use local path first for ldbadd in provisioning (This used to be commit cff7507f593816a831a14f03862f7bdb24c15d4f) --- source4/setup/provision.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index c0b5a6ea0b..fcd3b646d1 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -402,7 +402,7 @@ if (!$opt_adminpass) { } # allow provisioning to be run from the source directory -$ENV{"PATH"} .= ":bin:../bin"; +$ENV{"PATH"} = "bin:../bin:" . $ENV{"PATH"}; my $res = apply_substitutions($data); -- cgit From f62a70fe54c1b1f6172d1d3fbc8b34c03dd96b86 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 29 Jun 2005 02:28:57 +0000 Subject: r7988: Store the KVNO for the machine account, and set it up in the provision. Andrew Bartlett (This used to be commit 90e94a4630c24282cd93ee05e258877b38e24a57) --- source4/setup/provision.ldif | 1 + source4/setup/secrets.ldif | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c3968495e4..8ff93dde80 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -617,6 +617,7 @@ isCriticalSystemObject: TRUE unicodePwd: ${JOINPASS} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} +msDS-KeyVersionNumber: 1 dn: CN=krbtgt,CN=Users,${BASEDN} objectClass: top diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 69360f6bf2..15005163dc 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -28,4 +28,4 @@ secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} - +msDS-KeyVersionNumber: 1 -- cgit From c7377de49f9155b3d66604d06deb2c8ede385e37 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 1 Jul 2005 12:19:39 +0000 Subject: r8055: added canonicalName to our domainDns record (This used to be commit 1ba296b9d0ed1cf0961bdd3cde03f1ce56e1d72b) --- source4/setup/provision.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 8ff93dde80..88c157b052 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -90,6 +90,7 @@ objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE subRefs: CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} +canonicalName: ${REALM}/ dn: CN=Users,${BASEDN} objectClass: top -- cgit From eab25a4d01705dcdb45bf509e4df40450e983828 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 1 Jul 2005 12:20:24 +0000 Subject: r8056: make the realm lowercase in our ldb (better matches w2k3) (This used to be commit 39cfb6f739f33a33dcbee708a9a2e5f1c6c12287) --- source4/setup/provision.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index fcd3b646d1..7c739f4515 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -30,7 +30,7 @@ sub nttime() my $t = time(); $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)); $t *= 1.0e7; - return sprintf("%lld", $t); + return sprintf("%.0f", $t); } # generate a random guid. Not a good algorithm. @@ -325,7 +325,7 @@ if ($opt_help || ShowHelp(); } -$opt_realm=uc($opt_realm); +$opt_realm=lc($opt_realm); $opt_domain=uc($opt_domain); $opt_hostname=lc($opt_hostname); $netbiosname=uc($opt_hostname); -- cgit From a3c7f79931098de0dca05ecee926c7ce97135878 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 5 Jul 2005 07:10:52 +0000 Subject: r8158: - use the timestring for the serial number of the bind zone file - add --krbtgtpass and --machinepass options, with them you can easy set them to default values for testing so that you don't need to setup a new keytab file when you rerun provision.pl metze (This used to be commit cfb72455970c182aaba67bf9cf9775a854f143ff) --- source4/setup/provision.ldif | 4 ++-- source4/setup/provision.pl | 37 +++++++++++++++++++++++++++++++------ source4/setup/provision.zone | 2 +- source4/setup/secrets.ldif | 2 +- 4 files changed, 35 insertions(+), 10 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 88c157b052..5a5e792ec5 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -615,7 +615,7 @@ operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -unicodePwd: ${JOINPASS} +unicodePwd: ${MACHINEPASS} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} msDS-KeyVersionNumber: 1 @@ -653,7 +653,7 @@ sAMAccountType: 805306368 servicePrincipalName: kadmin/changepw objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -unicodePwd: ${RANDPASS} +unicodePwd: ${KRBTGTPASS} dn: CN=Domain Computers,CN=Users,${BASEDN} objectClass: top diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index 7c739f4515..99830bfc3f 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -10,6 +10,8 @@ my $opt_hostip; my $opt_realm; my $opt_domain; my $opt_adminpass; +my $opt_krbtgtpass; +my $opt_machinepass; my $opt_root; my $opt_nobody; my $opt_nogroup; @@ -69,8 +71,6 @@ sub randpass() return $pass; } -my $joinpass = randpass(); - sub ldaptime() { my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); @@ -78,6 +78,13 @@ sub ldaptime() $year+1900, $mon+1, $mday, $hour, $min, $sec; } +sub timestring() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u%02u%02u", + $year+1900, $mon+1, $mday, $hour, $min, $sec; +} + ####################### # substitute a single variable sub substitute($) @@ -124,6 +131,10 @@ sub substitute($) return ldaptime(); } + if ($var eq "TIMESTRING") { + return timestring(); + } + if ($var eq "NEWGUID") { return randguid(); } @@ -152,12 +163,12 @@ sub substitute($) return $opt_adminpass; } - if ($var eq "RANDPASS") { - return randpass(); + if ($var eq "KRBTGTPASS") { + return $opt_krbtgtpass; } - if ($var eq "JOINPASS") { - return $joinpass; + if ($var eq "MACHINEPASS") { + return $opt_machinepass; } if ($var eq "NTTIME") { @@ -283,6 +294,8 @@ provision.pl [options] --invocationid GUID set invocationid (otherwise random) --outputdir OUTPUTDIR set output directory --adminpass PASSWORD choose admin password (otherwise random) + --krbtgtpass PASSWORD choose krbtgt password (otherwise random) + --machinepass PASSWORD choose machine password (otherwise random) --root USERNAME choose 'root' unix username --nobody USERNAME choose 'nobody' user --nogroup GROUPNAME choose 'nogroup' group @@ -309,6 +322,8 @@ GetOptions( 'host-guid=s' => \$opt_hostguid, 'invocationid=s' => \$opt_invocationid, 'adminpass=s' => \$opt_adminpass, + 'krbtgtpass=s' => \$opt_krbtgtpass, + 'machinepass=s' => \$opt_machinepass, 'root=s' => \$opt_root, 'nobody=s' => \$opt_nobody, 'nogroup=s' => \$opt_nogroup, @@ -401,6 +416,16 @@ if (!$opt_adminpass) { print "chose random Administrator password '$opt_adminpass'\n"; } +if (!$opt_krbtgtpass) { + $opt_krbtgtpass = randpass(); + print "chose random krbtgt password '$opt_krbtgtpass'\n"; +} + +if (!$opt_machinepass) { + $opt_machinepass = randpass(); + print "chose random machine password '$opt_machinepass'\n"; +} + # allow provisioning to be run from the source directory $ENV{"PATH"} = "bin:../bin:" . $ENV{"PATH"}; diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index c79660869c..cde4caf092 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -2,7 +2,7 @@ $ORIGIN ${DNSDOMAIN}. $TTL 1W @ IN SOA @ hostmaster ( - 42 ; serial (d. adams) + ${TIMESTRING} ; serial 2D ; refresh 4H ; retry 6W ; expiry diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 15005163dc..865a151494 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -23,7 +23,7 @@ objectClass: top objectClass: primaryDomain flatname: ${DOMAIN} realm: ${REALM} -secret: ${JOINPASS} +secret: ${MACHINEPASS} secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ whenCreated: ${LDAPTIME} -- cgit From b82f504072281aedf5b41b57631c8bd527a390a7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Jul 2005 05:16:43 +0000 Subject: r8225: make nETBIOSName case insensitive, so that lower case netbios domain REALM's are working in the hdb-ldb module metze (This used to be commit d24f39a5d746b9eabc4d5f6f6070a85be084d82c) --- source4/setup/provision.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 5a5e792ec5..dc4188a28c 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -13,6 +13,7 @@ userPrincipalName: CASE_INSENSITIVE servicePrincipalName: CASE_INSENSITIVE dnsDomain: CASE_INSENSITIVE dnsRoot: CASE_INSENSITIVE +nETBIOSName: CASE_INSENSITIVE cn: CASE_INSENSITIVE dc: CASE_INSENSITIVE name: CASE_INSENSITIVE -- cgit From c9c49b11f9e2331bcfe4d5e542027548544ab87c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Jul 2005 12:11:05 +0000 Subject: r8289: fallback to the group 'other' for users this might fix the testing on solaris10 (This used to be commit 5adbab0afe85f5f856ab5fcc7a285a22f1752de3) --- source4/setup/provision.pl | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index 99830bfc3f..512f0891c0 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -387,6 +387,8 @@ if (!$opt_users) { $opt_users = "users"; } elsif (defined getgrnam("guest")) { $opt_users = "guest"; + } elsif (defined getgrnam("other")) { + $opt_users = "other"; } } -- cgit From 9ab58c5e0127a66ae79cb867cfcf271734241b3d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jul 2005 05:45:42 +0000 Subject: r8315: fixed the generation of the serial number in the dns zone file (bind9 doesn't like it being too long) (This used to be commit fc93ade9cdfe97bdcd2383fa256877580707181c) --- source4/setup/provision.pl | 11 +++++++++++ source4/setup/provision.zone | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl index 512f0891c0..51c1d29631 100755 --- a/source4/setup/provision.pl +++ b/source4/setup/provision.pl @@ -85,6 +85,13 @@ sub timestring() $year+1900, $mon+1, $mday, $hour, $min, $sec; } +sub datestring() +{ + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); + return sprintf "%04u%02u%02u%02u", + $year+1900, $mon+1, $mday, $hour; +} + ####################### # substitute a single variable sub substitute($) @@ -135,6 +142,10 @@ sub substitute($) return timestring(); } + if ($var eq "DATESTRING") { + return datestring(); + } + if ($var eq "NEWGUID") { return randguid(); } diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index cde4caf092..0f5764dc11 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -2,7 +2,7 @@ $ORIGIN ${DNSDOMAIN}. $TTL 1W @ IN SOA @ hostmaster ( - ${TIMESTRING} ; serial + ${DATESTRING} ; serial 2D ; refresh 4H ; retry 6W ; expiry -- cgit From 07c2a1c09a97a069f3e569c4ec8f2628e6f13a93 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jul 2005 09:20:47 +0000 Subject: r8319: the start of a provision script in ejs. This is why I've been adding so many functions lately. so far it just parses options, works out the host IP, and user and group names (This used to be commit 333b32025fc2a33d2a145bbce9cdfefa252ec77a) --- source4/setup/provision | 150 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100755 source4/setup/provision (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision new file mode 100755 index 0000000000..406473f050 --- /dev/null +++ b/source4/setup/provision @@ -0,0 +1,150 @@ +#!/usr/bin/env smbscript +/* + provision a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +var options = new Object(); +ok = GetOptions(ARGV, options, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + 'realm=s', + 'domain=s', + 'domain-guid=s', + 'domain-sid=s', + 'host-name=s', + 'host-ip=s', + 'host-guid=s', + 'invocationid=s', + 'adminpass=s', + 'krbtgtpass=s', + 'machinepass=s', + 'root=s', + 'nobody=s', + 'nogroup=s', + 'wheel=s', + 'users=s', + 'outputdir=s', + 'quiet'); +if (ok == false) { + println("Failed to parse options: " + options.ERROR); + return -1; +} + +libinclude("base.js"); + +/* + print a message if quiet is not set +*/ +function message(s) +{ + if (options["quiet"] == undefined) { + println(s); + } +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 provisioning + +provision.pl [options] + --realm REALM set realm + --domain DOMAIN set domain + --domain-guid GUID set domainguid (otherwise random) + --domain-sid SID set domainsid (otherwise random) + --host-name HOSTNAME set hostname + --host-ip IPADDRESS set ipaddress + --host-guid GUID set hostguid (otherwise random) + --invocationid GUID set invocationid (otherwise random) + --outputdir OUTPUTDIR set output directory + --adminpass PASSWORD choose admin password (otherwise random) + --krbtgtpass PASSWORD choose krbtgt password (otherwise random) + --machinepass PASSWORD choose machine password (otherwise random) + --root USERNAME choose 'root' unix username + --nobody USERNAME choose 'nobody' user + --nogroup GROUPNAME choose 'nogroup' group + --wheel GROUPNAME choose 'wheel' privileged group + --users GROUPNAME choose 'users' group + --quiet Be quiet + +You must provide at least a realm and domain + +"); + exit(1); +} + +/* + main program +*/ +if (options["realm"] == undefined || + options["domain"] == undefined || + options["host-name"] == undefined) { + ShowHelp(); +} + +printVars(options); + +options.realm = strlower(options.realm); +options['host-name'] = strlower(options['host-name']); +options.domain = strupper(options.domain); +options.netbiosname = strupper(options.hostname); + +if (options.hostip == undefined) { + var list = IfaceList(); + options.hostip = list[0]; +} + +message("Provisioning for " + options.domain + " in realm " + options.realm); + +if (options["root"] == undefined) { + options.root = "root"; +} + +if (options["nobody"] == undefined) { + if (getpwnam("nobody") != undefined) { + options.nobody = "nobody"; + } +} + +printVars(options); +return 0; + +/* + +if (!$opt_nogroup) { + if (defined getgrnam("nogroup")) { + $opt_nogroup = "nogroup"; + } elsif (defined getgrnam("nobody")) { + $opt_nogroup = "nobody"; + } +} + +if (!$opt_wheel) { + if (defined getgrnam("wheel")) { + $opt_wheel = "wheel"; + } elsif (defined getgrnam("root")) { + $opt_wheel = "root"; + } +} + +if (!$opt_users) { + if (defined getgrnam("users")) { + $opt_users = "users"; + } elsif (defined getgrnam("guest")) { + $opt_users = "guest"; + } elsif (defined getgrnam("other")) { + $opt_users = "other"; + } +} + +$opt_nobody || die "Unable to determine a user for 'nobody'\n"; +$opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; +$opt_users || die "Unable to determine a group for 'users'\n"; +$opt_wheel || die "Unable to determine a group for 'wheel'\n"; +*/ -- cgit From 3e5649f79f910c9cad96a362d679f34453e60fa9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jul 2005 21:53:10 +0000 Subject: r8332: not done yet, but a lot closer (This used to be commit 1d9632877c088837b5c2a7497473e09913775488) --- source4/setup/provision | 216 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 175 insertions(+), 41 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 406473f050..b01ec97a86 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -5,7 +5,7 @@ Released under the GNU GPL v2 or later */ -var options = new Object(); +options = new Object(); ok = GetOptions(ARGV, options, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", @@ -45,6 +45,142 @@ function message(s) } } +/* + find a username from a list of possibilities +*/ +function finduser() +{ + var i, name = arguments[0]; + if (options[name] != undefined) { + return options[name]; + } + for (i=1;i Date: Tue, 12 Jul 2005 02:36:07 +0000 Subject: r8338: - added a substitute_var() js library function for doing hash driven substitution of variables in strings - the js provision script now correctly processes provision.ldif (This used to be commit c2946003e06c4898ba0444cd0b69d3203753be94) --- source4/setup/provision | 163 ++++++++++++++++++------------------------------ 1 file changed, 61 insertions(+), 102 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index b01ec97a86..86bc49e537 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -5,7 +5,7 @@ Released under the GNU GPL v2 or later */ -options = new Object(); +var options = new Object(); ok = GetOptions(ARGV, options, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", @@ -35,6 +35,9 @@ if (ok == false) { libinclude("base.js"); +/* used to generate sequence numbers for records */ +next_usn = 1; + /* print a message if quiet is not set */ @@ -46,139 +49,88 @@ function message(s) } /* - find a username from a list of possibilities + find a user or group from a list of possibilities */ -function finduser() +function findnss() { - var i, name = arguments[0]; - if (options[name] != undefined) { - return options[name]; - } - for (i=1;i= 2); + var nssfn = arguments[0]; + var name = arguments[1]; if (options[name] != undefined) { return options[name]; } - for (i=1;i Date: Tue, 12 Jul 2005 05:57:56 +0000 Subject: r8345: make the dn on the hklm ldif valid Jelmer, can you check this is OK? (This used to be commit 6d416656a02d02c6e60d980ba406a4b72e84811b) --- source4/setup/hklm.ldif | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif index a4ab32e233..6d449906cb 100644 --- a/source4/setup/hklm.ldif +++ b/source4/setup/hklm.ldif @@ -1,32 +1,32 @@ dn: @INDEXLIST @IDXATTR: key -dn: key=control,key=currentcontrolset,key=system,hive= +dn: key=control,key=currentcontrolset,key=system,hive=NONE key: control -dn: key=services,key=control,key=currentcontrolset,key=system,hive= +dn: key=services,key=control,key=currentcontrolset,key=system,hive=NONE key: services -dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive= +dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive=NONE value: ProductType data: LanmanNT type: 1 -dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive= +dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive=NONE key: productoptions -dn: key=system,hive= +dn: key=system,hive=NONE key: system -dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive= +dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive=NONE key: netlogon -dn: key=services,key=currentcontrolset,key=system,hive= +dn: key=services,key=currentcontrolset,key=system,hive=NONE key: services -dn: key=print,key=control,key=currentcontrolset,key=system,hive= +dn: key=print,key=control,key=currentcontrolset,key=system,hive=NONE key: print -dn: key=currentcontrolset,key=system,hive= +dn: key=currentcontrolset,key=system,hive=NONE key: currentcontrolset -- cgit From 23f79c5c9a7877a04ab3a169142dea7cb5742ff7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Jul 2005 06:02:20 +0000 Subject: r8347: replace the perl provision script with a ejs script I don't mind depending on perl at compile time, but I want to avoid depending on it at runtime. This also will make it easy to add web install wizard (This used to be commit f27a68176984c6856fad2e3a028458eb96943f80) --- source4/setup/provision | 79 +++++-- source4/setup/provision.pl | 514 --------------------------------------------- 2 files changed, 66 insertions(+), 527 deletions(-) delete mode 100755 source4/setup/provision.pl (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 86bc49e537..8766688de9 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -115,6 +115,13 @@ function ldaptime() return sys_ldaptime(sys_nttime()); } +function datestring() +{ + var t = sys_gmtime(sys_nttime()); + return sprintf("%04u%02u%02u%02u", + t.tm_year+1900, t.tm_mon+1, t.tm_mday, t.tm_hour); +} + /* return current time as a ldap time string */ @@ -133,6 +140,50 @@ function hostname() return s[0]; } + +/* + setup a ldb in the private dir + */ +function setup_ldb(ldif, dbname, subobj) +{ + var extra = ""; + if (arguments.length == 4) { + extra = arguments[3]; + } + printVars(lpGet("setup directory")); + + var db = lpGet("private dir") + "/" + dbname; + var src = lpGet("setup directory") + "/" + ldif; + + sys_unlink(db); + + var data = sys_file_load(src); + data = data + extra; + data = substitute_var(data, subobj); + + message("Creating " + db + "\n from " + src); + ok = ldbAdd(db, data); + assert(ok); +} + +/* + setup a file in the private dir + */ +function setup_file(template, fname, subobj) +{ + var f = lpGet("private dir") + "/" + fname; + var src = lpGet("setup directory") + "/" + template; + + sys_unlink(f); + + var data = sys_file_load(src); + data = substitute_var(data, subobj); + + message("Creating " + f + "\n from " + src); + ok = sys_file_save(f, data); + assert(ok); +} + /* show some help */ @@ -203,12 +254,6 @@ options.dnsdomain = strlower(options.realm); options.dnsname = strlower(options['host-name']) + "." + options.dnsdomain; options.basedn = "DC=" + join(",DC=", split(".", options.realm)); -var data = FileLoad("setup/provision.ldif"); -if (data == undefined) { - println("Unable to load provision.ldif"); - exit(1); -} - /* setup the substitution object */ @@ -224,6 +269,7 @@ subobj.DEFAULTSITE = "Default-First-Site-Name"; subobj.NEWGUID = randguid; subobj.NTTIME = nttime; subobj.LDAPTIME = ldaptime; +subobj.DATESTRING = datestring; subobj.USN = nextusn; for (r in options) { var key = strupper(join("", split("-", r))); @@ -231,13 +277,20 @@ for (r in options) { } -data = add_foreign(data, "S-1-5-7", "Anonymous", "${NOBODY}"); -data = add_foreign(data, "S-1-1-0", "World", "${NOGROUP}"); -data = add_foreign(data, "S-1-5-2", "Network", "${NOGROUP}"); -data = add_foreign(data, "S-1-5-18", "System", "${ROOT}"); -data = add_foreign(data, "S-1-5-11", "Authenticated Users", "${USERS}"); +var extradata = ""; +extradata = add_foreign(extradata, "S-1-5-7", "Anonymous", "${NOBODY}"); +extradata = add_foreign(extradata, "S-1-1-0", "World", "${NOGROUP}"); +extradata = add_foreign(extradata, "S-1-5-2", "Network", "${NOGROUP}"); +extradata = add_foreign(extradata, "S-1-5-18", "System", "${ROOT}"); +extradata = add_foreign(extradata, "S-1-5-11", "Authenticated Users", "${USERS}"); + +message("Using administrator password: " + subobj.ADMINPASS); -newdata = substitute_var(data, subobj); +setup_ldb("hklm.ldif", "hklm.ldb", subobj); +setup_ldb("provision.ldif", "sam.ldb", subobj, extradata); +setup_ldb("rootdse.ldif", "rootdse.ldb", subobj); +setup_ldb("secrets.ldif", "secrets.ldb", subobj); +setup_file("provision.zone", subobj.DNSDOMAIN + ".zone", subobj); -println(newdata); +message("All OK"); return 0; diff --git a/source4/setup/provision.pl b/source4/setup/provision.pl deleted file mode 100755 index 51c1d29631..0000000000 --- a/source4/setup/provision.pl +++ /dev/null @@ -1,514 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use Socket; -use Getopt::Long; - -my $opt_hostname = `hostname | cut -d. -f1`; -chomp $opt_hostname; -my $opt_hostip; -my $opt_realm; -my $opt_domain; -my $opt_adminpass; -my $opt_krbtgtpass; -my $opt_machinepass; -my $opt_root; -my $opt_nobody; -my $opt_nogroup; -my $opt_wheel; -my $opt_users; -my $opt_outputdir; -my $opt_quiet; -my $dnsdomain; -my $netbiosname; -my $dnsname; -my $basedn; -my $defaultsite = "Default-First-Site-Name"; -my $usn = 1; - -# return the current NTTIME as an integer -sub nttime() -{ - my $t = time(); - $t += (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)); - $t *= 1.0e7; - return sprintf("%.0f", $t); -} - -# generate a random guid. Not a good algorithm. -sub randguid() -{ - my $r1 = int(rand(2**32)); - my $r2 = int(rand(2**16)); - my $r3 = int(rand(2**16)); - my $r4 = int(rand(2**16)); - my $r5 = int(rand(2**32)); - my $r6 = int(rand(2**16)); - return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); -} - -my $opt_domainguid = randguid(); -my $opt_hostguid = randguid(); -my $opt_invocationid = randguid(); - -sub randsid() -{ - return sprintf("S-1-5-21-%d-%d-%d", - int(rand(10**8)), int(rand(10**8)), int(rand(10**8))); -} - -my $opt_domainsid = randsid(); - -# generate a random password. Poor algorithm :( -sub randpass() -{ - my $pass = ""; - my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; - for (my $i=0;$i<8;$i++) { - my $c = int(rand(length($chars))); - $pass .= substr($chars, $c, 1); - } - return $pass; -} - -sub ldaptime() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u%02u%02u.0Z", - $year+1900, $mon+1, $mday, $hour, $min, $sec; -} - -sub timestring() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u%02u%02u", - $year+1900, $mon+1, $mday, $hour, $min, $sec; -} - -sub datestring() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u", - $year+1900, $mon+1, $mday, $hour; -} - -####################### -# substitute a single variable -sub substitute($) -{ - my $var = shift; - - if ($var eq "BASEDN") { - return $basedn; - } - - if ($var eq "DOMAINSID") { - return $opt_domainsid; - } - - if ($var eq "DOMAIN") { - return $opt_domain; - } - - if ($var eq "REALM") { - return $opt_realm; - } - - if ($var eq "DNSDOMAIN") { - return $dnsdomain; - } - - if ($var eq "HOSTNAME") { - return $opt_hostname; - } - - if ($var eq "NETBIOSNAME") { - return $netbiosname; - } - - if ($var eq "DNSNAME") { - return $dnsname; - } - - if ($var eq "HOSTIP") { - return $opt_hostip; - } - - if ($var eq "LDAPTIME") { - return ldaptime(); - } - - if ($var eq "TIMESTRING") { - return timestring(); - } - - if ($var eq "DATESTRING") { - return datestring(); - } - - if ($var eq "NEWGUID") { - return randguid(); - } - - if ($var eq "NEWSCHEMAGUID") { - return randguid(); - } - - if ($var eq "DOMAINGUID") { - return $opt_domainguid; - } - - if ($var eq "HOSTGUID") { - return $opt_hostguid; - } - - if ($var eq "INVOCATIONID") { - return $opt_invocationid; - } - - if ($var eq "DEFAULTSITE") { - return $defaultsite; - } - - if ($var eq "ADMINPASS") { - return $opt_adminpass; - } - - if ($var eq "KRBTGTPASS") { - return $opt_krbtgtpass; - } - - if ($var eq "MACHINEPASS") { - return $opt_machinepass; - } - - if ($var eq "NTTIME") { - return "" . nttime(); - } - - if ($var eq "WHEEL") { - return $opt_wheel; - } - - if ($var eq "NOBODY") { - return $opt_nobody; - } - - if ($var eq "ROOT") { - return $opt_root; - } - - if ($var eq "NOGROUP") { - return $opt_nogroup; - } - - if ($var eq "USERS") { - return $opt_users; - } - - if ($var eq "USN") { - my $ret = $usn; - $usn = $ret + 1; - return $ret; - } - - die "ERROR: Uknown substitution variable $var\n"; -} - - -#################################################################### -# substitute all variables in a string -sub apply_substitutions($) -{ - my $data = shift; - my $res = ""; - while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { - my $sub = substitute($2); - $res .= "$1$sub"; - $data = $3; - } - $res .= $data; - return $res; -} - - -##################################################################### -# write a string into a file -sub FileSave($$) -{ - my($filename) = shift; - my($v) = shift; - local(*FILE); - open(FILE, ">$filename") || die "can't open $filename"; - print FILE $v; - close(FILE); -} - -##################################################################### -# read a file into a string -sub FileLoad($) -{ - my($filename) = shift; - local(*INPUTFILE); - open(INPUTFILE, $filename) || return undef; - my($saved_delim) = $/; - undef $/; - my($data) = ; - close(INPUTFILE); - $/ = $saved_delim; - return $data; -} - -####################################################################### -# add a foreign security principle -sub add_foreign($$$) -{ - my $sid = shift; - my $desc = shift; - my $unixname = shift; - return " -dn: CN=$sid,CN=ForeignSecurityPrincipals,\${BASEDN} -objectClass: top -objectClass: foreignSecurityPrincipal -cn: $sid -description: $desc -instanceType: 4 -whenCreated: \${LDAPTIME} -whenChanged: \${LDAPTIME} -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: $sid -objectGUID: \${NEWGUID} -objectSid: $sid -objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,\${BASEDN} -unixName: $unixname - -"; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 provisioning - -provision.pl [options] - --realm REALM set realm - --domain DOMAIN set domain - --domain-guid GUID set domainguid (otherwise random) - --domain-sid SID set domainsid (otherwise random) - --host-name HOSTNAME set hostname - --host-ip IPADDRESS set ipaddress - --host-guid GUID set hostguid (otherwise random) - --invocationid GUID set invocationid (otherwise random) - --outputdir OUTPUTDIR set output directory - --adminpass PASSWORD choose admin password (otherwise random) - --krbtgtpass PASSWORD choose krbtgt password (otherwise random) - --machinepass PASSWORD choose machine password (otherwise random) - --root USERNAME choose 'root' unix username - --nobody USERNAME choose 'nobody' user - --nogroup GROUPNAME choose 'nogroup' group - --wheel GROUPNAME choose 'wheel' privileged group - --users GROUPNAME choose 'users' group - --quiet Be quiet - -You must provide at least a realm and domain - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'realm=s' => \$opt_realm, - 'domain=s' => \$opt_domain, - 'domain-guid=s' => \$opt_domainguid, - 'domain-sid=s' => \$opt_domainsid, - 'host-name=s' => \$opt_hostname, - 'host-ip=s' => \$opt_hostip, - 'host-guid=s' => \$opt_hostguid, - 'invocationid=s' => \$opt_invocationid, - 'adminpass=s' => \$opt_adminpass, - 'krbtgtpass=s' => \$opt_krbtgtpass, - 'machinepass=s' => \$opt_machinepass, - 'root=s' => \$opt_root, - 'nobody=s' => \$opt_nobody, - 'nogroup=s' => \$opt_nogroup, - 'wheel=s' => \$opt_wheel, - 'users=s' => \$opt_users, - 'outputdir=s' => \$opt_outputdir, - 'quiet' => \$opt_quiet - ); - -if ($opt_help || - !$opt_realm || - !$opt_domain || - !$opt_hostname) { - ShowHelp(); -} - -$opt_realm=lc($opt_realm); -$opt_domain=uc($opt_domain); -$opt_hostname=lc($opt_hostname); -$netbiosname=uc($opt_hostname); - -if (!$opt_hostip) { - my $hip = gethostbyname($opt_hostname); - if (defined $hip) { - $opt_hostip = inet_ntoa($hip); - } else { - $opt_hostip = "<0.0.0.0>"; - } -} - -$opt_quiet or print "Provisioning host '$opt_hostname'[$opt_hostip] for domain '$opt_domain' in realm '$opt_realm'\n"; - -if (!$opt_root) { - $opt_root = "root"; -} - -if (!$opt_nobody) { - if (defined getpwnam("nobody")) { - $opt_nobody = "nobody"; - } -} - -if (!$opt_nogroup) { - if (defined getgrnam("nogroup")) { - $opt_nogroup = "nogroup"; - } elsif (defined getgrnam("nobody")) { - $opt_nogroup = "nobody"; - } -} - -if (!$opt_wheel) { - if (defined getgrnam("wheel")) { - $opt_wheel = "wheel"; - } elsif (defined getgrnam("root")) { - $opt_wheel = "root"; - } -} - -if (!$opt_users) { - if (defined getgrnam("users")) { - $opt_users = "users"; - } elsif (defined getgrnam("guest")) { - $opt_users = "guest"; - } elsif (defined getgrnam("other")) { - $opt_users = "other"; - } -} - -$opt_nobody || die "Unable to determine a user for 'nobody'\n"; -$opt_nogroup || die "Unable to determine a group for 'nogroup'\n"; -$opt_users || die "Unable to determine a group for 'users'\n"; -$opt_wheel || die "Unable to determine a group for 'wheel'\n"; - -$opt_quiet or print "Using nobody='$opt_nobody' nogroup='$opt_nogroup' wheel='$opt_wheel' users='$opt_users'\n"; - -$opt_quiet or print "generating ldif ...\n"; - -$dnsdomain = lc($opt_realm); -$dnsname = lc($opt_hostname).".".$dnsdomain; -$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); - -my $data = FileLoad("setup/provision.ldif") || die "Unable to load provision.ldif\n"; - -$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}"); -$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}"); -$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}"); -$data .= add_foreign("S-1-5-18", "System", "\${ROOT}"); -$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}"); - -if (!$opt_adminpass) { - $opt_adminpass = randpass(); - print "chose random Administrator password '$opt_adminpass'\n"; -} - -if (!$opt_krbtgtpass) { - $opt_krbtgtpass = randpass(); - print "chose random krbtgt password '$opt_krbtgtpass'\n"; -} - -if (!$opt_machinepass) { - $opt_machinepass = randpass(); - print "chose random machine password '$opt_machinepass'\n"; -} - -# allow provisioning to be run from the source directory -$ENV{"PATH"} = "bin:../bin:" . $ENV{"PATH"}; - - -my $res = apply_substitutions($data); - -my $newdb = $opt_outputdir; - -unless ($newdb) { - $newdb = "newdb." . int(rand(1000)); -} - -$opt_quiet or print "Putting new database files in $newdb\n"; - -unless ($opt_outputdir) { - mkdir($newdb, 0755) || die "Unable to create temporary directory $newdb\n"; -} - -FileSave("$newdb/sam.ldif", $res); - -$opt_quiet or print "creating $newdb/sam.ldb ...\n"; - -system("ldbadd -H $newdb/sam.ldb $newdb/sam.ldif") == 0 || die "Failed to create sam.ldb\n"; - -$data = FileLoad("setup/rootdse.ldif") || die "Unable to load rootdse.ldif\n"; - -$res = apply_substitutions($data); - -FileSave("$newdb/rootdse.ldif", $res); - -$opt_quiet or print "creating $newdb/rootdse.ldb ...\n"; - -system("ldbadd -H $newdb/rootdse.ldb $newdb/rootdse.ldif") == 0 || die "Failed to create rootdse.ldb\n"; - -$data = FileLoad("setup/secrets.ldif") || die "Unable to load secrets.ldif\n"; - -$res = apply_substitutions($data); - -FileSave("$newdb/secrets.ldif", $res); - -$opt_quiet or print "creating $newdb/secrets.ldb ...\n"; - -system("ldbadd -H $newdb/secrets.ldb $newdb/secrets.ldif") == 0 || die "Failed to create secrets.ldb\n"; - -$data = FileLoad("setup/provision.zone") || die "Unable to load provision.zone\n"; - -$res = apply_substitutions($data); - -$opt_quiet or print "saving dns zone to $newdb/$dnsdomain.zone ...\n"; - -FileSave("$newdb/$dnsdomain.zone", $res); - -$data = FileLoad("setup/provision.smb.conf") || die "Unable to load provision.smb.conf\n"; - -$res = apply_substitutions($data); - -$opt_quiet or print "saving smb.conf to $newdb/smb.conf ...\n"; - -FileSave("$newdb/smb.conf", $res); - -$opt_quiet or print "creating $newdb/hklm.ldb ... \n"; - -system("ldbadd -H $newdb/hklm.ldb setup/hklm.ldif") == 0 || die "Failed to create hklm.ldb\n"; - -$opt_quiet or print " - -Installation: -- Please move $newdb/*.ldb to the private/ directory of your - Samba4 installation -- Please move $newdb/smb.conf to the lib/ directory of your - Samba4 installation -- Please use $newdb/$dnsdomain.zone in BIND on your dns server -"; -- cgit From dd750b98af22c34cc6f50102f2dbe6c93ee94e32 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Jul 2005 06:12:52 +0000 Subject: r8350: fixed the --root option to provision (This used to be commit 506e07d6e064375aaee20133d722b6b44d63b083) --- source4/setup/provision | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 8766688de9..c388a10bf9 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -5,7 +5,7 @@ Released under the GNU GPL v2 or later */ -var options = new Object(); +options = new Object(); ok = GetOptions(ARGV, options, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", @@ -150,7 +150,6 @@ function setup_ldb(ldif, dbname, subobj) if (arguments.length == 4) { extra = arguments[3]; } - printVars(lpGet("setup directory")); var db = lpGet("private dir") + "/" + dbname; var src = lpGet("setup directory") + "/" + ldif; -- cgit From 26a55c330a8cd79da290b2ad0e15aaf94be6ebcf Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Jul 2005 06:57:25 +0000 Subject: r8355: - added a vsprintf() function - removed the --outputdir option from provision, as its not used any more (as ejs knows the real paths) (This used to be commit abbf9c703c17c2edc2d978dade3619a96c38d0d9) --- source4/setup/provision | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index c388a10bf9..f37907241e 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -26,7 +26,6 @@ ok = GetOptions(ARGV, options, 'nogroup=s', 'wheel=s', 'users=s', - 'outputdir=s', 'quiet'); if (ok == false) { println("Failed to parse options: " + options.ERROR); @@ -200,7 +199,6 @@ provision.pl [options] --host-ip IPADDRESS set ipaddress --host-guid GUID set hostguid (otherwise random) --invocationid GUID set invocationid (otherwise random) - --outputdir OUTPUTDIR set output directory --adminpass PASSWORD choose admin password (otherwise random) --krbtgtpass PASSWORD choose krbtgt password (otherwise random) --machinepass PASSWORD choose machine password (otherwise random) -- cgit From adb7fd18e5e58bc466bdd31d68423e5f958a1d5d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Jul 2005 11:46:34 +0000 Subject: r8372: - split out provisioning logic into a separate ejs library - added a provisioning web page (This used to be commit 7476cb94132cf2849ec19360468904ca6fe8de2c) --- source4/setup/provision | 205 ++---------------------------------------------- 1 file changed, 8 insertions(+), 197 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index f37907241e..56c526541d 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -33,153 +33,16 @@ if (ok == false) { } libinclude("base.js"); - -/* used to generate sequence numbers for records */ -next_usn = 1; +libinclude("provision.js"); /* print a message if quiet is not set */ -function message(s) +function message() { if (options["quiet"] == undefined) { - println(s); - } -} - -/* - find a user or group from a list of possibilities -*/ -function findnss() -{ - var i; - assert(arguments.length >= 2); - var nssfn = arguments[0]; - var name = arguments[1]; - if (options[name] != undefined) { - return options[name]; - } - for (i=2;i Date: Tue, 12 Jul 2005 12:04:54 +0000 Subject: r8373: New wildcard matching code. This code applies correct ldap standard wildcard matching code removes WILDCARD matching from tdb @ATTRIBUTES, that's now handled independently adds some more tests for wildcard matching fixes dn comparison code in ldb_match (This used to be commit 4eb5863042011988d85092d7dde3d809aa15bd59) --- source4/setup/provision.ldif | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index dc4188a28c..c731e8cae5 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -17,11 +17,8 @@ nETBIOSName: CASE_INSENSITIVE cn: CASE_INSENSITIVE dc: CASE_INSENSITIVE name: CASE_INSENSITIVE -name: WILDCARD dn: CASE_INSENSITIVE -dn: WILDCARD sAMAccountName: CASE_INSENSITIVE -sAMAccountName: WILDCARD objectClass: CASE_INSENSITIVE unicodePwd: HIDDEN ntPwdHash: HIDDEN -- cgit From afb160e20c0a5235cbe7dc1f8af3451b9afd0f68 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 Jul 2005 05:29:05 +0000 Subject: r8410: converted the newuser script to js (This used to be commit b90aa3c5a7cd7e91a8fc804c3cd9f2155761cf28) --- source4/setup/newuser | 141 +++++++++++++++++++++++++++++++++++++++++++++++ source4/setup/newuser.pl | 132 -------------------------------------------- source4/setup/provision | 2 +- 3 files changed, 142 insertions(+), 133 deletions(-) create mode 100755 source4/setup/newuser delete mode 100755 source4/setup/newuser.pl (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser new file mode 100755 index 0000000000..1a6fbdde27 --- /dev/null +++ b/source4/setup/newuser @@ -0,0 +1,141 @@ +#!/usr/bin/env smbscript +/* + add a new user to a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +options = new Object(); +ok = GetOptions(ARGV, options, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + 'username=s', + 'unixname=s', + 'password=s', + 'quiet'); +if (ok == false) { + println("Failed to parse options: " + options.ERROR); + return -1; +} + +libinclude("base.js"); + +var samdb = lpGet("sam database"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + search for one attribute as a string + */ +function search(db, expression, attribute) +{ + var attrs = new Array(attribute); + res = ldbSearch(db, expression, attrs); + if (res.length != 1 || + res[0][attribute] == undefined) { + return undefined; + } + return res[0][attribute]; +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 newuser + +newuser [options] + --username USERNAME choose new username + --unixname USERNAME choose unix name of new user + --password PASSWORD set password + +You must provide at least a username +"); + exit(1); +} + +if (options['username'] == undefined) { + ShowHelp(); +} +if (options['password'] == undefined) { + options.password = randpass(12); + printf("chose random password %s\n", options.password); +} +if (options['unixname'] == undefined) { + options.unixname = options.username; +} + +if (getpwnam(options.unixname) == undefined) { + printf("ERROR: Unix user '%s' does not exist\n", options.unixname); + exit(1); +} + +if (search(samdb, "name=" + options.username, "dn") != undefined) { + printf("ERROR: User '%s' already exists\n", options.username); + exit(1); +} + +var domain_dn = search(samdb, "objectClass=domainDNS", "dn"); +assert(domain_dn != undefined); +var dom_users = search(samdb, "name=Domain Users", "dn"); +assert(dom_users != undefined); + +var user_dn = sprintf("CN=%s,CN=Users,%s", options.username, domain_dn); + +/* + the new user record. note the reliance on the samdb module to fill + in a sid, guid etc + */ +var ldif = sprintf(" +dn: %s +sAMAccountName: %s +name: %s +memberOf: %s +unixName: %s +objectGUID: %s +unicodePwd: %s +objectClass: user +", + user_dn, options.username, options.username, dom_users, + options.unixname, randguid(), options.password); + +/* + add the user to the users group as well +*/ +var modgroup = sprintf(" +dn: %s +changetype: modify +add: member +member: %s +", dom_users, user_dn); + +/* + now the real work + */ +message("Adding user %s\n", user_dn); +ok = ldbAdd(samdb, ldif); +if (ok != true) { + message("Failed to add %s\n", user_dn); + exit(1); +} + +message("Modifying group %s\n", dom_users); +ok = ldbModify(samdb, modgroup); +if (ok != true) { + message("Failed to modify %s\n", dom_users); + exit(1); +} + +message("All OK\n"); +return 0; diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl deleted file mode 100755 index dc9613e4aa..0000000000 --- a/source4/setup/newuser.pl +++ /dev/null @@ -1,132 +0,0 @@ -#!/usr/bin/perl -w -# simple hack script to add a new user for Samba4 - - -use strict; -use Socket; -use Getopt::Long; - -my $opt_password; -my $opt_username; -my $opt_unixname; -my $opt_samdb = "/usr/local/samba/private/sam.ldb"; - - -# generate a random guid. Not a good algorithm. -sub randguid() -{ - my $r1 = int(rand(2**32)); - my $r2 = int(rand(2**16)); - my $r3 = int(rand(2**16)); - my $r4 = int(rand(2**16)); - my $r5 = int(rand(2**32)); - my $r6 = int(rand(2**16)); - return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); -} - -# generate a random password. Poor algorithm :( -sub randpass() -{ - my $pass = ""; - my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; - for (my $i=0;$i<8;$i++) { - my $c = int(rand(length($chars))); - $pass .= substr($chars, $c, 1); - } - return $pass; -} - -sub search($$) -{ - my $expr = shift; - my $attrib = shift; - my $res = `ldbsearch -H $opt_samdb \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; - chomp $res; - return $res; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 newuser - -newuser.pl [options] - --username USERNAME choose new username - --password PASSWORD set password - --samdb DBPATH path to sam.ldb - -You must provide at least a username - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'username=s' => \$opt_username, - 'unixname=s' => \$opt_unixname, - 'password=s' => \$opt_password, - 'samdb=s' => \$opt_samdb - ); - -if ($opt_help || !$opt_username) { - ShowHelp(); -} - -if (!$opt_password) { - $opt_password = randpass(); - print "chose random password '$opt_password'\n"; -} - -if (!$opt_unixname) { - $opt_unixname = $opt_username; -} - -my $res = ""; - -# allow provisioning to be run from the source directory -$ENV{"PATH"} .= ":bin:../bin"; - -$ENV{"LDB_URL"} = $opt_samdb; - -my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); -my $domain_dn = search("(objectClass=domainDNS)", "dn"); - -my $ldif = `ldbsearch -H $opt_samdb 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; -chomp $ldif; - -my $dom_users = search("name=Domain Users", "dn"); - - -$ldif .= "sAMAccountName: $opt_username\n"; -$ldif .= "name: $opt_username\n"; -$ldif .= "objectGUID: " . randguid() . "\n"; -$ldif .= "memberOf: $dom_users\n"; -$ldif .= "userAccountControl: 0x10200\n"; -$ldif .= "sAMAccountType: 0x30000000\n"; -$ldif .= "unicodePwd: $opt_password\n"; -$ldif .= "unixName: $opt_unixname\n"; - -my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; - -open FILE, ">newuser.ldif"; -print FILE "dn: $user_dn\n"; -print FILE "objectClass: user\n"; -print FILE "$ldif\n"; -close FILE; - -open FILE, ">modgroup.ldif"; -print FILE " -dn: CN=Domain Users,CN=Users,$domain_dn -changetype: modify -add: member -member: $user_dn -"; -close FILE; - -system("ldbadd newuser.ldif"); -system("ldbmodify modgroup.ldif"); diff --git a/source4/setup/provision b/source4/setup/provision index 56c526541d..c516b97f2d 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -53,7 +53,7 @@ function ShowHelp() print(" Samba4 provisioning -provision.pl [options] +provision [options] --realm REALM set realm --domain DOMAIN set domain --domain-guid GUID set domainguid (otherwise random) -- cgit From bca5b59fdf1512f3acc73cacf11d1d0ba1e34f53 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 Jul 2005 06:08:35 +0000 Subject: r8415: get rid of the last 2 runtime perl scripts (This used to be commit b775884474bd28c0c3d45546b1bf3ac52601ed24) --- source4/setup/dcpromo.pl | 225 ----------------------------------------------- source4/setup/rootdse.pl | 152 -------------------------------- 2 files changed, 377 deletions(-) delete mode 100755 source4/setup/dcpromo.pl delete mode 100755 source4/setup/rootdse.pl (limited to 'source4/setup') diff --git a/source4/setup/dcpromo.pl b/source4/setup/dcpromo.pl deleted file mode 100755 index 56461ae825..0000000000 --- a/source4/setup/dcpromo.pl +++ /dev/null @@ -1,225 +0,0 @@ -#!/usr/bin/perl -w - -################################################### -# package to generate samba ads configuration -# Copyright metze@samba.org 2004 - -# released under the GNU GPL - -use strict; -use Data::Dumper; - -sub print_options($$) { - my $ads = shift; - my $ctx = shift; - my @arr; - my $i; - my $len; - - print "options:\n"; - - @arr = @{$ctx}; - $len = $#arr; - for($i = 0; $i <= $len; $i++) { - my $val = $ctx->[$i]; - print "\t".$i.": ".$val->{TEXT}."\n"; - } - - print "choise []:"; -} - -sub read_option($$) { - my $ads = shift; - my $ctx = shift; - my $val; - - $val = ; - - return $val; -} - -sub call_option($$$) { - my $ads = shift; - my $ctx = shift; - my $switch = shift; - my $val; - my $funcref; - - $val = $ctx->[$switch]; - - $funcref = $val->{ACTION}; - - &$funcref($ads); -} - -sub ask_option($$) { - my $ads = shift; - my $ctx = shift; - my $ret; - - print_options($ads, $ctx); - - $ret = read_option($ads, $ctx); - - call_option($ads, $ctx, $ret); -} - -sub create_ads_tree($) { - my $ads = shift; - - print "Create ADS Domain:\n"; - print Dumper($ads); -} - -sub do_new_domain_in_entire_structure($) { - my $ads; - my $domain_dns; - my $domain_netbios; - - $ads->{NEW_DOMAIN} = 1; - $ads->{NEW_FOREST} = 1; - - print "full dns name of the new domain []:"; - $domain_dns = ; - chomp $domain_dns; - $ads->{FULL_DNS_NAME} = $domain_dns; - - print "netbios name of the new domain []:"; - $domain_netbios = ; - chomp $domain_netbios; - $ads->{NETBIOS} = $domain_netbios; - - create_ads_tree($ads); -} - -sub do_sub_domain_in_existing_structure($) { - my $ads = shift; - my $user_name; - my $user_domain; - my $user_password; - my $top_dns; - my $domain_dns; - my $domain_netbios; - my $db_folder; - my $db_logs; - my $sysvol_folder; - my $admin_password1; - my $admin_password2; - - $ads->{NEW_DOMAIN} = 1; - $ads->{NEW_FOREST} = 0; - - print "User Name []:"; - $user_name = ; - chomp $user_name; - $ads->{USER}{NAME} = $user_name; - - print "User Domain []:"; - $user_domain = ; - chomp $user_domain; - $ads->{USER}{DOMAIN} = $user_domain; - - print "User Password []:"; - $user_password = ; - chomp $user_password; - $ads->{USER}{PASSWORD} = $user_password; - - print "full dns name of the top domain []:"; - $top_dns = ; - chomp $top_dns; - $ads->{TOP_DNS_NAME} = $top_dns; - - print "suffix of the new domain []:"; - $domain_dns = ; - chomp $domain_dns; - $ads->{FULL_DNS_NAME} = $domain_dns.".".$top_dns; - - print "netbios name of the new domain []:"; - $domain_netbios = ; - chomp $domain_netbios; - $ads->{NETBIOS} = $domain_netbios; - - print "folder for database files []:"; - $db_folder = ; - chomp $db_folder; - $ads->{DB_FOLDER} = $db_folder; - - print "folder for database logs []:"; - $db_logs = ; - chomp $db_logs; - $ads->{DB_LOGS} = $db_logs; - - print "folder for SYSVOL []:"; - $sysvol_folder = ; - chomp $sysvol_folder; - $ads->{SYSVOL_FOLDER} = $sysvol_folder; - - # - # test DNS here - # - - # - # test mixed/native here - # - - print "Administrator password []:"; - $admin_password1 = ; - chomp $admin_password1; - print "retype Administrator password []:"; - $admin_password2 = ; - chomp $admin_password2; - if ($admin_password1 eq $admin_password2) { - $ads->{ADMIN_PASSWORD} = $admin_password1; - } else { - $ads->{ADMIN_PASSWORD} = ""; - } - - create_ads_tree($ads); -} - -sub do_sub_structure_in_global_structure($) { - print "go on with do_sub_structure_in_global_structure\n"; -} - -sub do_new_domain($) { - my $ads = shift; - my $ctx; - - $ctx->[0]{TEXT} = "new domain in entire structure"; - $ctx->[0]{ACTION} = \&do_new_domain_in_entire_structure; - - $ctx->[1]{TEXT} = "sub domain in existing structure"; - $ctx->[1]{ACTION} = \&do_sub_domain_in_existing_structure; - - $ctx->[2]{TEXT} = "sub structure in global structure"; - $ctx->[2]{ACTION} = \&do_sub_structure_in_global_structure; - - ask_option($ads ,$ctx); -} - -sub do_existing_domain($) { - print "go on with do existing domain\n"; -} - -sub ask_new_or_exist_domain($) { - my $ads = shift; - my $ctx; - - $ctx->[0]{TEXT} = "new domain"; - $ctx->[0]{ACTION} = \&do_new_domain; - - $ctx->[1]{TEXT} = "existing domain"; - $ctx->[1]{ACTION} = \&do_existing_domain; - - ask_option($ads, $ctx); -} - -sub main { - my $ads; - - $ads->{ADS_TREE} = 1; - - ask_new_or_exist_domain($ads); -} - -main(); diff --git a/source4/setup/rootdse.pl b/source4/setup/rootdse.pl deleted file mode 100755 index 799019fad8..0000000000 --- a/source4/setup/rootdse.pl +++ /dev/null @@ -1,152 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use Getopt::Long; - -my $opt_hostname = `hostname`; -chomp $opt_hostname; -my $netbiosname; -my $opt_realm; -my $opt_domain; -my $dnsdomain; -my $dnsname; -my $basedn; - -sub ldaptime() -{ - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime(time); - return sprintf "%04u%02u%02u%02u%02u%02u.0Z", - $year+1900, $mon+1, $mday, $hour, $min, $sec; -} - -####################### -# substitute a single variable -sub substitute($) -{ - my $var = shift; - - if ($var eq "BASEDN") { - return $basedn; - } - - if ($var eq "NETBIOSNAME") { - return $netbiosname; - } - - if ($var eq "DNSNAME") { - return $dnsname; - } - - if ($var eq "DNSDOMAIN") { - return $dnsdomain; - } - - die "ERROR: Uknown substitution variable $var\n"; -} - -##################################################################### -# write a string into a file -sub FileSave($$) -{ - my($filename) = shift; - my($v) = shift; - local(*FILE); - open(FILE, ">$filename") || die "can't open $filename"; - print FILE $v; - close(FILE); -} - -##################################################################### -# read a file into a string -sub FileLoad($) -{ - my($filename) = shift; - local(*INPUTFILE); - open(INPUTFILE, $filename) || return undef; - my($saved_delim) = $/; - undef $/; - my($data) = ; - close(INPUTFILE); - $/ = $saved_delim; - return $data; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 provisioning - -rootdse.pl [options] - --realm REALM set realm - --domain DOMAIN set domain - --hostname HOSTNAME set hostname - -You must provide at least a realm and domain - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'realm=s' => \$opt_realm, - 'domain=s' => \$opt_domain, - 'hostname=s' => \$opt_hostname, - ); - -if ($opt_help || - !$opt_realm || - !$opt_domain || - !$opt_hostname) { - ShowHelp(); -} - -$opt_realm=uc($opt_realm); -$opt_domain=uc($opt_domain); -$opt_hostname=lc($opt_hostname); -$netbiosname=uc($opt_hostname); - -print "Provisioning host '$opt_hostname' with netbios name '$netbiosname' for domain '$opt_domain' in realm '$opt_realm'\n"; - -print "generating ldif ...\n"; - -$dnsdomain = lc($opt_realm); -$dnsname = $opt_hostname.".".$dnsdomain; -$basedn = "DC=" . join(",DC=", split(/\./, $opt_realm)); - -my $data = FileLoad("rootdse.ldif") || die "Unable to load rootdse.ldif\n"; - -my $res = ""; - -print "applying substitutions ...\n"; - -while ($data =~ /(.*?)\$\{(\w*)\}(.*)/s) { - my $sub = substitute($2); - $res .= "$1$sub"; - $data = $3; -} -$res .= $data; - -print "saving ldif to newrootdse.ldif ...\n"; - -FileSave("newrootdse.ldif", $res); - -unlink("newrootdse.ldb"); - -print "creating newrootdse.ldb ...\n"; - -# allow provisioning to be run from the source directory -$ENV{"PATH"} .= ":bin:../bin"; - -system("ldbadd -H newrootdse.ldb newrootdse.ldif"); - -print "done - -Please move newrootdse.ldb to rootdse.ldb in the private/ directory of your -Samba4 installation -"; - -- cgit From 8858542b2691e26e1dfea60b4d1073a81df92fc5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Jul 2005 09:51:49 +0000 Subject: r8459: move to the more portable script execution method (This used to be commit d7e4dcaaaa37c4992f763e37ca2d655e4d267283) --- source4/setup/newuser | 3 ++- source4/setup/provision | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 1a6fbdde27..5c426e3848 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -1,4 +1,5 @@ -#!/usr/bin/env smbscript +#!/bin/sh +exec smbscript "$0" ${1+"$@"} /* add a new user to a Samba4 server Copyright Andrew Tridgell 2005 diff --git a/source4/setup/provision b/source4/setup/provision index c516b97f2d..7cd05538b5 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -1,4 +1,5 @@ -#!/usr/bin/env smbscript +#!/bin/sh +exec smbscript "$0" ${1+"$@"} /* provision a Samba4 server Copyright Andrew Tridgell 2005 -- cgit From 09fb6d2280187527898ae5af9c266c7474901dac Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 18 Jul 2005 23:58:18 +0000 Subject: r8558: move newuser logic into the provision.js lib (This used to be commit b6ef32ddd1fdca0d40a12f34fa5f7a484b3c2071) --- source4/setup/newuser | 73 ++------------------------------------------------- 1 file changed, 2 insertions(+), 71 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 5c426e3848..4471e70919 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -21,8 +21,8 @@ if (ok == false) { } libinclude("base.js"); +libinclude("provision.js"); -var samdb = lpGet("sam database"); /* print a message if quiet is not set @@ -34,20 +34,6 @@ function message() } } -/* - search for one attribute as a string - */ -function search(db, expression, attribute) -{ - var attrs = new Array(attribute); - res = ldbSearch(db, expression, attrs); - if (res.length != 1 || - res[0][attribute] == undefined) { - return undefined; - } - return res[0][attribute]; -} - /* show some help */ @@ -82,61 +68,6 @@ if (getpwnam(options.unixname) == undefined) { exit(1); } -if (search(samdb, "name=" + options.username, "dn") != undefined) { - printf("ERROR: User '%s' already exists\n", options.username); - exit(1); -} - -var domain_dn = search(samdb, "objectClass=domainDNS", "dn"); -assert(domain_dn != undefined); -var dom_users = search(samdb, "name=Domain Users", "dn"); -assert(dom_users != undefined); - -var user_dn = sprintf("CN=%s,CN=Users,%s", options.username, domain_dn); - -/* - the new user record. note the reliance on the samdb module to fill - in a sid, guid etc - */ -var ldif = sprintf(" -dn: %s -sAMAccountName: %s -name: %s -memberOf: %s -unixName: %s -objectGUID: %s -unicodePwd: %s -objectClass: user -", - user_dn, options.username, options.username, dom_users, - options.unixname, randguid(), options.password); - -/* - add the user to the users group as well -*/ -var modgroup = sprintf(" -dn: %s -changetype: modify -add: member -member: %s -", dom_users, user_dn); - -/* - now the real work - */ -message("Adding user %s\n", user_dn); -ok = ldbAdd(samdb, ldif); -if (ok != true) { - message("Failed to add %s\n", user_dn); - exit(1); -} - -message("Modifying group %s\n", dom_users); -ok = ldbModify(samdb, modgroup); -if (ok != true) { - message("Failed to modify %s\n", dom_users); - exit(1); -} +newuser(options.username, options.unixname, options.password, message); -message("All OK\n"); return 0; -- cgit From 2f5f01567b4c30cd764843a1ca0c7ab6d9bc0882 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 20 Jul 2005 10:07:48 +0000 Subject: r8643: - make lp_configfile() work again - get rid of redundeny dyn_CONFIGFILE argument to lp_load() - fixed provisioning to work with completely pristine install, creating an initial smb.conf is none is present - added lp.set() and lp.reload() to loadparm ejs object interface (This used to be commit c2691ef7126ddcee5f95970b78759b40a049d0a7) --- source4/setup/provision | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 7cd05538b5..90363fcf20 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -92,6 +92,12 @@ if (options["realm"] == undefined || ShowHelp(); } +/* cope with an initially blank smb.conf */ +var lp = loadparm_init(); +lp.set("realm", options.realm); +lp.set("workgroup", options.domain); +lp.reload(); + var subobj = provision_guess(); for (r in options) { var key = strupper(join("", split("-", r))); -- cgit From 24d2107324982d8ad69fb89d13037ba591f49534 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 20 Jul 2005 11:43:23 +0000 Subject: r8650: Use the timestamps and a new objectguid module rather than placing boilerplate attributes in every entry in provision.ldif. The next step will be to use templates. Andrew Bartlett (This used to be commit 940ed9827f5ab83b668a60a2b0110567dd54c3e2) --- source4/setup/provision.ldif | 201 -------------------------------------- source4/setup/provision_init.ldif | 51 ++++++++++ 2 files changed, 51 insertions(+), 201 deletions(-) create mode 100644 source4/setup/provision_init.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c731e8cae5..bc4505e8a4 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,54 +1,3 @@ -dn: @INDEXLIST -@IDXATTR: name -@IDXATTR: sAMAccountName -@IDXATTR: objectSid -@IDXATTR: objectClass -@IDXATTR: member -@IDXATTR: unixID -@IDXATTR: unixName -@IDXATTR: privilege - -dn: @ATTRIBUTES -userPrincipalName: CASE_INSENSITIVE -servicePrincipalName: CASE_INSENSITIVE -dnsDomain: CASE_INSENSITIVE -dnsRoot: CASE_INSENSITIVE -nETBIOSName: CASE_INSENSITIVE -cn: CASE_INSENSITIVE -dc: CASE_INSENSITIVE -name: CASE_INSENSITIVE -dn: CASE_INSENSITIVE -sAMAccountName: CASE_INSENSITIVE -objectClass: CASE_INSENSITIVE -unicodePwd: HIDDEN -ntPwdHash: HIDDEN -ntPwdHistory: HIDDEN -lmPwdHash: HIDDEN -lmPwdHistory: HIDDEN -createTimestamp: HIDDEN -modifyTimestamp: HIDDEN -groupType: INTEGER -sAMAccountType: INTEGER -systemFlags: INTEGER -userAccountControl: INTEGER - -dn: @SUBCLASSES -top: domain -top: person -top: group -domain: domainDNS -domain: builtinDomain -person: organizationalPerson -organizationalPerson: user -user: computer -template: userTemplate -template: groupTemplate - -#Add modules to the list to activate them by default -#beware often order is important -dn: @MODULES -@LIST: samldb,timestamps - ############################### # Domain Naming Context ############################### @@ -66,8 +15,6 @@ forceLogoff: 0x8000000000000000 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 maxPwdAge: -37108517437440 @@ -96,13 +43,10 @@ objectClass: container cn: Users description: Default container for upgraded user accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Users -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -113,13 +57,10 @@ objectClass: container cn: Computers description: Default container for upgraded computer accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Computers -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -130,13 +71,10 @@ objectClass: organizationalUnit ou: Domain Controllers description: Default container for domain controllers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: Domain Controllers -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -147,13 +85,10 @@ objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE name: ForeignSecurityPrincipals -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -164,13 +99,10 @@ objectClass: container cn: System description: Builtin system settings instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: System -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -180,13 +112,10 @@ objectclass: top objectclass: rIDManager cn: RID Manager$ instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: RID Manager$ -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -198,13 +127,10 @@ objectClass: top objectClass: container cn: DomainUpdates instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: DomainUpdates -objectGUID: ${NEWGUID} objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} @@ -212,13 +138,10 @@ objectClass: top objectClass: container cn: Windows2003Update instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Windows2003Update -objectGUID: ${NEWGUID} objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} revision: 8 @@ -227,13 +150,10 @@ objectclass: top objectclass: infrastructureUpdate cn: Infrastructure instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Infrastructure -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -272,8 +192,6 @@ objectClass: user cn: Administrator description: Built-in account for administering the computer/domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} memberOf: CN=Domain Admins,CN=Users,${BASEDN} @@ -282,7 +200,6 @@ memberOf: CN=Schema Admins,CN=Users,${BASEDN} memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Administrator -objectGUID: ${NEWGUID} userAccountControl: 0x10200 badPwdCount: 0 codePage: 0 @@ -311,13 +228,10 @@ objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Guest -objectGUID: ${NEWGUID} userAccountControl: 0x10222 badPwdCount: 0 codePage: 0 @@ -344,12 +258,9 @@ member: CN=Domain Admins,CN=Users,${BASEDN} member: CN=Enterprise Admins,CN=Users,${BASEDN} member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Administrators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators @@ -392,12 +303,9 @@ cn: Users description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications member: CN=Domain Users,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-545 sAMAccountName: Users sAMAccountType: 0x20000000 @@ -414,12 +322,9 @@ description: Guests have the same access as members of the Users group by defaul member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Guests -objectGUID: ${NEWGUID} objectSid: S-1-5-32-546 sAMAccountName: Guests sAMAccountType: 0x20000000 @@ -435,12 +340,9 @@ objectClass: group cn: Print Operators description: Members can administer domain printers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Print Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators @@ -459,12 +361,9 @@ objectClass: group cn: Backup Operators description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Backup Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators @@ -484,12 +383,9 @@ objectClass: group cn: Replicator description: Supports file replication in a domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Replicator -objectGUID: ${NEWGUID} objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator @@ -505,12 +401,9 @@ objectClass: group cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Remote Desktop Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users sAMAccountType: 0x20000000 @@ -525,12 +418,9 @@ objectClass: group cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Network Configuration Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators sAMAccountType: 0x20000000 @@ -545,12 +435,9 @@ objectClass: group cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Performance Monitor Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users sAMAccountType: 0x20000000 @@ -565,12 +452,9 @@ objectClass: group cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Performance Log Users -objectGUID: ${NEWGUID} objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users sAMAccountType: 0x20000000 @@ -587,8 +471,6 @@ objectClass: user objectClass: computer cn: ${NETBIOSNAME} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: ${NETBIOSNAME} @@ -626,13 +508,10 @@ objectClass: user cn: krbtgt description: Key Distribution Center Service Account instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: krbtgt -objectGUID: ${NEWGUID} userAccountControl: 514 badPwdCount: 0 codePage: 0 @@ -659,12 +538,9 @@ objectClass: group cn: Domain Computers description: All workstations and servers joined to the domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Domain Computers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers sAMAccountType: 0x10000000 @@ -678,12 +554,9 @@ objectClass: group cn: Domain Controllers description: All domain controllers in the domain instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Domain Controllers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-516 adminCount: 1 sAMAccountName: Domain Controllers @@ -699,12 +572,9 @@ cn: Schema Admins description: Designated administrators of the schema member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Schema Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins @@ -721,13 +591,10 @@ cn: Enterprise Admins description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Enterprise Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins @@ -743,12 +610,9 @@ objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Cert Publishers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers sAMAccountType: 0x20000000 @@ -763,13 +627,10 @@ cn: Domain Admins description: Designated administrators of the domain member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Admins -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins @@ -785,13 +646,10 @@ objectClass: group cn: Domain Users description: All domain users instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Users,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Users -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users sAMAccountType: 0x10000000 @@ -806,13 +664,10 @@ objectClass: group cn: Domain Guests description: All domain guests instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Guests -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests sAMAccountType: 0x10000000 @@ -827,12 +682,9 @@ cn: Group Policy Creator Owners description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Group Policy Creator Owners -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners sAMAccountType: 0x10000000 @@ -847,12 +699,9 @@ objectClass: group cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: RAS and IAS Servers -objectGUID: ${NEWGUID} objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 0x20000000 @@ -866,12 +715,9 @@ objectClass: group cn: Server Operators description: Members can administer domain servers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Server Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -893,12 +739,9 @@ objectClass: group cn: Account Operators description: Members can administer domain user and group accounts instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 name: Account Operators -objectGUID: ${NEWGUID} objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators @@ -915,13 +758,10 @@ objectClass: container cn: Templates description: Container for SAM account templates instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: Templates -objectGUID: ${NEWGUID} systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -1066,13 +906,10 @@ objectClass: top objectClass: configuration cn: Configuration instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Configuration -objectGUID: ${NEWGUID} objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -1083,13 +920,10 @@ objectClass: top objectClass: crossRefContainer cn: Partitions instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Partitions -objectGUID: ${NEWGUID} systemFlags: 0x80000000 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} msDS-Behavior-Version: 0 @@ -1100,13 +934,10 @@ objectClass: top objectClass: crossRef cn: Enterprise Configuration instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Enterprise Configuration -objectGUID: ${NEWGUID} systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Configuration,${BASEDN} @@ -1117,13 +948,10 @@ objectClass: top objectClass: crossRef cn: Enterprise Schema instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Enterprise Schema -objectGUID: ${NEWGUID} systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Schema,CN=Configuration,${BASEDN} @@ -1134,13 +962,10 @@ objectClass: top objectClass: crossRef cn: ${DOMAIN} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: ${DOMAIN} -objectGUID: ${NEWGUID} systemFlags: 0x00000003 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: ${BASEDN} @@ -1152,13 +977,10 @@ objectClass: top objectClass: sitesContainer cn: Sites instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Sites -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -1167,13 +989,10 @@ objectClass: top objectClass: site cn: Sites instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Sites -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} @@ -1182,13 +1001,10 @@ objectClass: top objectClass: serversContainer cn: Servers instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Servers -objectGUID: ${NEWGUID} systemFlags: 0x82000000 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -1197,13 +1013,10 @@ objectClass: top objectClass: server cn: ${NETBIOSNAME} instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: ${NETBIOSNAME} -objectGUID: ${NEWGUID} systemFlags: 0x52000000 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} dNSHostName: ${DNSNAME} @@ -1215,8 +1028,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE @@ -1233,43 +1044,34 @@ objectClass: top objectClass: container cn: Services instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Services systemFlags: 0x80000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top objectClass: container cn: Windows NT instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Windows NT objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} objectClass: top objectClass: nTDSService cn: Directory Service instanceType: 4 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Directory Service objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${NEWGUID} sPNMappings: host=ldap,dns,cifs @@ -1281,13 +1083,10 @@ objectClass: top objectClass: dMD cn: Schema instanceType: 13 -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE name: Schema -objectGUID: ${NEWGUID} objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif new file mode 100644 index 0000000000..cbe561eee9 --- /dev/null +++ b/source4/setup/provision_init.ldif @@ -0,0 +1,51 @@ +dn: @INDEXLIST +@IDXATTR: name +@IDXATTR: sAMAccountName +@IDXATTR: objectSid +@IDXATTR: objectClass +@IDXATTR: member +@IDXATTR: unixID +@IDXATTR: unixName +@IDXATTR: privilege + +dn: @ATTRIBUTES +userPrincipalName: CASE_INSENSITIVE +servicePrincipalName: CASE_INSENSITIVE +dnsDomain: CASE_INSENSITIVE +dnsRoot: CASE_INSENSITIVE +nETBIOSName: CASE_INSENSITIVE +cn: CASE_INSENSITIVE +dc: CASE_INSENSITIVE +name: CASE_INSENSITIVE +dn: CASE_INSENSITIVE +sAMAccountName: CASE_INSENSITIVE +objectClass: CASE_INSENSITIVE +unicodePwd: HIDDEN +ntPwdHash: HIDDEN +ntPwdHistory: HIDDEN +lmPwdHash: HIDDEN +lmPwdHistory: HIDDEN +createTimestamp: HIDDEN +modifyTimestamp: HIDDEN +groupType: INTEGER +sAMAccountType: INTEGER +systemFlags: INTEGER +userAccountControl: INTEGER + +dn: @SUBCLASSES +top: domain +top: person +top: group +domain: domainDNS +domain: builtinDomain +person: organizationalPerson +organizationalPerson: user +user: computer +template: userTemplate +template: groupTemplate + +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: samldb,timestamps,objectguid + -- cgit From 6173fad23171add5b1d143f6c15fb36842811135 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 02:12:20 +0000 Subject: r8660: Use templates for the initial provision of user and computer accounts. This ensures the templating code is used, and also makes it clearer what I need to duplicate in the vampire area. Also fix a silly bug in the template application code (the samdb module) that caused templates to be compleatly unused (my fault, from my commit last night). Andrew Bartlett (This used to be commit 4a8ef7197ff938942832034453f843cb8a50f2d1) --- source4/setup/provision.ldif | 232 --------------------------------- source4/setup/provision_templates.ldif | 150 +++++++++++++++++++++ 2 files changed, 150 insertions(+), 232 deletions(-) create mode 100644 source4/setup/provision_templates.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index bc4505e8a4..10ea5248c8 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -191,7 +191,6 @@ objectClass: organizationalPerson objectClass: user cn: Administrator description: Built-in account for administering the computer/domain -instanceType: 4 uSNCreated: 1 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} memberOf: CN=Domain Admins,CN=Users,${BASEDN} @@ -201,21 +200,10 @@ memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 name: Administrator userAccountControl: 0x10200 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 objectSid: ${DOMAINSID}-500 adminCount: 1 accountExpires: -1 -logonCount: 0 sAMAccountName: Administrator -sAMAccountType: 0x30000000 -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unicodePwd: ${ADMINPASS} unixName: ${ROOT} @@ -227,26 +215,14 @@ objectClass: organizationalPerson objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain -instanceType: 4 uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Guest userAccountControl: 0x10222 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 -accountExpires: -1 -logonCount: 0 sAMAccountName: Guest -sAMAccountType: 0x30000000 -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE dn: CN=Administrators,CN=Builtin,${BASEDN} @@ -257,7 +233,6 @@ description: Administrators have complete and unrestricted access to the compute member: CN=Domain Admins,CN=Users,${BASEDN} member: CN=Enterprise Admins,CN=Users,${BASEDN} member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Administrators @@ -302,7 +277,6 @@ objectClass: group cn: Users description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications member: CN=Domain Users,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Users @@ -321,7 +295,6 @@ cn: Guests description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Guests @@ -339,7 +312,6 @@ objectClass: top objectClass: group cn: Print Operators description: Members can administer domain printers -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Print Operators @@ -360,7 +332,6 @@ objectClass: top objectClass: group cn: Backup Operators description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Backup Operators @@ -382,7 +353,6 @@ objectClass: top objectClass: group cn: Replicator description: Supports file replication in a domain -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Replicator @@ -400,7 +370,6 @@ objectClass: top objectClass: group cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Remote Desktop Users @@ -417,7 +386,6 @@ objectClass: top objectClass: group cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Network Configuration Operators @@ -434,7 +402,6 @@ objectClass: top objectClass: group cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Performance Monitor Users @@ -451,7 +418,6 @@ objectClass: top objectClass: group cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Performance Log Users @@ -467,33 +433,24 @@ dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} objectClass: top objectClass: person objectClass: organizationalPerson -objectClass: user objectClass: computer cn: ${NETBIOSNAME} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: ${NETBIOSNAME} objectGUID: ${HOSTGUID} userAccountControl: 532480 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 lastLogon: 127273269057298624 localPolicyFlags: 0 pwdLastSet: 127258826171655328 primaryGroupID: 516 objectSid: ${DOMAINSID}-1000 accountExpires: 9223372036854775807 -logonCount: 30 sAMAccountName: ${NETBIOSNAME}$ sAMAccountType: 805306369 operatingSystem: Samba operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} -objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unicodePwd: ${MACHINEPASS} servicePrincipalName: HOST/${DNSNAME} @@ -507,28 +464,18 @@ objectClass: organizationalPerson objectClass: user cn: krbtgt description: Key Distribution Center Service Account -instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE name: krbtgt userAccountControl: 514 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 pwdLastSet: 127258826179466560 -primaryGroupID: 513 objectSid: ${DOMAINSID}-502 adminCount: 1 accountExpires: 9223372036854775807 -logonCount: 0 sAMAccountName: krbtgt sAMAccountType: 805306368 servicePrincipalName: kadmin/changepw -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unicodePwd: ${KRBTGTPASS} @@ -537,14 +484,11 @@ objectClass: top objectClass: group cn: Domain Computers description: All workstations and servers joined to the domain -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Domain Computers objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers -sAMAccountType: 0x10000000 -groupType: 0x80000002 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -553,16 +497,12 @@ objectClass: top objectClass: group cn: Domain Controllers description: All domain controllers in the domain -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Domain Controllers objectSid: ${DOMAINSID}-516 adminCount: 1 sAMAccountName: Domain Controllers -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE dn: CN=Schema Admins,CN=Users,${BASEDN} @@ -571,16 +511,12 @@ objectClass: group cn: Schema Admins description: Designated administrators of the schema member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Schema Admins objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -590,7 +526,6 @@ objectClass: group cn: Enterprise Admins description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 @@ -598,9 +533,6 @@ name: Enterprise Admins objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -609,14 +541,11 @@ objectClass: top objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Cert Publishers objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers -sAMAccountType: 0x20000000 -groupType: 0x80000004 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -626,7 +555,6 @@ objectClass: group cn: Domain Admins description: Designated administrators of the domain member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 @@ -634,9 +562,6 @@ name: Domain Admins objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -645,16 +570,12 @@ objectClass: top objectClass: group cn: Domain Users description: All domain users -instanceType: 4 uSNCreated: 1 memberOf: CN=Users,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Users objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${USERS} @@ -663,16 +584,12 @@ objectClass: top objectClass: group cn: Domain Guests description: All domain guests -instanceType: 4 uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 name: Domain Guests objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests -sAMAccountType: 0x10000000 -groupType: 0x80000002 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} @@ -681,14 +598,11 @@ objectClass: group cn: Group Policy Creator Owners description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} -instanceType: 4 uSNCreated: 1 uSNChanged: 1 name: Group Policy Creator Owners objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners -sAMAccountType: 0x10000000 -groupType: 0x80000002 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE unixName: ${WHEEL} @@ -752,152 +666,6 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight -dn: CN=Templates,${BASEDN} -objectClass: top -objectClass: container -cn: Templates -description: Container for SAM account templates -instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -name: Templates -systemFlags: 0x8c000000 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -### -# note! the template users must not match normal searches. Be careful -# with what classes you put them in -### - -dn: CN=TemplateUser,CN=Templates,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: Template -objectClass: userTemplate -cn: TemplateUser -name: TemplateUser -instanceType: 4 -userAccountControl: 0x202 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000000 - -dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateMemberServer -name: TemplateMemberServer -instanceType: 4 -userAccountControl: 0x1002 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000001 - -dn: CN=TemplateDomainController,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateDomainController -name: TemplateDomainController -instanceType: 4 -userAccountControl: 0x2002 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000001 - -dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateTrustingDomain -name: TemplateTrustingDomain -instanceType: 4 -userAccountControl: 0x820 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000002 - -dn: CN=TemplateGroup,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: groupTemplate -cn: TemplateGroup -name: TemplateGroup -instanceType: 4 -groupType: 0x80000002 -sAMAccountType: 0x10000000 - -dn: CN=TemplateAlias,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: aliasTemplate -cn: TemplateAlias -name: TemplateAlias -instanceType: 4 -groupType: 0x80000004 -sAMAccountType: 0x10000000 - -dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: foreignSecurityPrincipalTemplate -cn: TemplateForeignSecurityPrincipal -name: TemplateForeignSecurityPrincipal - -dn: CN=TemplateSecret,CN=Templates,${BASEDN} -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: secretTemplate -cn: TemplateSecret -name: TemplateSecret -instanceType: 4 - -dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: trustedDomainTemplate -cn: TemplateTrustedDomain -name: TemplateTrustedDomain -instanceType: 4 - ############################### # Configuration Naming Context ############################### diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif new file mode 100644 index 0000000000..43901a41e8 --- /dev/null +++ b/source4/setup/provision_templates.ldif @@ -0,0 +1,150 @@ +dn: CN=Templates,${BASEDN} +objectClass: top +objectClass: container +cn: Templates +description: Container for SAM account templates +instanceType: 4 +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +name: Templates +systemFlags: 0x8c000000 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +### +# note! the template users must not match normal searches. Be careful +# with what classes you put them in +### + +dn: CN=TemplateUser,CN=Templates,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: Template +objectClass: userTemplate +cn: TemplateUser +name: TemplateUser +instanceType: 4 +userAccountControl: 0x202 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000000 +objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateMemberServer +name: TemplateMemberServer +instanceType: 4 +userAccountControl: 0x1002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 +objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=TemplateDomainController,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateDomainController +name: TemplateDomainController +instanceType: 4 +userAccountControl: 0x2002 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000001 +objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: userTemplate +cn: TemplateTrustingDomain +name: TemplateTrustingDomain +instanceType: 4 +userAccountControl: 0x820 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 0 +primaryGroupID: 513 +accountExpires: -1 +logonCount: 0 +sAMAccountType: 0x30000002 + +dn: CN=TemplateGroup,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: groupTemplate +cn: TemplateGroup +name: TemplateGroup +instanceType: 4 +groupType: 0x80000002 +sAMAccountType: 0x10000000 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=TemplateAlias,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: aliasTemplate +cn: TemplateAlias +name: TemplateAlias +instanceType: 4 +groupType: 0x80000004 +sAMAccountType: 0x10000000 + +dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} +objectClass: top +objectClass: Template +objectClass: foreignSecurityPrincipalTemplate +cn: TemplateForeignSecurityPrincipal +name: TemplateForeignSecurityPrincipal + +dn: CN=TemplateSecret,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: secretTemplate +cn: TemplateSecret +name: TemplateSecret +instanceType: 4 + +dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} +objectClass: top +objectClass: leaf +objectClass: Template +objectClass: trustedDomainTemplate +cn: TemplateTrustedDomain +name: TemplateTrustedDomain +instanceType: 4 + -- cgit From 1211496eba93ee7578d0f72eed2b71f83f1cd202 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 05:21:27 +0000 Subject: r8662: Revert change to CN=Cert Publishers, this group still needs to override the template for these attributes. Andrew Bartlett (This used to be commit 3462cbadb285313dfd88234b144d1921d2bcc880) --- source4/setup/provision.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 10ea5248c8..4fe8cdc38b 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -544,6 +544,8 @@ description: Members of this group are permitted to publish certificates to the uSNCreated: 1 uSNChanged: 1 name: Cert Publishers +groupType: 0x80000004 +sAMAccountType: 0x20000000 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -- cgit From 2a0cf520e3255d8e1bdec1bedd710489619de614 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 07:59:01 +0000 Subject: r8667: Further simply the provision script, by removing the 'name' attribute. This is now calculated on the fly for every add and modify. Andrew Bartlett (This used to be commit ed1f2e029c840d2b3ecb49dbe6e8cd67588eeeed) --- source4/setup/provision.ldif | 51 ---------------------------------- source4/setup/provision_init.ldif | 2 +- source4/setup/provision_templates.ldif | 10 ------- 3 files changed, 1 insertion(+), 62 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 4fe8cdc38b..c42c73eda4 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -5,7 +5,6 @@ dn: ${BASEDN} objectClass: top objectClass: domain objectClass: domainDNS -name: ${DOMAIN} flatname: ${DOMAIN} dnsDomain: ${DNSDOMAIN} dc: ${DOMAIN} @@ -46,7 +45,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE -name: Users systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -60,7 +58,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE -name: Computers systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -74,7 +71,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE -name: Domain Controllers systemFlags: 0x8c000000 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -88,7 +84,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: FALSE -name: ForeignSecurityPrincipals systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -102,7 +97,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE -name: System systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -115,7 +109,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE -name: RID Manager$ systemFlags: 0x8c000000 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -130,7 +123,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE -name: DomainUpdates objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} @@ -141,7 +133,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE -name: Windows2003Update objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} revision: 8 @@ -153,7 +144,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE -name: Infrastructure systemFlags: 0x8c000000 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -165,7 +155,6 @@ objectClass: builtinDomain cn: Builtin instanceType: 4 showInAdvancedViewOnly: FALSE -name: Builtin forceLogoff: 0x8000000000000000 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 @@ -198,7 +187,6 @@ memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} memberOf: CN=Schema Admins,CN=Users,${BASEDN} memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 -name: Administrator userAccountControl: 0x10200 objectSid: ${DOMAINSID}-500 adminCount: 1 @@ -218,7 +206,6 @@ description: Built-in account for guest access to the computer/domain uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 -name: Guest userAccountControl: 0x10222 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 @@ -235,7 +222,6 @@ member: CN=Enterprise Admins,CN=Users,${BASEDN} member: CN=Administrator,CN=Users,${BASEDN} uSNCreated: 1 uSNChanged: 1 -name: Administrators objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators @@ -279,7 +265,6 @@ description: Users are prevented from making accidental or intentional system-wi member: CN=Domain Users,CN=Users,${BASEDN} uSNCreated: 1 uSNChanged: 1 -name: Users objectSid: S-1-5-32-545 sAMAccountName: Users sAMAccountType: 0x20000000 @@ -297,7 +282,6 @@ member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} uSNCreated: 1 uSNChanged: 1 -name: Guests objectSid: S-1-5-32-546 sAMAccountName: Guests sAMAccountType: 0x20000000 @@ -314,7 +298,6 @@ cn: Print Operators description: Members can administer domain printers uSNCreated: 1 uSNChanged: 1 -name: Print Operators objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators @@ -334,7 +317,6 @@ cn: Backup Operators description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files uSNCreated: 1 uSNChanged: 1 -name: Backup Operators objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators @@ -355,7 +337,6 @@ cn: Replicator description: Supports file replication in a domain uSNCreated: 1 uSNChanged: 1 -name: Replicator objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator @@ -372,7 +353,6 @@ cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely uSNCreated: 1 uSNChanged: 1 -name: Remote Desktop Users objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users sAMAccountType: 0x20000000 @@ -388,7 +368,6 @@ cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features uSNCreated: 1 uSNChanged: 1 -name: Network Configuration Operators objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators sAMAccountType: 0x20000000 @@ -404,7 +383,6 @@ cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer uSNCreated: 1 uSNChanged: 1 -name: Performance Monitor Users objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users sAMAccountType: 0x20000000 @@ -420,7 +398,6 @@ cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer uSNCreated: 1 uSNChanged: 1 -name: Performance Log Users objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users sAMAccountType: 0x20000000 @@ -437,7 +414,6 @@ objectClass: computer cn: ${NETBIOSNAME} uSNCreated: 1 uSNChanged: 1 -name: ${NETBIOSNAME} objectGUID: ${HOSTGUID} userAccountControl: 532480 lastLogon: 127273269057298624 @@ -467,7 +443,6 @@ description: Key Distribution Center Service Account uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE -name: krbtgt userAccountControl: 514 pwdLastSet: 127258826179466560 objectSid: ${DOMAINSID}-502 @@ -486,7 +461,6 @@ cn: Domain Computers description: All workstations and servers joined to the domain uSNCreated: 1 uSNChanged: 1 -name: Domain Computers objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} @@ -499,7 +473,6 @@ cn: Domain Controllers description: All domain controllers in the domain uSNCreated: 1 uSNChanged: 1 -name: Domain Controllers objectSid: ${DOMAINSID}-516 adminCount: 1 sAMAccountName: Domain Controllers @@ -513,7 +486,6 @@ description: Designated administrators of the schema member: CN=Administrator,CN=Users,${BASEDN} uSNCreated: 1 uSNChanged: 1 -name: Schema Admins objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins @@ -529,7 +501,6 @@ member: CN=Administrator,CN=Users,${BASEDN} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 -name: Enterprise Admins objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins @@ -543,7 +514,6 @@ cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory uSNCreated: 1 uSNChanged: 1 -name: Cert Publishers groupType: 0x80000004 sAMAccountType: 0x20000000 objectSid: ${DOMAINSID}-517 @@ -560,7 +530,6 @@ member: CN=Administrator,CN=Users,${BASEDN} uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} uSNChanged: 1 -name: Domain Admins objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins @@ -575,7 +544,6 @@ description: All domain users uSNCreated: 1 memberOf: CN=Users,CN=Builtin,${BASEDN} uSNChanged: 1 -name: Domain Users objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users isCriticalSystemObject: TRUE @@ -589,7 +557,6 @@ description: All domain guests uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} uSNChanged: 1 -name: Domain Guests objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests isCriticalSystemObject: TRUE @@ -602,7 +569,6 @@ description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} uSNCreated: 1 uSNChanged: 1 -name: Group Policy Creator Owners objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} @@ -617,7 +583,6 @@ description: Servers in this group can access remote access properties of users instanceType: 4 uSNCreated: 1 uSNChanged: 1 -name: RAS and IAS Servers objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 0x20000000 @@ -633,7 +598,6 @@ description: Members can administer domain servers instanceType: 4 uSNCreated: 1 uSNChanged: 1 -name: Server Operators objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -657,7 +621,6 @@ description: Members can administer domain user and group accounts instanceType: 4 uSNCreated: 1 uSNChanged: 1 -name: Account Operators objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators @@ -679,7 +642,6 @@ instanceType: 13 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Configuration objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -693,7 +655,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Partitions systemFlags: 0x80000000 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} msDS-Behavior-Version: 0 @@ -707,7 +668,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Enterprise Configuration systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Configuration,${BASEDN} @@ -721,7 +681,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Enterprise Schema systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Schema,CN=Configuration,${BASEDN} @@ -735,7 +694,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: ${DOMAIN} systemFlags: 0x00000003 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: ${BASEDN} @@ -750,7 +708,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Sites systemFlags: 0x82000000 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -762,7 +719,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Sites systemFlags: 0x82000000 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} @@ -774,7 +730,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Servers systemFlags: 0x82000000 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -786,7 +741,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: ${NETBIOSNAME} systemFlags: 0x52000000 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} dNSHostName: ${DNSNAME} @@ -801,7 +755,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: NTDS Settings systemFlags: 0x02000000 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} dMDLocation: CN=Schema,CN=Configuration,${BASEDN} @@ -817,7 +770,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Services systemFlags: 0x80000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -829,7 +781,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Windows NT objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} @@ -840,7 +791,6 @@ instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Directory Service objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} sPNMappings: host=ldap,dns,cifs @@ -856,7 +806,6 @@ instanceType: 13 uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE -name: Schema objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index cbe561eee9..334f7c3cca 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -47,5 +47,5 @@ template: groupTemplate #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: samldb,timestamps,objectguid +@LIST: samldb,timestamps,objectguid,rdn_name diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 43901a41e8..9a045d2afc 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -7,7 +7,6 @@ instanceType: 4 uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE -name: Templates systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -24,7 +23,6 @@ objectClass: organizationalPerson objectClass: Template objectClass: userTemplate cn: TemplateUser -name: TemplateUser instanceType: 4 userAccountControl: 0x202 badPwdCount: 0 @@ -45,7 +43,6 @@ objectClass: top objectClass: Template objectClass: userTemplate cn: TemplateMemberServer -name: TemplateMemberServer instanceType: 4 userAccountControl: 0x1002 badPwdCount: 0 @@ -66,7 +63,6 @@ objectClass: top objectClass: Template objectClass: userTemplate cn: TemplateDomainController -name: TemplateDomainController instanceType: 4 userAccountControl: 0x2002 badPwdCount: 0 @@ -87,7 +83,6 @@ objectClass: top objectClass: Template objectClass: userTemplate cn: TemplateTrustingDomain -name: TemplateTrustingDomain instanceType: 4 userAccountControl: 0x820 badPwdCount: 0 @@ -107,7 +102,6 @@ objectClass: top objectClass: Template objectClass: groupTemplate cn: TemplateGroup -name: TemplateGroup instanceType: 4 groupType: 0x80000002 sAMAccountType: 0x10000000 @@ -118,7 +112,6 @@ objectClass: top objectClass: Template objectClass: aliasTemplate cn: TemplateAlias -name: TemplateAlias instanceType: 4 groupType: 0x80000004 sAMAccountType: 0x10000000 @@ -128,7 +121,6 @@ objectClass: top objectClass: Template objectClass: foreignSecurityPrincipalTemplate cn: TemplateForeignSecurityPrincipal -name: TemplateForeignSecurityPrincipal dn: CN=TemplateSecret,CN=Templates,${BASEDN} objectClass: top @@ -136,7 +128,6 @@ objectClass: leaf objectClass: Template objectClass: secretTemplate cn: TemplateSecret -name: TemplateSecret instanceType: 4 dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} @@ -145,6 +136,5 @@ objectClass: leaf objectClass: Template objectClass: trustedDomainTemplate cn: TemplateTrustedDomain -name: TemplateTrustedDomain instanceType: 4 -- cgit From f8c1258d01fa631b719579e186b28027a34887cf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jul 2005 11:28:24 +0000 Subject: r8677: The first part of the domain name may not be equal to the netbios domain name. Remove the use of flatname from the main domain object, we no longer reference it. Andrew Bartlett (This used to be commit 2303e24be74570187b23c3d31d0433263c83ba7e) --- source4/setup/provision.ldif | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c42c73eda4..d70d936988 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -5,9 +5,8 @@ dn: ${BASEDN} objectClass: top objectClass: domain objectClass: domainDNS -flatname: ${DOMAIN} dnsDomain: ${DNSDOMAIN} -dc: ${DOMAIN} +dc: ${RDN_DC} objectGUID: ${DOMAINGUID} creationTime: ${NTTIME} forceLogoff: 0x8000000000000000 -- cgit From a7f9d9c5b8e77e0530ace68bd2ed4a7c374bf0fa Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 25 Jul 2005 01:17:09 +0000 Subject: r8740: Extend the rdn_name module to handle adding the rdn as an attribute. ie: dn: cn=foo,ou=bar objectClass: person implies dn: cn=foo,ou=bar objectClass: person cn: foo (as well as a pile more default attributes) We also correct the case in the attirbute to match that in the DN (win2k3 behaviour) and I have a testsuite (in ejs) to prove it. This module also found a bug in our provision.ldif, so and reduces code complexity in the samdb module. Andrew Bartlett (This used to be commit 0cc58f5c3cce12341ad0f7a90cdd85a3fab786b3) --- source4/setup/provision.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index d70d936988..01dbc6366a 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -713,7 +713,7 @@ objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} objectClass: top objectClass: site -cn: Sites +cn: ${DEFAULTSITE} instanceType: 4 uSNCreated: ${USN} uSNChanged: ${USN} -- cgit From 18cf9ccba72264a38134246822d5bb62df091175 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 26 Jul 2005 07:46:21 +0000 Subject: r8778: index on nCName in sam.ldb. This was costing us about 75% of the time in each smb login (This used to be commit f6d24d063ad1a96c326ce6a60adfc224d905afc6) --- source4/setup/provision_init.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 334f7c3cca..976645e0e7 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -7,6 +7,7 @@ dn: @INDEXLIST @IDXATTR: unixID @IDXATTR: unixName @IDXATTR: privilege +@IDXATTR: nCName dn: @ATTRIBUTES userPrincipalName: CASE_INSENSITIVE -- cgit From 66b2a04346a568e6564b9cb21a89cf887cad3d03 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 27 Jul 2005 00:23:09 +0000 Subject: r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253) --- source4/setup/provision | 6 +- source4/setup/provision.ldif | 459 +-------------------------------- source4/setup/provision_templates.ldif | 3 + source4/setup/provision_users.ldif | 459 +++++++++++++++++++++++++++++++++ 4 files changed, 467 insertions(+), 460 deletions(-) create mode 100644 source4/setup/provision_users.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 90363fcf20..dc542f59f0 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -27,7 +27,8 @@ ok = GetOptions(ARGV, options, 'nogroup=s', 'wheel=s', 'users=s', - 'quiet'); + 'quiet', + 'blank'); if (ok == false) { println("Failed to parse options: " + options.ERROR); return -1; @@ -72,6 +73,7 @@ provision [options] --wheel GROUPNAME choose 'wheel' privileged group --users GROUPNAME choose 'users' group --quiet Be quiet + --blank do not add users or groups, just the structure You must provide at least a realm and domain @@ -106,6 +108,6 @@ for (r in options) { message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -provision(subobj, message); +provision(subobj, message, options["blank"] != undefined); message("All OK\n"); return 0; diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 01dbc6366a..b2d0848946 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -23,6 +23,7 @@ nextRid: 1001 pwdProperties: 1 pwdHistoryLength: 24 objectSid: ${DOMAINSID} +oEMInformation: Provisioned by Samba4: ${LDAPTIME} serverState: 1 nTMixedDomain: 1 msDS-Behavior-Version: 0 @@ -172,464 +173,6 @@ modifiedCount: 1 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -dn: CN=Administrator,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: Administrator -description: Built-in account for administering the computer/domain -uSNCreated: 1 -memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} -memberOf: CN=Domain Admins,CN=Users,${BASEDN} -memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} -memberOf: CN=Schema Admins,CN=Users,${BASEDN} -memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 -userAccountControl: 0x10200 -objectSid: ${DOMAINSID}-500 -adminCount: 1 -accountExpires: -1 -sAMAccountName: Administrator -isCriticalSystemObject: TRUE -unicodePwd: ${ADMINPASS} -unixName: ${ROOT} - -dn: CN=Guest,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: Guest -description: Built-in account for guest access to the computer/domain -uSNCreated: 1 -memberOf: CN=Guests,CN=Builtin,${BASEDN} -uSNChanged: 1 -userAccountControl: 0x10222 -primaryGroupID: 514 -objectSid: ${DOMAINSID}-501 -sAMAccountName: Guest -isCriticalSystemObject: TRUE - -dn: CN=Administrators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Administrators -description: Administrators have complete and unrestricted access to the computer/domain -member: CN=Domain Admins,CN=Users,${BASEDN} -member: CN=Enterprise Admins,CN=Users,${BASEDN} -member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-544 -adminCount: 1 -sAMAccountName: Administrators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${WHEEL} -privilege: SeSecurityPrivilege -privilege: SeBackupPrivilege -privilege: SeRestorePrivilege -privilege: SeSystemtimePrivilege -privilege: SeShutdownPrivilege -privilege: SeRemoteShutdownPrivilege -privilege: SeTakeOwnershipPrivilege -privilege: SeDebugPrivilege -privilege: SeSystemEnvironmentPrivilege -privilege: SeSystemProfilePrivilege -privilege: SeProfileSingleProcessPrivilege -privilege: SeIncreaseBasePriorityPrivilege -privilege: SeLoadDriverPrivilege -privilege: SeCreatePagefilePrivilege -privilege: SeIncreaseQuotaPrivilege -privilege: SeChangeNotifyPrivilege -privilege: SeUndockPrivilege -privilege: SeManageVolumePrivilege -privilege: SeImpersonatePrivilege -privilege: SeCreateGlobalPrivilege -privilege: SeEnableDelegationPrivilege -privilege: SeInteractiveLogonRight -privilege: SeNetworkLogonRight -privilege: SeRemoteInteractiveLogonRight - - -dn: CN=Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Users -description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications -member: CN=Domain Users,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-545 -sAMAccountName: Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Guests,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Guests -description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted -member: CN=Domain Guests,CN=Users,${BASEDN} -member: CN=Guest,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-546 -sAMAccountName: Guests -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${NOGROUP} - -dn: CN=Print Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Print Operators -description: Members can administer domain printers -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-550 -adminCount: 1 -sAMAccountName: Print Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeLoadDriverPrivilege -privilege: SeShutdownPrivilege -privilege: SeInteractiveLogonRight - -dn: CN=Backup Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Backup Operators -description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-551 -adminCount: 1 -sAMAccountName: Backup Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeBackupPrivilege -privilege: SeRestorePrivilege -privilege: SeShutdownPrivilege -privilege: SeInteractiveLogonRight - -dn: CN=Replicator,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Replicator -description: Supports file replication in a domain -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-552 -adminCount: 1 -sAMAccountName: Replicator -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Remote Desktop Users -description: Members in this group are granted the right to logon remotely -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-555 -sAMAccountName: Remote Desktop Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Network Configuration Operators -description: Members in this group can have some administrative privileges to manage configuration of networking features -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-556 -sAMAccountName: Network Configuration Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Performance Monitor Users -description: Members of this group have remote access to monitor this computer -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-558 -sAMAccountName: Performance Monitor Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Performance Log Users,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Performance Log Users -description: Members of this group have remote access to schedule logging of performance counters on this computer -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-559 -sAMAccountName: Performance Log Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: computer -cn: ${NETBIOSNAME} -uSNCreated: 1 -uSNChanged: 1 -objectGUID: ${HOSTGUID} -userAccountControl: 532480 -lastLogon: 127273269057298624 -localPolicyFlags: 0 -pwdLastSet: 127258826171655328 -primaryGroupID: 516 -objectSid: ${DOMAINSID}-1000 -accountExpires: 9223372036854775807 -sAMAccountName: ${NETBIOSNAME}$ -sAMAccountType: 805306369 -operatingSystem: Samba -operatingSystemVersion: 4.0 -dNSHostName: ${DNSNAME} -isCriticalSystemObject: TRUE -unicodePwd: ${MACHINEPASS} -servicePrincipalName: HOST/${DNSNAME} -servicePrincipalName: HOST/${NETBIOSNAME} -msDS-KeyVersionNumber: 1 - -dn: CN=krbtgt,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: krbtgt -description: Key Distribution Center Service Account -uSNCreated: 1 -uSNChanged: 1 -showInAdvancedViewOnly: TRUE -userAccountControl: 514 -pwdLastSet: 127258826179466560 -objectSid: ${DOMAINSID}-502 -adminCount: 1 -accountExpires: 9223372036854775807 -sAMAccountName: krbtgt -sAMAccountType: 805306368 -servicePrincipalName: kadmin/changepw -isCriticalSystemObject: TRUE -unicodePwd: ${KRBTGTPASS} - -dn: CN=Domain Computers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Computers -description: All workstations and servers joined to the domain -uSNCreated: 1 -uSNChanged: 1 -objectSid: ${DOMAINSID}-515 -sAMAccountName: Domain Computers -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Domain Controllers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Controllers -description: All domain controllers in the domain -uSNCreated: 1 -uSNChanged: 1 -objectSid: ${DOMAINSID}-516 -adminCount: 1 -sAMAccountName: Domain Controllers -isCriticalSystemObject: TRUE - -dn: CN=Schema Admins,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Schema Admins -description: Designated administrators of the schema -member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 -objectSid: ${DOMAINSID}-518 -adminCount: 1 -sAMAccountName: Schema Admins -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=Enterprise Admins,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Enterprise Admins -description: Designated administrators of the enterprise -member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 -objectSid: ${DOMAINSID}-519 -adminCount: 1 -sAMAccountName: Enterprise Admins -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=Cert Publishers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Cert Publishers -description: Members of this group are permitted to publish certificates to the Active Directory -uSNCreated: 1 -uSNChanged: 1 -groupType: 0x80000004 -sAMAccountType: 0x20000000 -objectSid: ${DOMAINSID}-517 -sAMAccountName: Cert Publishers -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Domain Admins,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Admins -description: Designated administrators of the domain -member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 -objectSid: ${DOMAINSID}-512 -adminCount: 1 -sAMAccountName: Domain Admins -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=Domain Users,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Users -description: All domain users -uSNCreated: 1 -memberOf: CN=Users,CN=Builtin,${BASEDN} -uSNChanged: 1 -objectSid: ${DOMAINSID}-513 -sAMAccountName: Domain Users -isCriticalSystemObject: TRUE -unixName: ${USERS} - -dn: CN=Domain Guests,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Domain Guests -description: All domain guests -uSNCreated: 1 -memberOf: CN=Guests,CN=Builtin,${BASEDN} -uSNChanged: 1 -objectSid: ${DOMAINSID}-514 -sAMAccountName: Domain Guests -isCriticalSystemObject: TRUE - -dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: Group Policy Creator Owners -description: Members in this group can modify group policy for the domain -member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 -objectSid: ${DOMAINSID}-520 -sAMAccountName: Group Policy Creator Owners -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -unixName: ${WHEEL} - -dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} -objectClass: top -objectClass: group -cn: RAS and IAS Servers -description: Servers in this group can access remote access properties of users -instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 -objectSid: ${DOMAINSID}-553 -sAMAccountName: RAS and IAS Servers -sAMAccountType: 0x20000000 -groupType: 0x80000004 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - -dn: CN=Server Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Server Operators -description: Members can administer domain servers -instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-549 -adminCount: 1 -sAMAccountName: Server Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeBackupPrivilege -privilege: SeSystemtimePrivilege -privilege: SeRemoteShutdownPrivilege -privilege: SeRestorePrivilege -privilege: SeShutdownPrivilege -privilege: SeInteractiveLogonRight - -dn: CN=Account Operators,CN=Builtin,${BASEDN} -objectClass: top -objectClass: group -cn: Account Operators -description: Members can administer domain user and group accounts -instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 -objectSid: S-1-5-32-548 -adminCount: 1 -sAMAccountName: Account Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -privilege: SeInteractiveLogonRight - ############################### # Configuration Naming Context ############################### diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 9a045d2afc..3693f46558 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -121,6 +121,9 @@ objectClass: top objectClass: Template objectClass: foreignSecurityPrincipalTemplate cn: TemplateForeignSecurityPrincipal +instanceType: 4 +showInAdvancedViewOnly: TRUE +objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} dn: CN=TemplateSecret,CN=Templates,${BASEDN} objectClass: top diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif new file mode 100644 index 0000000000..2e420b226a --- /dev/null +++ b/source4/setup/provision_users.ldif @@ -0,0 +1,459 @@ +dn: CN=Administrator,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Administrator +description: Built-in account for administering the computer/domain +uSNCreated: 1 +memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +memberOf: CN=Domain Admins,CN=Users,${BASEDN} +memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} +memberOf: CN=Schema Admins,CN=Users,${BASEDN} +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +userAccountControl: 0x10200 +objectSid: ${DOMAINSID}-500 +adminCount: 1 +accountExpires: -1 +sAMAccountName: Administrator +isCriticalSystemObject: TRUE +unicodePwd: ${ADMINPASS} +unixName: ${ROOT} + +dn: CN=Guest,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Guest +description: Built-in account for guest access to the computer/domain +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +userAccountControl: 0x10222 +primaryGroupID: 514 +objectSid: ${DOMAINSID}-501 +sAMAccountName: Guest +isCriticalSystemObject: TRUE + +dn: CN=Administrators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Administrators +description: Administrators have complete and unrestricted access to the computer/domain +member: CN=Domain Admins,CN=Users,${BASEDN} +member: CN=Enterprise Admins,CN=Users,${BASEDN} +member: CN=Administrator,CN=Users,${BASEDN} +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-544 +adminCount: 1 +sAMAccountName: Administrators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} +privilege: SeSecurityPrivilege +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeSystemtimePrivilege +privilege: SeShutdownPrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeTakeOwnershipPrivilege +privilege: SeDebugPrivilege +privilege: SeSystemEnvironmentPrivilege +privilege: SeSystemProfilePrivilege +privilege: SeProfileSingleProcessPrivilege +privilege: SeIncreaseBasePriorityPrivilege +privilege: SeLoadDriverPrivilege +privilege: SeCreatePagefilePrivilege +privilege: SeIncreaseQuotaPrivilege +privilege: SeChangeNotifyPrivilege +privilege: SeUndockPrivilege +privilege: SeManageVolumePrivilege +privilege: SeImpersonatePrivilege +privilege: SeCreateGlobalPrivilege +privilege: SeEnableDelegationPrivilege +privilege: SeInteractiveLogonRight +privilege: SeNetworkLogonRight +privilege: SeRemoteInteractiveLogonRight + + +dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: computer +cn: ${NETBIOSNAME} +uSNCreated: 1 +uSNChanged: 1 +objectGUID: ${HOSTGUID} +userAccountControl: 532480 +lastLogon: 127273269057298624 +localPolicyFlags: 0 +pwdLastSet: 127258826171655328 +primaryGroupID: 516 +objectSid: ${DOMAINSID}-1000 +accountExpires: 9223372036854775807 +sAMAccountName: ${NETBIOSNAME}$ +sAMAccountType: 805306369 +operatingSystem: Samba +operatingSystemVersion: 4.0 +dNSHostName: ${DNSNAME} +isCriticalSystemObject: TRUE +unicodePwd: ${MACHINEPASS} +servicePrincipalName: HOST/${DNSNAME} +servicePrincipalName: HOST/${NETBIOSNAME} +msDS-KeyVersionNumber: 1 + + +dn: CN=Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Users +description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications +member: CN=Domain Users,CN=Users,${BASEDN} +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-545 +sAMAccountName: Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Guests,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Guests +description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted +member: CN=Domain Guests,CN=Users,${BASEDN} +member: CN=Guest,CN=Users,${BASEDN} +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-546 +sAMAccountName: Guests +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${NOGROUP} + +dn: CN=Print Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Print Operators +description: Members can administer domain printers +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-550 +adminCount: 1 +sAMAccountName: Print Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeLoadDriverPrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Backup Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Backup Operators +description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-551 +adminCount: 1 +sAMAccountName: Backup Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Replicator,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Replicator +description: Supports file replication in a domain +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-552 +adminCount: 1 +sAMAccountName: Replicator +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Remote Desktop Users +description: Members in this group are granted the right to logon remotely +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-555 +sAMAccountName: Remote Desktop Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Network Configuration Operators +description: Members in this group can have some administrative privileges to manage configuration of networking features +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-556 +sAMAccountName: Network Configuration Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Monitor Users +description: Members of this group have remote access to monitor this computer +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-558 +sAMAccountName: Performance Monitor Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Performance Log Users,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Performance Log Users +description: Members of this group have remote access to schedule logging of performance counters on this computer +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-559 +sAMAccountName: Performance Log Users +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=krbtgt,CN=Users,${BASEDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: krbtgt +description: Key Distribution Center Service Account +uSNCreated: 1 +uSNChanged: 1 +showInAdvancedViewOnly: TRUE +userAccountControl: 514 +pwdLastSet: 127258826179466560 +objectSid: ${DOMAINSID}-502 +adminCount: 1 +accountExpires: 9223372036854775807 +sAMAccountName: krbtgt +sAMAccountType: 805306368 +servicePrincipalName: kadmin/changepw +isCriticalSystemObject: TRUE +unicodePwd: ${KRBTGTPASS} + +dn: CN=Domain Computers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Computers +description: All workstations and servers joined to the domain +uSNCreated: 1 +uSNChanged: 1 +objectSid: ${DOMAINSID}-515 +sAMAccountName: Domain Computers +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Controllers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Controllers +description: All domain controllers in the domain +uSNCreated: 1 +uSNChanged: 1 +objectSid: ${DOMAINSID}-516 +adminCount: 1 +sAMAccountName: Domain Controllers +isCriticalSystemObject: TRUE + +dn: CN=Schema Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Schema Admins +description: Designated administrators of the schema +member: CN=Administrator,CN=Users,${BASEDN} +uSNCreated: 1 +uSNChanged: 1 +objectSid: ${DOMAINSID}-518 +adminCount: 1 +sAMAccountName: Schema Admins +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Enterprise Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Enterprise Admins +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${BASEDN} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Cert Publishers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Cert Publishers +description: Members of this group are permitted to publish certificates to the Active Directory +uSNCreated: 1 +uSNChanged: 1 +groupType: 0x80000004 +sAMAccountType: 0x20000000 +objectSid: ${DOMAINSID}-517 +sAMAccountName: Cert Publishers +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Domain Admins,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Admins +description: Designated administrators of the domain +member: CN=Administrator,CN=Users,${BASEDN} +uSNCreated: 1 +memberOf: CN=Administrators,CN=Builtin,${BASEDN} +uSNChanged: 1 +objectSid: ${DOMAINSID}-512 +adminCount: 1 +sAMAccountName: Domain Admins +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=Domain Users,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Users +description: All domain users +uSNCreated: 1 +memberOf: CN=Users,CN=Builtin,${BASEDN} +uSNChanged: 1 +objectSid: ${DOMAINSID}-513 +sAMAccountName: Domain Users +isCriticalSystemObject: TRUE +unixName: ${USERS} + +dn: CN=Domain Guests,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Domain Guests +description: All domain guests +uSNCreated: 1 +memberOf: CN=Guests,CN=Builtin,${BASEDN} +uSNChanged: 1 +objectSid: ${DOMAINSID}-514 +sAMAccountName: Domain Guests +isCriticalSystemObject: TRUE + +dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: Group Policy Creator Owners +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,${BASEDN} +uSNCreated: 1 +uSNChanged: 1 +objectSid: ${DOMAINSID}-520 +sAMAccountName: Group Policy Creator Owners +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +unixName: ${WHEEL} + +dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} +objectClass: top +objectClass: group +cn: RAS and IAS Servers +description: Servers in this group can access remote access properties of users +instanceType: 4 +uSNCreated: 1 +uSNChanged: 1 +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers +sAMAccountType: 0x20000000 +groupType: 0x80000004 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE + +dn: CN=Server Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Server Operators +description: Members can administer domain servers +instanceType: 4 +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-549 +adminCount: 1 +sAMAccountName: Server Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeSystemtimePrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Account Operators,CN=Builtin,${BASEDN} +objectClass: top +objectClass: group +cn: Account Operators +description: Members can administer domain user and group accounts +instanceType: 4 +uSNCreated: 1 +uSNChanged: 1 +objectSid: S-1-5-32-548 +adminCount: 1 +sAMAccountName: Account Operators +sAMAccountType: 0x20000000 +systemFlags: 0x8c000000 +groupType: 0x80000005 +objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +isCriticalSystemObject: TRUE +privilege: SeInteractiveLogonRight + -- cgit From 0928f1f60595fca2cb3b563c8e75842f822181a8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 30 Jul 2005 02:02:52 +0000 Subject: r8857: please don't get fancy with embedded boolean statements in js code. Especially as this is a new language for most Samba developers, it is far better to err strongly on the side of readability rather than trying to save a line of code by using fancy tricks (This used to be commit 3228644cf898cc9b3386675f40f2f7e52f69e5c0) --- source4/setup/provision | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index dc542f59f0..a9bbfa6a26 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -106,8 +106,10 @@ for (r in options) { subobj[key] = options[r]; } +var blank = (options["blank"] != undefined); + message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -provision(subobj, message, options["blank"] != undefined); +provision(subobj, message, blank); message("All OK\n"); return 0; -- cgit From 901d7594b380b4e9832b5b530c87c208a9f874ba Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Mon, 1 Aug 2005 20:51:13 +0000 Subject: r8898: Fix provision script to actually work, since location of smbscript has changed. rafal (This used to be commit a59594d2d84417bc0c87be953daf9152b968c61a) --- source4/setup/provision | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index a9bbfa6a26..7bb5d756e0 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -1,5 +1,5 @@ #!/bin/sh -exec smbscript "$0" ${1+"$@"} +exec bin/smbscript "$0" ${1+"$@"} /* provision a Samba4 server Copyright Andrew Tridgell 2005 -- cgit From 4475dd517b1f8f466a6e0932ddb8eecfdac264d2 Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Mon, 1 Aug 2005 22:10:24 +0000 Subject: r8902: Revert the small change as Andrew Bartlett asked. Now, let's go and fix howto.txt. rafal (This used to be commit 5bf5559e0f71455ddf62eef11956de12d104459b) --- source4/setup/provision | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 7bb5d756e0..a9bbfa6a26 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -1,5 +1,5 @@ #!/bin/sh -exec bin/smbscript "$0" ${1+"$@"} +exec smbscript "$0" ${1+"$@"} /* provision a Samba4 server Copyright Andrew Tridgell 2005 -- cgit From 206ce778ee5280b2332f157024c67ebe71d3f735 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Aug 2005 07:25:36 +0000 Subject: r8999: Use the timestamps module to ensure we update times. Andrew Bartlett (This used to be commit e6abd9f70449e9c5716cd36565442873bdc7d44c) --- source4/setup/secrets.ldif | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 865a151494..417d86de26 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -8,6 +8,11 @@ realm: CASE_INSENSITIVE flatname: CASE_INSENSITIVE sAMAccountName: CASE_INSENSITIVE +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: timestamps + dn: CN=LSA Secrets objectClass: top objectClass: container -- cgit From 78750230a2e676e6f7d621504a9aff61d63649ea Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 8 Aug 2005 23:44:09 +0000 Subject: r9219: by default be a DC, as the provisioning scripts assume that in other parts (This used to be commit f8949869bc114590c9260ab7b9d97f71a552a6a7) --- source4/setup/provision.smb.conf | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf index 21b250a671..040128ed85 100644 --- a/source4/setup/provision.smb.conf +++ b/source4/setup/provision.smb.conf @@ -2,3 +2,6 @@ netbios name = ${HOSTNAME} workgroup = ${DOMAIN} realm = ${REALM} + domain master = yes + domain logons = yes + -- cgit From 2f195406b6f1ff943eb000741e09cafbdbdaf58e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 16 Aug 2005 10:52:02 +0000 Subject: r9319: updated newuser script for new OO style for nss object thanks to Hotarut for spotting this (This used to be commit 3f30c6118ba22fbf52068630f48bcde82182b8a6) --- source4/setup/newuser | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 4471e70919..f5015611b9 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -63,7 +63,8 @@ if (options['unixname'] == undefined) { options.unixname = options.username; } -if (getpwnam(options.unixname) == undefined) { +var nss = nss_init(); +if (nss.getpwnam(options.unixname) == undefined) { printf("ERROR: Unix user '%s' does not exist\n", options.unixname); exit(1); } -- cgit From 55e746ad560d4406821bc2d721cbb929b79a7a0a Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Mon, 22 Aug 2005 14:32:58 +0000 Subject: r9477: Convert popt options to an ejs object. Doesn't seem to break anything except of popt help (-h) option (unexpected ?). rafal (This used to be commit 1990793b23d6198a85ce1bdf6ad43e12015db203) --- source4/setup/newuser | 6 +++--- source4/setup/provision | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index f5015611b9..cf2c7b8382 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -6,8 +6,7 @@ exec smbscript "$0" ${1+"$@"} Released under the GNU GPL v2 or later */ -options = new Object(); -ok = GetOptions(ARGV, options, +options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", @@ -15,7 +14,8 @@ ok = GetOptions(ARGV, options, 'unixname=s', 'password=s', 'quiet'); -if (ok == false) { + +if (options == undefined) { println("Failed to parse options: " + options.ERROR); return -1; } diff --git a/source4/setup/provision b/source4/setup/provision index a9bbfa6a26..35c9d64f80 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -6,8 +6,7 @@ exec smbscript "$0" ${1+"$@"} Released under the GNU GPL v2 or later */ -options = new Object(); -ok = GetOptions(ARGV, options, +options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", @@ -29,8 +28,9 @@ ok = GetOptions(ARGV, options, 'users=s', 'quiet', 'blank'); -if (ok == false) { - println("Failed to parse options: " + options.ERROR); + +if (options == undefined) { + println("Failed to parse options: ", options.ERROR); return -1; } -- cgit From 4b275f47167c3e1415785de9f9f2d79ae404dc26 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 26 Aug 2005 11:38:07 +0000 Subject: r9646: fixed error message (This used to be commit 804f2485d059d60c4a41b6094c4cf568e6989397) --- source4/setup/provision | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 35c9d64f80..b3be197710 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -30,7 +30,7 @@ options = GetOptions(ARGV, 'blank'); if (options == undefined) { - println("Failed to parse options: ", options.ERROR); + println("Failed to parse options"); return -1; } -- cgit From 0549763600b26fadac443555e1cbec5680f91340 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 29 Aug 2005 12:31:32 +0000 Subject: r9735: More work on generating a valid Samba4 configuration using the Samba3 data (both console and SWAT) (This used to be commit d569465dc4def55c27878028f2fc762960f453d8) --- source4/setup/upgrade | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 source4/setup/upgrade (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade new file mode 100644 index 0000000000..447e5ee4f9 --- /dev/null +++ b/source4/setup/upgrade @@ -0,0 +1,85 @@ +#!/bin/sh +exec smbscript "$0" ${1+"$@"} +/* + Upgrade from Samba3 + Copyright Jelmer Vernooij 2005 + Released under the GNU GPL v2 or later +*/ + +options = GetOptions(ARGV, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + 'quiet', 'blank'); + +if (options == undefined) { + println("Failed to parse options"); + return -1; +} + +libinclude("base.js"); +libinclude("provision.js"); +libinclude("upgrade.js"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 import tool + +provision [options] + --quiet Be quiet + --blank do not add users or groups, just the structure + +You must provide at least a realm and domain + +"); + exit(1); +} + +if (options.ARGV.length != 2) { + ShowHelp(); + exit(1); +} + +message("Reading Samba3 databases and smb.conf\n"); +var samba3 = samba3_read(options.ARGV[0], options.ARGV[1]); + +if (samba3 == undefined) { + println("Error reading Samba3 data"); + exit(1); +} + +message("Writing smb.conf\n"); +// FIXME + +message("Provisioning\n"); +var subobj = upgrade_provision(samba3); +provision(subobj, message, blank); + +message("Importing account policies\n"); +// FIXME + +message("Importing users\n"); +// FIXME + +message("Importing groups\n"); +// FIXME + +message("Importing WINS data\n"); +// FIXME + +message("All OK\n"); +return 0; -- cgit From 0a72d9a5f7c8705a68b03e2f391603252d896342 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 29 Aug 2005 15:54:10 +0000 Subject: r9744: - [upgrade.js] Start working on smb.conf conversion. - [ldb_map] Support storing non-mappable data in a fallback LDB (This used to be commit 435e4c6389b9d9b545beec8036289620ee5883db) --- source4/setup/upgrade | 55 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 50 insertions(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 447e5ee4f9..5d0b14bdd7 100644 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -10,6 +10,8 @@ options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", + 'ldif', + 'dn=s', 'quiet', 'blank'); if (options == undefined) { @@ -31,6 +33,13 @@ function message() } } +function ldifprint(data) +{ + if (options["ldif"] != undefined) { + print data; + } +} + /* show some help */ @@ -40,6 +49,7 @@ function ShowHelp() Samba4 import tool provision [options] + --ldif Dump LDIF --quiet Be quiet --blank do not add users or groups, just the structure @@ -54,6 +64,10 @@ if (options.ARGV.length != 2) { exit(1); } +if (options.dn == undefined) { + options.dn = "dc=example,dc=org"; +} + message("Reading Samba3 databases and smb.conf\n"); var samba3 = samba3_read(options.ARGV[0], options.ARGV[1]); @@ -63,23 +77,54 @@ if (samba3 == undefined) { } message("Writing smb.conf\n"); -// FIXME +var smbconf = upgrade_smbconf(samba3); +// FIXME: Write! message("Provisioning\n"); var subobj = upgrade_provision(samba3); provision(subobj, message, blank); +var samdb = ldb_init(); +samdb.connect(lp.get("setup directory") + "/samdb.ldb"); + message("Importing account policies\n"); -// FIXME +var ldif = upgrade_policy(samba3); +ldifprint(ldif); +samdb.modify(ldif); + +// FIXME: Enable samba3sam module if original passdb backend was ldap message("Importing users\n"); -// FIXME +for (var i in samba3.samaccounts) { + message("Importing user '" + samba3.samaccounts[i].username + "'"); + var ldif = upgrade_sam_account(samba3.samaccounts[i]); + ldifprint(ldif); + samdb.add(ldif); +} message("Importing groups\n"); -// FIXME +for (var i in samba3.groupmappings) { + message("Importing group '" + samba3.groupmappings[i].username + "'"); + var ldif = upgrade_sam_group(samba3.groupmappings[i]); + ldifprint(ldif); + samdb.add(ldif); +} message("Importing WINS data\n"); -// FIXME +var ldif = upgrade_wins(samba3) +ldifprint(ldif); +setup_ldb(ldif, "wins", Object()); + +message("Importing registry data\n"); +var hives = ["hkcr","hkcu","hklm","hkpd"]; +for (var i in hives) { + var regdb = ldb_init(); + regdb.connect(lp.get("setup directory") + "/" + hives[i] + ".ldb"); + var ldif = upgrade_registry(samba3, hives[i]); + ldifprint(ldif); + ldb.add(ldif); +} + message("All OK\n"); return 0; -- cgit From 11f3f0fa6cfb0486bdc526465dc4c0e19467a30f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 29 Aug 2005 18:52:24 +0000 Subject: r9754: Upgrading with the command line utility now works, at least partially (-: Upgrading using SWAT should work as well now. (This used to be commit 8baa2ac377315ae8b365f58c2bda0bf3d0c5aec3) --- source4/setup/upgrade | 54 ++++++--------------------------------------------- 1 file changed, 6 insertions(+), 48 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 5d0b14bdd7..fed09f2a4e 100644 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -11,7 +11,6 @@ options = GetOptions(ARGV, "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", 'ldif', - 'dn=s', 'quiet', 'blank'); if (options == undefined) { @@ -35,8 +34,8 @@ function message() function ldifprint(data) { - if (options["ldif"] != undefined) { - print data; + if (options.ldif != undefined) { + print(data); } } @@ -64,9 +63,7 @@ if (options.ARGV.length != 2) { exit(1); } -if (options.dn == undefined) { - options.dn = "dc=example,dc=org"; -} +var lp = loadparm_init(); message("Reading Samba3 databases and smb.conf\n"); var samba3 = samba3_read(options.ARGV[0], options.ARGV[1]); @@ -82,49 +79,10 @@ var smbconf = upgrade_smbconf(samba3); message("Provisioning\n"); var subobj = upgrade_provision(samba3); -provision(subobj, message, blank); - -var samdb = ldb_init(); -samdb.connect(lp.get("setup directory") + "/samdb.ldb"); - -message("Importing account policies\n"); -var ldif = upgrade_policy(samba3); -ldifprint(ldif); -samdb.modify(ldif); - -// FIXME: Enable samba3sam module if original passdb backend was ldap - -message("Importing users\n"); -for (var i in samba3.samaccounts) { - message("Importing user '" + samba3.samaccounts[i].username + "'"); - var ldif = upgrade_sam_account(samba3.samaccounts[i]); - ldifprint(ldif); - samdb.add(ldif); -} - -message("Importing groups\n"); -for (var i in samba3.groupmappings) { - message("Importing group '" + samba3.groupmappings[i].username + "'"); - var ldif = upgrade_sam_group(samba3.groupmappings[i]); - ldifprint(ldif); - samdb.add(ldif); -} - -message("Importing WINS data\n"); -var ldif = upgrade_wins(samba3) -ldifprint(ldif); -setup_ldb(ldif, "wins", Object()); - -message("Importing registry data\n"); -var hives = ["hkcr","hkcu","hklm","hkpd"]; -for (var i in hives) { - var regdb = ldb_init(); - regdb.connect(lp.get("setup directory") + "/" + hives[i] + ".ldb"); - var ldif = upgrade_registry(samba3, hives[i]); - ldifprint(ldif); - ldb.add(ldif); -} +provision(subobj, message, options.blank); +ok = upgrade(subobj,samba3,message); +assert(ok); message("All OK\n"); return 0; -- cgit From f9447d2a17089178d311e03e398c25c749450f6d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Aug 2005 11:08:03 +0000 Subject: r9786: Move ldb_map into ldb/modules/ Move samba3sam to dsdb/ (This used to be commit eb9d615bcd49328131613f64745760a90553b7f2) --- source4/setup/upgrade | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 source4/setup/upgrade (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade old mode 100644 new mode 100755 -- cgit From 6cf1b0c07c819e9e2afdcb87b2e4fd31ed680b72 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Aug 2005 12:27:53 +0000 Subject: r9793: Be more verbose, check for errors in upgrade script. (This used to be commit b7c09df9e506f8048f69c4bdd1c3351e3b554e18) --- source4/setup/upgrade | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index fed09f2a4e..22090b8cc6 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -81,8 +81,10 @@ message("Provisioning\n"); var subobj = upgrade_provision(samba3); provision(subobj, message, options.blank); -ok = upgrade(subobj,samba3,message); -assert(ok); - -message("All OK\n"); +var ret = upgrade(subobj,samba3,message); +if (ret > 0) { + message("Failed to import %d entries\n", ret); +} else { + message("All OK\n"); +} return 0; -- cgit From cf016f972b931b54c155ca8e6df485e05c37b034 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Aug 2005 16:09:38 +0000 Subject: r9805: Add 'data' property to param EJS object Write out new smb.conf file. Parameters that have disappeared between Samba 3 and 4 will optionally be prefixed with 'samba3:' (This used to be commit 27eefbd9059fe0a3daca15a71da7b4cb88ed22ec) --- source4/setup/upgrade | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 22090b8cc6..6f10096a45 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -73,10 +73,6 @@ if (samba3 == undefined) { exit(1); } -message("Writing smb.conf\n"); -var smbconf = upgrade_smbconf(samba3); -// FIXME: Write! - message("Provisioning\n"); var subobj = upgrade_provision(samba3); provision(subobj, message, options.blank); -- cgit From f58a74aabab3d5c0d1185ac2f77a5f54feb781e9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 31 Aug 2005 02:39:57 +0000 Subject: r9816: Work on testsuite for upgrade Add 'paths' object to provision code. (This used to be commit 488d737fb0ebbc2535d0ec17c14f0dc1eaf2a578) --- source4/setup/provision | 2 +- source4/setup/upgrade | 31 ++++++++++++++++++++----------- 2 files changed, 21 insertions(+), 12 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index b3be197710..fd949ce9d9 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -110,6 +110,6 @@ var blank = (options["blank"] != undefined); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -provision(subobj, message, blank); +provision(subobj, message, blank, provision_default_paths(subobj)); message("All OK\n"); return 0; diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 6f10096a45..331892c3db 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -10,7 +10,7 @@ options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", - 'ldif', + 'targetdir=s', 'quiet', 'blank'); if (options == undefined) { @@ -32,13 +32,6 @@ function message() } } -function ldifprint(data) -{ - if (options.ldif != undefined) { - print(data); - } -} - /* show some help */ @@ -48,7 +41,7 @@ function ShowHelp() Samba4 import tool provision [options] - --ldif Dump LDIF + --targetdir=DIR Output to specified directory --quiet Be quiet --blank do not add users or groups, just the structure @@ -73,11 +66,27 @@ if (samba3 == undefined) { exit(1); } + + message("Provisioning\n"); var subobj = upgrade_provision(samba3); -provision(subobj, message, options.blank); +var paths; +if (options.targetdir != undefined) { + paths = new Object(); + paths.smbconf = sprintf("%s/smb.conf", options.targetdir); + var ldbs = new Array("hklm","hkcr","hku","hkcu","hkpd","hkpt","samdb","rootdse","secrets","winsdb"); + for (var i in ldbs) { + var n = ldbs[i]; + paths[n] = sprintf("tdb://%s/%s.ldb", options.targetdir, n); + } + paths.dns = options.targetdir+"/dns.zone"; +} else { + paths = provision_default_paths(subobj);; +} + +provision(subobj, message, options.blank,paths); -var ret = upgrade(subobj,samba3,message); +var ret = upgrade(subobj,samba3,message,paths); if (ret > 0) { message("Failed to import %d entries\n", ret); } else { -- cgit From f118373ea4707f0937b9abf83116bdc862594747 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 31 Aug 2005 15:17:34 +0000 Subject: r9829: Registry key and value names are case insensitive (This used to be commit 96ccbd6402fa37338c49d9a55919a360e940bc48) --- source4/setup/hklm.ldif | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif index 6d449906cb..2ca3768da0 100644 --- a/source4/setup/hklm.ldif +++ b/source4/setup/hklm.ldif @@ -1,6 +1,10 @@ dn: @INDEXLIST @IDXATTR: key +dn: @ATTRIBUTES +key: CASE_INSENSITIVE +value: CASE_INSENSITIVE + dn: key=control,key=currentcontrolset,key=system,hive=NONE key: control -- cgit From 0712cbdab4c397b9f74fcd681f40df9c9c2c59a8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 31 Aug 2005 16:51:09 +0000 Subject: r9834: More tests for the upgrade from Samba3 (This used to be commit d2db164d6f674cada470e871c558c75f98244141) --- source4/setup/upgrade | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 331892c3db..8dc10caa3f 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -10,6 +10,7 @@ options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", + 'verify', 'targetdir=s', 'quiet', 'blank'); @@ -92,4 +93,10 @@ if (ret > 0) { } else { message("All OK\n"); } -return 0; + +if (options.verify != undefined) { + message("Verifying...\n"); + ret = upgrade_verify(subobj, samba3,paths,message); +} + +return ret; -- cgit From 6ff97621fa744404ec3da6a4d38031eeec4741b3 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 1 Sep 2005 15:31:45 +0000 Subject: r9898: Add extra registry key used by WinXP (see r9894) (This used to be commit 7666993fa96916d9d849a636a1b30ca7f77354a2) --- source4/setup/hklm.ldif | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif index 2ca3768da0..c9e64002d1 100644 --- a/source4/setup/hklm.ldif +++ b/source4/setup/hklm.ldif @@ -34,3 +34,6 @@ key: print dn: key=currentcontrolset,key=system,hive=NONE key: currentcontrolset +dn: key=Terminal Server,key=control,key=currentcontrolset,key=system,hive=NONE +key: Terminal Server + -- cgit From aae4b1a95193796ef0368cd3f2b65d59f9805b7f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 2 Sep 2005 12:06:25 +0000 Subject: r9951: Add another value to the default HKLM. Convert Samba3 policy "refuse machine pw change" to registry value. (This used to be commit a143234ac7622ef3ef87c80224927551a1452e4b) --- source4/setup/hklm.ldif | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif index c9e64002d1..419a4c504a 100644 --- a/source4/setup/hklm.ldif +++ b/source4/setup/hklm.ldif @@ -8,9 +8,6 @@ value: CASE_INSENSITIVE dn: key=control,key=currentcontrolset,key=system,hive=NONE key: control -dn: key=services,key=control,key=currentcontrolset,key=system,hive=NONE -key: services - dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive=NONE value: ProductType data: LanmanNT @@ -22,12 +19,6 @@ key: productoptions dn: key=system,hive=NONE key: system -dn: key=netlogon,key=services,key=currentcontrolset,key=system,hive=NONE -key: netlogon - -dn: key=services,key=currentcontrolset,key=system,hive=NONE -key: services - dn: key=print,key=control,key=currentcontrolset,key=system,hive=NONE key: print @@ -37,3 +28,16 @@ key: currentcontrolset dn: key=Terminal Server,key=control,key=currentcontrolset,key=system,hive=NONE key: Terminal Server +dn: key=Services,key=CurrentControlSet,key=System,hive=NONE +key: Services + +dn: key=Netlogon,key=Services,key=CurrentControlSet,key=System,hive=NONE +key: Netlogon + +dn: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,hive=NONE +key: Parameters + +dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,hive=NONE +value: RefusePasswordChange +type: 4 +data: 0 -- cgit From 342d229b4082004d30fa7018c04bba66da48a91b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 12 Sep 2005 23:52:25 +0000 Subject: r10190: Do some very basic input checking when provisioning. (This used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15) --- source4/setup/provision | 5 +++++ source4/setup/provision.zone | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index fd949ce9d9..44b7ee7a4f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -108,6 +108,11 @@ for (r in options) { var blank = (options["blank"] != undefined); +if (!provision_validate(subobj, message)) { + return -1; +} + + message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); provision(subobj, message, blank, provision_default_paths(subobj)); diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index 0f5764dc11..40cb78fd55 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -1,4 +1,4 @@ -; generate by provision.pl +; generated by provision.pl $ORIGIN ${DNSDOMAIN}. $TTL 1W @ IN SOA @ hostmaster ( -- cgit From a388d683de520f26ada240bfded2c09c067163fa Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 19 Sep 2005 11:55:34 +0000 Subject: r10314: Apply the controvertial 'server role =' patch after discussion on the list: This patch removes the 'domain logon' and 'domain master' controls from Samba4, in favour of a 'server role =' that users can actually understand. We can expand the list of roles as needed, and nobody has to figure out what a 'domain master' actually means. Andrew Bartlett (This used to be commit 31e755c2ced64dbd2681d5f6ef021a87dbeda689) --- source4/setup/provision.smb.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf index 040128ed85..e99c82a91a 100644 --- a/source4/setup/provision.smb.conf +++ b/source4/setup/provision.smb.conf @@ -2,6 +2,6 @@ netbios name = ${HOSTNAME} workgroup = ${DOMAIN} realm = ${REALM} - domain master = yes - domain logons = yes + server role = pdc + -- cgit From 51d2ae6e8d59e2f3160d725e3a225f89d2dff8b2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 9 Oct 2005 22:19:20 +0000 Subject: r10855: Put the domain SID in secrets.ldb by default, and add http as a default SPN alias. Andrew Bartlett (This used to be commit e4fe5802dae544f4dabf0c6d04a55be1144d8820) --- source4/setup/provision.ldif | 2 +- source4/setup/secrets.ldif | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index b2d0848946..8c336b8303 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -334,7 +334,7 @@ uSNCreated: ${USN} uSNChanged: ${USN} showInAdvancedViewOnly: TRUE objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} -sPNMappings: host=ldap,dns,cifs +sPNMappings: host=ldap,dns,cifs,http ############################### diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 417d86de26..9ba095290e 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -34,3 +34,4 @@ sAMAccountName: ${NETBIOSNAME}$ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 +objectSid: ${DOMAINSID} -- cgit From 35720734911169acde6bf9f2c9a1f83336744f6f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 12 Oct 2005 07:57:39 +0000 Subject: r10916: - finished the 'operational' ldb module - removed the timestamps module, replacing it with the operational module - added a ldb_msg_copy_shallow() function which should be used when a module wants to add new elements to a message on add/modify. This is needed because the caller might be using a constant structure, or may want to re-use the structure again - enabled the UTC time attribute syntaxes in the operational module (This used to be commit 61e8b010223ac6a0573185008f3719ba29574688) --- source4/setup/provision_init.ldif | 2 +- source4/setup/rootdse.ldif | 2 +- source4/setup/secrets.ldif | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 976645e0e7..a0cbb6ad7a 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -48,5 +48,5 @@ template: groupTemplate #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: samldb,timestamps,objectguid,rdn_name +@LIST: samldb,operational,objectguid,rdn_name diff --git a/source4/setup/rootdse.ldif b/source4/setup/rootdse.ldif index 534249859a..6c74b5d631 100644 --- a/source4/setup/rootdse.ldif +++ b/source4/setup/rootdse.ldif @@ -7,7 +7,7 @@ modifyTimestamp: HIDDEN dn: @SUBCLASSES dn: @MODULES -@MODULE: timestamps +@MODULE: operational dn: cn=rootDSE currentTime: _DYNAMIC_ diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 9ba095290e..3dcb82dbdd 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -11,7 +11,7 @@ sAMAccountName: CASE_INSENSITIVE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: timestamps +@LIST: operational dn: CN=LSA Secrets objectClass: top -- cgit From 6b7d7f22e754cb8a580951ae3626bb91d4642c75 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 13 Oct 2005 06:09:37 +0000 Subject: r10955: finally worked out why our computer accounts were being identified as users in mmc. The problem was that the samdb module was auto-adding objectClass=user for these accounts. That would be OK, as computer accounts are supposed to be in that objectClass, but mmc cares about the order of the values in the objectClass attribute! It looks for the last value, and takes that as the value to use when deciding how to manipulate the record. So, this patch adds an explicit objectClass=user to the record when it gets created, which tells the samdb module to not add it as well. That fixes the order. I suspect we are missing something else though - is objectClass supposed to auto-sort based on the schema? (This used to be commit 68c5f807fdb99fd605154d455e61a08293cbd2d0) --- source4/setup/provision_users.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 2e420b226a..a23943a3ef 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -86,6 +86,7 @@ dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} objectClass: top objectClass: person objectClass: organizationalPerson +objectClass: user objectClass: computer cn: ${NETBIOSNAME} uSNCreated: 1 -- cgit From c3c26c90088141272affb591702f3c2124eec89f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 15 Oct 2005 10:15:42 +0000 Subject: r11087: - add type,name,scope as attributes to winsRecords, so you can use them in search filters, only for administration not used inside the winserver code - fix the samba3 ugrade scripts to create a correct samba4 wins.ldb metze (This used to be commit 9f3b6746d86583c48097da48c28f50f075bbd3e3) --- source4/setup/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 8dc10caa3f..251b9663a7 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -75,7 +75,7 @@ var paths; if (options.targetdir != undefined) { paths = new Object(); paths.smbconf = sprintf("%s/smb.conf", options.targetdir); - var ldbs = new Array("hklm","hkcr","hku","hkcu","hkpd","hkpt","samdb","rootdse","secrets","winsdb"); + var ldbs = new Array("hklm","hkcr","hku","hkcu","hkpd","hkpt","samdb","rootdse","secrets","wins"); for (var i in ldbs) { var n = ldbs[i]; paths[n] = sprintf("tdb://%s/%s.ldb", options.targetdir, n); -- cgit From bb3a915c9df2e7356f7ed171ac05c4ad08ec010a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Oct 2005 11:33:13 +0000 Subject: r11113: fixed two small bugs in newuser - randpass() is now in the random ejs module, not global - don't dereference the undefined variable on getopt failure (This used to be commit 7e338c23f5ac351b362a9e07fd81ec07bc700484) --- source4/setup/newuser | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index cf2c7b8382..c114338d27 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -16,7 +16,7 @@ options = GetOptions(ARGV, 'quiet'); if (options == undefined) { - println("Failed to parse options: " + options.ERROR); + println("Failed to parse options"); return -1; } @@ -56,6 +56,7 @@ if (options['username'] == undefined) { ShowHelp(); } if (options['password'] == undefined) { + random_init(local); options.password = randpass(12); printf("chose random password %s\n", options.password); } -- cgit From 372ca26b2052e267711a45c8bf341f55505f3f8f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Oct 2005 03:47:55 +0000 Subject: r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5 authentication. This pulls the creating of the keytab back to the credentials code, and removes the special case of 'use keberos keytab = yes' for now. This allows (and requires) the callers to specify the credentials for the server credentails to GENSEC. This allows kpasswdd (soon to be added) to use a different set of kerberos credentials. The 'use kerberos keytab' code will be moved into the credentials layer, as the layers below now expect a keytab. We also now allow for the old secret to be stored into the credentials, allowing service password changes. Andrew Bartlett (This used to be commit 205f77c579ac8680c85f713a76de5767189c627b) --- source4/setup/secrets.ldif | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 3dcb82dbdd..eccb768db5 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -35,3 +35,16 @@ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} + +dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals +objectClass: top +objectClass: secret +flatname: ${DOMAIN} +realm: ${REALM} +secret: ${KRBTGTPASS} +sAMAccountName: krbtgt +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +msDS-KeyVersionNumber: 1 +objectSid: ${DOMAINSID} +servicePrincipalName: kadmin/changepw -- cgit From 4c4fbda7dac6f63758adb5ef5c88c98426dd7c8e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Oct 2005 05:09:14 +0000 Subject: r11208: Add DNS entries for finding the kpasswd server to the default zone. Andrew Bartlett (This used to be commit 7e01ff11fdcd70b54e30b438076bf1293638c61e) --- source4/setup/provision.zone | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index 40cb78fd55..2994c15de3 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -30,3 +30,10 @@ _kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} _kerberos._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} _kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} _kerberos._udp IN SRV 0 100 88 ${HOSTNAME} +; +; kpasswd +_kpasswd._tcp IN SRV 0 100 464 ${HOSTNAME} +_kpasswd._udp IN SRV 0 100 464 ${HOSTNAME} +; +; heimdal 'find realm for host' hack +_kerberos IN TXT ${REALM} -- cgit From d820c353dc45970d4648d9ff0b909366f8f00812 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Oct 2005 10:21:04 +0000 Subject: r11218: Always return the mutual authentication reply (needed for kpasswd), and remove now duplicated unwrap_pac(). Andrew Bartlett (This used to be commit 90642d54e02e09edc96b9498e66befda20dbb68d) --- source4/setup/secrets.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index eccb768db5..c573ad3b56 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -48,3 +48,4 @@ whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw +saltPrincipal: krbtgt@${REALM} -- cgit From 17be61b7b9cff8bfc668ec1d08dc442a8ad30088 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Oct 2005 11:19:03 +0000 Subject: r11222: Small provision fixes: canonicalName is now generated, and the DC= list should be from the dnsdomain (ie lowercae). Andrew Bartlett (This used to be commit 10d692a1c216134b301b5851ce1e71ed93cc6164) --- source4/setup/provision.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 8c336b8303..42ce9027a3 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -34,7 +34,6 @@ objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE subRefs: CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} -canonicalName: ${REALM}/ dn: CN=Users,${BASEDN} objectClass: top -- cgit From 16bbafb7e862016e4c6281c32cc5b25adeae3cfc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 21 Oct 2005 01:25:55 +0000 Subject: r11239: Use ${REALM} for the realm in rootdse.ldif Add the kpasswd server to our KDC, implementing the 'original' and Microsoft versions of the protocol. This works with the Heimdal kpasswd client, but not with MIT, I think due to ordering issues. It may not be worth the pain to have this code go via GENSEC, as it is very, very tied to krb5. This gets us one step closer to joins from Apple, Samba3 and other similar implementations. Andrew Bartlett (This used to be commit ab5dbbe10a162286aa6694c7e08de43b48e34cdb) --- source4/setup/rootdse.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/rootdse.ldif b/source4/setup/rootdse.ldif index 6c74b5d631..67c49f0f26 100644 --- a/source4/setup/rootdse.ldif +++ b/source4/setup/rootdse.ldif @@ -24,7 +24,7 @@ supportedLDAPVersion: 3 highestCommittedUSN: _DYNAMIC_ supportedSASLMechanisms: GSS-SPNEGO dnsHostName: ${DNSNAME} -ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${DNSDOMAIN} +ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} isSynchronized: _DYNAMIC_ domainFunctionality: 0 -- cgit From efa01066275f752f02ed801fdb5982c9499b43f3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Oct 2005 05:16:25 +0000 Subject: r11357: Add more standard 'servicePrincaipalName' entries to our host account in provision. Andrew Bartlett (This used to be commit 8ed61562803f92eb110742ac45cff36c8fe8eca3) --- source4/setup/provision_users.ldif | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index a23943a3ef..adcd4cbfe9 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -108,6 +108,10 @@ isCriticalSystemObject: TRUE unicodePwd: ${MACHINEPASS} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: HOST/${DNSNAME}/${REALM} +servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} +servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} +servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} msDS-KeyVersionNumber: 1 -- cgit From 4764eb7a937ebd7ae5fc300dc384434c616a0662 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 4 Nov 2005 02:23:50 +0000 Subject: r11496: add a minimal ads-compatible schema into our sam.ldb setup. This is needed for mmc management of Samba4. (This used to be commit cbbce4fe403efc0b9e63052c2aa1fbb5972f2abe) --- source4/setup/provision.ldif | 2 + source4/setup/schema.ldif | 8505 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 8507 insertions(+) create mode 100644 source4/setup/schema.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 42ce9027a3..9204f685b6 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -47,6 +47,8 @@ showInAdvancedViewOnly: FALSE systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE +allowedChildClassesEffective: user +allowedChildClassesEffective: group dn: CN=Computers,${BASEDN} objectClass: top diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif new file mode 100644 index 0000000000..e7d7fcec2d --- /dev/null +++ b/source4/setup/schema.ldif @@ -0,0 +1,8505 @@ +dn: CN=sDRightsEffective,CN=Schema,CN=Configuration,${BASEDN} +cn: sDRightsEffective +name: sDRightsEffective +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sDRightsEffective +isSingleValued: TRUE +systemFlags: 134217748 +systemOnly: FALSE +schemaIDGUID: c3dbafa6-33df-11d2-98b2-0000f87a57d4 +adminDisplayName: SD-Rights-Effective +attributeID: 1.2.840.113556.1.4.1304 +attributeSyntax: 2.5.5.9 + +dn: CN=ownerBL,CN=Schema,CN=Configuration,${BASEDN} +cn: ownerBL +name: ownerBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ownerBL +isSingleValued: FALSE +linkID: 45 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: bf9679f4-0de6-11d0-a285-00aa003049e2 +adminDisplayName: ms-Exch-Owner-BL +attributeID: 1.2.840.113556.1.2.104 +attributeSyntax: 2.5.5.1 + +dn: CN=memberOf,CN=Schema,CN=Configuration,${BASEDN} +cn: memberOf +name: memberOf +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: memberOf +isSingleValued: FALSE +linkID: 3 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: bf967991-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Is-Member-Of-DL +attributeID: 1.2.840.113556.1.2.102 +attributeSyntax: 2.5.5.1 + +dn: CN=searchGuide,CN=Schema,CN=Configuration,${BASEDN} +cn: searchGuide +name: searchGuide +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: searchGuide +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a2e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Search-Guide +attributeID: 2.5.4.14 +attributeSyntax: 2.5.5.10 + +dn: CN=msDS-ReplicationEpoch,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-ReplicationEpoch +name: msDS-ReplicationEpoch +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-ReplicationEpoch +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41 +adminDisplayName: ms-DS-ReplicationEpoch +attributeID: 1.2.840.113556.1.4.1720 +attributeSyntax: 2.5.5.9 + +dn: CN=auditingPolicy,CN=Schema,CN=Configuration,${BASEDN} +cn: auditingPolicy +name: auditingPolicy +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: auditingPolicy +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 6da8a4fe-0e52-11d0-a286-00aa003049e2 +adminDisplayName: Auditing-Policy +attributeID: 1.2.840.113556.1.4.202 +attributeSyntax: 2.5.5.10 + +dn: CN=otherFacsimileTelephoneNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: otherFacsimileTelephoneNumber +name: otherFacsimileTelephoneNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherFacsimileTelephoneNumber +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0296c11d-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Phone-Fax-Other +attributeID: 1.2.840.113556.1.4.646 +attributeSyntax: 2.5.5.12 + +dn: CN=streetAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: streetAddress +name: streetAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: streetAddress +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ff84-1191-11d0-a060-00aa006c33ed +adminDisplayName: Address +attributeID: 1.2.840.113556.1.2.256 +attributeSyntax: 2.5.5.12 + +dn: CN=securityIdentifier,CN=Schema,CN=Configuration,${BASEDN} +cn: securityIdentifier +name: securityIdentifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: securityIdentifier +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a2f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Security-Identifier +attributeID: 1.2.840.113556.1.4.121 +attributeSyntax: 2.5.5.17 + +dn: CN=msDS-KeyVersionNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-KeyVersionNumber +name: msDS-KeyVersionNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-KeyVersionNumber +isSingleValued: TRUE +systemFlags: 20 +systemOnly: TRUE +schemaIDGUID: c523e9c0-33b5-4ac8-8923-b57b927f42f6 +adminDisplayName: ms-DS-KeyVersionNumber +attributeID: 1.2.840.113556.1.4.1782 +attributeSyntax: 2.5.5.9 + +dn: CN=accountNameHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: accountNameHistory +name: accountNameHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: accountNameHistory +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 031952ec-3b72-11d2-90cc-00c04fd91ab1 +adminDisplayName: Account-Name-History +attributeID: 1.2.840.113556.1.4.1307 +attributeSyntax: 2.5.5.12 + +dn: CN=preferredLanguage,CN=Schema,CN=Configuration,${BASEDN} +cn: preferredLanguage +name: preferredLanguage +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: preferredLanguage +isSingleValued: TRUE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d +adminDisplayName: preferredLanguage +attributeID: 2.16.840.1.113730.3.1.39 +attributeSyntax: 2.5.5.12 + +dn: CN=userSharedFolderOther,CN=Schema,CN=Configuration,${BASEDN} +cn: userSharedFolderOther +name: userSharedFolderOther +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userSharedFolderOther +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1 +adminDisplayName: User-Shared-Folder-Other +attributeID: 1.2.840.113556.1.4.752 +attributeSyntax: 2.5.5.12 + +dn: CN=userSharedFolder,CN=Schema,CN=Configuration,${BASEDN} +cn: userSharedFolder +name: userSharedFolder +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userSharedFolder +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1 +adminDisplayName: User-Shared-Folder +attributeID: 1.2.840.113556.1.4.751 +attributeSyntax: 2.5.5.12 + +dn: CN=mSMQDigestsMig,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQDigestsMig +name: mSMQDigestsMig +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQDigestsMig +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1 +adminDisplayName: MSMQ-Digests-Mig +attributeID: 1.2.840.113556.1.4.966 +attributeSyntax: 2.5.5.10 + +dn: CN=legacyExchangeDN,CN=Schema,CN=Configuration,${BASEDN} +cn: legacyExchangeDN +name: legacyExchangeDN +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: legacyExchangeDN +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 28630ebc-41d5-11d1-a9c1-0000f80367c1 +adminDisplayName: Legacy-Exchange-DN +attributeID: 1.2.840.113556.1.4.655 +attributeSyntax: 2.5.5.4 + +dn: CN=wellKnownObjects,CN=Schema,CN=Configuration,${BASEDN} +cn: wellKnownObjects +name: wellKnownObjects +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: wellKnownObjects +isSingleValued: FALSE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: 05308983-7688-11d1-aded-00c04fd8d5cd +adminDisplayName: Well-Known-Objects +attributeID: 1.2.840.113556.1.4.618 +attributeSyntax: 2.5.5.7 + +dn: CN=name,CN=Schema,CN=Configuration,${BASEDN} +cn: name +name: name +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: name +isSingleValued: TRUE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: bf967a0e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: RDN +attributeID: 1.2.840.113556.1.4.1 +attributeSyntax: 2.5.5.12 + +dn: CN=nonSecurityMemberBL,CN=Schema,CN=Configuration,${BASEDN} +cn: nonSecurityMemberBL +name: nonSecurityMemberBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nonSecurityMemberBL +isSingleValued: FALSE +linkID: 51 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 52458019-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Non-Security-Member-BL +attributeID: 1.2.840.113556.1.4.531 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-ReplAttributeMetaData,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-ReplAttributeMetaData +name: msDS-ReplAttributeMetaData +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-ReplAttributeMetaData +isSingleValued: FALSE +systemFlags: 20 +systemOnly: FALSE +schemaIDGUID: d7c53242-724e-4c39-9d4c-2df8c9d66c7a +adminDisplayName: ms-DS-Repl-Attribute-Meta-Data +attributeID: 1.2.840.113556.1.4.1707 +attributeSyntax: 2.5.5.12 + +dn: CN=dNReferenceUpdate,CN=Schema,CN=Configuration,${BASEDN} +cn: dNReferenceUpdate +name: dNReferenceUpdate +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dNReferenceUpdate +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 2df90d86-009f-11d2-aa4c-00c04fd7d83a +adminDisplayName: DN-Reference-Update +attributeID: 1.2.840.113556.1.4.1242 +attributeSyntax: 2.5.5.1 + +dn: CN=gPOptions,CN=Schema,CN=Configuration,${BASEDN} +cn: gPOptions +name: gPOptions +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: gPOptions +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f30e3bbf-9ff0-11d1-b603-0000f80367c1 +adminDisplayName: GP-Options +attributeID: 1.2.840.113556.1.4.892 +attributeSyntax: 2.5.5.9 + +dn: CN=msDS-PerUserTrustTombstonesQuota,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-PerUserTrustTombstonesQuota +name: msDS-PerUserTrustTombstonesQuota +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-PerUserTrustTombstonesQuota +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b +adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota +attributeID: 1.2.840.113556.1.4.1790 +attributeSyntax: 2.5.5.9 + +dn: CN=pager,CN=Schema,CN=Configuration,${BASEDN} +cn: pager +name: pager +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: pager +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ffa6-1191-11d0-a060-00aa006c33ed +adminDisplayName: Phone-Pager-Primary +attributeID: 0.9.2342.19200300.100.1.42 +attributeSyntax: 2.5.5.12 + +dn: CN=siteGUID,CN=Schema,CN=Configuration,${BASEDN} +cn: siteGUID +name: siteGUID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: siteGUID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e978924-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Site-GUID +attributeID: 1.2.840.113556.1.4.362 +attributeSyntax: 2.5.5.10 + +dn: CN=msDS-AzScriptEngineCacheMax,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzScriptEngineCacheMax +name: msDS-AzScriptEngineCacheMax +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzScriptEngineCacheMax +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8 +adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max +attributeID: 1.2.840.113556.1.4.1796 +attributeSyntax: 2.5.5.9 + +dn: CN=tokenGroupsNoGCAcceptable,CN=Schema,CN=Configuration,${BASEDN} +cn: tokenGroupsNoGCAcceptable +name: tokenGroupsNoGCAcceptable +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: tokenGroupsNoGCAcceptable +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: FALSE +schemaIDGUID: 040fc392-33df-11d2-98b2-0000f87a57d4 +adminDisplayName: Token-Groups-No-GC-Acceptable +attributeID: 1.2.840.113556.1.4.1303 +attributeSyntax: 2.5.5.17 + +dn: CN=tokenGroupsGlobalAndUniversal,CN=Schema,CN=Configuration,${BASEDN} +cn: tokenGroupsGlobalAndUniversal +name: tokenGroupsGlobalAndUniversal +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: tokenGroupsGlobalAndUniversal +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: FALSE +schemaIDGUID: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2 +adminDisplayName: Token-Groups-Global-And-Universal +attributeID: 1.2.840.113556.1.4.1418 +attributeSyntax: 2.5.5.17 + +dn: CN=altSecurityIdentities,CN=Schema,CN=Configuration,${BASEDN} +cn: altSecurityIdentities +name: altSecurityIdentities +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: altSecurityIdentities +isSingleValued: FALSE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 00fbf30c-91fe-11d1-aebc-0000f80367c1 +adminDisplayName: Alt-Security-Identities +attributeID: 1.2.840.113556.1.4.867 +attributeSyntax: 2.5.5.12 + +dn: CN=labeledURI,CN=Schema,CN=Configuration,${BASEDN} +cn: labeledURI +name: labeledURI +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: labeledURI +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: c569bb46-c680-44bc-a273-e6c227d71b45 +adminDisplayName: labeledURI +attributeID: 1.3.6.1.4.1.250.1.57 +attributeSyntax: 2.5.5.12 + +dn: CN=pwdLastSet,CN=Schema,CN=Configuration,${BASEDN} +cn: pwdLastSet +name: pwdLastSet +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: pwdLastSet +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a0a-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Pwd-Last-Set +attributeID: 1.2.840.113556.1.4.96 +attributeSyntax: 2.5.5.16 + +dn: CN=objectClasses,CN=Schema,CN=Configuration,${BASEDN} +cn: objectClasses +name: objectClasses +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: objectClasses +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Object-Classes +attributeID: 2.5.21.6 +attributeSyntax: 2.5.5.12 + +dn: CN=siteObject,CN=Schema,CN=Configuration,${BASEDN} +cn: siteObject +name: siteObject +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: siteObject +isSingleValued: TRUE +linkID: 46 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e10944c-c354-11d0-aff8-0000f80367c1 +adminDisplayName: Site-Object +attributeID: 1.2.840.113556.1.4.512 +attributeSyntax: 2.5.5.1 + +dn: CN=isPrivilegeHolder,CN=Schema,CN=Configuration,${BASEDN} +cn: isPrivilegeHolder +name: isPrivilegeHolder +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: isPrivilegeHolder +isSingleValued: FALSE +linkID: 71 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 19405b9c-3cfa-11d1-a9c0-0000f80367c1 +adminDisplayName: Is-Privilege-Holder +attributeID: 1.2.840.113556.1.4.638 +attributeSyntax: 2.5.5.1 + +dn: CN=dnsRoot,CN=Schema,CN=Configuration,${BASEDN} +cn: dnsRoot +name: dnsRoot +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dnsRoot +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967959-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Dns-Root +attributeID: 1.2.840.113556.1.4.28 +attributeSyntax: 2.5.5.12 + +dn: CN=modifiedCount,CN=Schema,CN=Configuration,${BASEDN} +cn: modifiedCount +name: modifiedCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: modifiedCount +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: bf9679c5-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Modified-Count +attributeID: 1.2.840.113556.1.4.168 +attributeSyntax: 2.5.5.16 + +dn: CN=internationalISDNNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: internationalISDNNumber +name: internationalISDNNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: internationalISDNNumber +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96798d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: International-ISDN-Number +attributeID: 2.5.4.25 +attributeSyntax: 2.5.5.6 + +dn: CN=businessCategory,CN=Schema,CN=Configuration,${BASEDN} +cn: businessCategory +name: businessCategory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: businessCategory +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967931-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Business-Category +attributeID: 2.5.4.15 +attributeSyntax: 2.5.5.12 + +dn: CN=houseIdentifier,CN=Schema,CN=Configuration,${BASEDN} +cn: houseIdentifier +name: houseIdentifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: houseIdentifier +isSingleValued: FALSE +systemOnly: FALSE +schemaIDGUID: a45398b7-c44a-4eb6-82d3-13c10946dbfe +adminDisplayName: houseIdentifier +attributeID: 2.5.4.51 +attributeSyntax: 2.5.5.12 + +dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +cn: middleName +name: middleName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: middleName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Other-Name +attributeID: 2.16.840.1.113730.3.1.34 +attributeSyntax: 2.5.5.12 + +dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN} +cn: replTopologyStayOfExecution +name: replTopologyStayOfExecution +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: replTopologyStayOfExecution +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 7bfdcb83-4807-11d1-a9c3-0000f80367c1 +adminDisplayName: Repl-Topology-Stay-Of-Execution +attributeID: 1.2.840.113556.1.4.677 +attributeSyntax: 2.5.5.9 + +dn: CN=netbootGUID,CN=Schema,CN=Configuration,${BASEDN} +cn: netbootGUID +name: netbootGUID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: netbootGUID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e978921-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Netboot-GUID +attributeID: 1.2.840.113556.1.4.359 +attributeSyntax: 2.5.5.10 + +dn: CN=rDNAttID,CN=Schema,CN=Configuration,${BASEDN} +cn: rDNAttID +name: rDNAttID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: rDNAttID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a0f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: RDN-Att-ID +attributeID: 1.2.840.113556.1.2.26 +attributeSyntax: 2.5.5.2 + +dn: CN=mayContain,CN=Schema,CN=Configuration,${BASEDN} +cn: mayContain +name: mayContain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mayContain +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679bf-0de6-11d0-a285-00aa003049e2 +adminDisplayName: May-Contain +attributeID: 1.2.840.113556.1.2.25 +attributeSyntax: 2.5.5.2 + +dn: CN=serverReferenceBL,CN=Schema,CN=Configuration,${BASEDN} +cn: serverReferenceBL +name: serverReferenceBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: serverReferenceBL +isSingleValued: FALSE +linkID: 95 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 26d9736e-6070-11d1-a9c6-0000f80367c1 +adminDisplayName: Server-Reference-BL +attributeID: 1.2.840.113556.1.4.516 +attributeSyntax: 2.5.5.1 + +dn: CN=createTimeStamp,CN=Schema,CN=Configuration,${BASEDN} +cn: createTimeStamp +name: createTimeStamp +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: createTimeStamp +isSingleValued: TRUE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 2df90d73-009f-11d2-aa4c-00c04fd7d83a +adminDisplayName: Create-Time-Stamp +attributeID: 2.5.18.1 +attributeSyntax: 2.5.5.11 + +dn: CN=attributeDisplayNames,CN=Schema,CN=Configuration,${BASEDN} +cn: attributeDisplayNames +name: attributeDisplayNames +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: attributeDisplayNames +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: cb843f80-48d9-11d1-a9c3-0000f80367c1 +adminDisplayName: Attribute-Display-Names +attributeID: 1.2.840.113556.1.4.748 +attributeSyntax: 2.5.5.12 + +dn: CN=adminContextMenu,CN=Schema,CN=Configuration,${BASEDN} +cn: adminContextMenu +name: adminContextMenu +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: adminContextMenu +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 553fd038-f32e-11d0-b0bc-00c04fd8dca6 +adminDisplayName: Admin-Context-Menu +attributeID: 1.2.840.113556.1.4.614 +attributeSyntax: 2.5.5.12 + +dn: CN=lSAModifiedCount,CN=Schema,CN=Configuration,${BASEDN} +cn: lSAModifiedCount +name: lSAModifiedCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lSAModifiedCount +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679ae-0de6-11d0-a285-00aa003049e2 +adminDisplayName: LSA-Modified-Count +attributeID: 1.2.840.113556.1.4.67 +attributeSyntax: 2.5.5.16 + +dn: CN=lSACreationTime,CN=Schema,CN=Configuration,${BASEDN} +cn: lSACreationTime +name: lSACreationTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lSACreationTime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679ad-0de6-11d0-a285-00aa003049e2 +adminDisplayName: LSA-Creation-Time +attributeID: 1.2.840.113556.1.4.66 +attributeSyntax: 2.5.5.16 + +dn: CN=serverState,CN=Schema,CN=Configuration,${BASEDN} +cn: serverState +name: serverState +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: serverState +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: bf967a34-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Server-State +attributeID: 1.2.840.113556.1.4.154 +attributeSyntax: 2.5.5.9 + +dn: CN=supplementalCredentials,CN=Schema,CN=Configuration,${BASEDN} +cn: supplementalCredentials +name: supplementalCredentials +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: supplementalCredentials +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a3f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Supplemental-Credentials +attributeID: 1.2.840.113556.1.4.125 +attributeSyntax: 2.5.5.10 + +dn: CN=lDAPDisplayName,CN=Schema,CN=Configuration,${BASEDN} +cn: lDAPDisplayName +name: lDAPDisplayName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lDAPDisplayName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96799a-0de6-11d0-a285-00aa003049e2 +adminDisplayName: LDAP-Display-Name +attributeID: 1.2.840.113556.1.2.460 +attributeSyntax: 2.5.5.12 + +dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,${BASEDN} +cn: msNPSavedCallingStationID +name: msNPSavedCallingStationID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msNPSavedCallingStationID +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c908e-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msNPSavedCallingStationID +attributeID: 1.2.840.113556.1.4.1130 +attributeSyntax: 2.5.5.5 + +dn: CN=flags,CN=Schema,CN=Configuration,${BASEDN} +cn: flags +name: flags +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: flags +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967976-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Flags +attributeID: 1.2.840.113556.1.4.38 +attributeSyntax: 2.5.5.9 + +dn: CN=createWizardExt,CN=Schema,CN=Configuration,${BASEDN} +cn: createWizardExt +name: createWizardExt +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: createWizardExt +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2b09958b-8931-11d1-aebc-0000f80367c1 +adminDisplayName: Create-Wizard-Ext +attributeID: 1.2.840.113556.1.4.812 +attributeSyntax: 2.5.5.12 + +dn: CN=dMDLocation,CN=Schema,CN=Configuration,${BASEDN} +cn: dMDLocation +name: dMDLocation +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dMDLocation +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: f0f8ff8b-1191-11d0-a060-00aa006c33ed +adminDisplayName: DMD-Location +attributeID: 1.2.840.113556.1.2.36 +attributeSyntax: 2.5.5.1 + +dn: CN=msExchHouseIdentifier,CN=Schema,CN=Configuration,${BASEDN} +cn: msExchHouseIdentifier +name: msExchHouseIdentifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msExchHouseIdentifier +isSingleValued: TRUE +schemaIDGUID: a8df7407-c5ea-11d1-bbcb-0080c76670c0 +adminDisplayName: ms-Exch-House-Identifier +attributeID: 1.2.840.113556.1.2.596 +attributeSyntax: 2.5.5.12 + +dn: CN=otherMobile,CN=Schema,CN=Configuration,${BASEDN} +cn: otherMobile +name: otherMobile +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherMobile +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0296c11e-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Phone-Mobile-Other +attributeID: 1.2.840.113556.1.4.647 +attributeSyntax: 2.5.5.12 + +dn: CN=generationQualifier,CN=Schema,CN=Configuration,${BASEDN} +cn: generationQualifier +name: generationQualifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: generationQualifier +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 16775804-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: Generation-Qualifier +attributeID: 2.5.4.44 +attributeSyntax: 2.5.5.12 + +dn: CN=dSHeuristics,CN=Schema,CN=Configuration,${BASEDN} +cn: dSHeuristics +name: dSHeuristics +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dSHeuristics +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ff86-1191-11d0-a060-00aa006c33ed +adminDisplayName: DS-Heuristics +attributeID: 1.2.840.113556.1.2.212 +attributeSyntax: 2.5.5.12 + +dn: CN=serialNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: serialNumber +name: serialNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: serialNumber +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a32-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Serial-Number +attributeID: 2.5.4.5 +attributeSyntax: 2.5.5.5 + +dn: CN=msDS-Settings,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Settings +name: msDS-Settings +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Settings +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21 +adminDisplayName: ms-DS-Settings +attributeID: 1.2.840.113556.1.4.1697 +attributeSyntax: 2.5.5.12 + +dn: CN=operatorCount,CN=Schema,CN=Configuration,${BASEDN} +cn: operatorCount +name: operatorCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: operatorCount +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679ee-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Operator-Count +attributeID: 1.2.840.113556.1.4.144 +attributeSyntax: 2.5.5.9 + +dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: msRADIUSFramedIPAddress +name: msRADIUSFramedIPAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msRADIUSFramedIPAddress +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c90a4-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msRADIUSFramedIPAddress +attributeID: 1.2.840.113556.1.4.1153 +attributeSyntax: 2.5.5.9 + +dn: CN=homeDrive,CN=Schema,CN=Configuration,${BASEDN} +cn: homeDrive +name: homeDrive +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: homeDrive +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967986-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Home-Drive +attributeID: 1.2.840.113556.1.4.45 +attributeSyntax: 2.5.5.12 + +dn: CN=attributeTypes,CN=Schema,CN=Configuration,${BASEDN} +cn: attributeTypes +name: attributeTypes +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: attributeTypes +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad944-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Attribute-Types +attributeID: 2.5.21.5 +attributeSyntax: 2.5.5.12 + +dn: CN=objectClass,CN=Schema,CN=Configuration,${BASEDN} +cn: objectClass +name: objectClass +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: objectClass +isSingleValued: FALSE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: bf9679e5-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Object-Class +attributeID: 2.5.4.0 +attributeSyntax: 2.5.5.2 + +dn: CN=possibleInferiors,CN=Schema,CN=Configuration,${BASEDN} +cn: possibleInferiors +name: possibleInferiors +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: possibleInferiors +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Possible-Inferiors +attributeID: 1.2.840.113556.1.4.915 +attributeSyntax: 2.5.5.2 + +dn: CN=msDS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Approx-Immed-Subordinates +name: msDS-Approx-Immed-Subordinates +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Approx-Immed-Subordinates +isSingleValued: TRUE +systemFlags: 20 +systemOnly: TRUE +schemaIDGUID: e185d243-f6ce-4adb-b496-b0c005d7823c +adminDisplayName: ms-DS-Approx-Immed-Subordinates +attributeID: 1.2.840.113556.1.4.1669 +attributeSyntax: 2.5.5.9 + +dn: CN=msDS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Replication-Notify-Subsequent-DSA-Delay +name: msDS-Replication-Notify-Subsequent-DSA-Delay +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6 +adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay +attributeID: 1.2.840.113556.1.4.1664 +attributeSyntax: 2.5.5.9 + +dn: CN=createDialog,CN=Schema,CN=Configuration,${BASEDN} +cn: createDialog +name: createDialog +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: createDialog +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2b09958a-8931-11d1-aebc-0000f80367c1 +adminDisplayName: Create-Dialog +attributeID: 1.2.840.113556.1.4.810 +attributeSyntax: 2.5.5.12 + +dn: CN=queryPolicyObject,CN=Schema,CN=Configuration,${BASEDN} +cn: queryPolicyObject +name: queryPolicyObject +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: queryPolicyObject +isSingleValued: TRUE +linkID: 68 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: e1aea403-cd5b-11d0-afff-0000f80367c1 +adminDisplayName: Query-Policy-Object +attributeID: 1.2.840.113556.1.4.607 +attributeSyntax: 2.5.5.1 + +dn: CN=fRSRootPath,CN=Schema,CN=Configuration,${BASEDN} +cn: fRSRootPath +name: fRSRootPath +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: fRSRootPath +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 1be8f174-a9ff-11d0-afe2-00c04fd930c9 +adminDisplayName: FRS-Root-Path +attributeID: 1.2.840.113556.1.4.487 +attributeSyntax: 2.5.5.12 + +dn: CN=ou,CN=Schema,CN=Configuration,${BASEDN} +cn: ou +name: ou +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ou +isSingleValued: FALSE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf9679f0-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Organizational-Unit-Name +attributeID: 2.5.4.11 +attributeSyntax: 2.5.5.12 + +dn: CN=telexNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: telexNumber +name: telexNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: telexNumber +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a4b-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Telex-Number +attributeID: 2.5.4.21 +attributeSyntax: 2.5.5.10 + +dn: CN=homePostalAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: homePostalAddress +name: homePostalAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: homePostalAddress +isSingleValued: TRUE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 16775781-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: Address-Home +attributeID: 1.2.840.113556.1.2.617 +attributeSyntax: 2.5.5.12 + +dn: CN=assistant,CN=Schema,CN=Configuration,${BASEDN} +cn: assistant +name: assistant +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: assistant +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0296c11c-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Assistant +attributeID: 1.2.840.113556.1.4.652 +attributeSyntax: 2.5.5.1 + +dn: CN=netbootMachineFilePath,CN=Schema,CN=Configuration,${BASEDN} +cn: netbootMachineFilePath +name: netbootMachineFilePath +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: netbootMachineFilePath +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e978923-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Netboot-Machine-File-Path +attributeID: 1.2.840.113556.1.4.361 +attributeSyntax: 2.5.5.12 + +dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,${BASEDN} +cn: x500uniqueIdentifier +name: x500uniqueIdentifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: x500uniqueIdentifier +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: d07da11f-8a3d-42b6-b0aa-76c962be719a +adminDisplayName: x500uniqueIdentifier +attributeID: 2.5.4.45 +attributeSyntax: 2.5.5.10 + +dn: CN=dBCSPwd,CN=Schema,CN=Configuration,${BASEDN} +cn: dBCSPwd +name: dBCSPwd +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dBCSPwd +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96799c-0de6-11d0-a285-00aa003049e2 +adminDisplayName: DBCS-Pwd +attributeID: 1.2.840.113556.1.4.55 +attributeSyntax: 2.5.5.10 + +dn: CN=prefixMap,CN=Schema,CN=Configuration,${BASEDN} +cn: prefixMap +name: prefixMap +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: prefixMap +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 52458022-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Prefix-Map +attributeID: 1.2.840.113556.1.4.538 +attributeSyntax: 2.5.5.10 + +dn: CN=msDS-MembersForAzRoleBL,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-MembersForAzRoleBL +name: msDS-MembersForAzRoleBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-MembersForAzRoleBL +isSingleValued: FALSE +linkID: 2017 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: ececcd20-a7e0-4688-9ccf-02ece5e287f5 +adminDisplayName: MS-DS-Members-For-Az-Role-BL +attributeID: 1.2.840.113556.1.4.1807 +attributeSyntax: 2.5.5.1 + +dn: CN=lastKnownParent,CN=Schema,CN=Configuration,${BASEDN} +cn: lastKnownParent +name: lastKnownParent +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lastKnownParent +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 52ab8670-5709-11d1-a9c6-0000f80367c1 +adminDisplayName: Last-Known-Parent +attributeID: 1.2.840.113556.1.4.781 +attributeSyntax: 2.5.5.1 + +dn: CN=fSMORoleOwner,CN=Schema,CN=Configuration,${BASEDN} +cn: fSMORoleOwner +name: fSMORoleOwner +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: fSMORoleOwner +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 66171887-8f3c-11d0-afda-00c04fd930c9 +adminDisplayName: FSMO-Role-Owner +attributeID: 1.2.840.113556.1.4.369 +attributeSyntax: 2.5.5.1 + +dn: CN=retiredReplDSASignatures,CN=Schema,CN=Configuration,${BASEDN} +cn: retiredReplDSASignatures +name: retiredReplDSASignatures +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: retiredReplDSASignatures +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1 +adminDisplayName: Retired-Repl-DSA-Signatures +attributeID: 1.2.840.113556.1.4.673 +attributeSyntax: 2.5.5.10 + +dn: CN=networkAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: networkAddress +name: networkAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: networkAddress +isSingleValued: FALSE +systemOnly: FALSE +schemaIDGUID: bf9679d9-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Network-Address +attributeID: 1.2.840.113556.1.2.459 +attributeSyntax: 2.5.5.4 + +dn: CN=schemaVersion,CN=Schema,CN=Configuration,${BASEDN} +cn: schemaVersion +name: schemaVersion +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: schemaVersion +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a2c-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Schema-Version +attributeID: 1.2.840.113556.1.2.471 +attributeSyntax: 2.5.5.9 + +dn: CN=possSuperiors,CN=Schema,CN=Configuration,${BASEDN} +cn: possSuperiors +name: possSuperiors +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: possSuperiors +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679fa-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Poss-Superiors +attributeID: 1.2.840.113556.1.2.8 +attributeSyntax: 2.5.5.2 + +dn: CN=defaultSecurityDescriptor,CN=Schema,CN=Configuration,${BASEDN} +cn: defaultSecurityDescriptor +name: defaultSecurityDescriptor +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: defaultSecurityDescriptor +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 807a6d30-1669-11d0-a064-00aa006c33ed +adminDisplayName: Default-Security-Descriptor +attributeID: 1.2.840.113556.1.4.224 +attributeSyntax: 2.5.5.12 + +dn: CN=userSMIMECertificate,CN=Schema,CN=Configuration,${BASEDN} +cn: userSMIMECertificate +name: userSMIMECertificate +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userSMIMECertificate +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: e16a9db2-403c-11d1-a9c0-0000f80367c1 +adminDisplayName: User-SMIME-Certificate +attributeID: 2.16.840.1.113730.3.140 +attributeSyntax: 2.5.5.10 + +dn: CN=userPKCS12,CN=Schema,CN=Configuration,${BASEDN} +cn: userPKCS12 +name: userPKCS12 +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userPKCS12 +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 23998ab5-70f8-4007-a4c1-a84a38311f9a +adminDisplayName: userPKCS12 +attributeID: 2.16.840.1.113730.3.1.216 +attributeSyntax: 2.5.5.10 + +dn: CN=userAccountControl,CN=Schema,CN=Configuration,${BASEDN} +cn: userAccountControl +name: userAccountControl +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userAccountControl +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf967a68-0de6-11d0-a285-00aa003049e2 +adminDisplayName: User-Account-Control +attributeID: 1.2.840.113556.1.4.8 +attributeSyntax: 2.5.5.9 + +dn: CN=terminalServer,CN=Schema,CN=Configuration,${BASEDN} +cn: terminalServer +name: terminalServer +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: terminalServer +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 6db69a1c-9422-11d1-aebd-0000f80367c1 +adminDisplayName: Terminal-Server +attributeID: 1.2.840.113556.1.4.885 +attributeSyntax: 2.5.5.10 + +dn: CN=accountExpires,CN=Schema,CN=Configuration,${BASEDN} +cn: accountExpires +name: accountExpires +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: accountExpires +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967915-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Account-Expires +attributeID: 1.2.840.113556.1.4.159 +attributeSyntax: 2.5.5.16 + +dn: CN=groupType,CN=Schema,CN=Configuration,${BASEDN} +cn: groupType +name: groupType +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: groupType +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1 +adminDisplayName: Group-Type +attributeID: 1.2.840.113556.1.4.750 +attributeSyntax: 2.5.5.9 + +dn: CN=nTGroupMembers,CN=Schema,CN=Configuration,${BASEDN} +cn: nTGroupMembers +name: nTGroupMembers +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nTGroupMembers +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679df-0de6-11d0-a285-00aa003049e2 +adminDisplayName: NT-Group-Members +attributeID: 1.2.840.113556.1.4.89 +attributeSyntax: 2.5.5.10 + +dn: CN=url,CN=Schema,CN=Configuration,${BASEDN} +cn: url +name: url +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: url +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1 +adminDisplayName: WWW-Page-Other +attributeID: 1.2.840.113556.1.4.749 +attributeSyntax: 2.5.5.12 + +dn: CN=revision,CN=Schema,CN=Configuration,${BASEDN} +cn: revision +name: revision +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: revision +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a21-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Revision +attributeID: 1.2.840.113556.1.4.145 +attributeSyntax: 2.5.5.9 + +dn: CN=objectVersion,CN=Schema,CN=Configuration,${BASEDN} +cn: objectVersion +name: objectVersion +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: objectVersion +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 16775848-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: Object-Version +attributeID: 1.2.840.113556.1.2.76 +attributeSyntax: 2.5.5.9 + +dn: CN=msDS-NCReplInboundNeighbors,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-NCReplInboundNeighbors +name: msDS-NCReplInboundNeighbors +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-NCReplInboundNeighbors +isSingleValued: FALSE +systemFlags: 20 +systemOnly: FALSE +schemaIDGUID: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796 +adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors +attributeID: 1.2.840.113556.1.4.1705 +attributeSyntax: 2.5.5.12 + +dn: CN=msCOM-UserLink,CN=Schema,CN=Configuration,${BASEDN} +cn: msCOM-UserLink +name: msCOM-UserLink +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msCOM-UserLink +isSingleValued: FALSE +linkID: 1049 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 9e6f3a4d-242c-4f37-b068-36b57f9fc852 +adminDisplayName: ms-COM-UserLink +attributeID: 1.2.840.113556.1.4.1425 +attributeSyntax: 2.5.5.1 + +dn: CN=masteredBy,CN=Schema,CN=Configuration,${BASEDN} +cn: masteredBy +name: masteredBy +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: masteredBy +isSingleValued: FALSE +linkID: 77 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: e48e64e0-12c9-11d3-9102-00c04fd91ab1 +adminDisplayName: Mastered-By +attributeID: 1.2.840.113556.1.4.1409 +attributeSyntax: 2.5.5.1 + +dn: CN=canonicalName,CN=Schema,CN=Configuration,${BASEDN} +cn: canonicalName +name: canonicalName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: canonicalName +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad945-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Canonical-Name +attributeID: 1.2.840.113556.1.4.916 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-NC-Replica-Locations,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-NC-Replica-Locations +name: msDS-NC-Replica-Locations +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-NC-Replica-Locations +isSingleValued: FALSE +linkID: 1044 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 97de9615-b537-46bc-ac0f-10720f3909f3 +adminDisplayName: ms-DS-NC-Replica-Locations +attributeID: 1.2.840.113556.1.4.1661 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-UpdateScript,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-UpdateScript +name: msDS-UpdateScript +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-UpdateScript +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 146eb639-bb9f-4fc1-a825-e29e00c77920 +adminDisplayName: ms-DS-UpdateScript +attributeID: 1.2.840.113556.1.4.1721 +attributeSyntax: 2.5.5.12 + +dn: CN=nextRid,CN=Schema,CN=Configuration,${BASEDN} +cn: nextRid +name: nextRid +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nextRid +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679db-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Next-Rid +attributeID: 1.2.840.113556.1.4.88 +attributeSyntax: 2.5.5.9 + +dn: CN=x121Address,CN=Schema,CN=Configuration,${BASEDN} +cn: x121Address +name: x121Address +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: x121Address +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a7b-0de6-11d0-a285-00aa003049e2 +adminDisplayName: X121-Address +attributeID: 2.5.4.24 +attributeSyntax: 2.5.5.6 + +dn: CN=userPassword,CN=Schema,CN=Configuration,${BASEDN} +cn: userPassword +name: userPassword +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userPassword +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a6e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: User-Password +attributeID: 2.5.4.35 +attributeSyntax: 2.5.5.10 + +dn: CN=telephoneNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: telephoneNumber +name: telephoneNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: telephoneNumber +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a49-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Telephone-Number +attributeID: 2.5.4.20 +attributeSyntax: 2.5.5.12 + +dn: CN=department,CN=Schema,CN=Configuration,${BASEDN} +cn: department +name: department +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: department +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96794f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Department +attributeID: 1.2.840.113556.1.2.141 +attributeSyntax: 2.5.5.12 + +dn: CN=policyReplicationFlags,CN=Schema,CN=Configuration,${BASEDN} +cn: policyReplicationFlags +name: policyReplicationFlags +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: policyReplicationFlags +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 19405b96-3cfa-11d1-a9c0-0000f80367c1 +adminDisplayName: Policy-Replication-Flags +attributeID: 1.2.840.113556.1.4.633 +attributeSyntax: 2.5.5.9 + +dn: CN=applicationName,CN=Schema,CN=Configuration,${BASEDN} +cn: applicationName +name: applicationName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: applicationName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: dd712226-10e4-11d0-a05f-00aa006c33ed +adminDisplayName: Application-Name +attributeID: 1.2.840.113556.1.4.218 +attributeSyntax: 2.5.5.12 + +dn: CN=systemMayContain,CN=Schema,CN=Configuration,${BASEDN} +cn: systemMayContain +name: systemMayContain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: systemMayContain +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a44-0de6-11d0-a285-00aa003049e2 +adminDisplayName: System-May-Contain +attributeID: 1.2.840.113556.1.4.196 +attributeSyntax: 2.5.5.2 + +dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,${BASEDN} +cn: msRASSavedFramedRoute +name: msRASSavedFramedRoute +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msRASSavedFramedRoute +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c90c7-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msRASSavedFramedRoute +attributeID: 1.2.840.113556.1.4.1191 +attributeSyntax: 2.5.5.5 + +dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: msRASSavedCallbackNumber +name: msRASSavedCallbackNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msRASSavedCallbackNumber +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c90c5-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msRASSavedCallbackNumber +attributeID: 1.2.840.113556.1.4.1189 +attributeSyntax: 2.5.5.5 + +dn: CN=domainReplica,CN=Schema,CN=Configuration,${BASEDN} +cn: domainReplica +name: domainReplica +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: domainReplica +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96795e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Domain-Replica +attributeID: 1.2.840.113556.1.4.158 +attributeSyntax: 2.5.5.12 + +dn: CN=personalTitle,CN=Schema,CN=Configuration,${BASEDN} +cn: personalTitle +name: personalTitle +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: personalTitle +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 16775858-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: Personal-Title +attributeID: 1.2.840.113556.1.2.615 +attributeSyntax: 2.5.5.12 + +dn: CN=otherMailbox,CN=Schema,CN=Configuration,${BASEDN} +cn: otherMailbox +name: otherMailbox +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherMailbox +isSingleValued: FALSE +systemOnly: FALSE +schemaIDGUID: 0296c123-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Other-Mailbox +attributeID: 1.2.840.113556.1.4.651 +attributeSyntax: 2.5.5.12 + +dn: CN=mail,CN=Schema,CN=Configuration,${BASEDN} +cn: mail +name: mail +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mail +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967961-0de6-11d0-a285-00aa003049e2 +adminDisplayName: E-mail-Addresses +attributeID: 0.9.2342.19200300.100.1.3 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-Other-Settings,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Other-Settings +name: msDS-Other-Settings +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Other-Settings +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 79d2f34c-9d7d-42bb-838f-866b3e4400e2 +adminDisplayName: ms-DS-Other-Settings +attributeID: 1.2.840.113556.1.4.1621 +attributeSyntax: 2.5.5.12 + +dn: CN=machineRole,CN=Schema,CN=Configuration,${BASEDN} +cn: machineRole +name: machineRole +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: machineRole +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679b2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Machine-Role +attributeID: 1.2.840.113556.1.4.71 +attributeSyntax: 2.5.5.9 + +dn: CN=msDS-AzDomainTimeout,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzDomainTimeout +name: msDS-AzDomainTimeout +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzDomainTimeout +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0 +adminDisplayName: MS-DS-Az-Domain-Timeout +attributeID: 1.2.840.113556.1.4.1795 +attributeSyntax: 2.5.5.9 + +dn: CN=systemAuxiliaryClass,CN=Schema,CN=Configuration,${BASEDN} +cn: systemAuxiliaryClass +name: systemAuxiliaryClass +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: systemAuxiliaryClass +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a43-0de6-11d0-a285-00aa003049e2 +adminDisplayName: System-Auxiliary-Class +attributeID: 1.2.840.113556.1.4.198 +attributeSyntax: 2.5.5.2 + +dn: CN=isDefunct,CN=Schema,CN=Configuration,${BASEDN} +cn: isDefunct +name: isDefunct +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: isDefunct +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 28630ebe-41d5-11d1-a9c1-0000f80367c1 +adminDisplayName: Is-Defunct +attributeID: 1.2.840.113556.1.4.661 +attributeSyntax: 2.5.5.8 + +dn: CN=primaryGroupID,CN=Schema,CN=Configuration,${BASEDN} +cn: primaryGroupID +name: primaryGroupID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: primaryGroupID +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf967a00-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Primary-Group-ID +attributeID: 1.2.840.113556.1.4.98 +attributeSyntax: 2.5.5.9 + +dn: CN=lmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: lmPwdHistory +name: lmPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lmPwdHistory +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96799d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Lm-Pwd-History +attributeID: 1.2.840.113556.1.4.160 +attributeSyntax: 2.5.5.10 + +dn: CN=groupMembershipSAM,CN=Schema,CN=Configuration,${BASEDN} +cn: groupMembershipSAM +name: groupMembershipSAM +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: groupMembershipSAM +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967980-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Group-Membership-SAM +attributeID: 1.2.840.113556.1.4.166 +attributeSyntax: 2.5.5.10 + +dn: CN=instanceType,CN=Schema,CN=Configuration,${BASEDN} +cn: instanceType +name: instanceType +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: instanceType +isSingleValued: TRUE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: bf96798c-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Instance-Type +attributeID: 1.2.840.113556.1.2.1 +attributeSyntax: 2.5.5.9 + +dn: CN=treatAsLeaf,CN=Schema,CN=Configuration,${BASEDN} +cn: treatAsLeaf +name: treatAsLeaf +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: treatAsLeaf +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8fd044e3-771f-11d1-aeae-0000f80367c1 +adminDisplayName: Treat-As-Leaf +attributeID: 1.2.840.113556.1.4.806 +attributeSyntax: 2.5.5.8 + +dn: CN=adminPropertyPages,CN=Schema,CN=Configuration,${BASEDN} +cn: adminPropertyPages +name: adminPropertyPages +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: adminPropertyPages +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 52458038-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Admin-Property-Pages +attributeID: 1.2.840.113556.1.4.562 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AzScopeName,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzScopeName +name: msDS-AzScopeName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzScopeName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 515a6b06-2617-4173-8099-d5605df043c6 +adminDisplayName: MS-DS-Az-Scope-Name +attributeID: 1.2.840.113556.1.4.1799 +attributeSyntax: 2.5.5.12 + +dn: CN=seeAlso,CN=Schema,CN=Configuration,${BASEDN} +cn: seeAlso +name: seeAlso +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: seeAlso +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a31-0de6-11d0-a285-00aa003049e2 +adminDisplayName: See-Also +attributeID: 2.5.4.34 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-RetiredReplNCSignatures,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-RetiredReplNCSignatures +name: msDS-RetiredReplNCSignatures +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-RetiredReplNCSignatures +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: d5b35506-19d6-4d26-9afb-11357ac99b5e +adminDisplayName: ms-DS-Retired-Repl-NC-Signatures +attributeID: 1.2.840.113556.1.4.1826 +attributeSyntax: 2.5.5.10 + +dn: CN=hasMasterNCs,CN=Schema,CN=Configuration,${BASEDN} +cn: hasMasterNCs +name: hasMasterNCs +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: hasMasterNCs +isSingleValued: FALSE +linkID: 76 +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967982-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Has-Master-NCs +attributeID: 1.2.840.113556.1.2.14 +attributeSyntax: 2.5.5.1 + +dn: CN=modifiedCountAtLastProm,CN=Schema,CN=Configuration,${BASEDN} +cn: modifiedCountAtLastProm +name: modifiedCountAtLastProm +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: modifiedCountAtLastProm +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679c6-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Modified-Count-At-Last-Prom +attributeID: 1.2.840.113556.1.4.81 +attributeSyntax: 2.5.5.16 + +dn: CN=minPwdAge,CN=Schema,CN=Configuration,${BASEDN} +cn: minPwdAge +name: minPwdAge +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: minPwdAge +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679c2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Min-Pwd-Age +attributeID: 1.2.840.113556.1.4.78 +attributeSyntax: 2.5.5.16 + +dn: CN=forceLogoff,CN=Schema,CN=Configuration,${BASEDN} +cn: forceLogoff +name: forceLogoff +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: forceLogoff +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967977-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Force-Logoff +attributeID: 1.2.840.113556.1.4.39 +attributeSyntax: 2.5.5.16 + +dn: CN=msDS-AllowedToDelegateTo,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AllowedToDelegateTo +name: msDS-AllowedToDelegateTo +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AllowedToDelegateTo +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 800d94d7-b7a1-42a1-b14d-7cae1423d07f +adminDisplayName: ms-DS-Allowed-To-Delegate-To +attributeID: 1.2.840.113556.1.4.1787 +attributeSyntax: 2.5.5.12 + +dn: CN=dNSHostName,CN=Schema,CN=Configuration,${BASEDN} +cn: dNSHostName +name: dNSHostName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dNSHostName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd +adminDisplayName: DNS-Host-Name +attributeID: 1.2.840.113556.1.4.619 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AzMinorVersion,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzMinorVersion +name: msDS-AzMinorVersion +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzMinorVersion +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: ee85ed93-b209-4788-8165-e702f51bfbf3 +adminDisplayName: MS-DS-Az-Minor-Version +attributeID: 1.2.840.113556.1.4.1825 +attributeSyntax: 2.5.5.9 + +dn: CN=systemOnly,CN=Schema,CN=Configuration,${BASEDN} +cn: systemOnly +name: systemOnly +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: systemOnly +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a46-0de6-11d0-a285-00aa003049e2 +adminDisplayName: System-Only +attributeID: 1.2.840.113556.1.4.170 +attributeSyntax: 2.5.5.8 + +dn: CN=msDS-IntId,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-IntId +name: msDS-IntId +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-IntId +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bc60096a-1b47-4b30-8877-602c93f56532 +adminDisplayName: ms-DS-IntId +attributeID: 1.2.840.113556.1.4.1716 +attributeSyntax: 2.5.5.9 + +dn: CN=badPasswordTime,CN=Schema,CN=Configuration,${BASEDN} +cn: badPasswordTime +name: badPasswordTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: badPasswordTime +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: bf96792d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Bad-Password-Time +attributeID: 1.2.840.113556.1.4.49 +attributeSyntax: 2.5.5.16 + +dn: CN=primaryGroupToken,CN=Schema,CN=Configuration,${BASEDN} +cn: primaryGroupToken +name: primaryGroupToken +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: primaryGroupToken +isSingleValued: TRUE +systemFlags: 20 +systemOnly: TRUE +schemaIDGUID: c0ed8738-7efd-4481-84d9-66d2db8be369 +adminDisplayName: Primary-Group-Token +attributeID: 1.2.840.113556.1.4.1412 +attributeSyntax: 2.5.5.9 + +dn: CN=USNIntersite,CN=Schema,CN=Configuration,${BASEDN} +cn: USNIntersite +name: USNIntersite +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: USNIntersite +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: a8df7498-c5ea-11d1-bbcb-0080c76670c0 +adminDisplayName: USN-Intersite +attributeID: 1.2.840.113556.1.2.469 +attributeSyntax: 2.5.5.9 + +dn: CN=fRSMemberReferenceBL,CN=Schema,CN=Configuration,${BASEDN} +cn: fRSMemberReferenceBL +name: fRSMemberReferenceBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: fRSMemberReferenceBL +isSingleValued: FALSE +linkID: 105 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 2a13257f-9373-11d1-aebc-0000f80367c1 +adminDisplayName: FRS-Member-Reference-BL +attributeID: 1.2.840.113556.1.4.876 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-SDReferenceDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-SDReferenceDomain +name: msDS-SDReferenceDomain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-SDReferenceDomain +isSingleValued: TRUE +linkID: 2000 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 4c51e316-f628-43a5-b06b-ffb695fcb4f3 +adminDisplayName: ms-DS-SD-Reference-Domain +attributeID: 1.2.840.113556.1.4.1711 +attributeSyntax: 2.5.5.1 + +dn: CN=lastBackupRestorationTime,CN=Schema,CN=Configuration,${BASEDN} +cn: lastBackupRestorationTime +name: lastBackupRestorationTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lastBackupRestorationTime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 1fbb0be8-ba63-11d0-afef-0000f80367c1 +adminDisplayName: Last-Backup-Restoration-Time +attributeID: 1.2.840.113556.1.4.519 +attributeSyntax: 2.5.5.16 + +dn: CN=treeName,CN=Schema,CN=Configuration,${BASEDN} +cn: treeName +name: treeName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: treeName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 28630ebd-41d5-11d1-a9c1-0000f80367c1 +adminDisplayName: Tree-Name +attributeID: 1.2.840.113556.1.4.660 +attributeSyntax: 2.5.5.12 + +dn: CN=oEMInformation,CN=Schema,CN=Configuration,${BASEDN} +cn: oEMInformation +name: oEMInformation +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: oEMInformation +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679ea-0de6-11d0-a285-00aa003049e2 +adminDisplayName: OEM-Information +attributeID: 1.2.840.113556.1.4.151 +attributeSyntax: 2.5.5.12 + +dn: CN=givenName,CN=Schema,CN=Configuration,${BASEDN} +cn: givenName +name: givenName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: givenName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ff8e-1191-11d0-a060-00aa006c33ed +adminDisplayName: Given-Name +attributeID: 2.5.4.42 +attributeSyntax: 2.5.5.12 + +dn: CN=sPNMappings,CN=Schema,CN=Configuration,${BASEDN} +cn: sPNMappings +name: sPNMappings +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sPNMappings +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2ab0e76c-7041-11d2-9905-0000f87a57d4 +adminDisplayName: SPN-Mappings +attributeID: 1.2.840.113556.1.4.1347 +attributeSyntax: 2.5.5.12 + +dn: CN=operatingSystemVersion,CN=Schema,CN=Configuration,${BASEDN} +cn: operatingSystemVersion +name: operatingSystemVersion +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: operatingSystemVersion +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e978926-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Operating-System-Version +attributeID: 1.2.840.113556.1.4.364 +attributeSyntax: 2.5.5.12 + +dn: CN=notificationList,CN=Schema,CN=Configuration,${BASEDN} +cn: notificationList +name: notificationList +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: notificationList +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 19195a56-6da0-11d0-afd3-00c04fd930c9 +adminDisplayName: Notification-List +attributeID: 1.2.840.113556.1.4.303 +attributeSyntax: 2.5.5.1 + +dn: CN=tokenGroups,CN=Schema,CN=Configuration,${BASEDN} +cn: tokenGroups +name: tokenGroups +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: tokenGroups +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: FALSE +schemaIDGUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 +adminDisplayName: Token-Groups +attributeID: 1.2.840.113556.1.4.1301 +attributeSyntax: 2.5.5.17 + +dn: CN=carLicense,CN=Schema,CN=Configuration,${BASEDN} +cn: carLicense +name: carLicense +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: carLicense +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: d4159c92-957d-4a87-8a67-8d2934e01649 +adminDisplayName: carLicense +attributeID: 2.16.840.1.113730.3.1.1 +attributeSyntax: 2.5.5.12 + +dn: CN=preferredOU,CN=Schema,CN=Configuration,${BASEDN} +cn: preferredOU +name: preferredOU +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: preferredOU +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679ff-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Preferred-OU +attributeID: 1.2.840.113556.1.4.97 +attributeSyntax: 2.5.5.1 + +dn: CN=mS-DS-CreatorSID,CN=Schema,CN=Configuration,${BASEDN} +cn: mS-DS-CreatorSID +name: mS-DS-CreatorSID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mS-DS-CreatorSID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: c5e60132-1480-11d3-91c1-0000f87a57d4 +adminDisplayName: MS-DS-Creator-SID +attributeID: 1.2.840.113556.1.4.1410 +attributeSyntax: 2.5.5.17 + +dn: CN=msDS-NonMembers,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-NonMembers +name: msDS-NonMembers +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-NonMembers +isSingleValued: FALSE +linkID: 2014 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: cafcb1de-f23c-46b5-adf7-1e64957bd5db +adminDisplayName: MS-DS-Non-Members +attributeID: 1.2.840.113556.1.4.1793 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-TasksForAzRoleBL,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-TasksForAzRoleBL +name: msDS-TasksForAzRoleBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-TasksForAzRoleBL +isSingleValued: FALSE +linkID: 2025 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: a0dcd536-5158-42fe-8c40-c00a7ad37959 +adminDisplayName: MS-DS-Tasks-For-Az-Role-BL +attributeID: 1.2.840.113556.1.4.1815 +attributeSyntax: 2.5.5.1 + +dn: CN=extensionName,CN=Schema,CN=Configuration,${BASEDN} +cn: extensionName +name: extensionName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: extensionName +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967972-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Extension-Name +attributeID: 1.2.840.113556.1.2.227 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Replication-Notify-First-DSA-Delay +name: msDS-Replication-Notify-First-DSA-Delay +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba +adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay +attributeID: 1.2.840.113556.1.4.1663 +attributeSyntax: 2.5.5.9 + +dn: CN=maxPwdAge,CN=Schema,CN=Configuration,${BASEDN} +cn: maxPwdAge +name: maxPwdAge +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: maxPwdAge +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679bb-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Max-Pwd-Age +attributeID: 1.2.840.113556.1.4.74 +attributeSyntax: 2.5.5.16 + +dn: CN=otherIpPhone,CN=Schema,CN=Configuration,${BASEDN} +cn: otherIpPhone +name: otherIpPhone +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherIpPhone +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 4d146e4b-48d4-11d1-a9c3-0000f80367c1 +adminDisplayName: Phone-Ip-Other +attributeID: 1.2.840.113556.1.4.722 +attributeSyntax: 2.5.5.12 + +dn: CN=secretary,CN=Schema,CN=Configuration,${BASEDN} +cn: secretary +name: secretary +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: secretary +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 01072d9a-98ad-4a53-9744-e83e287278fb +adminDisplayName: secretary +attributeID: 0.9.2342.19200300.100.1.21 +attributeSyntax: 2.5.5.1 + +dn: CN=userParameters,CN=Schema,CN=Configuration,${BASEDN} +cn: userParameters +name: userParameters +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userParameters +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a6d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: User-Parameters +attributeID: 1.2.840.113556.1.4.138 +attributeSyntax: 2.5.5.12 + +dn: CN=bridgeheadServerListBL,CN=Schema,CN=Configuration,${BASEDN} +cn: bridgeheadServerListBL +name: bridgeheadServerListBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: bridgeheadServerListBL +isSingleValued: FALSE +linkID: 99 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: d50c2cdb-8951-11d1-aebc-0000f80367c1 +adminDisplayName: Bridgehead-Server-List-BL +attributeID: 1.2.840.113556.1.4.820 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-AzApplicationData,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzApplicationData +name: msDS-AzApplicationData +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzApplicationData +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 503fc3e8-1cc6-461a-99a3-9eee04f402a7 +adminDisplayName: MS-DS-Az-Application-Data +attributeID: 1.2.840.113556.1.4.1819 +attributeSyntax: 2.5.5.12 + +dn: CN=pekKeyChangeInterval,CN=Schema,CN=Configuration,${BASEDN} +cn: pekKeyChangeInterval +name: pekKeyChangeInterval +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: pekKeyChangeInterval +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 07383084-91df-11d1-aebc-0000f80367c1 +adminDisplayName: Pek-Key-Change-Interval +attributeID: 1.2.840.113556.1.4.866 +attributeSyntax: 2.5.5.16 + +dn: CN=c,CN=Schema,CN=Configuration,${BASEDN} +cn: c +name: c +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: c +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf967945-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Country-Name +attributeID: 2.5.4.6 +attributeSyntax: 2.5.5.12 + +dn: CN=destinationIndicator,CN=Schema,CN=Configuration,${BASEDN} +cn: destinationIndicator +name: destinationIndicator +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: destinationIndicator +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967951-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Destination-Indicator +attributeID: 2.5.4.27 +attributeSyntax: 2.5.5.5 + +dn: CN=countryCode,CN=Schema,CN=Configuration,${BASEDN} +cn: countryCode +name: countryCode +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: countryCode +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 5fd42471-1262-11d0-a060-00aa006c33ed +adminDisplayName: Country-Code +attributeID: 1.2.840.113556.1.4.25 +attributeSyntax: 2.5.5.9 + +dn: CN=mobile,CN=Schema,CN=Configuration,${BASEDN} +cn: mobile +name: mobile +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mobile +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ffa3-1191-11d0-a060-00aa006c33ed +adminDisplayName: Phone-Mobile-Primary +attributeID: 0.9.2342.19200300.100.1.41 +attributeSyntax: 2.5.5.12 + +dn: CN=rIDSetReferences,CN=Schema,CN=Configuration,${BASEDN} +cn: rIDSetReferences +name: rIDSetReferences +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: rIDSetReferences +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1 +adminDisplayName: RID-Set-References +attributeID: 1.2.840.113556.1.4.669 +attributeSyntax: 2.5.5.1 + +dn: CN=schemaIDGUID,CN=Schema,CN=Configuration,${BASEDN} +cn: schemaIDGUID +name: schemaIDGUID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: schemaIDGUID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967923-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Schema-ID-GUID +attributeID: 1.2.840.113556.1.4.148 +attributeSyntax: 2.5.5.10 + +dn: CN=auxiliaryClass,CN=Schema,CN=Configuration,${BASEDN} +cn: auxiliaryClass +name: auxiliaryClass +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: auxiliaryClass +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96792c-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Auxiliary-Class +attributeID: 1.2.840.113556.1.2.351 +attributeSyntax: 2.5.5.2 + +dn: CN=uid,CN=Schema,CN=Configuration,${BASEDN} +cn: uid +name: uid +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uid +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 0bb0fca0-1e89-429f-901a-1413894d9f59 +adminDisplayName: uid +attributeID: 0.9.2342.19200300.100.1.1 +attributeSyntax: 2.5.5.12 + +dn: CN=departmentNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: departmentNumber +name: departmentNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: departmentNumber +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: be9ef6ee-cbc7-4f22-b27b-96967e7ee585 +adminDisplayName: departmentNumber +attributeID: 2.16.840.1.113730.3.1.2 +attributeSyntax: 2.5.5.12 + +dn: CN=wWWHomePage,CN=Schema,CN=Configuration,${BASEDN} +cn: wWWHomePage +name: wWWHomePage +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: wWWHomePage +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a7a-0de6-11d0-a285-00aa003049e2 +adminDisplayName: WWW-Home-Page +attributeID: 1.2.840.113556.1.2.464 +attributeSyntax: 2.5.5.12 + +dn: CN=uSNSource,CN=Schema,CN=Configuration,${BASEDN} +cn: uSNSource +name: uSNSource +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uSNSource +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 167758ad-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: USN-Source +attributeID: 1.2.840.113556.1.4.896 +attributeSyntax: 2.5.5.16 + +dn: CN=mS-DS-ConsistencyGuid,CN=Schema,CN=Configuration,${BASEDN} +cn: mS-DS-ConsistencyGuid +name: mS-DS-ConsistencyGuid +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mS-DS-ConsistencyGuid +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 23773dc2-b63a-11d2-90e1-00c04fd91ab1 +adminDisplayName: MS-DS-Consistency-Guid +attributeID: 1.2.840.113556.1.4.1360 +attributeSyntax: 2.5.5.10 + +dn: CN=frsComputerReferenceBL,CN=Schema,CN=Configuration,${BASEDN} +cn: frsComputerReferenceBL +name: frsComputerReferenceBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: frsComputerReferenceBL +isSingleValued: FALSE +linkID: 103 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 2a132579-9373-11d1-aebc-0000f80367c1 +adminDisplayName: Frs-Computer-Reference-BL +attributeID: 1.2.840.113556.1.4.870 +attributeSyntax: 2.5.5.1 + +dn: CN=allowedAttributes,CN=Schema,CN=Configuration,${BASEDN} +cn: allowedAttributes +name: allowedAttributes +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: allowedAttributes +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad940-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Allowed-Attributes +attributeID: 1.2.840.113556.1.4.913 +attributeSyntax: 2.5.5.2 + +dn: CN=msDS-AzApplicationName,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzApplicationName +name: msDS-AzApplicationName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzApplicationName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db5b0728-6208-4876-83b7-95d3e5695275 +adminDisplayName: MS-DS-Az-Application-Name +attributeID: 1.2.840.113556.1.4.1798 +attributeSyntax: 2.5.5.12 + +dn: CN=uPNSuffixes,CN=Schema,CN=Configuration,${BASEDN} +cn: uPNSuffixes +name: uPNSuffixes +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uPNSuffixes +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 032160bf-9824-11d1-aec0-0000f80367c1 +adminDisplayName: UPN-Suffixes +attributeID: 1.2.840.113556.1.4.890 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-PerUserTrustQuota,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-PerUserTrustQuota +name: msDS-PerUserTrustQuota +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-PerUserTrustQuota +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: d161adf0-ca24-4993-a3aa-8b2c981302e8 +adminDisplayName: MS-DS-Per-User-Trust-Quota +attributeID: 1.2.840.113556.1.4.1788 +attributeSyntax: 2.5.5.9 + +dn: CN=ms-DS-MachineAccountQuota,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-MachineAccountQuota +name: ms-DS-MachineAccountQuota +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ms-DS-MachineAccountQuota +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: d064fb68-1480-11d3-91c1-0000f87a57d4 +adminDisplayName: MS-DS-Machine-Account-Quota +attributeID: 1.2.840.113556.1.4.1411 +attributeSyntax: 2.5.5.9 + +dn: CN=serverRole,CN=Schema,CN=Configuration,${BASEDN} +cn: serverRole +name: serverRole +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: serverRole +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a33-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Server-Role +attributeID: 1.2.840.113556.1.4.157 +attributeSyntax: 2.5.5.9 + +dn: CN=homePhone,CN=Schema,CN=Configuration,${BASEDN} +cn: homePhone +name: homePhone +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: homePhone +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ffa1-1191-11d0-a060-00aa006c33ed +adminDisplayName: Phone-Home-Primary +attributeID: 0.9.2342.19200300.100.1.20 +attributeSyntax: 2.5.5.12 + +dn: CN=operatingSystemHotfix,CN=Schema,CN=Configuration,${BASEDN} +cn: operatingSystemHotfix +name: operatingSystemHotfix +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: operatingSystemHotfix +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bd951b3c-9c96-11d0-afdd-00c04fd930c9 +adminDisplayName: Operating-System-Hotfix +attributeID: 1.2.840.113556.1.4.415 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AdditionalDnsHostName,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AdditionalDnsHostName +name: msDS-AdditionalDnsHostName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AdditionalDnsHostName +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7 +adminDisplayName: ms-DS-Additional-Dns-Host-Name +attributeID: 1.2.840.113556.1.4.1717 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AzScriptTimeout,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzScriptTimeout +name: msDS-AzScriptTimeout +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzScriptTimeout +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0 +adminDisplayName: MS-DS-Az-Script-Timeout +attributeID: 1.2.840.113556.1.4.1797 +attributeSyntax: 2.5.5.9 + +dn: CN=mustContain,CN=Schema,CN=Configuration,${BASEDN} +cn: mustContain +name: mustContain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mustContain +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679d3-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Must-Contain +attributeID: 1.2.840.113556.1.2.24 +attributeSyntax: 2.5.5.2 + +dn: CN=userCertificate,CN=Schema,CN=Configuration,${BASEDN} +cn: userCertificate +name: userCertificate +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userCertificate +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a7f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: X509-Cert +attributeID: 2.5.4.36 +attributeSyntax: 2.5.5.10 + +dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,${BASEDN} +cn: msNPCallingStationID +name: msNPCallingStationID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msNPCallingStationID +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c908a-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msNPCallingStationID +attributeID: 1.2.840.113556.1.4.1124 +attributeSyntax: 2.5.5.5 + +dn: CN=msDS-User-Account-Control-Computed,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-User-Account-Control-Computed +name: msDS-User-Account-Control-Computed +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-User-Account-Control-Computed +isSingleValued: TRUE +systemFlags: 20 +systemOnly: FALSE +schemaIDGUID: 2cc4b836-b63f-4940-8d23-ea7acf06af56 +adminDisplayName: ms-DS-User-Account-Control-Computed +attributeID: 1.2.840.113556.1.4.1460 +attributeSyntax: 2.5.5.9 + +dn: CN=homeDirectory,CN=Schema,CN=Configuration,${BASEDN} +cn: homeDirectory +name: homeDirectory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: homeDirectory +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967985-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Home-Directory +attributeID: 1.2.840.113556.1.4.44 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AzLDAPQuery,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzLDAPQuery +name: msDS-AzLDAPQuery +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzLDAPQuery +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 5e53368b-fc94-45c8-9d7d-daf31ee7112d +adminDisplayName: MS-DS-Az-LDAP-Query +attributeID: 1.2.840.113556.1.4.1792 +attributeSyntax: 2.5.5.12 + +dn: CN=partialAttributeDeletionList,CN=Schema,CN=Configuration,${BASEDN} +cn: partialAttributeDeletionList +name: partialAttributeDeletionList +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: partialAttributeDeletionList +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: 28630ec0-41d5-11d1-a9c1-0000f80367c1 +adminDisplayName: Partial-Attribute-Deletion-List +attributeID: 1.2.840.113556.1.4.663 +attributeSyntax: 2.5.5.10 + +dn: CN=isCriticalSystemObject,CN=Schema,CN=Configuration,${BASEDN} +cn: isCriticalSystemObject +name: isCriticalSystemObject +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: isCriticalSystemObject +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 00fbf30d-91fe-11d1-aebc-0000f80367c1 +adminDisplayName: Is-Critical-System-Object +attributeID: 1.2.840.113556.1.4.868 +attributeSyntax: 2.5.5.8 + +dn: CN=gPLink,CN=Schema,CN=Configuration,${BASEDN} +cn: gPLink +name: gPLink +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: gPLink +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f30e3bbe-9ff0-11d1-b603-0000f80367c1 +adminDisplayName: GP-Link +attributeID: 1.2.840.113556.1.4.891 +attributeSyntax: 2.5.5.12 + +dn: CN=scopeFlags,CN=Schema,CN=Configuration,${BASEDN} +cn: scopeFlags +name: scopeFlags +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: scopeFlags +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 16f3a4c2-7e79-11d2-9921-0000f87a57d4 +adminDisplayName: Scope-Flags +attributeID: 1.2.840.113556.1.4.1354 +attributeSyntax: 2.5.5.9 + +dn: CN=lockoutDuration,CN=Schema,CN=Configuration,${BASEDN} +cn: lockoutDuration +name: lockoutDuration +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lockoutDuration +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679a5-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Lockout-Duration +attributeID: 1.2.840.113556.1.4.60 +attributeSyntax: 2.5.5.16 + +dn: CN=msCOM-UserPartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} +cn: msCOM-UserPartitionSetLink +name: msCOM-UserPartitionSetLink +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msCOM-UserPartitionSetLink +isSingleValued: TRUE +linkID: 1048 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8e940c8a-e477-4367-b08d-ff2ff942dcd7 +adminDisplayName: ms-COM-UserPartitionSetLink +attributeID: 1.2.840.113556.1.4.1426 +attributeSyntax: 2.5.5.1 + +dn: CN=thumbnailLogo,CN=Schema,CN=Configuration,${BASEDN} +cn: thumbnailLogo +name: thumbnailLogo +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: thumbnailLogo +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679a9-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Logo +attributeID: 2.16.840.1.113730.3.1.36 +attributeSyntax: 2.5.5.10 + +dn: CN=thumbnailPhoto,CN=Schema,CN=Configuration,${BASEDN} +cn: thumbnailPhoto +name: thumbnailPhoto +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: thumbnailPhoto +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8d3bca50-1d7e-11d0-a081-00aa006c33ed +adminDisplayName: Picture +attributeID: 2.16.840.1.113730.3.1.35 +attributeSyntax: 2.5.5.10 + +dn: CN=location,CN=Schema,CN=Configuration,${BASEDN} +cn: location +name: location +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: location +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 09dcb79f-165f-11d0-a064-00aa006c33ed +adminDisplayName: Location +attributeID: 1.2.840.113556.1.4.222 +attributeSyntax: 2.5.5.12 + +dn: CN=userWorkstations,CN=Schema,CN=Configuration,${BASEDN} +cn: userWorkstations +name: userWorkstations +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userWorkstations +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679d7-0de6-11d0-a285-00aa003049e2 +adminDisplayName: User-Workstations +attributeID: 1.2.840.113556.1.4.86 +attributeSyntax: 2.5.5.12 + +dn: CN=logonWorkstation,CN=Schema,CN=Configuration,${BASEDN} +cn: logonWorkstation +name: logonWorkstation +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: logonWorkstation +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679ac-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Logon-Workstation +attributeID: 1.2.840.113556.1.4.65 +attributeSyntax: 2.5.5.10 + +dn: CN=lastLogonTimestamp,CN=Schema,CN=Configuration,${BASEDN} +cn: lastLogonTimestamp +name: lastLogonTimestamp +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lastLogonTimestamp +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: c0e20a04-0e5a-4ff3-9482-5efeaecd7060 +adminDisplayName: Last-Logon-Timestamp +attributeID: 1.2.840.113556.1.4.1696 +attributeSyntax: 2.5.5.16 + +dn: CN=priorValue,CN=Schema,CN=Configuration,${BASEDN} +cn: priorValue +name: priorValue +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: priorValue +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a02-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Prior-Value +attributeID: 1.2.840.113556.1.4.100 +attributeSyntax: 2.5.5.10 + +dn: CN=lastSetTime,CN=Schema,CN=Configuration,${BASEDN} +cn: lastSetTime +name: lastSetTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lastSetTime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967998-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Last-Set-Time +attributeID: 1.2.840.113556.1.4.53 +attributeSyntax: 2.5.5.16 + +dn: CN=objectGUID,CN=Schema,CN=Configuration,${BASEDN} +cn: objectGUID +name: objectGUID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: objectGUID +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf9679e7-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Object-Guid +attributeID: 1.2.840.113556.1.4.2 +attributeSyntax: 2.5.5.10 + +dn: CN=msDS-TasksForAzTaskBL,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-TasksForAzTaskBL +name: msDS-TasksForAzTaskBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-TasksForAzTaskBL +isSingleValued: FALSE +linkID: 2021 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: df446e52-b5fa-4ca2-a42f-13f98a526c8f +adminDisplayName: MS-DS-Tasks-For-Az-Task-BL +attributeID: 1.2.840.113556.1.4.1811 +attributeSyntax: 2.5.5.1 + +dn: CN=managedBy,CN=Schema,CN=Configuration,${BASEDN} +cn: managedBy +name: managedBy +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: managedBy +isSingleValued: TRUE +linkID: 72 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0296c120-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Managed-By +attributeID: 1.2.840.113556.1.4.653 +attributeSyntax: 2.5.5.1 + +dn: CN=pwdProperties,CN=Schema,CN=Configuration,${BASEDN} +cn: pwdProperties +name: pwdProperties +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: pwdProperties +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a0b-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Pwd-Properties +attributeID: 1.2.840.113556.1.4.93 +attributeSyntax: 2.5.5.9 + +dn: CN=builtinCreationTime,CN=Schema,CN=Configuration,${BASEDN} +cn: builtinCreationTime +name: builtinCreationTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: builtinCreationTime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96792f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Builtin-Creation-Time +attributeID: 1.2.840.113556.1.4.13 +attributeSyntax: 2.5.5.16 + +dn: CN=postOfficeBox,CN=Schema,CN=Configuration,${BASEDN} +cn: postOfficeBox +name: postOfficeBox +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: postOfficeBox +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679fb-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Post-Office-Box +attributeID: 2.5.4.18 +attributeSyntax: 2.5.5.12 + +dn: CN=company,CN=Schema,CN=Configuration,${BASEDN} +cn: company +name: company +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: company +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ff88-1191-11d0-a060-00aa006c33ed +adminDisplayName: Company +attributeID: 1.2.840.113556.1.2.146 +attributeSyntax: 2.5.5.12 + +dn: CN=catalogs,CN=Schema,CN=Configuration,${BASEDN} +cn: catalogs +name: catalogs +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: catalogs +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 7bfdcb81-4807-11d1-a9c3-0000f80367c1 +adminDisplayName: Catalogs +attributeID: 1.2.840.113556.1.4.675 +attributeSyntax: 2.5.5.12 + +dn: CN=defaultObjectCategory,CN=Schema,CN=Configuration,${BASEDN} +cn: defaultObjectCategory +name: defaultObjectCategory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: defaultObjectCategory +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 26d97367-6070-11d1-a9c6-0000f80367c1 +adminDisplayName: Default-Object-Category +attributeID: 1.2.840.113556.1.4.783 +attributeSyntax: 2.5.5.1 + +dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,${BASEDN} +cn: msRADIUSFramedRoute +name: msRADIUSFramedRoute +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msRADIUSFramedRoute +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c90a9-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msRADIUSFramedRoute +attributeID: 1.2.840.113556.1.4.1158 +attributeSyntax: 2.5.5.5 + +dn: CN=priorSetTime,CN=Schema,CN=Configuration,${BASEDN} +cn: priorSetTime +name: priorSetTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: priorSetTime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a01-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Prior-Set-Time +attributeID: 1.2.840.113556.1.4.99 +attributeSyntax: 2.5.5.16 + +dn: CN=userCert,CN=Schema,CN=Configuration,${BASEDN} +cn: userCert +name: userCert +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userCert +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a69-0de6-11d0-a285-00aa003049e2 +adminDisplayName: User-Cert +attributeID: 1.2.840.113556.1.4.645 +attributeSyntax: 2.5.5.10 + +dn: CN=nonSecurityMember,CN=Schema,CN=Configuration,${BASEDN} +cn: nonSecurityMember +name: nonSecurityMember +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nonSecurityMember +isSingleValued: FALSE +linkID: 50 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 52458018-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Non-Security-Member +attributeID: 1.2.840.113556.1.4.530 +attributeSyntax: 2.5.5.1 + +dn: CN=member,CN=Schema,CN=Configuration,${BASEDN} +cn: member +name: member +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: member +isSingleValued: FALSE +linkID: 2 +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf9679c0-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Member +attributeID: 2.5.4.31 +attributeSyntax: 2.5.5.1 + +dn: CN=groupAttributes,CN=Schema,CN=Configuration,${BASEDN} +cn: groupAttributes +name: groupAttributes +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: groupAttributes +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96797e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Group-Attributes +attributeID: 1.2.840.113556.1.4.152 +attributeSyntax: 2.5.5.9 + +dn: CN=systemFlags,CN=Schema,CN=Configuration,${BASEDN} +cn: systemFlags +name: systemFlags +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: systemFlags +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: e0fa1e62-9b45-11d0-afdd-00c04fd930c9 +adminDisplayName: System-Flags +attributeID: 1.2.840.113556.1.4.375 +attributeSyntax: 2.5.5.9 + +dn: CN=proxiedObjectName,CN=Schema,CN=Configuration,${BASEDN} +cn: proxiedObjectName +name: proxiedObjectName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: proxiedObjectName +isSingleValued: TRUE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: e1aea402-cd5b-11d0-afff-0000f80367c1 +adminDisplayName: Proxied-Object-Name +attributeID: 1.2.840.113556.1.4.1249 +attributeSyntax: 2.5.5.7 + +dn: CN=msDS-ReplValueMetaData,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-ReplValueMetaData +name: msDS-ReplValueMetaData +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-ReplValueMetaData +isSingleValued: FALSE +systemFlags: 20 +systemOnly: FALSE +schemaIDGUID: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd +adminDisplayName: ms-DS-Repl-Value-Meta-Data +attributeID: 1.2.840.113556.1.4.1708 +attributeSyntax: 2.5.5.12 + +dn: CN=allowedChildClassesEffective,CN=Schema,CN=Configuration,${BASEDN} +cn: allowedChildClassesEffective +name: allowedChildClassesEffective +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: allowedChildClassesEffective +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad943-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Allowed-Child-Classes-Effective +attributeID: 1.2.840.113556.1.4.912 +attributeSyntax: 2.5.5.2 + +dn: CN=msDS-AzGenerateAudits,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzGenerateAudits +name: msDS-AzGenerateAudits +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzGenerateAudits +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f90abab0-186c-4418-bb85-88447c87222a +adminDisplayName: MS-DS-Az-Generate-Audits +attributeID: 1.2.840.113556.1.4.1805 +attributeSyntax: 2.5.5.8 + +dn: CN=msDS-AzApplicationVersion,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzApplicationVersion +name: msDS-AzApplicationVersion +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzApplicationVersion +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 7184a120-3ac4-47ae-848f-fe0ab20784d4 +adminDisplayName: MS-DS-Az-Application-Version +attributeID: 1.2.840.113556.1.4.1817 +attributeSyntax: 2.5.5.12 + +dn: CN=iconPath,CN=Schema,CN=Configuration,${BASEDN} +cn: iconPath +name: iconPath +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: iconPath +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ff83-1191-11d0-a060-00aa006c33ed +adminDisplayName: Icon-Path +attributeID: 1.2.840.113556.1.4.219 +attributeSyntax: 2.5.5.12 + +dn: CN=street,CN=Schema,CN=Configuration,${BASEDN} +cn: street +name: street +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: street +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf967a3a-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Street-Address +attributeID: 2.5.4.9 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-ExecuteScriptPassword,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-ExecuteScriptPassword +name: msDS-ExecuteScriptPassword +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-ExecuteScriptPassword +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 9d054a5a-d187-46c1-9d85-42dfc44a56dd +adminDisplayName: ms-DS-ExecuteScriptPassword +attributeID: 1.2.840.113556.1.4.1783 +attributeSyntax: 2.5.5.10 + +dn: CN=msDS-LogonTimeSyncInterval,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-LogonTimeSyncInterval +name: msDS-LogonTimeSyncInterval +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-LogonTimeSyncInterval +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: ad7940f8-e43a-4a42-83bc-d688e59ea605 +adminDisplayName: ms-DS-Logon-Time-Sync-Interval +attributeID: 1.2.840.113556.1.4.1784 +attributeSyntax: 2.5.5.9 + +dn: CN=garbageCollPeriod,CN=Schema,CN=Configuration,${BASEDN} +cn: garbageCollPeriod +name: garbageCollPeriod +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: garbageCollPeriod +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 5fd424a1-1262-11d0-a060-00aa006c33ed +adminDisplayName: Garbage-Coll-Period +attributeID: 1.2.840.113556.1.2.301 +attributeSyntax: 2.5.5.9 + +dn: CN=mSMQSignCertificatesMig,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQSignCertificatesMig +name: mSMQSignCertificatesMig +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQSignCertificatesMig +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1 +adminDisplayName: MSMQ-Sign-Certificates-Mig +attributeID: 1.2.840.113556.1.4.967 +attributeSyntax: 2.5.5.10 + +dn: CN=msDS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Cached-Membership-Time-Stamp +name: msDS-Cached-Membership-Time-Stamp +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Cached-Membership-Time-Stamp +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1 +adminDisplayName: ms-DS-Cached-Membership-Time-Stamp +attributeID: 1.2.840.113556.1.4.1442 +attributeSyntax: 2.5.5.16 + +dn: CN=logonCount,CN=Schema,CN=Configuration,${BASEDN} +cn: logonCount +name: logonCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: logonCount +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: bf9679aa-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Logon-Count +attributeID: 1.2.840.113556.1.4.169 +attributeSyntax: 2.5.5.9 + +dn: CN=localeID,CN=Schema,CN=Configuration,${BASEDN} +cn: localeID +name: localeID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: localeID +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679a1-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Locale-ID +attributeID: 1.2.840.113556.1.4.58 +attributeSyntax: 2.5.5.9 + +dn: CN=badPwdCount,CN=Schema,CN=Configuration,${BASEDN} +cn: badPwdCount +name: badPwdCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: badPwdCount +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: bf96792e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Bad-Pwd-Count +attributeID: 1.2.840.113556.1.4.12 +attributeSyntax: 2.5.5.9 + +dn: CN=subSchemaSubEntry,CN=Schema,CN=Configuration,${BASEDN} +cn: subSchemaSubEntry +name: subSchemaSubEntry +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: subSchemaSubEntry +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: SubSchemaSubEntry +attributeID: 2.5.18.10 +attributeSyntax: 2.5.5.1 + +dn: CN=structuralObjectClass,CN=Schema,CN=Configuration,${BASEDN} +cn: structuralObjectClass +name: structuralObjectClass +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: structuralObjectClass +isSingleValued: FALSE +systemFlags: 20 +systemOnly: FALSE +schemaIDGUID: 3860949f-f6a8-4b38-9950-81ecb6bc2982 +adminDisplayName: Structural-Object-Class +attributeID: 2.5.21.9 +attributeSyntax: 2.5.5.2 + +dn: CN=isDeleted,CN=Schema,CN=Configuration,${BASEDN} +cn: isDeleted +name: isDeleted +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: isDeleted +isSingleValued: TRUE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: bf96798f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Is-Deleted +attributeID: 1.2.840.113556.1.2.48 +attributeSyntax: 2.5.5.8 + +dn: CN=extraColumns,CN=Schema,CN=Configuration,${BASEDN} +cn: extraColumns +name: extraColumns +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: extraColumns +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: d24e2846-1dd9-4bcf-99d7-a6227cc86da7 +adminDisplayName: Extra-Columns +attributeID: 1.2.840.113556.1.4.1687 +attributeSyntax: 2.5.5.12 + +dn: CN=adminMultiselectPropertyPages,CN=Schema,CN=Configuration,${BASEDN} +cn: adminMultiselectPropertyPages +name: adminMultiselectPropertyPages +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: adminMultiselectPropertyPages +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba +adminDisplayName: Admin-Multiselect-Property-Pages +attributeID: 1.2.840.113556.1.4.1690 +attributeSyntax: 2.5.5.12 + +dn: CN=options,CN=Schema,CN=Configuration,${BASEDN} +cn: options +name: options +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: options +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 19195a53-6da0-11d0-afd3-00c04fd930c9 +adminDisplayName: Options +attributeID: 1.2.840.113556.1.4.307 +attributeSyntax: 2.5.5.9 + +dn: CN=lockOutObservationWindow,CN=Schema,CN=Configuration,${BASEDN} +cn: lockOutObservationWindow +name: lockOutObservationWindow +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lockOutObservationWindow +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679a4-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Lock-Out-Observation-Window +attributeID: 1.2.840.113556.1.4.61 +attributeSyntax: 2.5.5.16 + +dn: CN=defaultLocalPolicyObject,CN=Schema,CN=Configuration,${BASEDN} +cn: defaultLocalPolicyObject +name: defaultLocalPolicyObject +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: defaultLocalPolicyObject +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96799f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Default-Local-Policy-Object +attributeID: 1.2.840.113556.1.4.57 +attributeSyntax: 2.5.5.1 + +dn: CN=creationTime,CN=Schema,CN=Configuration,${BASEDN} +cn: creationTime +name: creationTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: creationTime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967946-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Creation-Time +attributeID: 1.2.840.113556.1.4.26 +attributeSyntax: 2.5.5.16 + +dn: CN=registeredAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: registeredAddress +name: registeredAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: registeredAddress +isSingleValued: FALSE +systemOnly: FALSE +schemaIDGUID: bf967a10-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Registered-Address +attributeID: 2.5.4.26 +attributeSyntax: 2.5.5.10 + +dn: CN=postalAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: postalAddress +name: postalAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: postalAddress +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679fc-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Postal-Address +attributeID: 2.5.4.16 +attributeSyntax: 2.5.5.12 + +dn: CN=initials,CN=Schema,CN=Configuration,${BASEDN} +cn: initials +name: initials +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: initials +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ff90-1191-11d0-a060-00aa006c33ed +adminDisplayName: Initials +attributeID: 2.5.4.43 +attributeSyntax: 2.5.5.12 + +dn: CN=netbootSIFFile,CN=Schema,CN=Configuration,${BASEDN} +cn: netbootSIFFile +name: netbootSIFFile +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: netbootSIFFile +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2df90d84-009f-11d2-aa4c-00c04fd7d83a +adminDisplayName: Netboot-SIF-File +attributeID: 1.2.840.113556.1.4.1240 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AdditionalSamAccountName,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AdditionalSamAccountName +name: msDS-AdditionalSamAccountName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AdditionalSamAccountName +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 975571df-a4d5-429a-9f59-cdc6581d91e6 +adminDisplayName: ms-DS-Additional-Sam-Account-Name +attributeID: 1.2.840.113556.1.4.1718 +attributeSyntax: 2.5.5.12 + +dn: CN=systemPossSuperiors,CN=Schema,CN=Configuration,${BASEDN} +cn: systemPossSuperiors +name: systemPossSuperiors +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: systemPossSuperiors +isSingleValued: FALSE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: bf967a47-0de6-11d0-a285-00aa003049e2 +adminDisplayName: System-Poss-Superiors +attributeID: 1.2.840.113556.1.4.195 +attributeSyntax: 2.5.5.2 + +dn: CN=photo,CN=Schema,CN=Configuration,${BASEDN} +cn: photo +name: photo +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: photo +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 9c979768-ba1a-4c08-9632-c6a5c1ed649a +adminDisplayName: photo +attributeID: 0.9.2342.19200300.100.1.7 +attributeSyntax: 2.5.5.10 + +dn: CN=employeeNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: employeeNumber +name: employeeNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: employeeNumber +isSingleValued: TRUE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: a8df73ef-c5ea-11d1-bbcb-0080c76670c0 +adminDisplayName: Employee-Number +attributeID: 1.2.840.113556.1.2.610 +attributeSyntax: 2.5.5.12 + +dn: CN=lockoutTime,CN=Schema,CN=Configuration,${BASEDN} +cn: lockoutTime +name: lockoutTime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lockoutTime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 28630ebf-41d5-11d1-a9c1-0000f80367c1 +adminDisplayName: Lockout-Time +attributeID: 1.2.840.113556.1.4.662 +attributeSyntax: 2.5.5.16 + +dn: CN=dynamicLDAPServer,CN=Schema,CN=Configuration,${BASEDN} +cn: dynamicLDAPServer +name: dynamicLDAPServer +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dynamicLDAPServer +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 52458021-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Dynamic-LDAP-Server +attributeID: 1.2.840.113556.1.4.537 +attributeSyntax: 2.5.5.1 + +dn: CN=extendedAttributeInfo,CN=Schema,CN=Configuration,${BASEDN} +cn: extendedAttributeInfo +name: extendedAttributeInfo +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: extendedAttributeInfo +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad947-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Extended-Attribute-Info +attributeID: 1.2.840.113556.1.4.909 +attributeSyntax: 2.5.5.12 + +dn: CN=msExchAssistantName,CN=Schema,CN=Configuration,${BASEDN} +cn: msExchAssistantName +name: msExchAssistantName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msExchAssistantName +isSingleValued: TRUE +schemaIDGUID: a8df7394-c5ea-11d1-bbcb-0080c76670c0 +adminDisplayName: ms-Exch-Assistant-Name +attributeID: 1.2.840.113556.1.2.444 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-NonMembersBL,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-NonMembersBL +name: msDS-NonMembersBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-NonMembersBL +isSingleValued: FALSE +linkID: 2015 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74 +adminDisplayName: ms-DS-Non-Members-BL +attributeID: 1.2.840.113556.1.4.1794 +attributeSyntax: 2.5.5.1 + +dn: CN=adminDisplayName,CN=Schema,CN=Configuration,${BASEDN} +cn: adminDisplayName +name: adminDisplayName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: adminDisplayName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96791a-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Admin-Display-Name +attributeID: 1.2.840.113556.1.2.194 +attributeSyntax: 2.5.5.12 + +dn: CN=contextMenu,CN=Schema,CN=Configuration,${BASEDN} +cn: contextMenu +name: contextMenu +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: contextMenu +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 4d8601ee-ac85-11d0-afe3-00c04fd930c9 +adminDisplayName: Context-Menu +attributeID: 1.2.840.113556.1.4.499 +attributeSyntax: 2.5.5.12 + +dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,${BASEDN} +cn: attributeCertificateAttribute +name: attributeCertificateAttribute +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: attributeCertificateAttribute +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e +adminDisplayName: attributeCertificateAttribute +attributeID: 2.5.4.58 +attributeSyntax: 2.5.5.10 + +dn: CN=sn,CN=Schema,CN=Configuration,${BASEDN} +cn: sn +name: sn +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sn +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a41-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Surname +attributeID: 2.5.4.4 +attributeSyntax: 2.5.5.12 + +dn: CN=sAMAccountName,CN=Schema,CN=Configuration,${BASEDN} +cn: sAMAccountName +name: sAMAccountName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sAMAccountName +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 3e0abfd0-126a-11d0-a060-00aa006c33ed +adminDisplayName: SAM-Account-Name +attributeID: 1.2.840.113556.1.4.221 +attributeSyntax: 2.5.5.12 + +dn: CN=governsID,CN=Schema,CN=Configuration,${BASEDN} +cn: governsID +name: governsID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: governsID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf96797d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Governs-ID +attributeID: 1.2.840.113556.1.2.22 +attributeSyntax: 2.5.5.2 + +dn: CN=jpegPhoto,CN=Schema,CN=Configuration,${BASEDN} +cn: jpegPhoto +name: jpegPhoto +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: jpegPhoto +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: bac80572-09c4-4fa9-9ae6-7628d7adbe0e +adminDisplayName: jpegPhoto +attributeID: 0.9.2342.19200300.100.1.60 +attributeSyntax: 2.5.5.10 + +dn: CN=mSMQSignCertificates,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQSignCertificates +name: mSMQSignCertificates +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQSignCertificates +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 9a0dc33b-c100-11d1-bbc5-0080c76670c0 +adminDisplayName: MSMQ-Sign-Certificates +attributeID: 1.2.840.113556.1.4.947 +attributeSyntax: 2.5.5.10 + +dn: CN=textEncodedORAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: textEncodedORAddress +name: textEncodedORAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: textEncodedORAddress +isSingleValued: TRUE +systemOnly: FALSE +schemaIDGUID: a8df7489-c5ea-11d1-bbcb-0080c76670c0 +adminDisplayName: Text-Encoded-OR-Address +attributeID: 0.9.2342.19200300.100.1.2 +attributeSyntax: 2.5.5.12 + +dn: CN=uSNDSALastObjRemoved,CN=Schema,CN=Configuration,${BASEDN} +cn: uSNDSALastObjRemoved +name: uSNDSALastObjRemoved +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uSNDSALastObjRemoved +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a71-0de6-11d0-a285-00aa003049e2 +adminDisplayName: USN-DSA-Last-Obj-Removed +attributeID: 1.2.840.113556.1.2.267 +attributeSyntax: 2.5.5.16 + +dn: CN=msDS-OperationsForAzRoleBL,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-OperationsForAzRoleBL +name: msDS-OperationsForAzRoleBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-OperationsForAzRoleBL +isSingleValued: FALSE +linkID: 2023 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: f85b6228-3734-4525-b6b7-3f3bb220902c +adminDisplayName: MS-DS-Operations-For-Az-Role-BL +attributeID: 1.2.840.113556.1.4.1813 +attributeSyntax: 2.5.5.1 + +dn: CN=mS-DS-ConsistencyChildCount,CN=Schema,CN=Configuration,${BASEDN} +cn: mS-DS-ConsistencyChildCount +name: mS-DS-ConsistencyChildCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mS-DS-ConsistencyChildCount +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1 +adminDisplayName: MS-DS-Consistency-Child-Count +attributeID: 1.2.840.113556.1.4.1361 +attributeSyntax: 2.5.5.9 + +dn: CN=dSASignature,CN=Schema,CN=Configuration,${BASEDN} +cn: dSASignature +name: dSASignature +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dSASignature +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 167757bc-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: DSA-Signature +attributeID: 1.2.840.113556.1.2.74 +attributeSyntax: 2.5.5.10 + +dn: CN=allowedChildClasses,CN=Schema,CN=Configuration,${BASEDN} +cn: allowedChildClasses +name: allowedChildClasses +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: allowedChildClasses +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad942-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Allowed-Child-Classes +attributeID: 1.2.840.113556.1.4.911 +attributeSyntax: 2.5.5.2 + +dn: CN=allowedAttributesEffective,CN=Schema,CN=Configuration,${BASEDN} +cn: allowedAttributesEffective +name: allowedAttributesEffective +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: allowedAttributesEffective +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad941-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Allowed-Attributes-Effective +attributeID: 1.2.840.113556.1.4.914 +attributeSyntax: 2.5.5.2 + +dn: CN=nTMixedDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: nTMixedDomain +name: nTMixedDomain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nTMixedDomain +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e97891f-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: NT-Mixed-Domain +attributeID: 1.2.840.113556.1.4.357 +attributeSyntax: 2.5.5.9 + +dn: CN=msDS-HasInstantiatedNCs,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-HasInstantiatedNCs +name: msDS-HasInstantiatedNCs +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-HasInstantiatedNCs +isSingleValued: FALSE +linkID: 2002 +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 11e9a5bc-4517-4049-af9c-51554fb0fc09 +adminDisplayName: ms-DS-Has-Instantiated-NCs +attributeID: 1.2.840.113556.1.4.1709 +attributeSyntax: 2.5.5.7 + +dn: CN=minPwdLength,CN=Schema,CN=Configuration,${BASEDN} +cn: minPwdLength +name: minPwdLength +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: minPwdLength +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679c3-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Min-Pwd-Length +attributeID: 1.2.840.113556.1.4.79 +attributeSyntax: 2.5.5.9 + +dn: CN=domainPolicyObject,CN=Schema,CN=Configuration,${BASEDN} +cn: domainPolicyObject +name: domainPolicyObject +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: domainPolicyObject +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96795d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Domain-Policy-Object +attributeID: 1.2.840.113556.1.4.32 +attributeSyntax: 2.5.5.1 + +dn: CN=physicalDeliveryOfficeName,CN=Schema,CN=Configuration,${BASEDN} +cn: physicalDeliveryOfficeName +name: physicalDeliveryOfficeName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: physicalDeliveryOfficeName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f7-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Physical-Delivery-Office-Name +attributeID: 2.5.4.19 +attributeSyntax: 2.5.5.12 + +dn: CN=volumeCount,CN=Schema,CN=Configuration,${BASEDN} +cn: volumeCount +name: volumeCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: volumeCount +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 34aaa217-b699-11d0-afee-0000f80367c1 +adminDisplayName: Volume-Count +attributeID: 1.2.840.113556.1.4.507 +attributeSyntax: 2.5.5.9 + +dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,${BASEDN} +cn: msRADIUSServiceType +name: msRADIUSServiceType +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msRADIUSServiceType +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c90b6-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msRADIUSServiceType +attributeID: 1.2.840.113556.1.4.1171 +attributeSyntax: 2.5.5.9 + +dn: CN=lastLogon,CN=Schema,CN=Configuration,${BASEDN} +cn: lastLogon +name: lastLogon +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lastLogon +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: bf967997-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Last-Logon +attributeID: 1.2.840.113556.1.4.52 +attributeSyntax: 2.5.5.16 + +dn: CN=groupsToIgnore,CN=Schema,CN=Configuration,${BASEDN} +cn: groupsToIgnore +name: groupsToIgnore +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: groupsToIgnore +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: eea65904-8ac6-11d0-afda-00c04fd930c9 +adminDisplayName: Groups-to-Ignore +attributeID: 1.2.840.113556.1.4.344 +attributeSyntax: 2.5.5.12 + +dn: CN=schemaInfo,CN=Schema,CN=Configuration,${BASEDN} +cn: schemaInfo +name: schemaInfo +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: schemaInfo +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: f9fb64ae-93b4-11d2-9945-0000f87a57d4 +adminDisplayName: Schema-Info +attributeID: 1.2.840.113556.1.4.1358 +attributeSyntax: 2.5.5.10 + +dn: CN=dc,CN=Schema,CN=Configuration,${BASEDN} +cn: dc +name: dc +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dc +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 19195a55-6da0-11d0-afd3-00c04fd930c9 +adminDisplayName: Domain-Component +attributeID: 0.9.2342.19200300.100.1.25 +attributeSyntax: 2.5.5.12 + +dn: CN=objectCategory,CN=Schema,CN=Configuration,${BASEDN} +cn: objectCategory +name: objectCategory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: objectCategory +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 26d97369-6070-11d1-a9c6-0000f80367c1 +adminDisplayName: Object-Category +attributeID: 1.2.840.113556.1.4.782 +attributeSyntax: 2.5.5.1 + +dn: CN=modifyTimeStamp,CN=Schema,CN=Configuration,${BASEDN} +cn: modifyTimeStamp +name: modifyTimeStamp +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: modifyTimeStamp +isSingleValued: TRUE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Modify-Time-Stamp +attributeID: 2.5.18.2 +attributeSyntax: 2.5.5.11 + +dn: CN=displayName,CN=Schema,CN=Configuration,${BASEDN} +cn: displayName +name: displayName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: displayName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967953-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Display-Name +attributeID: 1.2.840.113556.1.2.13 +attributeSyntax: 2.5.5.12 + +dn: CN=adminDescription,CN=Schema,CN=Configuration,${BASEDN} +cn: adminDescription +name: adminDescription +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: adminDescription +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967919-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Admin-Description +attributeID: 1.2.840.113556.1.2.226 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-DnsRootAlias,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-DnsRootAlias +name: msDS-DnsRootAlias +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-DnsRootAlias +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2143acca-eead-4d29-b591-85fa49ce9173 +adminDisplayName: ms-DS-DnsRootAlias +attributeID: 1.2.840.113556.1.4.1719 +attributeSyntax: 2.5.5.12 + +dn: CN=creationWizard,CN=Schema,CN=Configuration,${BASEDN} +cn: creationWizard +name: creationWizard +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: creationWizard +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 4d8601ed-ac85-11d0-afe3-00c04fd930c9 +adminDisplayName: Creation-Wizard +attributeID: 1.2.840.113556.1.4.498 +attributeSyntax: 2.5.5.12 + +dn: CN=hasPartialReplicaNCs,CN=Schema,CN=Configuration,${BASEDN} +cn: hasPartialReplicaNCs +name: hasPartialReplicaNCs +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: hasPartialReplicaNCs +isSingleValued: FALSE +linkID: 74 +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967981-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Has-Partial-Replica-NCs +attributeID: 1.2.840.113556.1.2.15 +attributeSyntax: 2.5.5.1 + +dn: CN=controlAccessRights,CN=Schema,CN=Configuration,${BASEDN} +cn: controlAccessRights +name: controlAccessRights +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: controlAccessRights +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 6da8a4fc-0e52-11d0-a286-00aa003049e2 +adminDisplayName: Control-Access-Rights +attributeID: 1.2.840.113556.1.4.200 +attributeSyntax: 2.5.5.10 + +dn: CN=uASCompat,CN=Schema,CN=Configuration,${BASEDN} +cn: uASCompat +name: uASCompat +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uASCompat +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a61-0de6-11d0-a285-00aa003049e2 +adminDisplayName: UAS-Compat +attributeID: 1.2.840.113556.1.4.155 +attributeSyntax: 2.5.5.9 + +dn: CN=objectSid,CN=Schema,CN=Configuration,${BASEDN} +cn: objectSid +name: objectSid +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: objectSid +isSingleValued: TRUE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: bf9679e8-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Object-Sid +attributeID: 1.2.840.113556.1.4.146 +attributeSyntax: 2.5.5.17 + +dn: CN=title,CN=Schema,CN=Configuration,${BASEDN} +cn: title +name: title +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: title +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a55-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Title +attributeID: 2.5.4.12 +attributeSyntax: 2.5.5.12 + +dn: CN=otherPager,CN=Schema,CN=Configuration,${BASEDN} +cn: otherPager +name: otherPager +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherPager +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ffa4-1191-11d0-a060-00aa006c33ed +adminDisplayName: Phone-Pager-Other +attributeID: 1.2.840.113556.1.2.118 +attributeSyntax: 2.5.5.12 + +dn: CN=division,CN=Schema,CN=Configuration,${BASEDN} +cn: division +name: division +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: division +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: fe6136a0-2073-11d0-a9c2-00aa006c33ed +adminDisplayName: Division +attributeID: 1.2.840.113556.1.4.261 +attributeSyntax: 2.5.5.12 + +dn: CN=sAMAccountType,CN=Schema,CN=Configuration,${BASEDN} +cn: sAMAccountType +name: sAMAccountType +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sAMAccountType +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 6e7b626c-64f2-11d0-afd2-00c04fd930c9 +adminDisplayName: SAM-Account-Type +attributeID: 1.2.840.113556.1.4.302 +attributeSyntax: 2.5.5.9 + +dn: CN=objectClassCategory,CN=Schema,CN=Configuration,${BASEDN} +cn: objectClassCategory +name: objectClassCategory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: objectClassCategory +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf9679e6-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Object-Class-Category +attributeID: 1.2.840.113556.1.2.370 +attributeSyntax: 2.5.5.9 + +dn: CN=defaultHidingValue,CN=Schema,CN=Configuration,${BASEDN} +cn: defaultHidingValue +name: defaultHidingValue +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: defaultHidingValue +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: b7b13116-b82e-11d0-afee-0000f80367c1 +adminDisplayName: Default-Hiding-Value +attributeID: 1.2.840.113556.1.4.518 +attributeSyntax: 2.5.5.8 + +dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,${BASEDN} +cn: msNPAllowDialin +name: msNPAllowDialin +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msNPAllowDialin +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msNPAllowDialin +attributeID: 1.2.840.113556.1.4.1119 +attributeSyntax: 2.5.5.8 + +dn: CN=codePage,CN=Schema,CN=Configuration,${BASEDN} +cn: codePage +name: codePage +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: codePage +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967938-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Code-Page +attributeID: 1.2.840.113556.1.4.16 +attributeSyntax: 2.5.5.9 + +dn: CN=adminCount,CN=Schema,CN=Configuration,${BASEDN} +cn: adminCount +name: adminCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: adminCount +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967918-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Admin-Count +attributeID: 1.2.840.113556.1.4.150 +attributeSyntax: 2.5.5.9 + +dn: CN=schemaUpdate,CN=Schema,CN=Configuration,${BASEDN} +cn: schemaUpdate +name: schemaUpdate +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: schemaUpdate +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9 +adminDisplayName: Schema-Update +attributeID: 1.2.840.113556.1.4.481 +attributeSyntax: 2.5.5.11 + +dn: CN=Enabled,CN=Schema,CN=Configuration,${BASEDN} +cn: Enabled +name: Enabled +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: Enabled +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: a8df73f2-c5ea-11d1-bbcb-0080c76670c0 +adminDisplayName: Enabled +attributeID: 1.2.840.113556.1.2.557 +attributeSyntax: 2.5.5.8 + +dn: CN=l,CN=Schema,CN=Configuration,${BASEDN} +cn: l +name: l +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: l +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf9679a2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Locality-Name +attributeID: 2.5.4.7 +attributeSyntax: 2.5.5.12 + +dn: CN=eFSPolicy,CN=Schema,CN=Configuration,${BASEDN} +cn: eFSPolicy +name: eFSPolicy +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: eFSPolicy +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9 +adminDisplayName: EFSPolicy +attributeID: 1.2.840.113556.1.4.268 +attributeSyntax: 2.5.5.10 + +dn: CN=builtinModifiedCount,CN=Schema,CN=Configuration,${BASEDN} +cn: builtinModifiedCount +name: builtinModifiedCount +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: builtinModifiedCount +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967930-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Builtin-Modified-Count +attributeID: 1.2.840.113556.1.4.14 +attributeSyntax: 2.5.5.16 + +dn: CN=otherTelephone,CN=Schema,CN=Configuration,${BASEDN} +cn: otherTelephone +name: otherTelephone +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherTelephone +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ffa5-1191-11d0-a060-00aa006c33ed +adminDisplayName: Phone-Office-Other +attributeID: 1.2.840.113556.1.2.18 +attributeSyntax: 2.5.5.12 + +dn: CN=primaryInternationalISDNNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: primaryInternationalISDNNumber +name: primaryInternationalISDNNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: primaryInternationalISDNNumber +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0296c11f-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Phone-ISDN-Primary +attributeID: 1.2.840.113556.1.4.649 +attributeSyntax: 2.5.5.12 + +dn: CN=employeeID,CN=Schema,CN=Configuration,${BASEDN} +cn: employeeID +name: employeeID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: employeeID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967962-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Employee-ID +attributeID: 1.2.840.113556.1.4.35 +attributeSyntax: 2.5.5.12 + +dn: CN=tombstoneLifetime,CN=Schema,CN=Configuration,${BASEDN} +cn: tombstoneLifetime +name: tombstoneLifetime +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: tombstoneLifetime +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 16c3a860-1273-11d0-a060-00aa006c33ed +adminDisplayName: Tombstone-Lifetime +attributeID: 1.2.840.113556.1.2.54 +attributeSyntax: 2.5.5.9 + +dn: CN=operatingSystemServicePack,CN=Schema,CN=Configuration,${BASEDN} +cn: operatingSystemServicePack +name: operatingSystemServicePack +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: operatingSystemServicePack +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e978927-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Operating-System-Service-Pack +attributeID: 1.2.840.113556.1.4.365 +attributeSyntax: 2.5.5.12 + +dn: CN=netbootInitialization,CN=Schema,CN=Configuration,${BASEDN} +cn: netbootInitialization +name: netbootInitialization +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: netbootInitialization +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e978920-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Netboot-Initialization +attributeID: 1.2.840.113556.1.4.358 +attributeSyntax: 2.5.5.12 + +dn: CN=userPrincipalName,CN=Schema,CN=Configuration,${BASEDN} +cn: userPrincipalName +name: userPrincipalName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: userPrincipalName +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 28630ebb-41d5-11d1-a9c1-0000f80367c1 +adminDisplayName: User-Principal-Name +attributeID: 1.2.840.113556.1.4.656 +attributeSyntax: 2.5.5.12 + +dn: CN=servicePrincipalName,CN=Schema,CN=Configuration,${BASEDN} +cn: servicePrincipalName +name: servicePrincipalName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: servicePrincipalName +isSingleValued: FALSE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: f3a64788-5306-11d1-a9c5-0000f80367c1 +adminDisplayName: Service-Principal-Name +attributeID: 1.2.840.113556.1.4.771 +attributeSyntax: 2.5.5.12 + +dn: CN=otherLoginWorkstations,CN=Schema,CN=Configuration,${BASEDN} +cn: otherLoginWorkstations +name: otherLoginWorkstations +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherLoginWorkstations +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f1-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Other-Login-Workstations +attributeID: 1.2.840.113556.1.4.91 +attributeSyntax: 2.5.5.12 + +dn: CN=msIIS-FTPDir,CN=Schema,CN=Configuration,${BASEDN} +cn: msIIS-FTPDir +name: msIIS-FTPDir +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msIIS-FTPDir +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee +adminDisplayName: ms-IIS-FTP-Dir +attributeID: 1.2.840.113556.1.4.1786 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-Site-Affinity,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Site-Affinity +name: msDS-Site-Affinity +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Site-Affinity +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: c17c5602-bcb7-46f0-9656-6370ca884b72 +adminDisplayName: ms-DS-Site-Affinity +attributeID: 1.2.840.113556.1.4.1443 +attributeSyntax: 2.5.5.10 + +dn: CN=maxStorage,CN=Schema,CN=Configuration,${BASEDN} +cn: maxStorage +name: maxStorage +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: maxStorage +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679bd-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Max-Storage +attributeID: 1.2.840.113556.1.4.76 +attributeSyntax: 2.5.5.16 + +dn: CN=nTSecurityDescriptor,CN=Schema,CN=Configuration,${BASEDN} +cn: nTSecurityDescriptor +name: nTSecurityDescriptor +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nTSecurityDescriptor +isSingleValued: TRUE +systemFlags: 26 +systemOnly: FALSE +schemaIDGUID: bf9679e3-0de6-11d0-a285-00aa003049e2 +adminDisplayName: NT-Security-Descriptor +attributeID: 1.2.840.113556.1.2.281 +attributeSyntax: 2.5.5.15 + +dn: CN=siteObjectBL,CN=Schema,CN=Configuration,${BASEDN} +cn: siteObjectBL +name: siteObjectBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: siteObjectBL +isSingleValued: FALSE +linkID: 47 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 3e10944d-c354-11d0-aff8-0000f80367c1 +adminDisplayName: Site-Object-BL +attributeID: 1.2.840.113556.1.4.513 +attributeSyntax: 2.5.5.1 + +dn: CN=queryPolicyBL,CN=Schema,CN=Configuration,${BASEDN} +cn: queryPolicyBL +name: queryPolicyBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: queryPolicyBL +isSingleValued: FALSE +linkID: 69 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: e1aea404-cd5b-11d0-afff-0000f80367c1 +adminDisplayName: Query-Policy-BL +attributeID: 1.2.840.113556.1.4.608 +attributeSyntax: 2.5.5.1 + +dn: CN=partialAttributeSet,CN=Schema,CN=Configuration,${BASEDN} +cn: partialAttributeSet +name: partialAttributeSet +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: partialAttributeSet +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: 19405b9e-3cfa-11d1-a9c0-0000f80367c1 +adminDisplayName: Partial-Attribute-Set +attributeID: 1.2.840.113556.1.4.640 +attributeSyntax: 2.5.5.10 + +dn: CN=distinguishedName,CN=Schema,CN=Configuration,${BASEDN} +cn: distinguishedName +name: distinguishedName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: distinguishedName +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf9679e4-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Obj-Dist-Name +attributeID: 2.5.4.49 +attributeSyntax: 2.5.5.1 + +dn: CN=description,CN=Schema,CN=Configuration,${BASEDN} +cn: description +name: description +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: description +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967950-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Description +attributeID: 2.5.4.13 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AzClassId,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzClassId +name: msDS-AzClassId +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzClassId +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 013a7277-5c2d-49ef-a7de-b765b36a3f6f +adminDisplayName: MS-DS-Az-Class-ID +attributeID: 1.2.840.113556.1.4.1816 +attributeSyntax: 2.5.5.12 + +dn: CN=rIDAvailablePool,CN=Schema,CN=Configuration,${BASEDN} +cn: rIDAvailablePool +name: rIDAvailablePool +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: rIDAvailablePool +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 66171888-8f3c-11d0-afda-00c04fd930c9 +adminDisplayName: RID-Available-Pool +attributeID: 1.2.840.113556.1.4.370 +attributeSyntax: 2.5.5.16 + +dn: CN=shellPropertyPages,CN=Schema,CN=Configuration,${BASEDN} +cn: shellPropertyPages +name: shellPropertyPages +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: shellPropertyPages +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 52458039-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Shell-Property-Pages +attributeID: 1.2.840.113556.1.4.563 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-SPNSuffixes,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-SPNSuffixes +name: msDS-SPNSuffixes +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-SPNSuffixes +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5 +adminDisplayName: ms-DS-SPN-Suffixes +attributeID: 1.2.840.113556.1.4.1715 +attributeSyntax: 2.5.5.12 + +dn: CN=privateKey,CN=Schema,CN=Configuration,${BASEDN} +cn: privateKey +name: privateKey +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: privateKey +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a03-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Private-Key +attributeID: 1.2.840.113556.1.4.101 +attributeSyntax: 2.5.5.10 + +dn: CN=facsimileTelephoneNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: facsimileTelephoneNumber +name: facsimileTelephoneNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: facsimileTelephoneNumber +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967974-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Facsimile-Telephone-Number +attributeID: 2.5.4.23 +attributeSyntax: 2.5.5.12 + +dn: CN=mSMQNt4Stub,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQNt4Stub +name: mSMQNt4Stub +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQNt4Stub +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 6f914be6-d57e-11d1-90a2-00c04fd91ab1 +adminDisplayName: MSMQ-Nt4-Stub +attributeID: 1.2.840.113556.1.4.960 +attributeSyntax: 2.5.5.9 + +dn: CN=schemaFlagsEx,CN=Schema,CN=Configuration,${BASEDN} +cn: schemaFlagsEx +name: schemaFlagsEx +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: schemaFlagsEx +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a2b-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Schema-Flags-Ex +attributeID: 1.2.840.113556.1.4.120 +attributeSyntax: 2.5.5.9 + +dn: CN=msIIS-FTPRoot,CN=Schema,CN=Configuration,${BASEDN} +cn: msIIS-FTPRoot +name: msIIS-FTPRoot +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msIIS-FTPRoot +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2a7827a4-1483-49a5-9d84-52e3812156b4 +adminDisplayName: ms-IIS-FTP-Root +attributeID: 1.2.840.113556.1.4.1785 +attributeSyntax: 2.5.5.12 + +dn: CN=groupPriority,CN=Schema,CN=Configuration,${BASEDN} +cn: groupPriority +name: groupPriority +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: groupPriority +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: eea65905-8ac6-11d0-afda-00c04fd930c9 +adminDisplayName: Group-Priority +attributeID: 1.2.840.113556.1.4.345 +attributeSyntax: 2.5.5.12 + +dn: CN=bridgeheadTransportList,CN=Schema,CN=Configuration,${BASEDN} +cn: bridgeheadTransportList +name: bridgeheadTransportList +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: bridgeheadTransportList +isSingleValued: FALSE +linkID: 98 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: d50c2cda-8951-11d1-aebc-0000f80367c1 +adminDisplayName: Bridgehead-Transport-List +attributeID: 1.2.840.113556.1.4.819 +attributeSyntax: 2.5.5.1 + +dn: CN=extendedClassInfo,CN=Schema,CN=Configuration,${BASEDN} +cn: extendedClassInfo +name: extendedClassInfo +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: extendedClassInfo +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad948-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: Extended-Class-Info +attributeID: 1.2.840.113556.1.4.908 +attributeSyntax: 2.5.5.12 + +dn: CN=wbemPath,CN=Schema,CN=Configuration,${BASEDN} +cn: wbemPath +name: wbemPath +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: wbemPath +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 244b2970-5abd-11d0-afd2-00c04fd930c9 +adminDisplayName: Wbem-Path +attributeID: 1.2.840.113556.1.4.301 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-NCReplOutboundNeighbors,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-NCReplOutboundNeighbors +name: msDS-NCReplOutboundNeighbors +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-NCReplOutboundNeighbors +isSingleValued: FALSE +systemFlags: 20 +systemOnly: FALSE +schemaIDGUID: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f +adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors +attributeID: 1.2.840.113556.1.4.1706 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-OperationsForAzTaskBL,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-OperationsForAzTaskBL +name: msDS-OperationsForAzTaskBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-OperationsForAzTaskBL +isSingleValued: FALSE +linkID: 2019 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: a637d211-5739-4ed1-89b2-88974548bc59 +adminDisplayName: MS-DS-Operations-For-Az-Task-BL +attributeID: 1.2.840.113556.1.4.1809 +attributeSyntax: 2.5.5.1 + +dn: CN=showInAdvancedViewOnly,CN=Schema,CN=Configuration,${BASEDN} +cn: showInAdvancedViewOnly +name: showInAdvancedViewOnly +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: showInAdvancedViewOnly +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967984-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Show-In-Advanced-View-Only +attributeID: 1.2.840.113556.1.2.169 +attributeSyntax: 2.5.5.8 + +dn: CN=msDS-Behavior-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Behavior-Version +name: msDS-Behavior-Version +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Behavior-Version +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: d31a8757-2447-4545-8081-3bb610cacbf2 +adminDisplayName: ms-DS-Behavior-Version +attributeID: 1.2.840.113556.1.4.1459 +attributeSyntax: 2.5.5.9 + +dn: CN=msDS-hasMasterNCs,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-hasMasterNCs +name: msDS-hasMasterNCs +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-hasMasterNCs +isSingleValued: FALSE +linkID: 2036 +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad +adminDisplayName: ms-DS-Has-Master-NCs +attributeID: 1.2.840.113556.1.4.1836 +attributeSyntax: 2.5.5.1 + +dn: CN=pwdHistoryLength,CN=Schema,CN=Configuration,${BASEDN} +cn: pwdHistoryLength +name: pwdHistoryLength +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: pwdHistoryLength +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a09-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Pwd-History-Length +attributeID: 1.2.840.113556.1.4.95 +attributeSyntax: 2.5.5.9 + +dn: CN=pekList,CN=Schema,CN=Configuration,${BASEDN} +cn: pekList +name: pekList +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: pekList +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: 07383083-91df-11d1-aebc-0000f80367c1 +adminDisplayName: Pek-List +attributeID: 1.2.840.113556.1.4.865 +attributeSyntax: 2.5.5.10 + +dn: CN=postalCode,CN=Schema,CN=Configuration,${BASEDN} +cn: postalCode +name: postalCode +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: postalCode +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679fd-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Postal-Code +attributeID: 2.5.4.17 +attributeSyntax: 2.5.5.12 + +dn: CN=netbootMirrorDataFile,CN=Schema,CN=Configuration,${BASEDN} +cn: netbootMirrorDataFile +name: netbootMirrorDataFile +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: netbootMirrorDataFile +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 2df90d85-009f-11d2-aa4c-00c04fd7d83a +adminDisplayName: Netboot-Mirror-Data-File +attributeID: 1.2.840.113556.1.4.1241 +attributeSyntax: 2.5.5.12 + +dn: CN=defaultClassStore,CN=Schema,CN=Configuration,${BASEDN} +cn: defaultClassStore +name: defaultClassStore +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: defaultClassStore +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967948-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Default-Class-Store +attributeID: 1.2.840.113556.1.4.213 +attributeSyntax: 2.5.5.1 + +dn: CN=mSMQSiteID,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQSiteID +name: mSMQSiteID +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQSiteID +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 9a0dc340-c100-11d1-bbc5-0080c76670c0 +adminDisplayName: MSMQ-Site-ID +attributeID: 1.2.840.113556.1.4.953 +attributeSyntax: 2.5.5.10 + +dn: CN=showInAddressBook,CN=Schema,CN=Configuration,${BASEDN} +cn: showInAddressBook +name: showInAddressBook +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: showInAddressBook +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e74f60e-3e73-11d1-a9c0-0000f80367c1 +adminDisplayName: Show-In-Address-Book +attributeID: 1.2.840.113556.1.4.644 +attributeSyntax: 2.5.5.1 + +dn: CN=whenCreated,CN=Schema,CN=Configuration,${BASEDN} +cn: whenCreated +name: whenCreated +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: whenCreated +isSingleValued: TRUE +systemFlags: 18 +systemOnly: TRUE +schemaIDGUID: bf967a78-0de6-11d0-a285-00aa003049e2 +adminDisplayName: When-Created +attributeID: 1.2.840.113556.1.2.2 +attributeSyntax: 2.5.5.11 + +dn: CN=dSCorePropagationData,CN=Schema,CN=Configuration,${BASEDN} +cn: dSCorePropagationData +name: dSCorePropagationData +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dSCorePropagationData +isSingleValued: FALSE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: d167aa4b-8b08-11d2-9939-0000f87a57d4 +adminDisplayName: DS-Core-Propagation-Data +attributeID: 1.2.840.113556.1.4.1357 +attributeSyntax: 2.5.5.11 + +dn: CN=displayNamePrintable,CN=Schema,CN=Configuration,${BASEDN} +cn: displayNamePrintable +name: displayNamePrintable +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: displayNamePrintable +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967954-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Display-Name-Printable +attributeID: 1.2.840.113556.1.2.353 +attributeSyntax: 2.5.5.5 + +dn: CN=st,CN=Schema,CN=Configuration,${BASEDN} +cn: st +name: st +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: st +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf967a39-0de6-11d0-a285-00aa003049e2 +adminDisplayName: State-Or-Province-Name +attributeID: 2.5.4.8 +attributeSyntax: 2.5.5.12 + +dn: CN=serverReference,CN=Schema,CN=Configuration,${BASEDN} +cn: serverReference +name: serverReference +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: serverReference +isSingleValued: TRUE +linkID: 94 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 26d9736d-6070-11d1-a9c6-0000f80367c1 +adminDisplayName: Server-Reference +attributeID: 1.2.840.113556.1.4.515 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-HasDomainNCs,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-HasDomainNCs +name: msDS-HasDomainNCs +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-HasDomainNCs +isSingleValued: FALSE +linkID: 2026 +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 6f17e347-a842-4498-b8b3-15e007da4fed +adminDisplayName: ms-DS-Has-Domain-NCs +attributeID: 1.2.840.113556.1.4.1820 +attributeSyntax: 2.5.5.1 + +dn: CN=invocationId,CN=Schema,CN=Configuration,${BASEDN} +cn: invocationId +name: invocationId +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: invocationId +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf96798e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Invocation-Id +attributeID: 1.2.840.113556.1.2.115 +attributeSyntax: 2.5.5.10 + +dn: CN=replicaSource,CN=Schema,CN=Configuration,${BASEDN} +cn: replicaSource +name: replicaSource +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: replicaSource +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a18-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Replica-Source +attributeID: 1.2.840.113556.1.4.109 +attributeSyntax: 2.5.5.12 + +dn: CN=ipPhone,CN=Schema,CN=Configuration,${BASEDN} +cn: ipPhone +name: ipPhone +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ipPhone +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 4d146e4a-48d4-11d1-a9c3-0000f80367c1 +adminDisplayName: Phone-Ip-Primary +attributeID: 1.2.840.113556.1.4.721 +attributeSyntax: 2.5.5.12 + +dn: CN=otherHomePhone,CN=Schema,CN=Configuration,${BASEDN} +cn: otherHomePhone +name: otherHomePhone +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherHomePhone +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ffa2-1191-11d0-a060-00aa006c33ed +adminDisplayName: Phone-Home-Other +attributeID: 1.2.840.113556.1.2.277 +attributeSyntax: 2.5.5.12 + +dn: CN=o,CN=Schema,CN=Configuration,${BASEDN} +cn: o +name: o +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: o +isSingleValued: FALSE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf9679ef-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Organization-Name +attributeID: 2.5.4.10 +attributeSyntax: 2.5.5.12 + +dn: CN=operatingSystem,CN=Schema,CN=Configuration,${BASEDN} +cn: operatingSystem +name: operatingSystem +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: operatingSystem +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e978925-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Operating-System +attributeID: 1.2.840.113556.1.4.363 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-ObjectReference,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-ObjectReference +name: msDS-ObjectReference +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-ObjectReference +isSingleValued: FALSE +linkID: 2038 +systemOnly: FALSE +schemaIDGUID: 638ec2e8-22e7-409c-85d2-11b21bee72de +adminDisplayName: ms-DS-Object-Reference +attributeID: 1.2.840.113556.1.4.1840 +attributeSyntax: 2.5.5.1 + +dn: CN=mSMQInterval1,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQInterval1 +name: mSMQInterval1 +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQInterval1 +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1 +adminDisplayName: MSMQ-Interval1 +attributeID: 1.2.840.113556.1.4.1308 +attributeSyntax: 2.5.5.9 + +dn: CN=rid,CN=Schema,CN=Configuration,${BASEDN} +cn: rid +name: rid +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: rid +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a22-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Rid +attributeID: 1.2.840.113556.1.4.153 +attributeSyntax: 2.5.5.9 + +dn: CN=profilePath,CN=Schema,CN=Configuration,${BASEDN} +cn: profilePath +name: profilePath +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: profilePath +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a05-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Profile-Path +attributeID: 1.2.840.113556.1.4.139 +attributeSyntax: 2.5.5.12 + +dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: msRADIUSCallbackNumber +name: msRADIUSCallbackNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msRADIUSCallbackNumber +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c909c-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msRADIUSCallbackNumber +attributeID: 1.2.840.113556.1.4.1145 +attributeSyntax: 2.5.5.5 + +dn: CN=aCSPolicyName,CN=Schema,CN=Configuration,${BASEDN} +cn: aCSPolicyName +name: aCSPolicyName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: aCSPolicyName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 1cb3559a-56d0-11d1-a9c6-0000f80367c1 +adminDisplayName: ACS-Policy-Name +attributeID: 1.2.840.113556.1.4.772 +attributeSyntax: 2.5.5.12 + +dn: CN=info,CN=Schema,CN=Configuration,${BASEDN} +cn: info +name: info +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: info +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96793e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Comment +attributeID: 1.2.840.113556.1.2.81 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-ObjectReferenceBL,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-ObjectReferenceBL +name: msDS-ObjectReferenceBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-ObjectReferenceBL +isSingleValued: FALSE +linkID: 2039 +systemFlags: 1 +systemOnly: TRUE +schemaIDGUID: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4 +adminDisplayName: ms-DS-Object-Reference-BL +attributeID: 1.2.840.113556.1.4.1841 +attributeSyntax: 2.5.5.1 + +dn: CN=whenChanged,CN=Schema,CN=Configuration,${BASEDN} +cn: whenChanged +name: whenChanged +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: whenChanged +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a77-0de6-11d0-a285-00aa003049e2 +adminDisplayName: When-Changed +attributeID: 1.2.840.113556.1.2.3 +attributeSyntax: 2.5.5.11 + +dn: CN=uSNLastObjRem,CN=Schema,CN=Configuration,${BASEDN} +cn: uSNLastObjRem +name: uSNLastObjRem +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uSNLastObjRem +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a73-0de6-11d0-a285-00aa003049e2 +adminDisplayName: USN-Last-Obj-Rem +attributeID: 1.2.840.113556.1.2.121 +attributeSyntax: 2.5.5.16 + +dn: CN=repsTo,CN=Schema,CN=Configuration,${BASEDN} +cn: repsTo +name: repsTo +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: repsTo +isSingleValued: FALSE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a1e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Reps-To +attributeID: 1.2.840.113556.1.2.83 +attributeSyntax: 2.5.5.10 + +dn: CN=replUpToDateVector,CN=Schema,CN=Configuration,${BASEDN} +cn: replUpToDateVector +name: replUpToDateVector +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: replUpToDateVector +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a16-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Repl-UpToDate-Vector +attributeID: 1.2.840.113556.1.4.4 +attributeSyntax: 2.5.5.10 + +dn: CN=netbootSCPBL,CN=Schema,CN=Configuration,${BASEDN} +cn: netbootSCPBL +name: netbootSCPBL +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: netbootSCPBL +isSingleValued: FALSE +linkID: 101 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 07383082-91df-11d1-aebc-0000f80367c1 +adminDisplayName: netboot-SCP-BL +attributeID: 1.2.840.113556.1.4.864 +attributeSyntax: 2.5.5.1 + +dn: CN=msDs-masteredBy,CN=Schema,CN=Configuration,${BASEDN} +cn: msDs-masteredBy +name: msDs-masteredBy +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDs-masteredBy +isSingleValued: FALSE +linkID: 2037 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 60234769-4819-4615-a1b2-49d2f119acb5 +adminDisplayName: ms-DS-Mastered-By +attributeID: 1.2.840.113556.1.4.1837 +attributeSyntax: 2.5.5.1 + +dn: CN=msCOM-PartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} +cn: msCOM-PartitionSetLink +name: msCOM-PartitionSetLink +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msCOM-PartitionSetLink +isSingleValued: FALSE +linkID: 1041 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34 +adminDisplayName: ms-COM-PartitionSetLink +attributeID: 1.2.840.113556.1.4.1424 +attributeSyntax: 2.5.5.1 + +dn: CN=cn,CN=Schema,CN=Configuration,${BASEDN} +cn: cn +name: cn +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: cn +isSingleValued: TRUE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: bf96793f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Common-Name +attributeID: 2.5.4.3 +attributeSyntax: 2.5.5.12 + +dn: CN=msDS-AllUsersTrustQuota,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AllUsersTrustQuota +name: msDS-AllUsersTrustQuota +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AllUsersTrustQuota +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: d3aa4a5c-4e03-4810-97aa-2b339e7a434b +adminDisplayName: MS-DS-All-Users-Trust-Quota +attributeID: 1.2.840.113556.1.4.1789 +attributeSyntax: 2.5.5.9 + +dn: CN=defaultGroup,CN=Schema,CN=Configuration,${BASEDN} +cn: defaultGroup +name: defaultGroup +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: defaultGroup +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 720bc4e2-a54a-11d0-afdf-00c04fd930c9 +adminDisplayName: Default-Group +attributeID: 1.2.840.113556.1.4.480 +attributeSyntax: 2.5.5.1 + +dn: CN=comment,CN=Schema,CN=Configuration,${BASEDN} +cn: comment +name: comment +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: comment +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a6a-0de6-11d0-a285-00aa003049e2 +adminDisplayName: User-Comment +attributeID: 1.2.840.113556.1.4.156 +attributeSyntax: 2.5.5.12 + +dn: CN=localPolicyFlags,CN=Schema,CN=Configuration,${BASEDN} +cn: localPolicyFlags +name: localPolicyFlags +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: localPolicyFlags +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf96799e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Local-Policy-Flags +attributeID: 1.2.840.113556.1.4.56 +attributeSyntax: 2.5.5.9 + +dn: CN=mSMQInterval2,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQInterval2 +name: mSMQInterval2 +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQInterval2 +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1 +adminDisplayName: MSMQ-Interval2 +attributeID: 1.2.840.113556.1.4.1309 +attributeSyntax: 2.5.5.9 + +dn: CN=sIDHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sIDHistory +name: sIDHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sIDHistory +isSingleValued: FALSE +systemFlags: 18 +systemOnly: FALSE +schemaIDGUID: 17eb4278-d167-11d0-b002-0000f80367c1 +adminDisplayName: SID-History +attributeID: 1.2.840.113556.1.4.609 +attributeSyntax: 2.5.5.17 + +dn: CN=msDs-Schema-Extensions,CN=Schema,CN=Configuration,${BASEDN} +cn: msDs-Schema-Extensions +name: msDs-Schema-Extensions +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDs-Schema-Extensions +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: b39a61be-ed07-4cab-9a4a-4963ed0141e1 +adminDisplayName: ms-ds-Schema-Extensions +attributeID: 1.2.840.113556.1.4.1440 +attributeSyntax: 2.5.5.10 + +dn: CN=unicodePwd,CN=Schema,CN=Configuration,${BASEDN} +cn: unicodePwd +name: unicodePwd +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: unicodePwd +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679e1-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Unicode-Pwd +attributeID: 1.2.840.113556.1.4.90 +attributeSyntax: 2.5.5.10 + +dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: msRASSavedFramedIPAddress +name: msRASSavedFramedIPAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msRASSavedFramedIPAddress +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: db0c90c6-c1f2-11d1-bbc5-0080c76670c0 +adminDisplayName: msRASSavedFramedIPAddress +attributeID: 1.2.840.113556.1.4.1190 +attributeSyntax: 2.5.5.9 + +dn: CN=msDRM-IdentityCertificate,CN=Schema,CN=Configuration,${BASEDN} +cn: msDRM-IdentityCertificate +name: msDRM-IdentityCertificate +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDRM-IdentityCertificate +isSingleValued: FALSE +systemFlags: 16 +schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 +adminDisplayName: ms-DRM-Identity-Certificate +attributeID: 1.2.840.113556.1.4.1843 +attributeSyntax: 2.5.5.10 + +dn: CN=lastLogoff,CN=Schema,CN=Configuration,${BASEDN} +cn: lastLogoff +name: lastLogoff +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lastLogoff +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: bf967996-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Last-Logoff +attributeID: 1.2.840.113556.1.4.51 +attributeSyntax: 2.5.5.16 + +dn: CN=dmdName,CN=Schema,CN=Configuration,${BASEDN} +cn: dmdName +name: dmdName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dmdName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 167757b9-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: DMD-Name +attributeID: 1.2.840.113556.1.2.598 +attributeSyntax: 2.5.5.12 + +dn: CN=msExchLabeledURI,CN=Schema,CN=Configuration,${BASEDN} +cn: msExchLabeledURI +name: msExchLabeledURI +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msExchLabeledURI +isSingleValued: FALSE +schemaIDGUID: 16775820-47f3-11d1-a9c3-0000f80367c1 +adminDisplayName: ms-Exch-LabeledURI +attributeID: 1.2.840.113556.1.2.593 +attributeSyntax: 2.5.5.12 + +dn: CN=directReports,CN=Schema,CN=Configuration,${BASEDN} +cn: directReports +name: directReports +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: directReports +isSingleValued: FALSE +linkID: 43 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: bf967a1c-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Reports +attributeID: 1.2.840.113556.1.2.436 +attributeSyntax: 2.5.5.1 + +dn: CN=replPropertyMetaData,CN=Schema,CN=Configuration,${BASEDN} +cn: replPropertyMetaData +name: replPropertyMetaData +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: replPropertyMetaData +isSingleValued: TRUE +systemFlags: 27 +systemOnly: TRUE +schemaIDGUID: 281416c0-1968-11d0-a28f-00aa003049e2 +adminDisplayName: Repl-Property-Meta-Data +attributeID: 1.2.840.113556.1.4.3 +attributeSyntax: 2.5.5.10 + +dn: CN=fromEntry,CN=Schema,CN=Configuration,${BASEDN} +cn: fromEntry +name: fromEntry +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: fromEntry +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad949-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: From-Entry +attributeID: 1.2.840.113556.1.4.910 +attributeSyntax: 2.5.5.8 + +dn: CN=trustParent,CN=Schema,CN=Configuration,${BASEDN} +cn: trustParent +name: trustParent +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustParent +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: b000ea7a-a086-11d0-afdd-00c04fd930c9 +adminDisplayName: Trust-Parent +attributeID: 1.2.840.113556.1.4.471 +attributeSyntax: 2.5.5.1 + +dn: CN=rIDManagerReference,CN=Schema,CN=Configuration,${BASEDN} +cn: rIDManagerReference +name: rIDManagerReference +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: rIDManagerReference +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 66171886-8f3c-11d0-afda-00c04fd930c9 +adminDisplayName: RID-Manager-Reference +attributeID: 1.2.840.113556.1.4.368 +attributeSyntax: 2.5.5.1 + +dn: CN=lockoutThreshold,CN=Schema,CN=Configuration,${BASEDN} +cn: lockoutThreshold +name: lockoutThreshold +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lockoutThreshold +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679a6-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Lockout-Threshold +attributeID: 1.2.840.113556.1.4.73 +attributeSyntax: 2.5.5.9 + +dn: CN=desktopProfile,CN=Schema,CN=Configuration,${BASEDN} +cn: desktopProfile +name: desktopProfile +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: desktopProfile +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: eea65906-8ac6-11d0-afda-00c04fd930c9 +adminDisplayName: Desktop-Profile +attributeID: 1.2.840.113556.1.4.346 +attributeSyntax: 2.5.5.12 + +dn: CN=co,CN=Schema,CN=Configuration,${BASEDN} +cn: co +name: co +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: co +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: f0f8ffa7-1191-11d0-a060-00aa006c33ed +adminDisplayName: Text-Country +attributeID: 1.2.840.113556.1.2.131 +attributeSyntax: 2.5.5.12 + +dn: CN=teletexTerminalIdentifier,CN=Schema,CN=Configuration,${BASEDN} +cn: teletexTerminalIdentifier +name: teletexTerminalIdentifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: teletexTerminalIdentifier +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a4a-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Teletex-Terminal-Identifier +attributeID: 2.5.4.22 +attributeSyntax: 2.5.5.10 + +dn: CN=primaryTelexNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: primaryTelexNumber +name: primaryTelexNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: primaryTelexNumber +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0296c121-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Telex-Primary +attributeID: 1.2.840.113556.1.4.648 +attributeSyntax: 2.5.5.12 + +dn: CN=manager,CN=Schema,CN=Configuration,${BASEDN} +cn: manager +name: manager +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: manager +isSingleValued: TRUE +linkID: 42 +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679b5-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Manager +attributeID: 0.9.2342.19200300.100.1.10 +attributeSyntax: 2.5.5.1 + +dn: CN=physicalLocationObject,CN=Schema,CN=Configuration,${BASEDN} +cn: physicalLocationObject +name: physicalLocationObject +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: physicalLocationObject +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: b7b13119-b82e-11d0-afee-0000f80367c1 +adminDisplayName: Physical-Location-Object +attributeID: 1.2.840.113556.1.4.514 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-AzMajorVersion,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzMajorVersion +name: msDS-AzMajorVersion +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AzMajorVersion +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: cfb9adb7-c4b7-4059-9568-1ed9db6b7248 +adminDisplayName: MS-DS-Az-Major-Version +attributeID: 1.2.840.113556.1.4.1824 +attributeSyntax: 2.5.5.9 + +dn: CN=subClassOf,CN=Schema,CN=Configuration,${BASEDN} +cn: subClassOf +name: subClassOf +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: subClassOf +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a3b-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Sub-Class-Of +attributeID: 1.2.840.113556.1.2.21 +attributeSyntax: 2.5.5.2 + +dn: CN=systemMustContain,CN=Schema,CN=Configuration,${BASEDN} +cn: systemMustContain +name: systemMustContain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: systemMustContain +isSingleValued: FALSE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf967a45-0de6-11d0-a285-00aa003049e2 +adminDisplayName: System-Must-Contain +attributeID: 1.2.840.113556.1.4.197 +attributeSyntax: 2.5.5.2 + +dn: CN=roomNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: roomNumber +name: roomNumber +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: roomNumber +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: 81d7f8c2-e327-4a0d-91c6-b42d4009115f +adminDisplayName: roomNumber +attributeID: 0.9.2342.19200300.100.1.6 +attributeSyntax: 2.5.5.12 + +dn: CN=employeeType,CN=Schema,CN=Configuration,${BASEDN} +cn: employeeType +name: employeeType +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: employeeType +isSingleValued: TRUE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: a8df73f0-c5ea-11d1-bbcb-0080c76670c0 +adminDisplayName: Employee-Type +attributeID: 1.2.840.113556.1.2.613 +attributeSyntax: 2.5.5.12 + +dn: CN=currentValue,CN=Schema,CN=Configuration,${BASEDN} +cn: currentValue +name: currentValue +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: currentValue +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967947-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Current-Value +attributeID: 1.2.840.113556.1.4.27 +attributeSyntax: 2.5.5.10 + +dn: CN=dITContentRules,CN=Schema,CN=Configuration,${BASEDN} +cn: dITContentRules +name: dITContentRules +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dITContentRules +isSingleValued: FALSE +systemFlags: 134217748 +systemOnly: TRUE +schemaIDGUID: 9a7ad946-ca53-11d1-bbd0-0080c76670c0 +adminDisplayName: DIT-Content-Rules +attributeID: 2.5.21.2 +attributeSyntax: 2.5.5.12 + +dn: CN=uSNCreated,CN=Schema,CN=Configuration,${BASEDN} +cn: uSNCreated +name: uSNCreated +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uSNCreated +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a70-0de6-11d0-a285-00aa003049e2 +adminDisplayName: USN-Created +attributeID: 1.2.840.113556.1.2.19 +attributeSyntax: 2.5.5.16 + +dn: CN=subRefs,CN=Schema,CN=Configuration,${BASEDN} +cn: subRefs +name: subRefs +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: subRefs +isSingleValued: FALSE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a3c-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Sub-Refs +attributeID: 1.2.840.113556.1.2.7 +attributeSyntax: 2.5.5.1 + +dn: CN=proxyAddresses,CN=Schema,CN=Configuration,${BASEDN} +cn: proxyAddresses +name: proxyAddresses +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: proxyAddresses +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a06-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Proxy-Addresses +attributeID: 1.2.840.113556.1.2.210 +attributeSyntax: 2.5.5.12 + +dn: CN=superiorDNSRoot,CN=Schema,CN=Configuration,${BASEDN} +cn: superiorDNSRoot +name: superiorDNSRoot +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: superiorDNSRoot +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 5245801d-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Superior-DNS-Root +attributeID: 1.2.840.113556.1.4.532 +attributeSyntax: 2.5.5.12 + +dn: CN=rootTrust,CN=Schema,CN=Configuration,${BASEDN} +cn: rootTrust +name: rootTrust +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: rootTrust +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 7bfdcb80-4807-11d1-a9c3-0000f80367c1 +adminDisplayName: Root-Trust +attributeID: 1.2.840.113556.1.4.674 +attributeSyntax: 2.5.5.1 + +dn: CN=shellContextMenu,CN=Schema,CN=Configuration,${BASEDN} +cn: shellContextMenu +name: shellContextMenu +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: shellContextMenu +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 553fd039-f32e-11d0-b0bc-00c04fd8dca6 +adminDisplayName: Shell-Context-Menu +attributeID: 1.2.840.113556.1.4.615 +attributeSyntax: 2.5.5.12 + +dn: CN=classDisplayName,CN=Schema,CN=Configuration,${BASEDN} +cn: classDisplayName +name: classDisplayName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: classDisplayName +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 548e1c22-dea6-11d0-b010-0000f80367c1 +adminDisplayName: Class-Display-Name +attributeID: 1.2.840.113556.1.4.610 +attributeSyntax: 2.5.5.12 + +dn: CN=cACertificate,CN=Schema,CN=Configuration,${BASEDN} +cn: cACertificate +name: cACertificate +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: cACertificate +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967932-0de6-11d0-a285-00aa003049e2 +adminDisplayName: CA-Certificate +attributeID: 2.5.4.37 +attributeSyntax: 2.5.5.10 + +dn: CN=mhsORAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: mhsORAddress +name: mhsORAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mhsORAddress +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 0296c122-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: MHS-OR-Address +attributeID: 1.2.840.113556.1.4.650 +attributeSyntax: 2.5.5.12 + +dn: CN=ntPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: ntPwdHistory +name: ntPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ntPwdHistory +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679e2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Nt-Pwd-History +attributeID: 1.2.840.113556.1.4.94 +attributeSyntax: 2.5.5.10 + +dn: CN=mailAddress,CN=Schema,CN=Configuration,${BASEDN} +cn: mailAddress +name: mailAddress +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mailAddress +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 26d9736f-6070-11d1-a9c6-0000f80367c1 +adminDisplayName: SMTP-Mail-Address +attributeID: 1.2.840.113556.1.4.786 +attributeSyntax: 2.5.5.12 + +dn: CN=uSNChanged,CN=Schema,CN=Configuration,${BASEDN} +cn: uSNChanged +name: uSNChanged +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: uSNChanged +isSingleValued: TRUE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a6f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: USN-Changed +attributeID: 1.2.840.113556.1.2.120 +attributeSyntax: 2.5.5.16 + +dn: CN=repsFrom,CN=Schema,CN=Configuration,${BASEDN} +cn: repsFrom +name: repsFrom +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: repsFrom +isSingleValued: FALSE +systemFlags: 19 +systemOnly: TRUE +schemaIDGUID: bf967a1d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Reps-From +attributeID: 1.2.840.113556.1.2.91 +attributeSyntax: 2.5.5.10 + +dn: CN=otherWellKnownObjects,CN=Schema,CN=Configuration,${BASEDN} +cn: otherWellKnownObjects +name: otherWellKnownObjects +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: otherWellKnownObjects +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1 +adminDisplayName: Other-Well-Known-Objects +attributeID: 1.2.840.113556.1.4.1359 +attributeSyntax: 2.5.5.7 + +dn: CN=msDS-NCReplCursors,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-NCReplCursors +name: msDS-NCReplCursors +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-NCReplCursors +isSingleValued: FALSE +systemFlags: 20 +systemOnly: FALSE +schemaIDGUID: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc +adminDisplayName: ms-DS-NC-Repl-Cursors +attributeID: 1.2.840.113556.1.4.1704 +attributeSyntax: 2.5.5.12 + +dn: CN=managedObjects,CN=Schema,CN=Configuration,${BASEDN} +cn: managedObjects +name: managedObjects +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: managedObjects +isSingleValued: FALSE +linkID: 73 +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0296c124-40da-11d1-a9c0-0000f80367c1 +adminDisplayName: Managed-Objects +attributeID: 1.2.840.113556.1.4.654 +attributeSyntax: 2.5.5.1 + +dn: CN=msDS-AllowedDNSSuffixes,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AllowedDNSSuffixes +name: msDS-AllowedDNSSuffixes +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-AllowedDNSSuffixes +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 8469441b-9ac4-4e45-8205-bd219dbf672d +adminDisplayName: ms-DS-Allowed-DNS-Suffixes +attributeID: 1.2.840.113556.1.4.1710 +attributeSyntax: 2.5.5.12 + +dn: CN=nCName,CN=Schema,CN=Configuration,${BASEDN} +cn: nCName +name: nCName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nCName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: bf9679d6-0de6-11d0-a285-00aa003049e2 +adminDisplayName: NC-Name +attributeID: 1.2.840.113556.1.2.16 +attributeSyntax: 2.5.5.1 + +dn: CN=nETBIOSName,CN=Schema,CN=Configuration,${BASEDN} +cn: nETBIOSName +name: nETBIOSName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: nETBIOSName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679d8-0de6-11d0-a285-00aa003049e2 +adminDisplayName: NETBIOS-Name +attributeID: 1.2.840.113556.1.4.87 +attributeSyntax: 2.5.5.12 + +dn: CN=queryFilter,CN=Schema,CN=Configuration,${BASEDN} +cn: queryFilter +name: queryFilter +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: queryFilter +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: cbf70a26-7e78-11d2-9921-0000f87a57d4 +adminDisplayName: Query-Filter +attributeID: 1.2.840.113556.1.4.1355 +attributeSyntax: 2.5.5.12 + +dn: CN=preferredDeliveryMethod,CN=Schema,CN=Configuration,${BASEDN} +cn: preferredDeliveryMethod +name: preferredDeliveryMethod +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: preferredDeliveryMethod +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679fe-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Preferred-Delivery-Method +attributeID: 2.5.4.28 +attributeSyntax: 2.5.5.9 + +dn: CN=mSMQSiteForeign,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQSiteForeign +name: mSMQSiteForeign +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQSiteForeign +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: fd129d8a-d57e-11d1-90a2-00c04fd91ab1 +adminDisplayName: MSMQ-Site-Foreign +attributeID: 1.2.840.113556.1.4.961 +attributeSyntax: 2.5.5.8 + +dn: CN=audio,CN=Schema,CN=Configuration,${BASEDN} +cn: audio +name: audio +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: audio +isSingleValued: FALSE +systemFlags: 0 +systemOnly: FALSE +schemaIDGUID: d0e1d224-e1a0-42ce-a2da-793ba5244f35 +adminDisplayName: audio +attributeID: 0.9.2342.19200300.100.1.55 +attributeSyntax: 2.5.5.10 + +dn: CN=scriptPath,CN=Schema,CN=Configuration,${BASEDN} +cn: scriptPath +name: scriptPath +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: scriptPath +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679a8-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Script-Path +attributeID: 1.2.840.113556.1.4.62 +attributeSyntax: 2.5.5.12 + +dn: CN=mSMQDigests,CN=Schema,CN=Configuration,${BASEDN} +cn: mSMQDigests +name: mSMQDigests +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: mSMQDigests +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 9a0dc33c-c100-11d1-bbc5-0080c76670c0 +adminDisplayName: MSMQ-Digests +attributeID: 1.2.840.113556.1.4.948 +attributeSyntax: 2.5.5.10 + +dn: CN=msDS-Cached-Membership,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-Cached-Membership +name: msDS-Cached-Membership +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-Cached-Membership +isSingleValued: TRUE +systemFlags: 17 +systemOnly: FALSE +schemaIDGUID: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20 +adminDisplayName: ms-DS-Cached-Membership +attributeID: 1.2.840.113556.1.4.1441 +attributeSyntax: 2.5.5.10 + +dn: CN=logonHours,CN=Schema,CN=Configuration,${BASEDN} +cn: logonHours +name: logonHours +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: logonHours +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679ab-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Logon-Hours +attributeID: 1.2.840.113556.1.4.64 +attributeSyntax: 2.5.5.10 + +dn: CN=top,CN=Schema,CN=Configuration,${BASEDN} +cn: top +name: top +objectClass: top +objectClass: classSchema +systemPossSuperiors: lostAndFound +lDAPDisplayName: top +governsID: 2.5.6.0 +rDNAttID: cn +systemMustContain: objectClass +systemMustContain: objectCategory +systemMustContain: nTSecurityDescriptor +systemMustContain: instanceType +mayContain: msDS-ObjectReferenceBL +systemMayContain: url +systemMayContain: wWWHomePage +systemMayContain: whenCreated +systemMayContain: whenChanged +systemMayContain: wellKnownObjects +systemMayContain: wbemPath +systemMayContain: uSNSource +systemMayContain: uSNLastObjRem +systemMayContain: USNIntersite +systemMayContain: uSNDSALastObjRemoved +systemMayContain: uSNCreated +systemMayContain: uSNChanged +systemMayContain: systemFlags +systemMayContain: subSchemaSubEntry +systemMayContain: subRefs +systemMayContain: structuralObjectClass +systemMayContain: siteObjectBL +systemMayContain: serverReferenceBL +systemMayContain: sDRightsEffective +systemMayContain: revision +systemMayContain: repsTo +systemMayContain: repsFrom +systemMayContain: directReports +systemMayContain: replUpToDateVector +systemMayContain: replPropertyMetaData +systemMayContain: name +systemMayContain: queryPolicyBL +systemMayContain: proxyAddresses +systemMayContain: proxiedObjectName +systemMayContain: possibleInferiors +systemMayContain: partialAttributeSet +systemMayContain: partialAttributeDeletionList +systemMayContain: otherWellKnownObjects +systemMayContain: objectVersion +systemMayContain: objectGUID +systemMayContain: distinguishedName +systemMayContain: nonSecurityMemberBL +systemMayContain: netbootSCPBL +systemMayContain: ownerBL +systemMayContain: msDS-ReplValueMetaData +systemMayContain: msDS-ReplAttributeMetaData +systemMayContain: msDS-NonMembersBL +systemMayContain: msDS-NCReplOutboundNeighbors +systemMayContain: msDS-NCReplInboundNeighbors +systemMayContain: msDS-NCReplCursors +systemMayContain: msDS-TasksForAzRoleBL +systemMayContain: msDS-TasksForAzTaskBL +systemMayContain: msDS-OperationsForAzRoleBL +systemMayContain: msDS-OperationsForAzTaskBL +systemMayContain: msDS-MembersForAzRoleBL +systemMayContain: msDs-masteredBy +systemMayContain: mS-DS-ConsistencyGuid +systemMayContain: mS-DS-ConsistencyChildCount +systemMayContain: msDS-Approx-Immed-Subordinates +systemMayContain: msCOM-PartitionSetLink +systemMayContain: msCOM-UserLink +systemMayContain: modifyTimeStamp +systemMayContain: masteredBy +systemMayContain: managedObjects +systemMayContain: lastKnownParent +systemMayContain: isPrivilegeHolder +systemMayContain: memberOf +systemMayContain: isDeleted +systemMayContain: isCriticalSystemObject +systemMayContain: showInAdvancedViewOnly +systemMayContain: fSMORoleOwner +systemMayContain: fRSMemberReferenceBL +systemMayContain: frsComputerReferenceBL +systemMayContain: fromEntry +systemMayContain: flags +systemMayContain: extensionName +systemMayContain: dSASignature +systemMayContain: dSCorePropagationData +systemMayContain: displayNamePrintable +systemMayContain: displayName +systemMayContain: description +systemMayContain: createTimeStamp +systemMayContain: cn +systemMayContain: canonicalName +systemMayContain: bridgeheadServerListBL +systemMayContain: allowedChildClassesEffective +systemMayContain: allowedChildClasses +systemMayContain: allowedAttributesEffective +systemMayContain: allowedAttributes +systemMayContain: adminDisplayName +systemMayContain: adminDescription +objectClassCategory: 2 +subClassOf: top +defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967ab7-0de6-11d0-a285-00aa003049e2 + +dn: CN=domainDNS,CN=Schema,CN=Configuration,${BASEDN} +cn: domainDNS +name: domainDNS +objectClass: top +objectClass: classSchema +systemAuxiliaryClass: samDomain +systemPossSuperiors: domainDNS +lDAPDisplayName: domainDNS +governsID: 1.2.840.113556.1.5.67 +rDNAttID: dc +systemMayContain: msDS-Behavior-Version +systemMayContain: msDS-AllowedDNSSuffixes +systemMayContain: managedBy +objectClassCategory: 1 +subClassOf: domain +defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: samServer +possibleInferiors: group +possibleInferiors: msPKI-Key-Recovery-Agent +possibleInferiors: lostAndFound +possibleInferiors: rpcContainer +possibleInferiors: builtinDomain +possibleInferiors: msMQ-Custom-Recipient +possibleInferiors: msCOM-Partition +possibleInferiors: friendlyCountry +possibleInferiors: msCOM-PartitionSet +possibleInferiors: computer +possibleInferiors: user +possibleInferiors: container +possibleInferiors: rFC822LocalPart +possibleInferiors: groupPolicyContainer +possibleInferiors: organization +possibleInferiors: inetOrgPerson +possibleInferiors: domainDNS +possibleInferiors: printQueue +possibleInferiors: volume +possibleInferiors: dfsConfiguration +possibleInferiors: locality +possibleInferiors: intellimirrorGroup +possibleInferiors: physicalLocation +possibleInferiors: msDS-AzAdminManager +possibleInferiors: msExchConfigurationContainer +possibleInferiors: msDS-QuotaContainer +possibleInferiors: groupOfUniqueNames +possibleInferiors: country +possibleInferiors: organizationalUnit +possibleInferiors: remoteMailRecipient +possibleInferiors: classStore +possibleInferiors: domainPolicy +possibleInferiors: contact +possibleInferiors: mSMQMigratedUser +schemaIDGUID: 19195a5b-6da0-11d0-afd3-00c04fd930c9 + +dn: CN=msDS-AzApplication,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzApplication +name: msDS-AzApplication +objectClass: top +objectClass: classSchema +systemPossSuperiors: msDS-AzAdminManager +lDAPDisplayName: msDS-AzApplication +governsID: 1.2.840.113556.1.5.235 +rDNAttID: cn +systemMayContain: msDS-AzApplicationData +systemMayContain: msDS-AzGenerateAudits +systemMayContain: msDS-AzApplicationVersion +systemMayContain: msDS-AzClassId +systemMayContain: msDS-AzApplicationName +systemMayContain: description +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: group +possibleInferiors: rpcContainer +possibleInferiors: container +possibleInferiors: msDS-AzScope +possibleInferiors: groupPolicyContainer +possibleInferiors: msDS-AzTask +possibleInferiors: msDS-AzRole +possibleInferiors: msExchConfigurationContainer +possibleInferiors: msDS-AzOperation +schemaIDGUID: ddf8de9b-cba5-4e12-842e-28d8b66f75ec + +dn: CN=builtinDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: builtinDomain +name: builtinDomain +objectClass: top +objectClass: classSchema +systemAuxiliaryClass: samDomainBase +systemPossSuperiors: domainDNS +lDAPDisplayName: builtinDomain +governsID: 1.2.840.113556.1.5.4 +rDNAttID: cn +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: group +possibleInferiors: msPKI-Key-Recovery-Agent +possibleInferiors: computer +possibleInferiors: user +possibleInferiors: inetOrgPerson +possibleInferiors: mSMQMigratedUser +schemaIDGUID: bf967a81-0de6-11d0-a285-00aa003049e2 + +dn: CN=infrastructureUpdate,CN=Schema,CN=Configuration,${BASEDN} +cn: infrastructureUpdate +name: infrastructureUpdate +objectClass: top +objectClass: classSchema +systemPossSuperiors: infrastructureUpdate +systemPossSuperiors: domain +lDAPDisplayName: infrastructureUpdate +governsID: 1.2.840.113556.1.5.175 +rDNAttID: cn +systemMayContain: dNReferenceUpdate +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: TRUE +defaultSecurityDescriptor: D:(A;;GA;;;SY) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: 2df90d89-009f-11d2-aa4c-00c04fd7d83a + +dn: CN=configuration,CN=Schema,CN=Configuration,${BASEDN} +cn: configuration +name: configuration +objectClass: top +objectClass: classSchema +systemPossSuperiors: domainDNS +lDAPDisplayName: configuration +governsID: 1.2.840.113556.1.5.12 +rDNAttID: cn +systemMustContain: cn +systemMayContain: gPOptions +systemMayContain: gPLink +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: lostAndFound +possibleInferiors: rpcContainer +possibleInferiors: sitesContainer +possibleInferiors: addressBookContainer +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: physicalLocation +possibleInferiors: msExchConfigurationContainer +possibleInferiors: msDS-QuotaContainer +schemaIDGUID: bf967a87-0de6-11d0-a285-00aa003049e2 + +dn: CN=crossRef,CN=Schema,CN=Configuration,${BASEDN} +cn: crossRef +name: crossRef +objectClass: top +objectClass: classSchema +systemPossSuperiors: crossRefContainer +lDAPDisplayName: crossRef +governsID: 1.2.840.113556.1.3.11 +rDNAttID: cn +systemMustContain: nCName +systemMustContain: dnsRoot +systemMustContain: cn +systemMayContain: trustParent +systemMayContain: superiorDNSRoot +systemMayContain: rootTrust +systemMayContain: nTMixedDomain +systemMayContain: nETBIOSName +systemMayContain: Enabled +systemMayContain: msDS-SDReferenceDomain +systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay +systemMayContain: msDS-Replication-Notify-First-DSA-Delay +systemMayContain: msDS-NC-Replica-Locations +systemMayContain: msDS-DnsRootAlias +systemMayContain: msDS-Behavior-Version +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967a8d-0de6-11d0-a285-00aa003049e2 + +dn: CN=rIDManager,CN=Schema,CN=Configuration,${BASEDN} +cn: rIDManager +name: rIDManager +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +lDAPDisplayName: rIDManager +governsID: 1.2.840.113556.1.5.83 +rDNAttID: cn +systemMustContain: rIDAvailablePool +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: 6617188d-8f3c-11d0-afda-00c04fd930c9 + +dn: CN=displaySpecifier,CN=Schema,CN=Configuration,${BASEDN} +cn: displaySpecifier +name: displaySpecifier +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +lDAPDisplayName: displaySpecifier +governsID: 1.2.840.113556.1.5.84 +rDNAttID: cn +systemMayContain: treatAsLeaf +systemMayContain: shellPropertyPages +systemMayContain: shellContextMenu +systemMayContain: scopeFlags +systemMayContain: queryFilter +systemMayContain: iconPath +systemMayContain: extraColumns +systemMayContain: creationWizard +systemMayContain: createWizardExt +systemMayContain: createDialog +systemMayContain: contextMenu +systemMayContain: classDisplayName +systemMayContain: attributeDisplayNames +systemMayContain: adminPropertyPages +systemMayContain: adminMultiselectPropertyPages +systemMayContain: adminContextMenu +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: e0fa1e8a-9b45-11d0-afdd-00c04fd930c9 + +dn: CN=msDS-AzScope,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzScope +name: msDS-AzScope +objectClass: top +objectClass: classSchema +systemPossSuperiors: msDS-AzApplication +lDAPDisplayName: msDS-AzScope +governsID: 1.2.840.113556.1.5.237 +rDNAttID: cn +systemMustContain: msDS-AzScopeName +systemMayContain: msDS-AzApplicationData +systemMayContain: description +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: group +possibleInferiors: rpcContainer +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: msDS-AzTask +possibleInferiors: msDS-AzRole +possibleInferiors: msExchConfigurationContainer +schemaIDGUID: 4feae054-ce55-47bb-860e-5b12063a51de + +dn: CN=locality,CN=Schema,CN=Configuration,${BASEDN} +cn: locality +name: locality +objectClass: top +objectClass: classSchema +systemPossSuperiors: domainDNS +systemPossSuperiors: country +systemPossSuperiors: organizationalUnit +systemPossSuperiors: organization +systemPossSuperiors: locality +lDAPDisplayName: locality +governsID: 2.5.6.3 +rDNAttID: l +systemMustContain: l +systemMayContain: street +systemMayContain: st +systemMayContain: seeAlso +systemMayContain: searchGuide +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: residentialPerson +possibleInferiors: organization +possibleInferiors: groupOfNames +possibleInferiors: locality +possibleInferiors: physicalLocation +schemaIDGUID: bf967aa0-0de6-11d0-a285-00aa003049e2 + +dn: CN=crossRefContainer,CN=Schema,CN=Configuration,${BASEDN} +cn: crossRefContainer +name: crossRefContainer +objectClass: top +objectClass: classSchema +systemPossSuperiors: configuration +lDAPDisplayName: crossRefContainer +governsID: 1.2.840.113556.1.5.7000.53 +rDNAttID: cn +systemMayContain: msDS-SPNSuffixes +systemMayContain: uPNSuffixes +systemMayContain: msDS-UpdateScript +systemMayContain: msDS-ExecuteScriptPassword +systemMayContain: msDS-Behavior-Version +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: TRUE +defaultSecurityDescriptor: D:(A;;GA;;;SY) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: crossRef +schemaIDGUID: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 + +dn: CN=subnetContainer,CN=Schema,CN=Configuration,${BASEDN} +cn: subnetContainer +name: subnetContainer +objectClass: top +objectClass: classSchema +systemPossSuperiors: sitesContainer +lDAPDisplayName: subnetContainer +governsID: 1.2.840.113556.1.5.95 +rDNAttID: cn +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: subnet +schemaIDGUID: b7b13125-b82e-11d0-afee-0000f80367c1 + +dn: CN=nTDSDSA,CN=Schema,CN=Configuration,${BASEDN} +cn: nTDSDSA +name: nTDSDSA +objectClass: top +objectClass: classSchema +systemPossSuperiors: organization +systemPossSuperiors: server +lDAPDisplayName: nTDSDSA +governsID: 1.2.840.113556.1.5.7000.47 +rDNAttID: cn +systemMayContain: serverReference +systemMayContain: msDS-RetiredReplNCSignatures +systemMayContain: retiredReplDSASignatures +systemMayContain: queryPolicyObject +systemMayContain: options +systemMayContain: networkAddress +systemMayContain: msDS-ReplicationEpoch +systemMayContain: msDS-HasInstantiatedNCs +systemMayContain: msDS-hasMasterNCs +systemMayContain: msDS-HasDomainNCs +systemMayContain: msDS-Behavior-Version +systemMayContain: managedBy +systemMayContain: lastBackupRestorationTime +systemMayContain: invocationId +systemMayContain: hasPartialReplicaNCs +systemMayContain: hasMasterNCs +systemMayContain: fRSRootPath +systemMayContain: dMDLocation +objectClassCategory: 1 +subClassOf: applicationSettings +defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: nTDSConnection +schemaIDGUID: f0f8ffab-1191-11d0-a060-00aa006c33ed + +dn: CN=samDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: samDomain +name: samDomain +objectClass: top +objectClass: classSchema +systemAuxiliaryClass: samDomainBase +lDAPDisplayName: samDomain +governsID: 1.2.840.113556.1.5.3 +rDNAttID: cn +systemMayContain: treeName +systemMayContain: rIDManagerReference +systemMayContain: replicaSource +systemMayContain: pwdProperties +systemMayContain: pwdHistoryLength +systemMayContain: privateKey +systemMayContain: pekList +systemMayContain: pekKeyChangeInterval +systemMayContain: nTMixedDomain +systemMayContain: nextRid +systemMayContain: nETBIOSName +systemMayContain: msDS-PerUserTrustTombstonesQuota +systemMayContain: msDS-PerUserTrustQuota +systemMayContain: ms-DS-MachineAccountQuota +systemMayContain: msDS-LogonTimeSyncInterval +systemMayContain: msDS-AllUsersTrustQuota +systemMayContain: modifiedCountAtLastProm +systemMayContain: minPwdLength +systemMayContain: minPwdAge +systemMayContain: maxPwdAge +systemMayContain: lSAModifiedCount +systemMayContain: lSACreationTime +systemMayContain: lockoutThreshold +systemMayContain: lockoutDuration +systemMayContain: lockOutObservationWindow +systemMayContain: gPOptions +systemMayContain: gPLink +systemMayContain: eFSPolicy +systemMayContain: domainPolicyObject +systemMayContain: desktopProfile +systemMayContain: description +systemMayContain: defaultLocalPolicyObject +systemMayContain: creationTime +systemMayContain: controlAccessRights +systemMayContain: cACertificate +systemMayContain: builtinModifiedCount +systemMayContain: builtinCreationTime +systemMayContain: auditingPolicy +objectClassCategory: 3 +subClassOf: top +defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967a90-0de6-11d0-a285-00aa003049e2 + +dn: CN=samDomainBase,CN=Schema,CN=Configuration,${BASEDN} +cn: samDomainBase +name: samDomainBase +objectClass: top +objectClass: classSchema +lDAPDisplayName: samDomainBase +governsID: 1.2.840.113556.1.5.2 +rDNAttID: cn +systemMayContain: uASCompat +systemMayContain: serverState +systemMayContain: serverRole +systemMayContain: revision +systemMayContain: pwdProperties +systemMayContain: pwdHistoryLength +systemMayContain: oEMInformation +systemMayContain: objectSid +systemMayContain: nTSecurityDescriptor +systemMayContain: nextRid +systemMayContain: modifiedCountAtLastProm +systemMayContain: modifiedCount +systemMayContain: minPwdLength +systemMayContain: minPwdAge +systemMayContain: maxPwdAge +systemMayContain: lockoutThreshold +systemMayContain: lockoutDuration +systemMayContain: lockOutObservationWindow +systemMayContain: forceLogoff +systemMayContain: domainReplica +systemMayContain: creationTime +objectClassCategory: 3 +subClassOf: top +defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967a91-0de6-11d0-a285-00aa003049e2 + +dn: CN=country,CN=Schema,CN=Configuration,${BASEDN} +cn: country +name: country +objectClass: top +objectClass: classSchema +systemPossSuperiors: domainDNS +systemPossSuperiors: organization +lDAPDisplayName: country +governsID: 2.5.6.2 +rDNAttID: c +systemMustContain: c +systemMayContain: co +systemMayContain: searchGuide +objectClassCategory: 0 +subClassOf: top +defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: organization +possibleInferiors: locality +possibleInferiors: physicalLocation +possibleInferiors: organizationalUnit +schemaIDGUID: bf967a8c-0de6-11d0-a285-00aa003049e2 + +dn: CN=organizationalUnit,CN=Schema,CN=Configuration,${BASEDN} +cn: organizationalUnit +name: organizationalUnit +objectClass: top +objectClass: classSchema +systemPossSuperiors: country +systemPossSuperiors: organization +systemPossSuperiors: organizationalUnit +systemPossSuperiors: domainDNS +lDAPDisplayName: organizationalUnit +governsID: 2.5.6.5 +rDNAttID: ou +systemMustContain: ou +systemMayContain: x121Address +systemMayContain: userPassword +systemMayContain: uPNSuffixes +systemMayContain: co +systemMayContain: telexNumber +systemMayContain: teletexTerminalIdentifier +systemMayContain: telephoneNumber +systemMayContain: street +systemMayContain: st +systemMayContain: seeAlso +systemMayContain: searchGuide +systemMayContain: registeredAddress +systemMayContain: preferredDeliveryMethod +systemMayContain: postalCode +systemMayContain: postalAddress +systemMayContain: postOfficeBox +systemMayContain: physicalDeliveryOfficeName +systemMayContain: msCOM-UserPartitionSetLink +systemMayContain: managedBy +systemMayContain: thumbnailLogo +systemMayContain: l +systemMayContain: internationalISDNNumber +systemMayContain: gPOptions +systemMayContain: gPLink +systemMayContain: facsimileTelephoneNumber +systemMayContain: destinationIndicator +systemMayContain: desktopProfile +systemMayContain: defaultGroup +systemMayContain: countryCode +systemMayContain: c +systemMayContain: businessCategory +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: applicationEntity +possibleInferiors: group +possibleInferiors: applicationVersion +possibleInferiors: msPKI-Key-Recovery-Agent +possibleInferiors: rpcContainer +possibleInferiors: msieee80211-Policy +possibleInferiors: msMQ-Custom-Recipient +possibleInferiors: documentSeries +possibleInferiors: msCOM-Partition +possibleInferiors: device +possibleInferiors: msCOM-PartitionSet +possibleInferiors: serviceAdministrationPoint +possibleInferiors: computer +possibleInferiors: rRASAdministrationConnectionPoint +possibleInferiors: organizationalRole +possibleInferiors: residentialPerson +possibleInferiors: mS-SQL-OLAPServer +possibleInferiors: user +possibleInferiors: document +possibleInferiors: container +possibleInferiors: rFC822LocalPart +possibleInferiors: groupPolicyContainer +possibleInferiors: remoteStorageServicePoint +possibleInferiors: msDS-AppData +possibleInferiors: inetOrgPerson +possibleInferiors: groupOfNames +possibleInferiors: person +possibleInferiors: intellimirrorSCP +possibleInferiors: printQueue +possibleInferiors: msTAPI-RtPerson +possibleInferiors: volume +possibleInferiors: ipsecNFA +possibleInferiors: locality +possibleInferiors: msDS-App-Configuration +possibleInferiors: serviceConnectionPoint +possibleInferiors: intellimirrorGroup +possibleInferiors: physicalLocation +possibleInferiors: ipsecNegotiationPolicy +possibleInferiors: msDS-AzAdminManager +possibleInferiors: mS-SQL-SQLServer +possibleInferiors: indexServerCatalog +possibleInferiors: msExchConfigurationContainer +possibleInferiors: groupOfUniqueNames +possibleInferiors: nTFRSSettings +possibleInferiors: organizationalUnit +possibleInferiors: msTAPI-RtConference +possibleInferiors: room +possibleInferiors: msMQ-Group +possibleInferiors: remoteMailRecipient +possibleInferiors: classStore +possibleInferiors: ipsecPolicy +possibleInferiors: dSA +possibleInferiors: ipsecFilter +possibleInferiors: organizationalPerson +possibleInferiors: account +possibleInferiors: domainPolicy +possibleInferiors: contact +possibleInferiors: mSMQMigratedUser +possibleInferiors: ipsecISAKMPPolicy +schemaIDGUID: bf967aa5-0de6-11d0-a285-00aa003049e2 + +dn: CN=organizationalPerson,CN=Schema,CN=Configuration,${BASEDN} +cn: organizationalPerson +name: organizationalPerson +objectClass: top +objectClass: classSchema +systemPossSuperiors: organizationalUnit +systemPossSuperiors: organization +systemPossSuperiors: container +lDAPDisplayName: organizationalPerson +governsID: 2.5.6.7 +rDNAttID: cn +mayContain: houseIdentifier +mayContain: msExchHouseIdentifier +mayContain: homePostalAddress +systemMayContain: x121Address +systemMayContain: comment +systemMayContain: title +systemMayContain: co +systemMayContain: primaryTelexNumber +systemMayContain: telexNumber +systemMayContain: teletexTerminalIdentifier +systemMayContain: street +systemMayContain: st +systemMayContain: registeredAddress +systemMayContain: preferredDeliveryMethod +systemMayContain: postalCode +systemMayContain: postalAddress +systemMayContain: postOfficeBox +systemMayContain: thumbnailPhoto +systemMayContain: physicalDeliveryOfficeName +systemMayContain: pager +systemMayContain: otherPager +systemMayContain: otherTelephone +systemMayContain: mobile +systemMayContain: otherMobile +systemMayContain: primaryInternationalISDNNumber +systemMayContain: ipPhone +systemMayContain: otherIpPhone +systemMayContain: otherHomePhone +systemMayContain: homePhone +systemMayContain: otherFacsimileTelephoneNumber +systemMayContain: personalTitle +systemMayContain: middleName +systemMayContain: otherMailbox +systemMayContain: ou +systemMayContain: o +systemMayContain: mhsORAddress +systemMayContain: msDS-AllowedToDelegateTo +systemMayContain: manager +systemMayContain: thumbnailLogo +systemMayContain: l +systemMayContain: internationalISDNNumber +systemMayContain: initials +systemMayContain: givenName +systemMayContain: generationQualifier +systemMayContain: facsimileTelephoneNumber +systemMayContain: employeeID +systemMayContain: mail +systemMayContain: division +systemMayContain: destinationIndicator +systemMayContain: department +systemMayContain: c +systemMayContain: countryCode +systemMayContain: company +systemMayContain: assistant +systemMayContain: streetAddress +objectClassCategory: 0 +subClassOf: person +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967aa4-0de6-11d0-a285-00aa003049e2 + +dn: CN=nTDSService,CN=Schema,CN=Configuration,${BASEDN} +cn: nTDSService +name: nTDSService +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +lDAPDisplayName: nTDSService +governsID: 1.2.840.113556.1.5.72 +rDNAttID: cn +systemMayContain: tombstoneLifetime +systemMayContain: sPNMappings +systemMayContain: replTopologyStayOfExecution +systemMayContain: msDS-Other-Settings +systemMayContain: garbageCollPeriod +systemMayContain: dSHeuristics +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: rpcContainer +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: msExchConfigurationContainer +schemaIDGUID: 19195a5f-6da0-11d0-afd3-00c04fd930c9 + +dn: CN=serversContainer,CN=Schema,CN=Configuration,${BASEDN} +cn: serversContainer +name: serversContainer +objectClass: top +objectClass: classSchema +systemPossSuperiors: site +lDAPDisplayName: serversContainer +governsID: 1.2.840.113556.1.5.7000.48 +rDNAttID: cn +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: server +schemaIDGUID: f780acc0-56f0-11d1-a9c6-0000f80367c1 + +dn: CN=computer,CN=Schema,CN=Configuration,${BASEDN} +cn: computer +name: computer +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +systemPossSuperiors: organizationalUnit +systemPossSuperiors: domainDNS +lDAPDisplayName: computer +governsID: 1.2.840.113556.1.3.30 +rDNAttID: cn +systemMayContain: volumeCount +systemMayContain: siteGUID +systemMayContain: rIDSetReferences +systemMayContain: policyReplicationFlags +systemMayContain: physicalLocationObject +systemMayContain: operatingSystemVersion +systemMayContain: operatingSystemServicePack +systemMayContain: operatingSystemHotfix +systemMayContain: operatingSystem +systemMayContain: networkAddress +systemMayContain: netbootSIFFile +systemMayContain: netbootMirrorDataFile +systemMayContain: netbootMachineFilePath +systemMayContain: netbootInitialization +systemMayContain: netbootGUID +systemMayContain: msDS-AdditionalSamAccountName +systemMayContain: msDS-AdditionalDnsHostName +systemMayContain: managedBy +systemMayContain: machineRole +systemMayContain: location +systemMayContain: localPolicyFlags +systemMayContain: dNSHostName +systemMayContain: defaultLocalPolicyObject +systemMayContain: cn +systemMayContain: catalogs +objectClassCategory: 1 +subClassOf: user +defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: serviceInstance +possibleInferiors: applicationVersion +possibleInferiors: rpcProfile +possibleInferiors: rpcProfileElement +possibleInferiors: msieee80211-Policy +possibleInferiors: serviceAdministrationPoint +possibleInferiors: rRASAdministrationConnectionPoint +possibleInferiors: mS-SQL-OLAPServer +possibleInferiors: comConnectionPoint +possibleInferiors: remoteStorageServicePoint +possibleInferiors: nTFRSSubscriptions +possibleInferiors: msDS-AppData +possibleInferiors: rpcServer +possibleInferiors: intellimirrorSCP +possibleInferiors: printQueue +possibleInferiors: volume +possibleInferiors: ipsecNFA +possibleInferiors: rpcGroup +possibleInferiors: msDS-App-Configuration +possibleInferiors: serviceConnectionPoint +possibleInferiors: rpcServerElement +possibleInferiors: mSMQConfiguration +possibleInferiors: ipsecNegotiationPolicy +possibleInferiors: mS-SQL-SQLServer +possibleInferiors: indexServerCatalog +possibleInferiors: classStore +possibleInferiors: ipsecPolicy +possibleInferiors: dSA +possibleInferiors: ipsecFilter +possibleInferiors: storage +possibleInferiors: ipsecISAKMPPolicy +schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2 + +dn: CN=person,CN=Schema,CN=Configuration,${BASEDN} +cn: person +name: person +objectClass: top +objectClass: classSchema +systemPossSuperiors: organizationalUnit +systemPossSuperiors: container +lDAPDisplayName: person +governsID: 2.5.6.6 +rDNAttID: cn +systemMustContain: cn +mayContain: attributeCertificateAttribute +systemMayContain: userPassword +systemMayContain: telephoneNumber +systemMayContain: sn +systemMayContain: serialNumber +systemMayContain: seeAlso +objectClassCategory: 0 +subClassOf: top +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967aa7-0de6-11d0-a285-00aa003049e2 + +dn: CN=container,CN=Schema,CN=Configuration,${BASEDN} +cn: container +name: container +objectClass: top +objectClass: classSchema +systemPossSuperiors: msDS-AzScope +systemPossSuperiors: msDS-AzApplication +systemPossSuperiors: msDS-AzAdminManager +systemPossSuperiors: subnet +systemPossSuperiors: server +systemPossSuperiors: nTDSService +systemPossSuperiors: domainDNS +systemPossSuperiors: organization +systemPossSuperiors: configuration +systemPossSuperiors: container +systemPossSuperiors: organizationalUnit +lDAPDisplayName: container +governsID: 1.2.840.113556.1.3.23 +rDNAttID: cn +systemMustContain: cn +mayContain: msDS-ObjectReference +systemMayContain: schemaVersion +systemMayContain: defaultClassStore +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: applicationEntity +possibleInferiors: pKIEnrollmentService +possibleInferiors: mSMQEnterpriseSettings +possibleInferiors: serviceInstance +possibleInferiors: samServer +possibleInferiors: group +possibleInferiors: applicationVersion +possibleInferiors: msPKI-Key-Recovery-Agent +possibleInferiors: rpcProfile +possibleInferiors: meeting +possibleInferiors: trustedDomain +possibleInferiors: linkTrackObjectMoveTable +possibleInferiors: rpcProfileElement +possibleInferiors: rpcContainer +possibleInferiors: dSUISettings +possibleInferiors: msieee80211-Policy +possibleInferiors: msMQ-Custom-Recipient +possibleInferiors: msWMI-PolicyTemplate +possibleInferiors: documentSeries +possibleInferiors: msCOM-Partition +possibleInferiors: device +possibleInferiors: msWMI-PolicyType +possibleInferiors: msCOM-PartitionSet +possibleInferiors: serviceClass +possibleInferiors: serviceAdministrationPoint +possibleInferiors: computer +possibleInferiors: fileLinkTracking +possibleInferiors: rRASAdministrationConnectionPoint +possibleInferiors: organizationalRole +possibleInferiors: certificationAuthority +possibleInferiors: residentialPerson +possibleInferiors: msWMI-ObjectEncoding +possibleInferiors: mS-SQL-OLAPServer +possibleInferiors: foreignSecurityPrincipal +possibleInferiors: user +possibleInferiors: document +possibleInferiors: container +possibleInferiors: comConnectionPoint +possibleInferiors: rFC822LocalPart +possibleInferiors: dHCPClass +possibleInferiors: groupPolicyContainer +possibleInferiors: remoteStorageServicePoint +possibleInferiors: msDS-AppData +possibleInferiors: inetOrgPerson +possibleInferiors: rpcServer +possibleInferiors: groupOfNames +possibleInferiors: person +possibleInferiors: intellimirrorSCP +possibleInferiors: msWMI-WMIGPO +possibleInferiors: aCSResourceLimits +possibleInferiors: printQueue +possibleInferiors: volume +possibleInferiors: ipsecNFA +possibleInferiors: queryPolicy +possibleInferiors: msDS-AzTask +possibleInferiors: msPKI-Enterprise-Oid +possibleInferiors: msDS-AzRole +possibleInferiors: dfsConfiguration +possibleInferiors: aCSPolicy +possibleInferiors: rpcGroup +possibleInferiors: msDS-App-Configuration +possibleInferiors: serviceConnectionPoint +possibleInferiors: rpcServerElement +possibleInferiors: intellimirrorGroup +possibleInferiors: msPKI-PrivateKeyRecoveryAgent +possibleInferiors: msWMI-MergeablePolicyTemplate +possibleInferiors: ipsecNegotiationPolicy +possibleInferiors: msDS-AzAdminManager +possibleInferiors: mS-SQL-SQLServer +possibleInferiors: controlAccessRight +possibleInferiors: displaySpecifier +possibleInferiors: nTDSService +possibleInferiors: indexServerCatalog +possibleInferiors: displayTemplate +possibleInferiors: msExchConfigurationContainer +possibleInferiors: groupOfUniqueNames +possibleInferiors: addressTemplate +possibleInferiors: msWMI-Rule +possibleInferiors: nTFRSSettings +possibleInferiors: msWMI-SimplePolicyTemplate +possibleInferiors: pKICertificateTemplate +possibleInferiors: rRASAdministrationDictionary +possibleInferiors: linkTrackVolumeTable +possibleInferiors: msWMI-Som +possibleInferiors: secret +possibleInferiors: room +possibleInferiors: aCSSubnet +possibleInferiors: classStore +possibleInferiors: ipsecPolicy +possibleInferiors: dSA +possibleInferiors: msDS-AzOperation +possibleInferiors: ipsecFilter +possibleInferiors: organizationalPerson +possibleInferiors: account +possibleInferiors: storage +possibleInferiors: domainPolicy +possibleInferiors: cRLDistributionPoint +possibleInferiors: dnsZone +possibleInferiors: contact +possibleInferiors: ipsecISAKMPPolicy +schemaIDGUID: bf967a8b-0de6-11d0-a285-00aa003049e2 + +dn: CN=site,CN=Schema,CN=Configuration,${BASEDN} +cn: site +name: site +objectClass: top +objectClass: classSchema +systemPossSuperiors: sitesContainer +lDAPDisplayName: site +governsID: 1.2.840.113556.1.5.31 +rDNAttID: cn +systemMayContain: notificationList +systemMayContain: mSMQSiteID +systemMayContain: mSMQSiteForeign +systemMayContain: mSMQNt4Stub +systemMayContain: mSMQInterval2 +systemMayContain: mSMQInterval1 +systemMayContain: managedBy +systemMayContain: location +systemMayContain: gPOptions +systemMayContain: gPLink +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: nTDSSiteSettings +possibleInferiors: serversContainer +possibleInferiors: licensingSiteSettings +schemaIDGUID: bf967ab3-0de6-11d0-a285-00aa003049e2 + +dn: CN=organization,CN=Schema,CN=Configuration,${BASEDN} +cn: organization +name: organization +objectClass: top +objectClass: classSchema +systemPossSuperiors: locality +systemPossSuperiors: country +systemPossSuperiors: domainDNS +lDAPDisplayName: organization +governsID: 2.5.6.4 +rDNAttID: o +systemMustContain: o +systemMayContain: x121Address +systemMayContain: userPassword +systemMayContain: telexNumber +systemMayContain: teletexTerminalIdentifier +systemMayContain: telephoneNumber +systemMayContain: street +systemMayContain: st +systemMayContain: seeAlso +systemMayContain: searchGuide +systemMayContain: registeredAddress +systemMayContain: preferredDeliveryMethod +systemMayContain: postalCode +systemMayContain: postalAddress +systemMayContain: postOfficeBox +systemMayContain: physicalDeliveryOfficeName +systemMayContain: l +systemMayContain: internationalISDNNumber +systemMayContain: facsimileTelephoneNumber +systemMayContain: destinationIndicator +systemMayContain: businessCategory +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: msPKI-Key-Recovery-Agent +possibleInferiors: rpcContainer +possibleInferiors: device +possibleInferiors: friendlyCountry +possibleInferiors: computer +possibleInferiors: organizationalRole +possibleInferiors: user +possibleInferiors: container +possibleInferiors: rFC822LocalPart +possibleInferiors: groupPolicyContainer +possibleInferiors: inetOrgPerson +possibleInferiors: domainDNS +possibleInferiors: groupOfNames +possibleInferiors: msTAPI-RtPerson +possibleInferiors: locality +possibleInferiors: physicalLocation +possibleInferiors: msExchConfigurationContainer +possibleInferiors: country +possibleInferiors: nTFRSSettings +possibleInferiors: organizationalUnit +possibleInferiors: organizationalPerson +possibleInferiors: contact +schemaIDGUID: bf967aa3-0de6-11d0-a285-00aa003049e2 + +dn: CN=msDS-AzAdminManager,CN=Schema,CN=Configuration,${BASEDN} +cn: msDS-AzAdminManager +name: msDS-AzAdminManager +objectClass: top +objectClass: classSchema +systemPossSuperiors: domainDNS +systemPossSuperiors: organizationalUnit +systemPossSuperiors: container +lDAPDisplayName: msDS-AzAdminManager +governsID: 1.2.840.113556.1.5.234 +rDNAttID: cn +systemMayContain: msDS-AzMinorVersion +systemMayContain: msDS-AzMajorVersion +systemMayContain: msDS-AzApplicationData +systemMayContain: msDS-AzGenerateAudits +systemMayContain: msDS-AzScriptTimeout +systemMayContain: msDS-AzScriptEngineCacheMax +systemMayContain: msDS-AzDomainTimeout +systemMayContain: description +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: group +possibleInferiors: msDS-AzApplication +possibleInferiors: rpcContainer +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: msExchConfigurationContainer +schemaIDGUID: cfee1051-5f28-4bae-a863-5d0cc18a8ed1 + +dn: CN=securityPrincipal,CN=Schema,CN=Configuration,${BASEDN} +cn: securityPrincipal +name: securityPrincipal +objectClass: top +objectClass: classSchema +lDAPDisplayName: securityPrincipal +governsID: 1.2.840.113556.1.5.6 +rDNAttID: cn +systemMustContain: sAMAccountName +systemMustContain: objectSid +systemMayContain: supplementalCredentials +systemMayContain: sIDHistory +systemMayContain: securityIdentifier +systemMayContain: sAMAccountType +systemMayContain: rid +systemMayContain: tokenGroupsNoGCAcceptable +systemMayContain: tokenGroupsGlobalAndUniversal +systemMayContain: tokenGroups +systemMayContain: nTSecurityDescriptor +systemMayContain: msDS-KeyVersionNumber +systemMayContain: altSecurityIdentities +systemMayContain: accountNameHistory +objectClassCategory: 3 +subClassOf: top +defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967ab0-0de6-11d0-a285-00aa003049e2 + +dn: CN=applicationSettings,CN=Schema,CN=Configuration,${BASEDN} +cn: applicationSettings +name: applicationSettings +objectClass: top +objectClass: classSchema +systemPossSuperiors: server +lDAPDisplayName: applicationSettings +governsID: 1.2.840.113556.1.5.7000.49 +rDNAttID: cn +systemMayContain: notificationList +systemMayContain: msDS-Settings +systemMayContain: applicationName +objectClassCategory: 2 +subClassOf: top +defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: f780acc1-56f0-11d1-a9c6-0000f80367c1 + +dn: CN=classSchema,CN=Schema,CN=Configuration,${BASEDN} +cn: classSchema +name: classSchema +objectClass: top +objectClass: classSchema +systemPossSuperiors: dMD +lDAPDisplayName: classSchema +governsID: 1.2.840.113556.1.3.13 +rDNAttID: cn +systemMustContain: subClassOf +systemMustContain: schemaIDGUID +systemMustContain: objectClassCategory +systemMustContain: governsID +systemMustContain: defaultObjectCategory +systemMustContain: cn +systemMayContain: systemPossSuperiors +systemMayContain: systemOnly +systemMayContain: systemMustContain +systemMayContain: systemMayContain +systemMayContain: systemAuxiliaryClass +systemMayContain: schemaFlagsEx +systemMayContain: rDNAttID +systemMayContain: possSuperiors +systemMayContain: mustContain +systemMayContain: msDs-Schema-Extensions +systemMayContain: msDS-IntId +systemMayContain: mayContain +systemMayContain: lDAPDisplayName +systemMayContain: isDefunct +systemMayContain: defaultSecurityDescriptor +systemMayContain: defaultHidingValue +systemMayContain: classDisplayName +systemMayContain: auxiliaryClass +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 134217744 +systemOnly: FALSE +defaultSecurityDescriptor: D:S: +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967a83-0de6-11d0-a285-00aa003049e2 + +dn: CN=user,CN=Schema,CN=Configuration,${BASEDN} +cn: user +name: user +objectClass: top +objectClass: classSchema +systemAuxiliaryClass: securityPrincipal +systemAuxiliaryClass: mailRecipient +systemPossSuperiors: builtinDomain +systemPossSuperiors: organizationalUnit +systemPossSuperiors: domainDNS +lDAPDisplayName: user +governsID: 1.2.840.113556.1.5.9 +rDNAttID: cn +mayContain: x500uniqueIdentifier +mayContain: userSMIMECertificate +mayContain: userPKCS12 +mayContain: uid +mayContain: secretary +mayContain: roomNumber +mayContain: preferredLanguage +mayContain: photo +mayContain: labeledURI +mayContain: jpegPhoto +mayContain: homePostalAddress +mayContain: givenName +mayContain: employeeType +mayContain: employeeNumber +mayContain: displayName +mayContain: departmentNumber +mayContain: carLicense +mayContain: audio +systemMayContain: pager +systemMayContain: o +systemMayContain: mobile +systemMayContain: manager +systemMayContain: mail +systemMayContain: initials +systemMayContain: homePhone +systemMayContain: businessCategory +systemMayContain: userCertificate +systemMayContain: userWorkstations +systemMayContain: userSharedFolderOther +systemMayContain: userSharedFolder +systemMayContain: userPrincipalName +systemMayContain: userParameters +systemMayContain: userAccountControl +systemMayContain: unicodePwd +systemMayContain: terminalServer +systemMayContain: servicePrincipalName +systemMayContain: scriptPath +systemMayContain: pwdLastSet +systemMayContain: profilePath +systemMayContain: primaryGroupID +systemMayContain: preferredOU +systemMayContain: otherLoginWorkstations +systemMayContain: operatorCount +systemMayContain: ntPwdHistory +systemMayContain: networkAddress +systemMayContain: msRASSavedFramedRoute +systemMayContain: msRASSavedFramedIPAddress +systemMayContain: msRASSavedCallbackNumber +systemMayContain: msRADIUSServiceType +systemMayContain: msRADIUSFramedRoute +systemMayContain: msRADIUSFramedIPAddress +systemMayContain: msRADIUSCallbackNumber +systemMayContain: msNPSavedCallingStationID +systemMayContain: msNPCallingStationID +systemMayContain: msNPAllowDialin +systemMayContain: mSMQSignCertificatesMig +systemMayContain: mSMQSignCertificates +systemMayContain: mSMQDigestsMig +systemMayContain: mSMQDigests +systemMayContain: msIIS-FTPRoot +systemMayContain: msIIS-FTPDir +systemMayContain: msDS-User-Account-Control-Computed +systemMayContain: msDS-Site-Affinity +systemMayContain: mS-DS-CreatorSID +systemMayContain: msDS-Cached-Membership-Time-Stamp +systemMayContain: msDS-Cached-Membership +systemMayContain: msDRM-IdentityCertificate +systemMayContain: msCOM-UserPartitionSetLink +systemMayContain: maxStorage +systemMayContain: logonWorkstation +systemMayContain: logonHours +systemMayContain: logonCount +systemMayContain: lockoutTime +systemMayContain: localeID +systemMayContain: lmPwdHistory +systemMayContain: lastLogonTimestamp +systemMayContain: lastLogon +systemMayContain: lastLogoff +systemMayContain: homeDrive +systemMayContain: homeDirectory +systemMayContain: groupsToIgnore +systemMayContain: groupPriority +systemMayContain: groupMembershipSAM +systemMayContain: dynamicLDAPServer +systemMayContain: desktopProfile +systemMayContain: defaultClassStore +systemMayContain: dBCSPwd +systemMayContain: controlAccessRights +systemMayContain: codePage +systemMayContain: badPwdCount +systemMayContain: badPasswordTime +systemMayContain: adminCount +systemMayContain: aCSPolicyName +systemMayContain: accountExpires +objectClassCategory: 1 +subClassOf: organizationalPerson +defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: nTFRSSubscriptions +possibleInferiors: classStore +schemaIDGUID: bf967aba-0de6-11d0-a285-00aa003049e2 + +dn: CN=dMD,CN=Schema,CN=Configuration,${BASEDN} +cn: dMD +name: dMD +objectClass: top +objectClass: classSchema +systemPossSuperiors: configuration +lDAPDisplayName: dMD +governsID: 1.2.840.113556.1.3.9 +rDNAttID: cn +systemMustContain: cn +systemMayContain: schemaUpdate +systemMayContain: schemaInfo +systemMayContain: prefixMap +systemMayContain: msDs-Schema-Extensions +systemMayContain: msDS-IntId +systemMayContain: dmdName +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: lostAndFound +possibleInferiors: attributeSchema +possibleInferiors: classSchema +schemaIDGUID: bf967a8f-0de6-11d0-a285-00aa003049e2 + +dn: CN=leaf,CN=Schema,CN=Configuration,${BASEDN} +cn: leaf +name: leaf +objectClass: top +objectClass: classSchema +lDAPDisplayName: leaf +governsID: 1.2.840.113556.1.5.20 +rDNAttID: cn +objectClassCategory: 2 +subClassOf: top +defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967a9e-0de6-11d0-a285-00aa003049e2 + +dn: CN=secret,CN=Schema,CN=Configuration,${BASEDN} +cn: secret +name: secret +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +lDAPDisplayName: secret +governsID: 1.2.840.113556.1.5.28 +rDNAttID: cn +systemMayContain: priorValue +systemMayContain: priorSetTime +systemMayContain: lastSetTime +systemMayContain: currentValue +objectClassCategory: 1 +subClassOf: leaf +defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967aae-0de6-11d0-a285-00aa003049e2 + +dn: CN=sitesContainer,CN=Schema,CN=Configuration,${BASEDN} +cn: sitesContainer +name: sitesContainer +objectClass: top +objectClass: classSchema +systemPossSuperiors: configuration +lDAPDisplayName: sitesContainer +governsID: 1.2.840.113556.1.5.107 +rDNAttID: cn +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: subnetContainer +possibleInferiors: site +possibleInferiors: interSiteTransportContainer +schemaIDGUID: 7a4117da-cd67-11d0-afff-0000f80367c1 + +dn: CN=server,CN=Schema,CN=Configuration,${BASEDN} +cn: server +name: server +objectClass: top +objectClass: classSchema +systemPossSuperiors: serversContainer +lDAPDisplayName: server +governsID: 1.2.840.113556.1.5.17 +rDNAttID: cn +systemMayContain: mailAddress +systemMayContain: serverReference +systemMayContain: serialNumber +systemMayContain: managedBy +systemMayContain: dNSHostName +systemMayContain: bridgeheadTransportList +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: applicationVersion +possibleInferiors: rpcContainer +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: msDS-AppData +possibleInferiors: msDS-App-Configuration +possibleInferiors: mSMQSettings +possibleInferiors: msExchConfigurationContainer +possibleInferiors: nTFRSSettings +possibleInferiors: dSA +schemaIDGUID: bf967a92-0de6-11d0-a285-00aa003049e2 + +dn: CN=subSchema,CN=Schema,CN=Configuration,${BASEDN} +cn: subSchema +name: subSchema +objectClass: top +objectClass: classSchema +systemPossSuperiors: dMD +lDAPDisplayName: subSchema +governsID: 2.5.20.1 +rDNAttID: cn +systemMayContain: objectClasses +systemMayContain: modifyTimeStamp +systemMayContain: extendedClassInfo +systemMayContain: extendedAttributeInfo +systemMayContain: dITContentRules +systemMayContain: attributeTypes +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 134217744 +systemOnly: TRUE +defaultSecurityDescriptor: D:S: +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: 5a8b3261-c38d-11d1-bbc9-0080c76670c0 + +dn: CN=domain,CN=Schema,CN=Configuration,${BASEDN} +cn: domain +name: domain +objectClass: top +objectClass: classSchema +systemPossSuperiors: domain +systemPossSuperiors: organization +lDAPDisplayName: domain +governsID: 1.2.840.113556.1.5.66 +rDNAttID: dc +systemMustContain: dc +objectClassCategory: 2 +subClassOf: top +defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: rFC822LocalPart +possibleInferiors: domainDNS +schemaIDGUID: 19195a5a-6da0-11d0-afd3-00c04fd930c9 + +dn: CN=subnet,CN=Schema,CN=Configuration,${BASEDN} +cn: subnet +name: subnet +objectClass: top +objectClass: classSchema +systemPossSuperiors: subnetContainer +lDAPDisplayName: subnet +governsID: 1.2.840.113556.1.5.96 +rDNAttID: cn +systemMayContain: siteObject +systemMayContain: physicalLocationObject +systemMayContain: location +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: rpcContainer +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: msExchConfigurationContainer +schemaIDGUID: b7b13124-b82e-11d0-afee-0000f80367c1 + +dn: CN=mailRecipient,CN=Schema,CN=Configuration,${BASEDN} +cn: mailRecipient +name: mailRecipient +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +lDAPDisplayName: mailRecipient +governsID: 1.2.840.113556.1.3.46 +rDNAttID: cn +systemMustContain: cn +mayContain: userSMIMECertificate +mayContain: secretary +mayContain: msExchLabeledURI +mayContain: msExchAssistantName +mayContain: labeledURI +systemMayContain: userCertificate +systemMayContain: userCert +systemMayContain: textEncodedORAddress +systemMayContain: telephoneNumber +systemMayContain: showInAddressBook +systemMayContain: legacyExchangeDN +systemMayContain: garbageCollPeriod +systemMayContain: info +objectClassCategory: 3 +subClassOf: top +defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967aa1-0de6-11d0-a285-00aa003049e2 + +dn: CN=group,CN=Schema,CN=Configuration,${BASEDN} +cn: group +name: group +objectClass: top +objectClass: classSchema +systemAuxiliaryClass: mailRecipient +systemAuxiliaryClass: securityPrincipal +systemPossSuperiors: msDS-AzScope +systemPossSuperiors: msDS-AzApplication +systemPossSuperiors: msDS-AzAdminManager +systemPossSuperiors: container +systemPossSuperiors: builtinDomain +systemPossSuperiors: organizationalUnit +systemPossSuperiors: domainDNS +lDAPDisplayName: group +governsID: 1.2.840.113556.1.5.8 +rDNAttID: cn +systemMustContain: groupType +systemMayContain: primaryGroupToken +systemMayContain: operatorCount +systemMayContain: nTGroupMembers +systemMayContain: nonSecurityMember +systemMayContain: msDS-NonMembers +systemMayContain: msDS-AzLDAPQuery +systemMayContain: member +systemMayContain: managedBy +systemMayContain: groupMembershipSAM +systemMayContain: groupAttributes +systemMayContain: mail +systemMayContain: desktopProfile +systemMayContain: controlAccessRights +systemMayContain: adminCount +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: FALSE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: classStore +schemaIDGUID: bf967a9c-0de6-11d0-a285-00aa003049e2 + +dn: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} +objectClass: top +objectClass: subSchema +cn: Aggregate +instanceType: 4 +name: Aggregate +objectCategory: CN=SubSchema,CN=Schema,CN=Configuration,${BASEDN} +objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) +objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) +objectClasses: ( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY ( msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzApplicationVersion $ msDS-AzClassId $ msDS-AzApplicationName $ description ) ) +objectClasses: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' SUP top STRUCTURAL ) +objectClasses: ( 1.2.840.113556.1.5.175 NAME 'infrastructureUpdate' SUP top STRUCTURAL MAY ( dNReferenceUpdate ) ) +objectClasses: ( 1.2.840.113556.1.5.12 NAME 'configuration' SUP top STRUCTURAL MUST ( cn ) MAY ( gPOptions $ gPLink ) ) +objectClasses: ( 1.2.840.113556.1.3.11 NAME 'crossRef' SUP top STRUCTURAL MUST ( nCName $ dnsRoot $ cn ) MAY ( trustParent $ superiorDNSRoot $ rootTrust $ nTMixedDomain $ nETBIOSName $ Enabled $ msDS-SDReferenceDomain $ msDS-Replication-Notify-Subsequent-DSA-Delay $ msDS-Replication-Notify-First-DSA-Delay $ msDS-NC-Replica-Locations $ msDS-DnsRootAlias $ msDS-Behavior-Version ) ) +objectClasses: ( 1.2.840.113556.1.5.83 NAME 'rIDManager' SUP top STRUCTURAL MUST ( rIDAvailablePool ) ) +objectClasses: ( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURAL MAY ( treatAsLeaf $ shellPropertyPages $ shellContextMenu $ scopeFlags $ queryFilter $ iconPath $ extraColumns $ creationWizard $ createWizardExt $ createDialog $ contextMenu $ classDisplayName $ attributeDisplayNames $ adminPropertyPages $ adminMultiselectPropertyPages $ adminContextMenu ) ) +objectClasses: ( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST ( msDS-AzScopeName ) MAY ( msDS-AzApplicationData $ description ) ) +objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST ( l ) MAY ( street $ st $ seeAlso $ searchGuide ) ) +objectClasses: ( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY ( msDS-SPNSuffixes $ uPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-Behavior-Version ) ) +objectClasses: ( 1.2.840.113556.1.5.95 NAME 'subnetContainer' SUP top STRUCTURAL ) +objectClasses: ( 1.2.840.113556.1.5.7000.47 NAME 'nTDSDSA' SUP applicationSettings STRUCTURAL MAY ( serverReference $ msDS-RetiredReplNCSignatures $ retiredReplDSASignatures $ queryPolicyObject $ options $ networkAddress $ msDS-ReplicationEpoch $ msDS-HasInstantiatedNCs $ msDS-hasMasterNCs $ msDS-HasDomainNCs $ msDS-Behavior-Version $ managedBy $ lastBackupRestorationTime $ invocationId $ hasPartialReplicaNCs $ hasMasterNCs $ fRSRootPath $ dMDLocation ) ) +objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) +objectClasses: ( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) +objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuide ) ) +objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) ) +objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) ) +objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY ( tombstoneLifetime $ sPNMappings $ replTopologyStayOfExecution $ msDS-Other-Settings $ garbageCollPeriod $ dSHeuristics ) ) +objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL ) +objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY ( volumeCount $ siteGUID $ rIDSetReferences $ policyReplicationFlags $ physicalLocationObject $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ operatingSystem $ networkAddress $ netbootSIFFile $ netbootMirrorDataFile $ netbootMachineFilePath $ netbootInitialization $ netbootGUID $ msDS-AdditionalSamAccountName $ msDS-AdditionalDnsHostName $ managedBy $ machineRole $ location $ localPolicyFlags $ dNSHostName $ defaultLocalPolicyObject $ cn $ catalogs ) ) +objectClasses: ( 2.5.6.6 NAME 'person' SUP top MUST ( cn ) MAY ( userPassword $ telephoneNumber $ sn $ serialNumber $ seeAlso $ attributeCertificateAttribute ) ) +objectClasses: ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaVersion $ defaultClassStore $ msDS-ObjectReference ) ) +objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( notificationList $ mSMQSiteID $ mSMQSiteForeign $ mSMQNt4Stub $ mSMQInterval2 $ mSMQInterval1 $ managedBy $ location $ gPOptions $ gPLink ) ) +objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) ) +objectClasses: ( 1.2.840.113556.1.5.234 NAME 'msDS-AzAdminManager' SUP top STRUCTURAL MAY ( msDS-AzMinorVersion $ msDS-AzMajorVersion $ msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzScriptTimeout $ msDS-AzScriptEngineCacheMax $ msDS-AzDomainTimeout $ description ) ) +objectClasses: ( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' SUP top AUXILIARY MUST ( sAMAccountName $ objectSid ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory ) ) +objectClasses: ( 1.2.840.113556.1.5.7000.49 NAME 'applicationSettings' SUP top ABSTRACT MAY ( notificationList $ msDS-Settings $ applicationName ) ) +objectClasses: ( 1.2.840.113556.1.3.13 NAME 'classSchema' SUP top STRUCTURAL MUST ( subClassOf $ schemaIDGUID $ objectClassCategory $ governsID $ defaultObjectCategory $ cn ) MAY ( systemPossSuperiors $ systemOnly $ systemMustContain $ systemMayContain $ systemAuxiliaryClass $ schemaFlagsEx $ rDNAttID $ possSuperiors $ mustContain $ msDs-Schema-Extensions $ msDS-IntId $ mayContain $ lDAPDisplayName $ isDefunct $ defaultSecurityDescriptor $ defaultHidingValue $ classDisplayName $ auxiliaryClass ) ) +objectClasses: ( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson STRUCTURAL MAY ( pager $ o $ mobile $ manager $ mail $ initials $ homePhone $ businessCategory $ userCertificate $ userWorkstations $ userSharedFolderOther $ userSharedFolder $ userPrincipalName $ userParameters $ userAccountControl $ unicodePwd $ terminalServer $ servicePrincipalName $ scriptPath $ pwdLastSet $ profilePath $ primaryGroupID $ preferredOU $ otherLoginWorkstations $ operatorCount $ ntPwdHistory $ networkAddress $ msRASSavedFramedRoute $ msRASSavedFramedIPAddress $ msRASSavedCallbackNumber $ msRADIUSServiceType $ msRADIUSFramedRoute $ msRADIUSFramedIPAddress $ msRADIUSCallbackNumber $ msNPSavedCallingStationID $ msNPCallingStationID $ msNPAllowDialin $ mSMQSignCertificatesMig $ mSMQSignCertificates $ mSMQDigestsMig $ mSMQDigests $ msIIS-FTPRoot $ msIIS-FTPDir $ msDS-User-Account-Control-Computed $ msDS-Site-Affinity $ mS-DS-CreatorSID $ msDS-Cached-Membership-Time-Stamp $ msDS-Cached-Membership $ msDRM-IdentityCertificate $ msCOM-UserPartitionSetLink $ maxStorage $ logonWorkstation $ logonHours $ logonCount $ lockoutTime $ localeID $ lmPwdHistory $ lastLogonTimestamp $ lastLogon $ lastLogoff $ homeDrive $ homeDirectory $ groupsToIgnore $ groupPriority $ groupMembershipSAM $ dynamicLDAPServer $ desktopProfile $ defaultClassStore $ dBCSPwd $ controlAccessRights $ codePage $ badPwdCount $ badPasswordTime $ adminCount $ aCSPolicyName $ accountExpires $ x500uniqueIdentifier $ userSMIMECertificate $ userPKCS12 $ uid $ secretary $ roomNumber $ preferredLanguage $ photo $ labeledURI $ jpegPhoto $ homePostalAddress $ givenName $ employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $ audio ) ) +objectClasses: ( 1.2.840.113556.1.3.9 NAME 'dMD' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaUpdate $ schemaInfo $ prefixMap $ msDs-Schema-Extensions $ msDS-IntId $ dmdName ) ) +objectClasses: ( 1.2.840.113556.1.5.20 NAME 'leaf' SUP top ABSTRACT ) +objectClasses: ( 1.2.840.113556.1.5.28 NAME 'secret' SUP leaf STRUCTURAL MAY ( priorValue $ priorSetTime $ lastSetTime $ currentValue ) ) +objectClasses: ( 1.2.840.113556.1.5.107 NAME 'sitesContainer' SUP top STRUCTURAL ) +objectClasses: ( 1.2.840.113556.1.5.17 NAME 'server' SUP top STRUCTURAL MAY ( mailAddress $ serverReference $ serialNumber $ managedBy $ dNSHostName $ bridgeheadTransportList ) ) +objectClasses: ( 2.5.20.1 NAME 'subSchema' SUP top STRUCTURAL MAY ( objectClasses $ modifyTimeStamp $ extendedClassInfo $ extendedAttributeInfo $ dITContentRules $ attributeTypes ) ) +objectClasses: ( 1.2.840.113556.1.5.66 NAME 'domain' SUP top ABSTRACT MUST ( dc ) ) +objectClasses: ( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY ( siteObject $ physicalLocationObject $ location ) ) +objectClasses: ( 1.2.840.113556.1.3.46 NAME 'mailRecipient' SUP top AUXILIARY MUST ( cn ) MAY ( userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) +objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST ( groupType ) MAY ( primaryGroupToken $ operatorCount $ nTGroupMembers $ nonSecurityMember $ msDS-NonMembers $ msDS-AzLDAPQuery $ member $ managedBy $ groupMembershipSAM $ groupAttributes $ mail $ desktopProfile $ controlAccessRights $ adminCount ) ) +attributeTypes: ( 1.2.840.113556.1.4.1304 NAME 'sDRightsEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.104 NAME 'ownerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1720 NAME 'msDS-ReplicationEpoch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.202 NAME 'auditingPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.646 NAME 'otherFacsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.256 NAME 'streetAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.121 NAME 'securityIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1782 NAME 'msDS-KeyVersionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1307 NAME 'accountNameHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.752 NAME 'userSharedFolderOther' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.751 NAME 'userSharedFolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.966 NAME 'mSMQDigestsMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.655 NAME 'legacyExchangeDN' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.618 NAME 'wellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) +attributeTypes: ( 1.2.840.113556.1.4.1 NAME 'name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.531 NAME 'nonSecurityMemberBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1707 NAME 'msDS-ReplAttributeMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1242 NAME 'dNReferenceUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.892 NAME 'gPOptions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1790 NAME 'msDS-PerUserTrustTombstonesQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME 'pager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.362 NAME 'siteGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1796 NAME 'msDS-AzScriptEngineCacheMax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1303 NAME 'tokenGroupsNoGCAcceptable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1418 NAME 'tokenGroupsGlobalAndUniversal' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.96 NAME 'pwdLastSet' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 2.5.21.6 NAME 'objectClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.512 NAME 'siteObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.638 NAME 'isPrivilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.28 NAME 'dnsRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.168 NAME 'modifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' ) +attributeTypes: ( 2.5.4.15 NAME 'businessCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'middleName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.677 NAME 'replTopologyStayOfExecution' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.359 NAME 'netbootGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.25 NAME 'mayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.748 NAME 'attributeDisplayNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.614 NAME 'adminContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.67 NAME 'lSAModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.66 NAME 'lSACreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.154 NAME 'serverState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.125 NAME 'supplementalCredentials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.2.460 NAME 'lDAPDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1130 NAME 'msNPSavedCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) +attributeTypes: ( 1.2.840.113556.1.4.38 NAME 'flags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.812 NAME 'createWizardExt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.36 NAME 'dMDLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.596 NAME 'msExchHouseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.647 NAME 'otherMobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.212 NAME 'dSHeuristics' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.5 NAME 'serialNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) +attributeTypes: ( 1.2.840.113556.1.4.1697 NAME 'msDS-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.144 NAME 'operatorCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1153 NAME 'msRADIUSFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.45 NAME 'homeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1664 NAME 'msDS-Replication-Notify-Subsequent-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.810 NAME 'createDialog' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.607 NAME 'queryPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.487 NAME 'fRSRootPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.11 NAME 'ou' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.2.617 NAME 'homePostalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.652 NAME 'assistant' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.361 NAME 'netbootMachineFilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.45 NAME 'x500uniqueIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.55 NAME 'dBCSPwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.538 NAME 'prefixMap' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1807 NAME 'msDS-MembersForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.781 NAME 'lastKnownParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.369 NAME 'fSMORoleOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.673 NAME 'retiredReplDSASignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.459 NAME 'networkAddress' SYNTAX '1.2.840.113556.1.4.905' ) +attributeTypes: ( 1.2.840.113556.1.2.471 NAME 'schemaVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) +attributeTypes: ( 1.2.840.113556.1.2.8 NAME 'possSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.224 NAME 'defaultSecurityDescriptor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.140 NAME 'userSMIMECertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.8 NAME 'userAccountControl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.885 NAME 'terminalServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.159 NAME 'accountExpires' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.89 NAME 'nTGroupMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.749 NAME 'url' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.145 NAME 'revision' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.76 NAME 'objectVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1705 NAME 'msDS-NCReplInboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1425 NAME 'msCOM-UserLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1409 NAME 'masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.916 NAME 'canonicalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1661 NAME 'msDS-NC-Replica-Locations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1721 NAME 'msDS-UpdateScript' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.88 NAME 'nextRid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.24 NAME 'x121Address' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' ) +attributeTypes: ( 2.5.4.35 NAME 'userPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) +attributeTypes: ( 1.2.840.113556.1.4.1189 NAME 'msRASSavedCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.158 NAME 'domainReplica' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.615 NAME 'personalTitle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.651 NAME 'otherMailbox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME 'mail' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1621 NAME 'msDS-Other-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.71 NAME 'machineRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1795 NAME 'msDS-AzDomainTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.198 NAME 'systemAuxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.661 NAME 'isDefunct' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.160 NAME 'lmPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.166 NAME 'groupMembershipSAM' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.1 NAME 'instanceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.806 NAME 'treatAsLeaf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.562 NAME 'adminPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1799 NAME 'msDS-AzScopeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1826 NAME 'msDS-RetiredReplNCSignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.14 NAME 'hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.81 NAME 'modifiedCountAtLastProm' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.78 NAME 'minPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.39 NAME 'forceLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1787 NAME 'msDS-AllowedToDelegateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.619 NAME 'dNSHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1825 NAME 'msDS-AzMinorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.170 NAME 'systemOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1716 NAME 'msDS-IntId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.49 NAME 'badPasswordTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.151 NAME 'oEMInformation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.42 NAME 'givenName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1347 NAME 'sPNMappings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.364 NAME 'operatingSystemVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.303 NAME 'notificationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1301 NAME 'tokenGroups' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.97 NAME 'preferredOU' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1410 NAME 'mS-DS-CreatorSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1793 NAME 'msDS-NonMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1815 NAME 'msDS-TasksForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.820 NAME 'bridgeheadServerListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1819 NAME 'msDS-AzApplicationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.866 NAME 'pekKeyChangeInterval' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.6 NAME 'c' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) +attributeTypes: ( 1.2.840.113556.1.4.25 NAME 'countryCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME 'mobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.669 NAME 'rIDSetReferences' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.148 NAME 'schemaIDGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.351 NAME 'auxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME 'uid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.464 NAME 'wWWHomePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.896 NAME 'uSNSource' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1360 NAME 'mS-DS-ConsistencyGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.870 NAME 'frsComputerReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.913 NAME 'allowedAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.1798 NAME 'msDS-AzApplicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.890 NAME 'uPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1788 NAME 'msDS-PerUserTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1411 NAME 'ms-DS-MachineAccountQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.157 NAME 'serverRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME 'homePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.415 NAME 'operatingSystemHotfix' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1717 NAME 'msDS-AdditionalDnsHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1797 NAME 'msDS-AzScriptTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.24 NAME 'mustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 2.5.4.36 NAME 'userCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1124 NAME 'msNPCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) +attributeTypes: ( 1.2.840.113556.1.4.1460 NAME 'msDS-User-Account-Control-Computed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.44 NAME 'homeDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1792 NAME 'msDS-AzLDAPQuery' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.663 NAME 'partialAttributeDeletionList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.868 NAME 'isCriticalSystemObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.891 NAME 'gPLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1354 NAME 'scopeFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.60 NAME 'lockoutDuration' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1426 NAME 'msCOM-UserPartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'thumbnailLogo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'thumbnailPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.222 NAME 'location' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.86 NAME 'userWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.65 NAME 'logonWorkstation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1696 NAME 'lastLogonTimestamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.100 NAME 'priorValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.53 NAME 'lastSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.2 NAME 'objectGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1811 NAME 'msDS-TasksForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.653 NAME 'managedBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.93 NAME 'pwdProperties' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.13 NAME 'builtinCreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.146 NAME 'company' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.675 NAME 'catalogs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.783 NAME 'defaultObjectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1158 NAME 'msRADIUSFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) +attributeTypes: ( 1.2.840.113556.1.4.99 NAME 'priorSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.645 NAME 'userCert' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.530 NAME 'nonSecurityMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 2.5.4.31 NAME 'member' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.152 NAME 'groupAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.375 NAME 'systemFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1249 NAME 'proxiedObjectName' SYNTAX '1.2.840.113556.1.4.903' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1708 NAME 'msDS-ReplValueMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.912 NAME 'allowedChildClassesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.1805 NAME 'msDS-AzGenerateAudits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1817 NAME 'msDS-AzApplicationVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.219 NAME 'iconPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.9 NAME 'street' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1783 NAME 'msDS-ExecuteScriptPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1784 NAME 'msDS-LogonTimeSyncInterval' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.301 NAME 'garbageCollPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.967 NAME 'mSMQSignCertificatesMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1442 NAME 'msDS-Cached-Membership-Time-Stamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.169 NAME 'logonCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.58 NAME 'localeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) +attributeTypes: ( 1.2.840.113556.1.4.12 NAME 'badPwdCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 2.5.18.10 NAME 'subSchemaSubEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.2.48 NAME 'isDeleted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1687 NAME 'extraColumns' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1690 NAME 'adminMultiselectPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.307 NAME 'options' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.61 NAME 'lockOutObservationWindow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.57 NAME 'defaultLocalPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.26 NAME 'creationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 2.5.4.16 NAME 'postalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.43 NAME 'initials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1240 NAME 'netbootSIFFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1718 NAME 'msDS-AdditionalSamAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.195 NAME 'systemPossSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.2.610 NAME 'employeeNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.662 NAME 'lockoutTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.537 NAME 'dynamicLDAPServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.444 NAME 'msExchAssistantName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1794 NAME 'msDS-NonMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.194 NAME 'adminDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.499 NAME 'contextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 2.5.4.4 NAME 'sn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.22 NAME 'governsID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.947 NAME 'mSMQSignCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1361 NAME 'mS-DS-ConsistencyChildCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.74 NAME 'dSASignature' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.911 NAME 'allowedChildClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.914 NAME 'allowedAttributesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.357 NAME 'nTMixedDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1709 NAME 'msDS-HasInstantiatedNCs' SYNTAX '1.2.840.113556.1.4.903' ) +attributeTypes: ( 1.2.840.113556.1.4.79 NAME 'minPwdLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.32 NAME 'domainPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.507 NAME 'volumeCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1171 NAME 'msRADIUSServiceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.52 NAME 'lastLogon' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.344 NAME 'groupsToIgnore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1358 NAME 'schemaInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME 'dc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.782 NAME 'objectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 2.5.18.2 NAME 'modifyTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.13 NAME 'displayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.226 NAME 'adminDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1719 NAME 'msDS-DnsRootAlias' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.498 NAME 'creationWizard' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.15 NAME 'hasPartialReplicaNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.200 NAME 'controlAccessRights' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.155 NAME 'uASCompat' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.146 NAME 'objectSid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.12 NAME 'title' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.118 NAME 'otherPager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.261 NAME 'division' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.370 NAME 'objectClassCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.518 NAME 'defaultHidingValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1119 NAME 'msNPAllowDialin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.16 NAME 'codePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.150 NAME 'adminCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'schemaUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.557 NAME 'Enabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.7 NAME 'l' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.268 NAME 'eFSPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.14 NAME 'builtinModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.18 NAME 'otherTelephone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.649 NAME 'primaryInternationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.35 NAME 'employeeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.54 NAME 'tombstoneLifetime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.365 NAME 'operatingSystemServicePack' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.358 NAME 'netbootInitialization' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.771 NAME 'servicePrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.91 NAME 'otherLoginWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1786 NAME 'msIIS-FTPDir' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1443 NAME 'msDS-Site-Affinity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.76 NAME 'maxStorage' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.281 NAME 'nTSecurityDescriptor' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.513 NAME 'siteObjectBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.608 NAME 'queryPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.640 NAME 'partialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.13 NAME 'description' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1816 NAME 'msDS-AzClassId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.370 NAME 'rIDAvailablePool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.563 NAME 'shellPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1715 NAME 'msDS-SPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.101 NAME 'privateKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.23 NAME 'facsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.960 NAME 'mSMQNt4Stub' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) +attributeTypes: ( 1.2.840.113556.1.4.120 NAME 'schemaFlagsEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1785 NAME 'msIIS-FTPRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.345 NAME 'groupPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.819 NAME 'bridgeheadTransportList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.301 NAME 'wbemPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1706 NAME 'msDS-NCReplOutboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1809 NAME 'msDS-OperationsForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.169 NAME 'showInAdvancedViewOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1459 NAME 'msDS-Behavior-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1836 NAME 'msDS-hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.95 NAME 'pwdHistoryLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.865 NAME 'pekList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.17 NAME 'postalCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1241 NAME 'netbootMirrorDataFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.213 NAME 'defaultClassStore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.953 NAME 'mSMQSiteID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' ) +attributeTypes: ( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.115 NAME 'invocationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.109 NAME 'replicaSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.721 NAME 'ipPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.277 NAME 'otherHomePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.10 NAME 'o' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.363 NAME 'operatingSystem' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1840 NAME 'msDS-ObjectReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1308 NAME 'mSMQInterval1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.153 NAME 'rid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.139 NAME 'profilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1145 NAME 'msRADIUSCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.772 NAME 'aCSPolicyName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.81 NAME 'info' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1841 NAME 'msDS-ObjectReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.3 NAME 'whenChanged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.121 NAME 'uSNLastObjRem' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.83 NAME 'repsTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.4 NAME 'replUpToDateVector' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.864 NAME 'netbootSCPBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1837 NAME 'msDs-masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1309 NAME 'mSMQInterval2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.609 NAME 'sIDHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.90 NAME 'unicodePwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1190 NAME 'msRASSavedFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1843 NAME 'msDRM-IdentityCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.51 NAME 'lastLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.598 NAME 'dmdName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.593 NAME 'msExchLabeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' ) +attributeTypes: ( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.131 NAME 'co' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.648 NAME 'primaryTelexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.514 NAME 'physicalLocationObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1824 NAME 'msDS-AzMajorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.21 NAME 'subClassOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.197 NAME 'systemMustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.613 NAME 'employeeType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.27 NAME 'currentValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.19 NAME 'uSNCreated' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.7 NAME 'subRefs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.210 NAME 'proxyAddresses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.615 NAME 'shellContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.610 NAME 'classDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.120 NAME 'uSNChanged' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.91 NAME 'repsFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1359 NAME 'otherWellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) +attributeTypes: ( 1.2.840.113556.1.4.1704 NAME 'msDS-NCReplCursors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.654 NAME 'managedObjects' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1710 NAME 'msDS-AllowedDNSSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.16 NAME 'nCName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.87 NAME 'nETBIOSName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1355 NAME 'queryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) +attributeTypes: ( 1.2.840.113556.1.4.961 NAME 'mSMQSiteForeign' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' ) +attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.62 NAME 'scriptPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.948 NAME 'mSMQDigests' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1441 NAME 'msDS-Cached-Membership' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.64 NAME 'logonHours' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +dITContentRules: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' AUX ( samDomain ) MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) +dITContentRules: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) +dITContentRules: ( 1.2.840.113556.1.5.3 NAME 'samDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) +dITContentRules: ( 1.2.840.113556.1.5.9 NAME 'user' AUX ( securityPrincipal $ mailRecipient ) MUST ( sAMAccountName $ objectSid $ cn ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) +dITContentRules: ( 1.2.840.113556.1.5.8 NAME 'group' AUX ( mailRecipient $ securityPrincipal ) MUST ( cn $ sAMAccountName $ objectSid $ cn ) MAY ( userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) -- cgit From 40b13059968f2f2ebcdd6dedc95c2d152d23b5ec Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 4 Nov 2005 04:06:35 +0000 Subject: r11499: added a minimal set of display specifiers for mmc to use to display the core elements of a Samba4 domain (This used to be commit bee45531eaa1f7b96f123c146af3bc30681ebdec) --- source4/setup/display_specifiers.ldif | 108 ++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 source4/setup/display_specifiers.ldif (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif new file mode 100644 index 0000000000..22c852e0d7 --- /dev/null +++ b/source4/setup/display_specifiers.ldif @@ -0,0 +1,108 @@ +dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: displaySpecifier +cn: user-Display +name: user-Display +contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} +adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93} +adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813} +adminPropertyPages: 7,{8c5b1b50-d46e-11d1-8091-00a024c48131} +adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB} +adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 4,{FD57D295-4FD9-11D1-854E-00C04FC31FD3} +adminPropertyPages: 3,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3} +adminPropertyPages: 1,{6dfe6485-a212-11d0-bcd5-00c04fd8d5b6} +shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6} +shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6} +adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} +adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0} + +dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: displaySpecifier +cn: group-Display +name: group-Display +contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} +adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB} +adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 2,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 1,{6dfe6489-a212-11d0-bcd5-00c04fd8d5b6} +shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6} +shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6} +adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} + +dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: displaySpecifier +cn: domainDNS-Display +name: domainDNS-Display +adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB} +adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 1,{6dfe648c-a212-11d0-bcd5-00c04fd8d5b6} +shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6} +shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6} +adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} +adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D} + +dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: displaySpecifier +cn: computer-Display +name: computer-Display +contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} +adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3} +adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3} +adminPropertyPages: 6,{4E40F770-369C-11d0-8922-00A024AB2DBB} +adminPropertyPages: 5,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 4,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 3,{77597368-7b15-11d0-a0c2-080036af3f03} +adminPropertyPages: 1,{6dfe6492-a212-11d0-bcd5-00c04fd8d5b6} +shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6} +shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6} +adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} +createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4} + +dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: displaySpecifier +cn: organizationalUnit-Display +name: organizationalUnit-Display +contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} +adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93} +adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB} +adminPropertyPages: 4,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 3,{6dfe648b-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 1,{9da6fd63-c63b-11d0-b94d-00c04fd8d5b0} +shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6} +shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6} +adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} +adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D} + +dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: displaySpecifier +cn: container-Display +name: container-Display +contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} +adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB} +adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 1,{5a96f2d8-736e-11d1-bd0d-00c04fd8d5b6} +shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6} +adminContextMenu: 4,{AB790AA1-CDC1-478a-9351-B2E05CFCAD09} +adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3} +adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} +adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D} + +dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: displaySpecifier +cn: default-Display +name: default-Display +adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB} +adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} +adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6} +shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6} +adminContextMenu: 0,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} +adminMultiselectPropertyPages: 1,{50d30563-9911-11d1-b9af-00c04fd8d5b0} + -- cgit From 4ccadc164e144085de4ace0dc5f3f40719fdc527 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 29 Nov 2005 08:52:41 +0000 Subject: r11954: add the static rootdse content to the sam ldb,and enable the rootdse module in @MODULES (This used to be commit cfab88fcc2c740a6d3fd456a009fbb60061b3a53) --- source4/setup/provision_init.ldif | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a0cbb6ad7a..fa9b234631 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -45,8 +45,28 @@ user: computer template: userTemplate template: groupTemplate +# the rootDSE module looks in this record for its base data +dn: cn=ROOTDSE +subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} +dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} +namingContexts: ${BASEDN} +namingContexts: CN=Configuration,${BASEDN} +namingContexts: CN=Schema,CN=Configuration,${BASEDN} +defaultNamingContext: ${BASEDN} +rootDomainNamingContext: ${BASEDN} +configurationNamingContext: CN=Configuration,${BASEDN} +schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} +supportedLDAPVersion: 3 +supportedSASLMechanisms: GSS-SPNEGO +dnsHostName: ${DNSNAME} +ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} +serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} +domainFunctionality: 0 +forestFunctionality: 0 +domainControllerFunctionality: 2 + #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: samldb,operational,objectguid,rdn_name +@LIST: rootdse,samldb,operational,objectguid,rdn_name -- cgit From 09932e03837e7c41fdc3a2985f005a6b255fd26c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 29 Nov 2005 08:58:39 +0000 Subject: r11956: removed the old rootdse.ldif, and the provision.js code that uses it (This used to be commit 4b56c129c6f1654f9dbe37bc950a836f15c48b3d) --- source4/setup/rootdse.ldif | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 source4/setup/rootdse.ldif (limited to 'source4/setup') diff --git a/source4/setup/rootdse.ldif b/source4/setup/rootdse.ldif deleted file mode 100644 index 67c49f0f26..0000000000 --- a/source4/setup/rootdse.ldif +++ /dev/null @@ -1,32 +0,0 @@ -dn: @INDEXLIST - -dn: @ATTRIBUTES -createTimestamp: HIDDEN -modifyTimestamp: HIDDEN - -dn: @SUBCLASSES - -dn: @MODULES -@MODULE: operational - -dn: cn=rootDSE -currentTime: _DYNAMIC_ -subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} -dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} -namingContexts: ${BASEDN} -namingContexts: CN=Configuration,${BASEDN} -namingContexts: CN=Schema,CN=Configuration,${BASEDN} -defaultNamingContext: ${BASEDN} -rootDomainNamingContext: ${BASEDN} -configurationNamingContext: CN=Configuration,${BASEDN} -schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} -supportedLDAPVersion: 3 -highestCommittedUSN: _DYNAMIC_ -supportedSASLMechanisms: GSS-SPNEGO -dnsHostName: ${DNSNAME} -ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} -serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} -isSynchronized: _DYNAMIC_ -domainFunctionality: 0 -forestFunctionality: 0 -domainControllerFunctionality: 2 -- cgit From 20f0e18854f39bf6291e44cb7bc1f78450ee484e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Dec 2005 04:55:18 +0000 Subject: r11990: Set the password set time as 'now', so it isn't expired back in 2004. Andrew Bartlett (This used to be commit b3929230b210bd6f0b12f90f48767aa861fd08fa) --- source4/setup/provision_users.ldif | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index adcd4cbfe9..5ec29869d8 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -93,9 +93,8 @@ uSNCreated: 1 uSNChanged: 1 objectGUID: ${HOSTGUID} userAccountControl: 532480 -lastLogon: 127273269057298624 localPolicyFlags: 0 -pwdLastSet: 127258826171655328 +pwdLastSet: ${NTTIME} primaryGroupID: 516 objectSid: ${DOMAINSID}-1000 accountExpires: 9223372036854775807 -- cgit From 9c6b7f2d62e134a4bc15efc04e05be25e4a53dc7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Dec 2005 05:20:39 +0000 Subject: r11995: A big kerberos-related update. This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d) --- source4/setup/secrets.ldif | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index c573ad3b56..43c3f69c9d 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -26,6 +26,7 @@ cn: Primary Domains dn: flatname=${DOMAIN},CN=Primary Domains objectClass: top objectClass: primaryDomain +objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} secret: ${MACHINEPASS} @@ -35,10 +36,12 @@ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} +privateKeytab: secrets.keytab dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals objectClass: top objectClass: secret +objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} secret: ${KRBTGTPASS} @@ -49,3 +52,4 @@ msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw saltPrincipal: krbtgt@${REALM} +privateKeytab: secrets.keytab -- cgit From 4a5639979894d54b90f7c86f704bb4bac2c89a89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 20 Dec 2005 00:00:48 +0000 Subject: r12383: Fixes for Apple's AD client. Don't segfualt in the KDC, and they require the isSynchronized flag in the rootDSE. Andrew Bartlett (This used to be commit e48464c8844b4af1976d8379aef8db9baddd3687) --- source4/setup/provision_init.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index fa9b234631..53f7ff1b3b 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -64,6 +64,7 @@ serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Confi domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 +isSyncronized: TRUE #Add modules to the list to activate them by default #beware often order is important -- cgit From 2dc21b833a06ed98a8726e74ae27fb458be16293 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 20 Dec 2005 00:02:08 +0000 Subject: r12384: I can't spell... (This used to be commit 566bbfd067f43d86eacc1e867e6f64bac85e285d) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 53f7ff1b3b..b341808e0e 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -64,7 +64,7 @@ serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Confi domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 -isSyncronized: TRUE +isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important -- cgit From 77f4910b57db6264d5b6b7f67cab3518a2f2ca4a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 22 Dec 2005 09:32:26 +0000 Subject: r12427: Move SAMR CreateUser2 to transactions, and re-add support for different computer account types. (Earlier code changes removed the BDC case). We don't use the TemplateDomainController, so just have a TemplateServer in provision_templates.ldif Andrew Bartlett (This used to be commit c4520ba2e6fad42a137983a2e1dbcd9c26db74e9) --- source4/setup/provision_templates.ldif | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 3693f46558..6305b498f4 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -38,11 +38,11 @@ logonCount: 0 sAMAccountType: 0x30000000 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateMemberServer,CN=Templates,${BASEDN} +dn: CN=TemplateServer,CN=Templates,${BASEDN} objectClass: top objectClass: Template objectClass: userTemplate -cn: TemplateMemberServer +cn: TemplateServer instanceType: 4 userAccountControl: 0x1002 badPwdCount: 0 @@ -58,26 +58,6 @@ logonCount: 0 sAMAccountType: 0x30000001 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateDomainController,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: userTemplate -cn: TemplateDomainController -instanceType: 4 -userAccountControl: 0x2002 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 0x30000001 -objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} - dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} objectClass: top objectClass: Template -- cgit From d34e1e598d34a01b01df362ecfef0e4918564b38 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 28 Dec 2005 07:17:45 +0000 Subject: r12536: kerberos is on port 88, not port 389 i guess this shows that MS clients ignore the port number in SRV replies (This used to be commit ce070ef50f3aca6f911f6f51688d7cd9fc17ff67) --- source4/setup/provision.zone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index 2994c15de3..5bba620ee6 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -27,7 +27,7 @@ _ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} ; ; krb5 servers _kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} -_kerberos._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_kerberos._tcp.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} _kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} _kerberos._udp IN SRV 0 100 88 ${HOSTNAME} ; -- cgit From 1c027f35d70b0719ba671034e897834b4bed9c4f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 08:36:25 +0000 Subject: r12598: Make the 'objectClass' part of the templating process actually work. We need to add to the multivalued objectClass, not ignore it because the user has already specified a value. Also rename the template again. This was caught by more stringent tests in the unicodePwd module, but breaks MMC. A later commit will sort the objectClass. Andrew Bartlett (This used to be commit 0aaff059ba76c7eee86f37bfd74735c1c365d55f) --- source4/setup/provision_templates.ldif | 6 ++++-- source4/setup/provision_users.ldif | 10 ---------- 2 files changed, 4 insertions(+), 12 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 6305b498f4..7b0fe1994c 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -38,11 +38,13 @@ logonCount: 0 sAMAccountType: 0x30000000 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateServer,CN=Templates,${BASEDN} +dn: CN=TemplateComputer,CN=Templates,${BASEDN} objectClass: top +objectClass: person +objectClass: organizationalPerson objectClass: Template objectClass: userTemplate -cn: TemplateServer +cn: TemplateComputer instanceType: 4 userAccountControl: 0x1002 badPwdCount: 0 diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 5ec29869d8..c002923268 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -1,7 +1,4 @@ dn: CN=Administrator,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson objectClass: user cn: Administrator description: Built-in account for administering the computer/domain @@ -22,9 +19,6 @@ unicodePwd: ${ADMINPASS} unixName: ${ROOT} dn: CN=Guest,CN=Users,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain @@ -83,10 +77,6 @@ privilege: SeRemoteInteractiveLogonRight dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user objectClass: computer cn: ${NETBIOSNAME} uSNCreated: 1 -- cgit From c82c9fe7bb47aa95d112159e46e79f52afe6f58d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 08:40:16 +0000 Subject: r12599: This new LDB module (and associated changes) allows Samba4 to operate using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9) --- source4/setup/provision_init.ldif | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index b341808e0e..e4c2476992 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -22,6 +22,7 @@ dn: CASE_INSENSITIVE sAMAccountName: CASE_INSENSITIVE objectClass: CASE_INSENSITIVE unicodePwd: HIDDEN +krb5Key: HIDDEN ntPwdHash: HIDDEN ntPwdHistory: HIDDEN lmPwdHash: HIDDEN @@ -69,5 +70,5 @@ isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,samldb,operational,objectguid,rdn_name +@LIST: rootdse,samldb,password_hash,operational,objectguid,rdn_name -- cgit From 4ff20fcd31bef1df561e6ae513581202b259c1f0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 08:50:47 +0000 Subject: r12600: Add a new module to sort the objectclass attribute on store. The module is perhaps not the most efficient, but I think it is reasonable. This should restore operation of MMC against Samba4 (broken by the templating fixes). Andrew Bartlett (This used to be commit 41948c4bdbfca1160a01a92994324f9e22422afe) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index e4c2476992..ff6b1def19 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -70,5 +70,5 @@ isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,samldb,password_hash,operational,objectguid,rdn_name +@LIST: rootdse,samldb,password_hash,operational,objectguid,rdn_name,objectclass -- cgit From c139e0eefaf7ed35ec0bbbc65f50271c26beadde Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 31 Dec 2005 00:46:44 +0000 Subject: r12625: More 'useful' names for the DNS zone. Andrew Bartlett (This used to be commit 660fc3ff4e26873710b35c8f52fe3a697764ec98) --- source4/setup/provision.zone | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index 5bba620ee6..bb0f890386 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -30,6 +30,9 @@ _kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} _kerberos._tcp.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} _kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} _kerberos._udp IN SRV 0 100 88 ${HOSTNAME} +; MIT kpasswd likes to lookup this name on password change +_kerberos-master._tcp IN SRV 0 100 88 ${HOSTNAME} +_kerberos-master._udp IN SRV 0 100 88 ${HOSTNAME} ; ; kpasswd _kpasswd._tcp IN SRV 0 100 464 ${HOSTNAME} -- cgit From 5c03e1b46e23d71026278d6b23b08a614c0eeca6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 31 Dec 2005 02:40:58 +0000 Subject: r12630: Remove attributes which should be automaticly generated. This fixes a problem I had with kpasswd, as the account had 'expired' due to the old pwdLastSet, hardcoded in the ldif. Andrew Bartlett (This used to be commit 1a9992e56a777771ad963af87481ce4ffb8cbf56) --- source4/setup/provision_users.ldif | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index c002923268..105dd4a059 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -84,7 +84,6 @@ uSNChanged: 1 objectGUID: ${HOSTGUID} userAccountControl: 532480 localPolicyFlags: 0 -pwdLastSet: ${NTTIME} primaryGroupID: 516 objectSid: ${DOMAINSID}-1000 accountExpires: 9223372036854775807 @@ -101,7 +100,6 @@ servicePrincipalName: HOST/${DNSNAME}/${REALM} servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} -msDS-KeyVersionNumber: 1 dn: CN=Users,CN=Builtin,${BASEDN} @@ -264,7 +262,6 @@ uSNCreated: 1 uSNChanged: 1 showInAdvancedViewOnly: TRUE userAccountControl: 514 -pwdLastSet: 127258826179466560 objectSid: ${DOMAINSID}-502 adminCount: 1 accountExpires: 9223372036854775807 -- cgit From bedfb063268f70e66f16fdd0e9bdd29d176a0634 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jan 2006 00:10:15 +0000 Subject: r12686: Push the real SASL list into the rootdse. Get this out of the server credentials, and push it down to ldb via an opaque pointer. Andrew Bartlett (This used to be commit 61700252e05e0be6b4ffa72ffc24a95c665597e3) --- source4/setup/provision_init.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index ff6b1def19..99bbc01acf 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -58,7 +58,6 @@ rootDomainNamingContext: ${BASEDN} configurationNamingContext: CN=Configuration,${BASEDN} schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} supportedLDAPVersion: 3 -supportedSASLMechanisms: GSS-SPNEGO dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} -- cgit From 4bfe2907e77809e499e998dd63f41985c5a02279 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jan 2006 06:53:39 +0000 Subject: r12719: Rename unicodePwd -> sambaPassword. Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b) --- source4/setup/provision_init.ldif | 2 +- source4/setup/provision_users.ldif | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 99bbc01acf..5746fbfcda 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -21,7 +21,7 @@ name: CASE_INSENSITIVE dn: CASE_INSENSITIVE sAMAccountName: CASE_INSENSITIVE objectClass: CASE_INSENSITIVE -unicodePwd: HIDDEN +sambaPassword: HIDDEN krb5Key: HIDDEN ntPwdHash: HIDDEN ntPwdHistory: HIDDEN diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 105dd4a059..ffb0139378 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -15,7 +15,7 @@ adminCount: 1 accountExpires: -1 sAMAccountName: Administrator isCriticalSystemObject: TRUE -unicodePwd: ${ADMINPASS} +sambaPassword: ${ADMINPASS} unixName: ${ROOT} dn: CN=Guest,CN=Users,${BASEDN} @@ -93,7 +93,7 @@ operatingSystem: Samba operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} isCriticalSystemObject: TRUE -unicodePwd: ${MACHINEPASS} +sambaPassword: ${MACHINEPASS} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} servicePrincipalName: HOST/${DNSNAME}/${REALM} @@ -269,7 +269,7 @@ sAMAccountName: krbtgt sAMAccountType: 805306368 servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE -unicodePwd: ${KRBTGTPASS} +sambaPassword: ${KRBTGTPASS} dn: CN=Domain Computers,CN=Users,${BASEDN} objectClass: top -- cgit From ff90c1c5c3b291d3d7ed5027743e1227df7a96d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jan 2006 09:03:13 +0000 Subject: r12720: By metze's request, rename the ntPwdHistory attribute to sambaNTPassword. Likewise lmPwdHistory -> sambaLMPwdHistory. The idea here is to avoid having conflicting formats when we get to replication. We know the base data matches, but we may need to use a module to munge formats. Andrew Bartlett (This used to be commit 8e608dd4bf4f108e02274a9977ced04a0a270570) --- source4/setup/provision_init.ldif | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 5746fbfcda..cac851e97b 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -24,9 +24,9 @@ objectClass: CASE_INSENSITIVE sambaPassword: HIDDEN krb5Key: HIDDEN ntPwdHash: HIDDEN -ntPwdHistory: HIDDEN +sambaNTPwdHistory: HIDDEN lmPwdHash: HIDDEN -lmPwdHistory: HIDDEN +sambaLMPwdHistory: HIDDEN createTimestamp: HIDDEN modifyTimestamp: HIDDEN groupType: INTEGER -- cgit From 8f4dc51345dc48f5a6bfb1a49297f205ba53ef0a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2006 12:29:06 +0000 Subject: r12739: Add support for using credentials in the provision process. This should allow us to provision to a 'normal' LDAP server. Also add in 'session info' hooks (unused). Both of these need to be hooked in on the webserver. Andrew Bartlett (This used to be commit b349d2fbfefd0e0d4620b9e8e0c4136f900be1ae) --- source4/setup/provision | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 44b7ee7a4f..51e62016a8 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -10,6 +10,7 @@ options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", 'realm=s', 'domain=s', 'domain-guid=s', @@ -112,9 +113,11 @@ if (!provision_validate(subobj, message)) { return -1; } +var creds = options.get_credentials(); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -provision(subobj, message, blank, provision_default_paths(subobj)); +message("Credentials: %s\n", creds); +provision(subobj, message, blank, provision_default_paths(subobj), NULL, creds); message("All OK\n"); return 0; -- cgit From b51fe793c7cefb693d6d3633272b82238e712abe Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 6 Jan 2006 19:42:08 +0000 Subject: r12745: Initial work to support a syntax to pass over controls via command line to ldbsearch. Very rough work, no checks are done on the input yet (will segfault if you make it wrong). Controls are passed via the --controls switch an are comma separated (no escaping yet). General syntax is : is a string is 1 or 0 Current semi-parsed controls are: server_sort syntax: server_sort:1:0:attributename 1st parm: criticality 2nd parm: reversed 3rd parm: attribute name to be used for sorting todo: still missing suport for multiple sorting attributes and ordering rule no check on result code paged_results syntax: paged_results:1:100 1st parm: criticality 2nd parm: number of results to be returned todo: ldbsearch will return only the first batch (missing code to cycle over conditionally) no check on result code extended_dn syntax: extended_dn:1:0 1st parm: criticality 2nd parm: type, see MS docs on meaning Simo. (This used to be commit 4c685ac0d1638a1d5392dfe733baf0db77e84858) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index cac851e97b..6d452a17e7 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -69,5 +69,5 @@ isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,samldb,password_hash,operational,objectguid,rdn_name,objectclass +@LIST: rootdse,paged_results,server_sort,extended_dn,samldb,password_hash,operational,objectguid,rdn_name,objectclass -- cgit From a8eec313549905724a8186a1a4c14480658e2967 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2006 21:04:32 +0000 Subject: r12746: An initial version of the kludge_acls module. This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78) --- source4/setup/provision | 4 ++-- source4/setup/provision_init.ldif | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 51e62016a8..6974afeec9 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -114,10 +114,10 @@ if (!provision_validate(subobj, message)) { } var creds = options.get_credentials(); +var system_session = system_session(); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -message("Credentials: %s\n", creds); -provision(subobj, message, blank, provision_default_paths(subobj), NULL, creds); +provision(subobj, message, blank, provision_default_paths(subobj), system_session, creds); message("All OK\n"); return 0; diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 6d452a17e7..db532f3078 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -69,5 +69,5 @@ isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,paged_results,server_sort,extended_dn,samldb,password_hash,operational,objectguid,rdn_name,objectclass +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,samldb,password_hash,operational,objectguid,rdn_name,objectclass -- cgit From 27f997e6825827ec99e1580370218c294d455e79 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2006 21:45:36 +0000 Subject: r12749: Fix the newuser script. Andrew Bartlett (This used to be commit 42cdad5e3f06c307baf80396fd8449b803ef84c3) --- source4/setup/newuser | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index c114338d27..4d2acf5373 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -10,6 +10,7 @@ options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", 'username=s', 'unixname=s', 'password=s', @@ -70,6 +71,10 @@ if (nss.getpwnam(options.unixname) == undefined) { exit(1); } -newuser(options.username, options.unixname, options.password, message); +var creds = options.get_credentials(); +var system_session = system_session(); + + +newuser(options.username, options.unixname, options.password, message, system_session, creds); return 0; -- cgit From 8c9d212f2a1984322118257e63f7a3280da6b392 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Jan 2006 01:46:30 +0000 Subject: r12762: Simo correctly asked that the policy logic (which attributes contain passwords) be moved into the database, and not be hard-coded in the module source. Andrew Bartlett (This used to be commit 1fbe09ce818ac1603bd747610262865b8698fe04) --- source4/setup/provision_init.ldif | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index db532f3078..0d0261cf52 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -46,6 +46,15 @@ user: computer template: userTemplate template: groupTemplate +dn: @KLUDGEACL +passwordAttribute: sambaPassword +passwordAttribute: ntPwdHash +passwordAttribute: sambaNTPwdHistory +passwordAttribute: lmPwdHash +passwordAttribute: sambaLMPwdHistory +passwordAttribute: krb5key + + # the rootDSE module looks in this record for its base data dn: cn=ROOTDSE subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} -- cgit From d45a8de617eaeb42ce43435f57916bab4274af13 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 13 Jan 2006 15:40:15 +0000 Subject: r12905: add some ldap policies not yet enforced except for the initial connection timeout (This used to be commit fa1ae9a44b0321b8e458bcb7fd1dcc9475b9bad3) --- source4/setup/provision.ldif | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 9204f685b6..2fc0022c81 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -337,6 +337,39 @@ showInAdvancedViewOnly: TRUE objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} sPNMappings: host=ldap,dns,cifs,http +dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: container +cn: Query-Policies +instanceType: 4 +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: queryPolicy +cn: Default Query Policy +instanceType: 4 +uSNCreated: ${USN} +uSNChanged: ${USN} +showInAdvancedViewOnly: TRUE +objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN} +lDAPAdminLimits: MaxValRange=1500 +lDAPAdminLimits: MaxReceiveBuffer=10485760 +lDAPAdminLimits: MaxDatagramRecv=4096 +lDAPAdminLimits: MaxPoolThreads=4 +lDAPAdminLimits: MaxResultSetSize=262144 +lDAPAdminLimits: MaxTempTableSize=10000 +lDAPAdminLimits: MaxQueryDuration=120 +lDAPAdminLimits: MaxPageSize=1000 +lDAPAdminLimits: MaxNotificationPerConn=5 +lDAPAdminLimits: MaxActiveQueries=20 +lDAPAdminLimits: MaxConnIdleTime=900 +lDAPAdminLimits: InitRecvTimeout=120 +lDAPAdminLimits: MaxConnections=5000 + ############################### # Schema Naming Context -- cgit From 3725b1817f1e26370015d955622f0705e9121714 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 15 Jan 2006 06:12:29 +0000 Subject: r12941: Add Attribute Scoped Search control want to see what it does ? do aq make test and try: ./bin/ldbsearch -H st/private/sam.ldb --controls=asq:1:member -s base -b 'CN=Administrators,CN=Builtin,DC=samba,DC=example,DC=com' 'objectclass=*' have fun. simo. (This used to be commit 900f4fd3435aacc3351f30afb77d3488d2cb4804) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 0d0261cf52..a54c5632ca 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -78,5 +78,5 @@ isSynchronized: TRUE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,samldb,password_hash,operational,objectguid,rdn_name,objectclass +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,objectclass -- cgit From c96b5723869eca3155db2e2185354bb95d61c566 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 15 Jan 2006 06:59:56 +0000 Subject: r12943: Generate a SID for the domain join account using the modules, rather than a hardcoded SID. Fix the samldb module to return the what *was* the nextrid, rather than the new nextrid (that is for next time). Andrew Bartlett (This used to be commit ffe9042e15cebbc7ff1bac90ec39835753d6caa7) --- source4/setup/provision.ldif | 2 +- source4/setup/provision_users.ldif | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 2fc0022c81..d87938910c 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -19,7 +19,7 @@ maxPwdAge: -37108517437440 minPwdAge: 0 minPwdLength: 7 modifiedCountAtLastProm: 0 -nextRid: 1001 +nextRid: 1000 pwdProperties: 1 pwdHistoryLength: 24 objectSid: ${DOMAINSID} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index ffb0139378..dfb31783e4 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -85,7 +85,6 @@ objectGUID: ${HOSTGUID} userAccountControl: 532480 localPolicyFlags: 0 primaryGroupID: 516 -objectSid: ${DOMAINSID}-1000 accountExpires: 9223372036854775807 sAMAccountName: ${NETBIOSNAME}$ sAMAccountType: 805306369 -- cgit From d59667fd2192920c8dd33cde8ff25fd5af0e00c3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 15 Jan 2006 07:02:34 +0000 Subject: r12944: Update scripts in setup to match changes in the provision.js DNS is now done as a seperate step, to assist in migrations. Andrew Bartlett (This used to be commit 916607d1d08b6a41c375766a69fd609989e35bed) --- source4/setup/provision | 5 +++-- source4/setup/upgrade | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 6974afeec9..4b2a260cf9 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -115,9 +115,10 @@ if (!provision_validate(subobj, message)) { var creds = options.get_credentials(); var system_session = system_session(); - +var paths = provision_default_paths(subobj); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -provision(subobj, message, blank, provision_default_paths(subobj), system_session, creds); +provision(subobj, message, blank, paths, system_session, creds); +provision_dns(subobj, message, paths, system_session, creds); message("All OK\n"); return 0; diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 251b9663a7..4c1c011b29 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -10,6 +10,7 @@ options = GetOptions(ARGV, "POPT_AUTOHELP", "POPT_COMMON_SAMBA", "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", 'verify', 'targetdir=s', 'quiet', 'blank'); @@ -85,7 +86,11 @@ if (options.targetdir != undefined) { paths = provision_default_paths(subobj);; } -provision(subobj, message, options.blank,paths); +var creds = options.get_credentials(); +var system_session = system_session(); +var paths = provision_default_paths(subobj); +provision(subobj, message, options.blank, paths, system_session, creds); +provision_dns(subobj, message, paths, system_session, creds); var ret = upgrade(subobj,samba3,message,paths); if (ret > 0) { -- cgit From ba07f94438560830f9b4470ecd9577b8333475bf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 15 Jan 2006 09:03:28 +0000 Subject: r12945: Try to move closer to getting Samba3 import working again. There still a few things to work out Andrew Bartlett (This used to be commit 701558b5fe917555416eb0d100ef756f8ef7cf65) --- source4/setup/upgrade | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index 4c1c011b29..bfeba716e4 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -90,12 +90,13 @@ var creds = options.get_credentials(); var system_session = system_session(); var paths = provision_default_paths(subobj); provision(subobj, message, options.blank, paths, system_session, creds); -provision_dns(subobj, message, paths, system_session, creds); -var ret = upgrade(subobj,samba3,message,paths); +var ret = upgrade(subobj,samba3,message,paths, system_session, creds); if (ret > 0) { message("Failed to import %d entries\n", ret); } else { + provision_dns(subobj, message, paths, system_session, creds); + message("All OK\n"); } -- cgit From c95cac9420e513cc2d0bf87992bce60ea2781b55 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 22 Jan 2006 08:32:34 +0000 Subject: r13063: Add --realm option to upgrade (This used to be commit e6aa4e92f044712ecaa4bd7099d53d9c7d083c42) --- source4/setup/upgrade | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index bfeba716e4..f2d1a870cc 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -13,7 +13,9 @@ options = GetOptions(ARGV, "POPT_COMMON_CREDENTIALS", 'verify', 'targetdir=s', - 'quiet', 'blank'); + 'quiet', + 'realm', + 'blank'); if (options == undefined) { println("Failed to parse options"); @@ -44,10 +46,9 @@ Samba4 import tool provision [options] --targetdir=DIR Output to specified directory - --quiet Be quiet - --blank do not add users or groups, just the structure - -You must provide at least a realm and domain + --quiet Be quiet + --blank Do not add users or groups, just the structure + --realm=REALM Override realm to use "); exit(1); @@ -89,6 +90,11 @@ if (options.targetdir != undefined) { var creds = options.get_credentials(); var system_session = system_session(); var paths = provision_default_paths(subobj); + +if (options.realm != undefined) { + subobj.REALM = options.realm; +} + provision(subobj, message, options.blank, paths, system_session, creds); var ret = upgrade(subobj,samba3,message,paths, system_session, creds); -- cgit From 0fb2e148d1e65ed5e55adb5b733d08ffded180e4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 24 Jan 2006 00:11:32 +0000 Subject: r13097: move the creation of the default sam name -> unix name mappings into the main provision logic, so it can also be used as part of the vampire process (This used to be commit 95e90169f4e5887ee88116179d96f28f9e06796e) --- source4/setup/provision_users.ldif | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index dfb31783e4..45b2382c17 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -16,7 +16,6 @@ accountExpires: -1 sAMAccountName: Administrator isCriticalSystemObject: TRUE sambaPassword: ${ADMINPASS} -unixName: ${ROOT} dn: CN=Guest,CN=Users,${BASEDN} objectClass: user @@ -49,7 +48,6 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -unixName: ${WHEEL} privilege: SeSecurityPrivilege privilege: SeBackupPrivilege privilege: SeRestorePrivilege @@ -133,7 +131,6 @@ systemFlags: 0x8c000000 groupType: 0x80000005 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -unixName: ${NOGROUP} dn: CN=Print Operators,CN=Builtin,${BASEDN} objectClass: top @@ -306,7 +303,6 @@ objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins isCriticalSystemObject: TRUE -unixName: ${WHEEL} dn: CN=Enterprise Admins,CN=Users,${BASEDN} objectClass: top @@ -321,7 +317,6 @@ objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins isCriticalSystemObject: TRUE -unixName: ${WHEEL} dn: CN=Cert Publishers,CN=Users,${BASEDN} objectClass: top @@ -350,7 +345,6 @@ objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins isCriticalSystemObject: TRUE -unixName: ${WHEEL} dn: CN=Domain Users,CN=Users,${BASEDN} objectClass: top @@ -363,7 +357,6 @@ uSNChanged: 1 objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users isCriticalSystemObject: TRUE -unixName: ${USERS} dn: CN=Domain Guests,CN=Users,${BASEDN} objectClass: top @@ -389,7 +382,6 @@ objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -unixName: ${WHEEL} dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} objectClass: top -- cgit From 28d78c40ade22c4b5d445dbe23f18ca210e41f8c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 24 Jan 2006 05:31:08 +0000 Subject: r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0) --- source4/setup/secrets.ldif | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 43c3f69c9d..8c3c6917ae 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -38,18 +38,18 @@ msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} privateKeytab: secrets.keytab +# A hook from our credentials system into HDB, as we must be on a KDC, +# we can look directly into the database. dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals objectClass: top objectClass: secret objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} -secret: ${KRBTGTPASS} sAMAccountName: krbtgt whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} -msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -saltPrincipal: krbtgt@${REALM} -privateKeytab: secrets.keytab +krb5Keytab: HDB:ldb:sam.ldb:/dev/null +#The /dev/null here is a HACK, but it matches the Heimdal format. -- cgit From c06911376cffa0b305962f600833324eecad9806 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 30 Jan 2006 22:22:37 +0000 Subject: r13239: Silly little patch: make the order of declaration match the order of use. (This used to be commit 2b605cf22c7567e1171bf73cbbd37a5f0c1a4274) --- source4/setup/provision | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 4b2a260cf9..d6497cf180 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -113,8 +113,8 @@ if (!provision_validate(subobj, message)) { return -1; } -var creds = options.get_credentials(); var system_session = system_session(); +var creds = options.get_credentials(); var paths = provision_default_paths(subobj); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -- cgit From 1d9ffbbe67b280542bb70de34753e55fc9128718 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Feb 2006 23:07:58 +0000 Subject: r13320: Fix kpasswd's use of the local HDB. /dev/null was a bad idea, we want 'no filename' instead. Andrew Bartlett (This used to be commit 7de385dca4c40e98a40ef1e769826de8bff64323) --- source4/setup/secrets.ldif | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 8c3c6917ae..6254ef3b0c 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -51,5 +51,5 @@ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:sam.ldb:/dev/null -#The /dev/null here is a HACK, but it matches the Heimdal format. +krb5Keytab: HDB:ldb:sam.ldb: +#The trailing : here is a HACK, but it matches the Heimdal format. -- cgit From b56282dec786683055f65f25ec419113bd7aa297 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 6 Feb 2006 18:29:57 +0000 Subject: r13369: let's have a way to show the samba4 version through ejs and use it in provisioning to fullfill rfc 3045 requirements (This used to be commit 3fb9571a76481560304a826fc945983d52123299) --- source4/setup/provision_init.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a54c5632ca..a029709d8c 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -74,6 +74,8 @@ domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 isSynchronized: TRUE +vendorName: Samba Team (http://samba.org) +vendorVersion: ${VERSION} #Add modules to the list to activate them by default #beware often order is important -- cgit From 87cfc4ea2461310b5a45915febcabbe2afddf45b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Mar 2006 03:17:44 +0000 Subject: r13907: By ordering things this way, we allow the password_hash module to set the pwdLastSet time on new users (with passwords) correctly. Andrew Bartlett (This used to be commit e1b346b8e096130328440fa388de3474fadc7332) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a029709d8c..650e13beda 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -80,5 +80,5 @@ vendorVersion: ${VERSION} #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,objectclass +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,password_hash,samldb,operational,objectguid,rdn_name,objectclass -- cgit From acd190d8f69ea270cd0a746faab2d1590cca7ae9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 11 Mar 2006 07:07:28 +0000 Subject: r14200: Now we have real USN support, don't force the values in the provision scripts. This tests the real module, and avoids duplication. Andrew Bartlett (This used to be commit 0859ba59ae00029177cd63366fc59efe8b19c973) --- source4/setup/provision.ldif | 52 ---------------------------------- source4/setup/provision_templates.ldif | 2 -- source4/setup/provision_users.ldif | 52 ---------------------------------- 3 files changed, 106 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index d87938910c..ee62115435 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -13,8 +13,6 @@ forceLogoff: 0x8000000000000000 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 -uSNCreated: 1 -uSNChanged: 1 maxPwdAge: -37108517437440 minPwdAge: 0 minPwdLength: 7 @@ -41,8 +39,6 @@ objectClass: container cn: Users description: Default container for upgraded user accounts instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: FALSE systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -56,8 +52,6 @@ objectClass: container cn: Computers description: Default container for upgraded computer accounts instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: FALSE systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -69,8 +63,6 @@ objectClass: organizationalUnit ou: Domain Controllers description: Default container for domain controllers instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: FALSE systemFlags: 0x8c000000 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} @@ -82,8 +74,6 @@ objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: FALSE systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -95,8 +85,6 @@ objectClass: container cn: System description: Builtin system settings instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: TRUE systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -107,8 +95,6 @@ objectclass: top objectclass: rIDManager cn: RID Manager$ instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: TRUE systemFlags: 0x8c000000 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} @@ -121,8 +107,6 @@ objectClass: top objectClass: container cn: DomainUpdates instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: TRUE objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -131,8 +115,6 @@ objectClass: top objectClass: container cn: Windows2003Update instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: TRUE objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} revision: 8 @@ -142,8 +124,6 @@ objectclass: top objectclass: infrastructureUpdate cn: Infrastructure instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: TRUE systemFlags: 0x8c000000 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} @@ -182,8 +162,6 @@ objectClass: top objectClass: configuration cn: Configuration instanceType: 13 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} @@ -195,8 +173,6 @@ objectClass: top objectClass: crossRefContainer cn: Partitions instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x80000000 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -208,8 +184,6 @@ objectClass: top objectClass: crossRef cn: Enterprise Configuration instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} @@ -221,8 +195,6 @@ objectClass: top objectClass: crossRef cn: Enterprise Schema instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x00000001 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} @@ -234,8 +206,6 @@ objectClass: top objectClass: crossRef cn: ${DOMAIN} instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x00000003 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} @@ -248,8 +218,6 @@ objectClass: top objectClass: sitesContainer cn: Sites instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x82000000 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -259,8 +227,6 @@ objectClass: top objectClass: site cn: ${DEFAULTSITE} instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x82000000 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} @@ -270,8 +236,6 @@ objectClass: top objectClass: serversContainer cn: Servers instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x82000000 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -281,8 +245,6 @@ objectClass: top objectClass: server cn: ${NETBIOSNAME} instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x52000000 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} @@ -295,8 +257,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x02000000 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} @@ -310,8 +270,6 @@ objectClass: top objectClass: container cn: Services instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE systemFlags: 0x80000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -321,8 +279,6 @@ objectClass: top objectClass: container cn: Windows NT instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -331,8 +287,6 @@ objectClass: top objectClass: nTDSService cn: Directory Service instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} sPNMappings: host=ldap,dns,cifs,http @@ -342,8 +296,6 @@ objectClass: top objectClass: container cn: Query-Policies instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} @@ -352,8 +304,6 @@ objectClass: top objectClass: queryPolicy cn: Default Query Policy instanceType: 4 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN} lDAPAdminLimits: MaxValRange=1500 @@ -379,8 +329,6 @@ objectClass: top objectClass: dMD cn: Schema instanceType: 13 -uSNCreated: ${USN} -uSNChanged: ${USN} showInAdvancedViewOnly: TRUE objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 7b0fe1994c..9aa94c9d8c 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -4,8 +4,6 @@ objectClass: container cn: Templates description: Container for SAM account templates instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: TRUE systemFlags: 0x8c000000 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 45b2382c17..652c0b6494 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -2,13 +2,11 @@ dn: CN=Administrator,CN=Users,${BASEDN} objectClass: user cn: Administrator description: Built-in account for administering the computer/domain -uSNCreated: 1 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} memberOf: CN=Domain Admins,CN=Users,${BASEDN} memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} memberOf: CN=Schema Admins,CN=Users,${BASEDN} memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 userAccountControl: 0x10200 objectSid: ${DOMAINSID}-500 adminCount: 1 @@ -21,9 +19,7 @@ dn: CN=Guest,CN=Users,${BASEDN} objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain -uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} -uSNChanged: 1 userAccountControl: 0x10222 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 @@ -38,8 +34,6 @@ description: Administrators have complete and unrestricted access to the compute member: CN=Domain Admins,CN=Users,${BASEDN} member: CN=Enterprise Admins,CN=Users,${BASEDN} member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators @@ -77,8 +71,6 @@ privilege: SeRemoteInteractiveLogonRight dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} objectClass: computer cn: ${NETBIOSNAME} -uSNCreated: 1 -uSNChanged: 1 objectGUID: ${HOSTGUID} userAccountControl: 532480 localPolicyFlags: 0 @@ -105,8 +97,6 @@ objectClass: group cn: Users description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications member: CN=Domain Users,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-545 sAMAccountName: Users sAMAccountType: 0x20000000 @@ -122,8 +112,6 @@ cn: Guests description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-546 sAMAccountName: Guests sAMAccountType: 0x20000000 @@ -137,8 +125,6 @@ objectClass: top objectClass: group cn: Print Operators description: Members can administer domain printers -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators @@ -156,8 +142,6 @@ objectClass: top objectClass: group cn: Backup Operators description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators @@ -176,8 +160,6 @@ objectClass: top objectClass: group cn: Replicator description: Supports file replication in a domain -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator @@ -192,8 +174,6 @@ objectClass: top objectClass: group cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users sAMAccountType: 0x20000000 @@ -207,8 +187,6 @@ objectClass: top objectClass: group cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators sAMAccountType: 0x20000000 @@ -222,8 +200,6 @@ objectClass: top objectClass: group cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users sAMAccountType: 0x20000000 @@ -237,8 +213,6 @@ objectClass: top objectClass: group cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users sAMAccountType: 0x20000000 @@ -254,8 +228,6 @@ objectClass: organizationalPerson objectClass: user cn: krbtgt description: Key Distribution Center Service Account -uSNCreated: 1 -uSNChanged: 1 showInAdvancedViewOnly: TRUE userAccountControl: 514 objectSid: ${DOMAINSID}-502 @@ -272,8 +244,6 @@ objectClass: top objectClass: group cn: Domain Computers description: All workstations and servers joined to the domain -uSNCreated: 1 -uSNChanged: 1 objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} @@ -284,8 +254,6 @@ objectClass: top objectClass: group cn: Domain Controllers description: All domain controllers in the domain -uSNCreated: 1 -uSNChanged: 1 objectSid: ${DOMAINSID}-516 adminCount: 1 sAMAccountName: Domain Controllers @@ -297,8 +265,6 @@ objectClass: group cn: Schema Admins description: Designated administrators of the schema member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins @@ -310,9 +276,7 @@ objectClass: group cn: Enterprise Admins description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins @@ -323,8 +287,6 @@ objectClass: top objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory -uSNCreated: 1 -uSNChanged: 1 groupType: 0x80000004 sAMAccountType: 0x20000000 objectSid: ${DOMAINSID}-517 @@ -338,9 +300,7 @@ objectClass: group cn: Domain Admins description: Designated administrators of the domain member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 memberOf: CN=Administrators,CN=Builtin,${BASEDN} -uSNChanged: 1 objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins @@ -351,9 +311,7 @@ objectClass: top objectClass: group cn: Domain Users description: All domain users -uSNCreated: 1 memberOf: CN=Users,CN=Builtin,${BASEDN} -uSNChanged: 1 objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users isCriticalSystemObject: TRUE @@ -363,9 +321,7 @@ objectClass: top objectClass: group cn: Domain Guests description: All domain guests -uSNCreated: 1 memberOf: CN=Guests,CN=Builtin,${BASEDN} -uSNChanged: 1 objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests isCriticalSystemObject: TRUE @@ -376,8 +332,6 @@ objectClass: group cn: Group Policy Creator Owners description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} -uSNCreated: 1 -uSNChanged: 1 objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} @@ -389,8 +343,6 @@ objectClass: group cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 0x20000000 @@ -404,8 +356,6 @@ objectClass: group cn: Server Operators description: Members can administer domain servers instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -427,8 +377,6 @@ objectClass: group cn: Account Operators description: Members can administer domain user and group accounts instanceType: 4 -uSNCreated: 1 -uSNChanged: 1 objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators -- cgit From ca7f7a4615a09979113a86135dca1254bd90657a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 13 Mar 2006 11:15:05 +0000 Subject: r14313: Add comments describing some of the dependencies here. Andrew Bartlett (This used to be commit a79a185b6a8a0ac81a380ff6df5a11e45a19cb16) --- source4/setup/provision_init.ldif | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 650e13beda..ee09f73340 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -79,6 +79,11 @@ vendorVersion: ${VERSION} #Add modules to the list to activate them by default #beware often order is important +# +# Some Known ordering constraints: +# - rootdse must be first, as it makes redirects from "" -> cn=rootdse +# - password_hash must be before samldb, or else the template code in samldb breaks setting the pwdLastSet attribute + dn: @MODULES @LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,password_hash,samldb,operational,objectguid,rdn_name,objectclass -- cgit From 5196640c2c81fed284d4fee8ce13ebf1da467cdd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 9 May 2006 03:50:32 +0000 Subject: r15518: the 'password' option in POPT_COMMON_CREDENTIALS was conflicting with the password option in newuser. Move the local options above the global options to fix. (This used to be commit 2adcd4ff4ec1ef867b91274d994c39e7c0fdaad2) --- source4/setup/newuser | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 4d2acf5373..7c80e9e8de 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -8,12 +8,12 @@ exec smbscript "$0" ${1+"$@"} options = GetOptions(ARGV, "POPT_AUTOHELP", - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", 'username=s', 'unixname=s', 'password=s', + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", 'quiet'); if (options == undefined) { @@ -24,7 +24,6 @@ if (options == undefined) { libinclude("base.js"); libinclude("provision.js"); - /* print a message if quiet is not set */ @@ -56,6 +55,7 @@ You must provide at least a username if (options['username'] == undefined) { ShowHelp(); } + if (options['password'] == undefined) { random_init(local); options.password = randpass(12); -- cgit From 8081e4f40276034c47bd799aca64a7d01ffb1bce Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 22 May 2006 03:55:01 +0000 Subject: r15795: Try to use the async code by default It passess all my tests, but I still need to work on a lot of stuff. Shouldn't impact anybody else work, so I want to commit now and see what happens Will work to remove the old code from modules and backends soon, and make some more restyling in ldb internals. So, if there is something you don't like in this desgin please speak now. Simo. (This used to be commit 8b2a563e716a789ea77cbfbf2f372724de5361ce) --- source4/setup/provision_init.ldif | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index ee09f73340..6698b27e33 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -82,8 +82,8 @@ vendorVersion: ${VERSION} # # Some Known ordering constraints: # - rootdse must be first, as it makes redirects from "" -> cn=rootdse -# - password_hash must be before samldb, or else the template code in samldb breaks setting the pwdLastSet attribute +# - samldb must be before password_hash, because password_hash checks that the objectclass is of type person (filled in by samldb) dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,password_hash,samldb,operational,objectguid,rdn_name,objectclass +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,objectclass -- cgit From 0c7b82e5f6063de4114de21cf854ac67346e31f6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 29 May 2006 23:46:43 +0000 Subject: r15942: Remove the sync internal ldb calls altogether. This means that some modules have been disabled as well as they have not been ported to the async interface One of them is the ugly objectclass module. I hope that the change in samldb module will make the MMC happy without the need of this crappy module, we need proper handling in a decent schema module. proxy and ldb_map have also been disabled ldb_sqlite3 need to be ported as well (currenlty just broken). (This used to be commit 51083de795bdcbf649de926e86969adc20239b6d) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 6698b27e33..e91d4db630 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -85,5 +85,5 @@ vendorVersion: ${VERSION} # - samldb must be before password_hash, because password_hash checks that the objectclass is of type person (filled in by samldb) dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,objectclass +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name -- cgit From b31c685ec293ef65bc33a474fc5a1d83545d4749 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 3 Jun 2006 11:57:20 +0000 Subject: r16028: Re-add the objectclass module, in the new async scheme. Add a test to show that we need this, and to prove it works (for add at least). Andrew Bartlett (This used to be commit f72079029abb594677bf8c2b63e40c07e910004f) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index e91d4db630..ca044842e9 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -85,5 +85,5 @@ vendorVersion: ${VERSION} # - samldb must be before password_hash, because password_hash checks that the objectclass is of type person (filled in by samldb) dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,objectclass,password_hash,operational,objectguid,rdn_name -- cgit From 2ab5bafd7296e4c2a415a4fcbe8a2ba7b4373699 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Jun 2006 20:43:50 +0000 Subject: r16082: Index objectCategory like objectClass, as it is searched on a lot. Andrew Bartlett (This used to be commit 954785db03455daf2ff9b2828e31cb7efffe4f11) --- source4/setup/provision_init.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index ca044842e9..a46c86aadc 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -3,6 +3,7 @@ dn: @INDEXLIST @IDXATTR: sAMAccountName @IDXATTR: objectSid @IDXATTR: objectClass +@IDXATTR: objectCategory @IDXATTR: member @IDXATTR: unixID @IDXATTR: unixName -- cgit From 5f44da36e7d00956e9866a76a52df9c1eb87e8ed Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 12 Jun 2006 20:00:18 +0000 Subject: r16166: Remove hexidecimal constants from the Samba4 provision files. This change is required for compatibility with the OSX client, in particular, but returning 0x80000002 rather than -2147483646 violates what LDAP clients expect in general. Andrew Bartlett (This used to be commit 81f3cd1c4592d2108d521acd701ed4a70a23c465) --- source4/setup/provision.ldif | 38 +++++++-------- source4/setup/provision_templates.ldif | 36 ++++++++------- source4/setup/provision_users.ldif | 84 +++++++++++++++++----------------- 3 files changed, 80 insertions(+), 78 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index ee62115435..f59d92e769 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -9,7 +9,7 @@ dnsDomain: ${DNSDOMAIN} dc: ${RDN_DC} objectGUID: ${DOMAINGUID} creationTime: ${NTTIME} -forceLogoff: 0x8000000000000000 +forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 @@ -40,7 +40,7 @@ cn: Users description: Default container for upgraded user accounts instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE allowedChildClassesEffective: user @@ -53,7 +53,7 @@ cn: Computers description: Default container for upgraded computer accounts instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -64,7 +64,7 @@ ou: Domain Controllers description: Default container for domain controllers instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -75,7 +75,7 @@ cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -86,7 +86,7 @@ cn: System description: Builtin system settings instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -96,7 +96,7 @@ objectclass: rIDManager cn: RID Manager$ instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -125,7 +125,7 @@ objectclass: infrastructureUpdate cn: Infrastructure instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -136,7 +136,7 @@ objectClass: builtinDomain cn: Builtin instanceType: 4 showInAdvancedViewOnly: FALSE -forceLogoff: 0x8000000000000000 +forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 @@ -174,7 +174,7 @@ objectClass: crossRefContainer cn: Partitions instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x80000000 +systemFlags: 2147483648 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} msDS-Behavior-Version: 0 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -185,7 +185,7 @@ objectClass: crossRef cn: Enterprise Configuration instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x00000001 +systemFlags: 1 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Configuration,${BASEDN} dnsRoot: ${DNSDOMAIN} @@ -196,7 +196,7 @@ objectClass: crossRef cn: Enterprise Schema instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x00000001 +systemFlags: 1 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Schema,CN=Configuration,${BASEDN} dnsRoot: ${DNSDOMAIN} @@ -207,7 +207,7 @@ objectClass: crossRef cn: ${DOMAIN} instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x00000003 +systemFlags: 3 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: ${BASEDN} nETBIOSName: ${DOMAIN} @@ -219,7 +219,7 @@ objectClass: sitesContainer cn: Sites instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x82000000 +systemFlags: 2181038080 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -228,7 +228,7 @@ objectClass: site cn: ${DEFAULTSITE} instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x82000000 +systemFlags: 2181038080 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -237,7 +237,7 @@ objectClass: serversContainer cn: Servers instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x82000000 +systemFlags: 2181038080 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -246,7 +246,7 @@ objectClass: server cn: ${NETBIOSNAME} instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x52000000 +systemFlags: 1375731712 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} dNSHostName: ${DNSNAME} serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} @@ -258,7 +258,7 @@ objectClass: nTDSDSA cn: NTDS Settings instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x02000000 +systemFlags: 33554432 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} dMDLocation: CN=Schema,CN=Configuration,${BASEDN} objectGUID: ${INVOCATIONID} @@ -271,7 +271,7 @@ objectClass: container cn: Services instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x80000000 +systemFlags: 2147483648 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 9aa94c9d8c..11501a5b42 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -5,7 +5,7 @@ cn: Templates description: Container for SAM account templates instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -22,7 +22,7 @@ objectClass: Template objectClass: userTemplate cn: TemplateUser instanceType: 4 -userAccountControl: 0x202 +userAccountControl: 514 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -33,7 +33,7 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 0x30000000 +sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} dn: CN=TemplateComputer,CN=Templates,${BASEDN} @@ -44,7 +44,7 @@ objectClass: Template objectClass: userTemplate cn: TemplateComputer instanceType: 4 -userAccountControl: 0x1002 +userAccountControl: 4098 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -55,7 +55,7 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 0x30000001 +sAMAccountType: 805306369 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} @@ -64,7 +64,7 @@ objectClass: Template objectClass: userTemplate cn: TemplateTrustingDomain instanceType: 4 -userAccountControl: 0x820 +userAccountControl: 2080 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -75,7 +75,7 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 0x30000002 +sAMAccountType: 805306370 dn: CN=TemplateGroup,CN=Templates,${BASEDN} objectClass: top @@ -83,18 +83,20 @@ objectClass: Template objectClass: groupTemplate cn: TemplateGroup instanceType: 4 -groupType: 0x80000002 -sAMAccountType: 0x10000000 +groupType: -2147483646 +sAMAccountType: 268435456 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateAlias,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: aliasTemplate -cn: TemplateAlias -instanceType: 4 -groupType: 0x80000004 -sAMAccountType: 0x10000000 +# Currently this isn't used, we don't have a way to detect it different from an incoming alias +# +# dn: CN=TemplateAlias,CN=Templates,${BASEDN} +# objectClass: top +# objectClass: Template +# objectClass: aliasTemplate +# cn: TemplateAlias +# instanceType: 4 +# groupType: -2147483644 +# sAMAccountType: 268435456 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} objectClass: top diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 652c0b6494..dc7bc016d5 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -7,7 +7,7 @@ memberOf: CN=Domain Admins,CN=Users,${BASEDN} memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} memberOf: CN=Schema Admins,CN=Users,${BASEDN} memberOf: CN=Administrators,CN=Builtin,${BASEDN} -userAccountControl: 0x10200 +userAccountControl: 66048 objectSid: ${DOMAINSID}-500 adminCount: 1 accountExpires: -1 @@ -20,7 +20,7 @@ objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain memberOf: CN=Guests,CN=Builtin,${BASEDN} -userAccountControl: 0x10222 +userAccountControl: 66082 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 sAMAccountName: Guest @@ -37,9 +37,9 @@ member: CN=Administrator,CN=Users,${BASEDN} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeSecurityPrivilege @@ -99,9 +99,9 @@ description: Users are prevented from making accidental or intentional system-wi member: CN=Domain Users,CN=Users,${BASEDN} objectSid: S-1-5-32-545 sAMAccountName: Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -114,9 +114,9 @@ member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} objectSid: S-1-5-32-546 sAMAccountName: Guests -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -128,9 +128,9 @@ description: Members can administer domain printers objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeLoadDriverPrivilege @@ -145,9 +145,9 @@ description: Backup Operators can override security restrictions for the sole pu objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege @@ -163,9 +163,9 @@ description: Supports file replication in a domain objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -176,9 +176,9 @@ cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -189,9 +189,9 @@ cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -202,9 +202,9 @@ cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -215,9 +215,9 @@ cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -287,8 +287,8 @@ objectClass: top objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory -groupType: 0x80000004 -sAMAccountType: 0x20000000 +groupType: 2147483652 +sAMAccountType: 536870912 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} @@ -345,8 +345,8 @@ description: Servers in this group can access remote access properties of users instanceType: 4 objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers -sAMAccountType: 0x20000000 -groupType: 0x80000004 +sAMAccountType: 536870912 +groupType: 2147483652 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -359,9 +359,9 @@ instanceType: 4 objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege @@ -380,9 +380,9 @@ instanceType: 4 objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight -- cgit From f77c4100842f8c5357fa90822e04319810a04b8d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Jun 2006 18:04:24 +0000 Subject: r16264: Add, but do not yet enable, the partitions module. This required changes to the rootDSE module, to allow registration of partitions. In doing so I renamed the 'register' operation to 'register_control' and 'register_partition', which changed a few more modules. Due to the behaviour of certain LDAP servers, we create the baseDN entry in two parts: Firstly, we allow the admin to export a simple LDIF file to add to their server. Then we perform a modify to add the remaining attributes. To delete all users in partitions, we must now search and delete all objects in the partition, rather than a simple search from the root. Against LDAP, this might not delete all objects, so we allow this to fail. In testing, we found that the 'Domain Controllers' container was misnamed, and should be 'CN=', rather than 'OU='. To avoid the Templates being found in default searches, they have been moved to CN=Templates from CN=Templates,${BASEDN}. Andrew Bartlett (This used to be commit b49a4fbb57f10726bd288fdc9fc95c0cbbe9094a) --- source4/setup/provision | 15 ++++- source4/setup/provision.ldif | 43 ++------------ source4/setup/provision_basedn.ldif | 8 +++ source4/setup/provision_basedn_modify.ldif | 90 ++++++++++++++++++++++++++++++ source4/setup/provision_templates.ldif | 19 +++---- source4/setup/provision_users.ldif | 2 +- 6 files changed, 124 insertions(+), 53 deletions(-) create mode 100644 source4/setup/provision_basedn.ldif create mode 100644 source4/setup/provision_basedn_modify.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index d6497cf180..a58f4a5dce 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -28,7 +28,9 @@ options = GetOptions(ARGV, 'wheel=s', 'users=s', 'quiet', - 'blank'); + 'blank', + 'ldap-base', + 'ldap-backend=s'); if (options == undefined) { println("Failed to parse options"); @@ -75,6 +77,8 @@ provision [options] --users GROUPNAME choose 'users' group --quiet Be quiet --blank do not add users or groups, just the structure + --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN + --ldap-backend LDAPSERVER LDAP server to use for this provision You must provide at least a realm and domain @@ -108,6 +112,7 @@ for (r in options) { } var blank = (options["blank"] != undefined); +var ldapbase = (options["ldap-base"] != undefined); if (!provision_validate(subobj, message)) { return -1; @@ -118,7 +123,11 @@ var creds = options.get_credentials(); var paths = provision_default_paths(subobj); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -provision(subobj, message, blank, paths, system_session, creds); -provision_dns(subobj, message, paths, system_session, creds); +if (ldapbase) { + provision_ldapbase(subobj, message, paths); +} else { + provision(subobj, message, blank, paths, system_session, creds); + provision_dns(subobj, message, paths, system_session, creds); +} message("All OK\n"); return 0; diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index f59d92e769..c047d6d93a 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,38 +1,3 @@ -############################### -# Domain Naming Context -############################### -dn: ${BASEDN} -objectClass: top -objectClass: domain -objectClass: domainDNS -dnsDomain: ${DNSDOMAIN} -dc: ${RDN_DC} -objectGUID: ${DOMAINGUID} -creationTime: ${NTTIME} -forceLogoff: 9223372036854775808 -lockoutDuration: -18000000000 -lockOutObservationWindow: -18000000000 -lockoutThreshold: 0 -maxPwdAge: -37108517437440 -minPwdAge: 0 -minPwdLength: 7 -modifiedCountAtLastProm: 0 -nextRid: 1000 -pwdProperties: 1 -pwdHistoryLength: 24 -objectSid: ${DOMAINSID} -oEMInformation: Provisioned by Samba4: ${LDAPTIME} -serverState: 1 -nTMixedDomain: 1 -msDS-Behavior-Version: 0 -ridManagerReference: CN=RID Manager$,CN=System,${BASEDN} -uASCompat: 1 -modifiedCount: 1 -objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -subRefs: CN=Configuration,${BASEDN} -subRefs: CN=Schema,CN=Configuration,${BASEDN} - dn: CN=Users,${BASEDN} objectClass: top objectClass: container @@ -57,15 +22,15 @@ systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -dn: OU=Domain Controllers,${BASEDN} +dn: CN=Domain Controllers,${BASEDN} objectClass: top -objectClass: organizationalUnit -ou: Domain Controllers +objectClass: container +cn: Domain Controllers description: Default container for domain controllers instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 -objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE dn: CN=ForeignSecurityPrincipals,${BASEDN} diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif new file mode 100644 index 0000000000..4cf850e728 --- /dev/null +++ b/source4/setup/provision_basedn.ldif @@ -0,0 +1,8 @@ +################################ +## Domain Naming Context +################################ +dn: ${BASEDN} +objectClass: top +objectClass: domain +dc: ${RDN_DC} + diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif new file mode 100644 index 0000000000..91a8d66f24 --- /dev/null +++ b/source4/setup/provision_basedn_modify.ldif @@ -0,0 +1,90 @@ +############################### +# Domain Naming Context +############################### +dn: ${BASEDN} +changetype: modify +replace: objectClass +objectClass: top +objectClass: domain +objectClass: domainDNS +- +replace: dnsDomain +dnsDomain: ${DNSDOMAIN} +- +replace: dc +dc: ${RDN_DC} +- +replace: objectGUID +objectGUID: ${DOMAINGUID} +- +replace: creationTime +creationTime: ${NTTIME} +- +replace: forceLogoff +forceLogoff: 9223372036854775808 +- +replace: lockoutDuration +lockoutDuration: -18000000000 +- +replace: lockOutObservationWindow +lockOutObservationWindow: -18000000000 +- +replace: lockoutThreshold +lockoutThreshold: 0 +- +replace: maxPwdAge +maxPwdAge: -37108517437440 +- +replace: minPwdAge +minPwdAge: 0 +- +replace: minPwdLength +minPwdLength: 7 +- +replace: modifiedCountAtLastProm +modifiedCountAtLastProm: 0 +- +replace: nextRid +nextRid: 1000 +- +replace: pwdProperties +pwdProperties: 1 +- +replace: pwdHistoryLength +pwdHistoryLength: 24 +- +replace: objectSid +objectSid: ${DOMAINSID} +- +replace: oEMInformation +oEMInformation: Provisioned by Samba4: ${LDAPTIME} +- +replace: serverState +serverState: 1 +- +replace: nTMixedDomain +nTMixedDomain: 1 +- +replace: msDS-Behavior-Version +msDS-Behavior-Version: 0 +- +replace: ridManagerReference +ridManagerReference: CN=RID Manager$,CN=System,${BASEDN} +- +replace: uASCompat +uASCompat: 1 +- +replace: modifiedCount +modifiedCount: 1 +- +replace: objectCategory +objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +- +replace: isCriticalSystemObject +isCriticalSystemObject: TRUE +- +replace: subRefs +subRefs: CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} +- + diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 11501a5b42..3b70d42520 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -1,4 +1,4 @@ -dn: CN=Templates,${BASEDN} +dn: CN=Templates objectClass: top objectClass: container cn: Templates @@ -14,7 +14,7 @@ isCriticalSystemObject: TRUE # with what classes you put them in ### -dn: CN=TemplateUser,CN=Templates,${BASEDN} +dn: CN=TemplateUser,CN=Templates objectClass: top objectClass: person objectClass: organizationalPerson @@ -36,7 +36,7 @@ logonCount: 0 sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateComputer,CN=Templates,${BASEDN} +dn: CN=TemplateComputer,CN=Templates objectClass: top objectClass: person objectClass: organizationalPerson @@ -58,7 +58,7 @@ logonCount: 0 sAMAccountType: 805306369 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} +dn: CN=TemplateTrustingDomain,CN=Templates objectClass: top objectClass: Template objectClass: userTemplate @@ -71,13 +71,12 @@ countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 -pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 sAMAccountType: 805306370 -dn: CN=TemplateGroup,CN=Templates,${BASEDN} +dn: CN=TemplateGroup,CN=Templates objectClass: top objectClass: Template objectClass: groupTemplate @@ -89,7 +88,7 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} # Currently this isn't used, we don't have a way to detect it different from an incoming alias # -# dn: CN=TemplateAlias,CN=Templates,${BASEDN} +# dn: CN=TemplateAlias,CN=Templates # objectClass: top # objectClass: Template # objectClass: aliasTemplate @@ -98,7 +97,7 @@ objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} # groupType: -2147483644 # sAMAccountType: 268435456 -dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} +dn: CN=TemplateForeignSecurityPrincipal,CN=Templates objectClass: top objectClass: Template objectClass: foreignSecurityPrincipalTemplate @@ -107,7 +106,7 @@ instanceType: 4 showInAdvancedViewOnly: TRUE objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateSecret,CN=Templates,${BASEDN} +dn: CN=TemplateSecret,CN=Templates objectClass: top objectClass: leaf objectClass: Template @@ -115,7 +114,7 @@ objectClass: secretTemplate cn: TemplateSecret instanceType: 4 -dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN} +dn: CN=TemplateTrustedDomain,CN=Templates objectClass: top objectClass: leaf objectClass: Template diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index dc7bc016d5..5cd5991c41 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -68,7 +68,7 @@ privilege: SeNetworkLogonRight privilege: SeRemoteInteractiveLogonRight -dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} +dn: CN=${NETBIOSNAME},CN=Domain Controllers,${BASEDN} objectClass: computer cn: ${NETBIOSNAME} objectGUID: ${HOSTGUID} -- cgit From 673cce78171663a33b5f3f19b02b260f99750f23 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Jul 2006 01:04:14 +0000 Subject: r16768: Add a simple script to set a user's password. This should grow into a real smbpasswd command some day. Andrew Bartlett (This used to be commit 8d0582796608b757fde776e69ea5d70b2b13eb36) --- source4/setup/setpassword | 122 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 source4/setup/setpassword (limited to 'source4/setup') diff --git a/source4/setup/setpassword b/source4/setup/setpassword new file mode 100644 index 0000000000..c3357a3cdd --- /dev/null +++ b/source4/setup/setpassword @@ -0,0 +1,122 @@ +#!/bin/sh +exec smbscript "$0" ${1+"$@"} +/* + set a user's password on a Samba4 server + Copyright Andrew Tridgell 2005 + Copyright Andrew Bartlett 2006 + Released under the GNU GPL v2 or later +*/ + +options = GetOptions(ARGV, + "POPT_AUTOHELP", + 'username=s', + 'filter=s', + 'newpassword=s', + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", + 'quiet'); + +if (options == undefined) { + println("Failed to parse options"); + return -1; +} + +libinclude("base.js"); +libinclude("provision.js"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 newuser + +newuser [options] + --username USERNAME username + --filter LDAPFILTER LDAP Filter to set password on + --newpassword PASSWORD set password + +You must provide either a filter or a username, as well as password +"); + exit(1); +} + +if (options['username'] == undefined && options['filter'] == undefined) { + ShowHelp(); +} + +if (options['newpassword'] == undefined) { + ShowHelp(); +} + + var lp = loadparm_init(); + var samdb = lp.get("sam database"); + var ldb = ldb_init(); + random_init(local); + ldb.session_info = system_session(); + ldb.credentials = options.get_credentials(); + + /* connect to the sam */ + var ok = ldb.connect(samdb); + assert(ok); + + ldb.transaction_start(); + +/* find the DNs for the domain and the domain users group */ +var attrs = new Array("defaultNamingContext"); +var attrs2 = new Array("cn"); +res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs); +assert(res.length == 1 && res[0].defaultNamingContext != undefined); +var domain_dn = res[0].defaultNamingContext; +assert(domain_dn != undefined); + +if (options['filter'] != undefined) { + var res = ldb.search(options['filter'], + domain_dn, ldb.SCOPE_SUBTREE, attrs2); + if (res.length != 1) { + message("Failed to find record for filter %s\n", options['filter']); + exit(1); + } +} else { + var res = ldb.search(sprintf("samAccountName=%s", options['username']), + domain_dn, ldb.SCOPE_SUBTREE, attrs2); + if (res.length != 1) { + message("Failed to find record for user %s\n", options['username']); + exit(1); + } +} + +var mod = sprintf(" +dn: %s +changetype: modify +replace: sambaPassword +sambaPassword: %s +", + res[0].dn, options['newpassword']); +var ok = ldb.modify(mod); +if (!ok) { + message("set password for %s failed - %s\n", + res[0].dn, ldb.errstring()); + ldb.transaction_cancel(); + exit(1); +} else { + message("set password for %s (%s) succeded\n", + res[0].dn, res[0].cn); + + ldb.transaction_commit(); +} + + +return 0; -- cgit From cb85a76d77243c6834c0cf33eaa50a76dbefcdf8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 23 Jul 2006 18:49:07 +0000 Subject: r17208: Add a away to test the ldb module. Actually you can't test both classic and ldb together, but you can replace the standard script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action (This used to be commit d4c2b893504feb3a232e74d14584405b3aaaf942) --- source4/setup/share.ldif | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 source4/setup/share.ldif (limited to 'source4/setup') diff --git a/source4/setup/share.ldif b/source4/setup/share.ldif new file mode 100644 index 0000000000..750a070c8a --- /dev/null +++ b/source4/setup/share.ldif @@ -0,0 +1,46 @@ +dn: @INDEXLIST +@IDXATTR: name + +dn: @ATTRIBUTES +cn: CASE_INSENSITIVE +dc: CASE_INSENSITIVE +name: CASE_INSENSITIVE +dn: CASE_INSENSITIVE +objectClass: CASE_INSENSITIVE + +### Shares basedn +dn: CN=Shares +objectClass: top +objectClass: organizationalUnit +cn: Shares + +### Default IPC$ Share +dn: CN=IPC$,CN=Shares +objectClass: top +objectClass: share +cn: IPC$ +name: IPC$ +type: IPC +path: /tmp +comment: Remote IPC +max-connections: -1 +available: True +readonly: True +browseable: False +ntvfs-handler: default + +### Default ADMIN$ Share +dn: CN=ADMIN$,CN=Shares +objectClass: top +objectClass: share +cn: ADMIN$ +name: ADMIN$ +type: DISK +path: /tmp +comment: Remote Admin +max-connections: -1 +available: True +readonly: True +browseable: False +ntvfs-handler: default + -- cgit From 7b99b2048ef1cd5603d93ac94543838a049d0adc Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 31 Jul 2006 01:00:18 +0000 Subject: r17330: Enable the partitions module. This module redirects various samdb requests into different modules, depending on the prefix. It also makes moving to an LDAP backend easier, as it is just a different partition backend. This adds yet another stage to the provision process, as we must setup the partitions before we setup the magic attributes. Andrew Bartlett (This used to be commit 31225b9cb6ef6fcb7bd831043999b1b44ef1b128) --- source4/setup/provision_init.ldif | 14 -------------- source4/setup/provision_partitions.ldif | 19 +++++++++++++++++++ 2 files changed, 19 insertions(+), 14 deletions(-) create mode 100644 source4/setup/provision_partitions.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a46c86aadc..91405b2d4c 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -55,14 +55,10 @@ passwordAttribute: lmPwdHash passwordAttribute: sambaLMPwdHistory passwordAttribute: krb5key - # the rootDSE module looks in this record for its base data dn: cn=ROOTDSE subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} -namingContexts: ${BASEDN} -namingContexts: CN=Configuration,${BASEDN} -namingContexts: CN=Schema,CN=Configuration,${BASEDN} defaultNamingContext: ${BASEDN} rootDomainNamingContext: ${BASEDN} configurationNamingContext: CN=Configuration,${BASEDN} @@ -78,13 +74,3 @@ isSynchronized: TRUE vendorName: Samba Team (http://samba.org) vendorVersion: ${VERSION} -#Add modules to the list to activate them by default -#beware often order is important -# -# Some Known ordering constraints: -# - rootdse must be first, as it makes redirects from "" -> cn=rootdse -# - samldb must be before password_hash, because password_hash checks that the objectclass is of type person (filled in by samldb) - -dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,objectclass,password_hash,operational,objectguid,rdn_name - diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif new file mode 100644 index 0000000000..58fea65bae --- /dev/null +++ b/source4/setup/provision_partitions.ldif @@ -0,0 +1,19 @@ +dn: @PARTITION +partition: CN=Schema,CN=Configuration,${BASEDN}:schema.ldb +partition: CN=Configuration,${BASEDN}:configuration.ldb +partition: CN=Templates,${BASEDN}:templates.ldb +partition: ${BASEDN}:${LDAPBACKEND} +replicateEntries: @SUBCLASSES +replicateEntries: @ATTRIBUTES +replicateEntries: @INDEXLIST + +#Add modules to the list to activate them by default +#beware often order is important +# +# Some Known ordering constraints: +# - rootdse must be first, as it makes redirects from "" -> cn=rootdse +# - samldb must be before password_hash, because password_hash checks that the objectclass is of type person (filled in by samldb) +# - partition must be last + +dn: @MODULES +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,objectguid,password_hash,operational,objectclass,rdn_name,partition -- cgit From bd8fd50982b476fb00c58ea765eb3eca7146a993 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Aug 2006 05:56:47 +0000 Subject: r17351: Remove extra LDB partition we don't actually use (these are in the main database, under cn=templates). Andrew Bartlett (This used to be commit b1d061d36a4e8715576dc8cb1c4216c111d09035) --- source4/setup/provision_partitions.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index 58fea65bae..14e077eca1 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -1,7 +1,6 @@ dn: @PARTITION partition: CN=Schema,CN=Configuration,${BASEDN}:schema.ldb partition: CN=Configuration,${BASEDN}:configuration.ldb -partition: CN=Templates,${BASEDN}:templates.ldb partition: ${BASEDN}:${LDAPBACKEND} replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES -- cgit From cf7ccba67e342b7a99e39200e7c1321f638286ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Aug 2006 05:58:06 +0000 Subject: r17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't like this. Instead, handle this one in the add. Andrew Bartlett (This used to be commit ab355e1f5f0747225b4c3fc2e65ffb044fe03040) --- source4/setup/provision_basedn.ldif | 1 + source4/setup/provision_basedn_modify.ldif | 5 ----- 2 files changed, 1 insertion(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 4cf850e728..4111f77789 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -4,5 +4,6 @@ dn: ${BASEDN} objectClass: top objectClass: domain +objectClass: domainDNS dc: ${RDN_DC} diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 91a8d66f24..0aa6f4e163 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -3,11 +3,6 @@ ############################### dn: ${BASEDN} changetype: modify -replace: objectClass -objectClass: top -objectClass: domain -objectClass: domainDNS -- replace: dnsDomain dnsDomain: ${DNSDOMAIN} - -- cgit From 05aa6b85ce96eff028daef5b8275195dc1deed82 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 3 Aug 2006 00:59:39 +0000 Subject: r17377: This attribute is maintained by the modules, don't override it. Andrew Bartlett (This used to be commit d942a8b2b6dcdc8d406d2c5b00983f0191e2a30d) --- source4/setup/provision_basedn_modify.ldif | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 0aa6f4e163..d8765a3c0a 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -12,9 +12,6 @@ dc: ${RDN_DC} replace: objectGUID objectGUID: ${DOMAINGUID} - -replace: creationTime -creationTime: ${NTTIME} -- replace: forceLogoff forceLogoff: 9223372036854775808 - -- cgit From 6e4940cf791c1a8009216a92b398e49250e71a53 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Aug 2006 22:11:29 +0000 Subject: r17499: Open the main database only the minimum times during a provision. This causes things to operate as just one transaction (locally), and to make a minimum of TCP connections when connecting to a remote LDAP server. Taking advantage of this, create another file to handle loading the Samba4 specific schema extensions. Also comment out 'middleName' and reassign the OID to one in the Samba4 range, as it is 'stolen' from a netscape range that is used in OpenLDAP and interenet standards for 'ref'. Andrew Bartlett (This used to be commit 009d0905947dec9bab81d8e6de5cb424807ffd35) --- source4/setup/schema.ldif | 26 +++---- source4/setup/schema_samba4.ldif | 149 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+), 13 deletions(-) create mode 100644 source4/setup/schema_samba4.ldif (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index e7d7fcec2d..ca21ee923d 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -548,19 +548,19 @@ adminDisplayName: houseIdentifier attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 -dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} -cn: middleName -name: middleName -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: middleName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Other-Name -attributeID: 2.16.840.1.113730.3.1.34 -attributeSyntax: 2.5.5.12 +#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +#cn: middleName +#name: middleName +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: middleName +#isSingleValued: TRUE +#systemFlags: 16 +#systemOnly: FALSE +#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +#adminDisplayName: Other-Name +#attributeID: 2.16.840.1.113730.3.1.34 +#attributeSyntax: 2.5.5.12 dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN} cn: replTopologyStayOfExecution diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif new file mode 100644 index 0000000000..94b79bd31f --- /dev/null +++ b/source4/setup/schema_samba4.ldif @@ -0,0 +1,149 @@ +# +# Schema elements which do not exist in AD, but which we use in Samba4 +# +## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema +## 1.3.6.1.4.1.7165.4.1.x - attributetypes +## 1.3.6.1.4.1.7165.4.2.x - objectclasses +# +# + + +dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: ntpwdHash +name: NTPWDHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: ntpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592 +adminDisplayName: NT-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.1 +attributeSyntax: 2.5.5.10 + +dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN} +cn: lmpwdHash +name: lmpwdHash +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: lmpwdhash +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253 +adminDisplayName: LM-PWD-Hash +attributeID: 1.3.6.1.4.1.7165.4.1.2 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaNtPwdHistory +name: sambaNtPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaNtPwdHistory +isSingleValued: TRUE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B +adminDisplayName: SAMBA-NT-PWD-History +attributeID: 1.3.6.1.4.1.7165.4.1.3 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaLmPwdHistory +name: sambaLmPwdHistory +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaLmPwdHistory +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: SAMBA-LM-PWDHistory +attributeID: 1.3.6.1.4.1.7165.4.1.4 +attributeSyntax: 2.5.5.10 + +dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN} +cn: sambaPassword +name: sambaPassword +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: sambaPassword +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.5 +attributeSyntax: 2.5.5.5 + +dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN} +cn: dnsDomain +name: dnsDomain +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: dnsDomain +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 +adminDisplayName: SAMBA-Password +attributeID: 1.3.6.1.4.1.7165.4.1.6 +attributeSyntax: 2.5.5.4 + +dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN} +cn: privilege +name: privilege +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: privilege +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 +adminDisplayName: Privilege +attributeID: 1.3.6.1.4.1.7165.4.1.7 +attributeSyntax: 2.5.5.4 + +dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +cn: middleName +name: middleName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: middleName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Other-Name +attributeID: 1.3.6.1.4.1.7165.4.1.8 +attributeSyntax: 2.5.5.12 + +dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} +cn: unixName +name: unixName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: unixName +sSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Unix-Name +attributeID: 1.3.6.1.4.1.7165.4.1.9 +attributeSyntax: 2.5.5.4 + +dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN} +cn: krb5Key +name: krb5Key +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: krb5Key +isSingleValued: FALSE +systemFlags: 17 +systemOnly: TRUE +schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +adminDisplayName: krb5-Key +attributeID: 1.3.6.1.4.1.5322.10.1.10 +attributeSyntax: 2.5.5.10 -- cgit From 71041a5007abb9afc04df0d91e7c2598ba9b2d20 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 12 Aug 2006 15:22:03 +0000 Subject: r17504: Do not use the invented unixID but use the rfc2307 uidNumber and gidNumber attributes instead Do not change unixName right now, we don't have an attribute to use in the posixGroup class, and I think we should remove its usage altogether and look up users and groups by their uid/gid only. Simo. (This used to be commit d57b521aadf24a277152ec1ff1dac3210bd14316) --- source4/setup/provision_init.ldif | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 91405b2d4c..7414368d44 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -5,7 +5,8 @@ dn: @INDEXLIST @IDXATTR: objectClass @IDXATTR: objectCategory @IDXATTR: member -@IDXATTR: unixID +@IDXATTR: uidNumber +@IDXATTR: gidNumber @IDXATTR: unixName @IDXATTR: privilege @IDXATTR: nCName -- cgit From 8f42f1292c2f1f1002b8446dc8b5351eb633d5ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 Aug 2006 00:59:57 +0000 Subject: r17526: Move timestamp generation into the objectGUID module. It probably needs to be renamed (operation_add?). This allows me to match the behaviour and substitute with the entryUUID module for remote LDAP connections. Andrew Bartlett (This used to be commit af02b4d7c631bb15bf5a5f73f9fdc23075d50f60) --- source4/setup/provision | 6 ++++++ source4/setup/provision_partitions.ldif | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index a58f4a5dce..4d4716ee1a 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -111,6 +111,12 @@ for (r in options) { subobj[key] = options[r]; } +if (options["ldap-backend"] != undefined) { + subobj["LDAPMODULES"] = "entryUUID"; +} else { + subobj["LDAPMODULES"] = "objectguid"; +} + var blank = (options["blank"] != undefined); var ldapbase = (options["ldap-base"] != undefined); diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index 14e077eca1..e9a273795a 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -5,6 +5,9 @@ partition: ${BASEDN}:${LDAPBACKEND} replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST +modules:CN=Schema,CN=Configuration,${BASEDN}:objectguid +modules:CN=Configuration,${BASEDN}:objectguid +modules:${BASEDN}:${LDAPMODULES} #Add modules to the list to activate them by default #beware often order is important @@ -15,4 +18,4 @@ replicateEntries: @INDEXLIST # - partition must be last dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,objectguid,password_hash,operational,objectclass,rdn_name,partition +@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectclass,rdn_name,partition -- cgit From 0cc8a1780df94cdec90942b1cbf5d4059627bf8e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 Aug 2006 01:48:32 +0000 Subject: r17528: This is an additional item of schema we require. Where is the script we used to create this schema file in the first place? Andrew Bartlett (This used to be commit dec2b6961ab28ecf84daa6ef329f98e6ee0927b9) --- source4/setup/schema.ldif | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index ca21ee923d..f4d31a5ed0 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -126,6 +126,26 @@ adminDisplayName: Security-Identifier attributeID: 1.2.840.113556.1.4.121 attributeSyntax: 2.5.5.17 + +dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,${BASEDN} +objectClass: top +objectClass: attributeSchema +cn: Foreign-Identifier +instanceType: 4 +attributeID: 1.2.840.113556.1.4.356 +attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Foreign-Identifier +adminDescription: Foreign-Identifier +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: foreignIdentifier +name: Foreign-Identifier +schemaIDGUID: 3e97891e-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 + dn: CN=msDS-KeyVersionNumber,CN=Schema,CN=Configuration,${BASEDN} cn: msDS-KeyVersionNumber name: msDS-KeyVersionNumber @@ -8039,6 +8059,7 @@ objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( noti objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) ) objectClasses: ( 1.2.840.113556.1.5.234 NAME 'msDS-AzAdminManager' SUP top STRUCTURAL MAY ( msDS-AzMinorVersion $ msDS-AzMajorVersion $ msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzScriptTimeout $ msDS-AzScriptEngineCacheMax $ msDS-AzDomainTimeout $ description ) ) objectClasses: ( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' SUP top AUXILIARY MUST ( sAMAccountName $ objectSid ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory ) ) +objectClasses: ( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top STRUCTURAL MUST (objectSid ) MAY (foreignIdentifier ) ) objectClasses: ( 1.2.840.113556.1.5.7000.49 NAME 'applicationSettings' SUP top ABSTRACT MAY ( notificationList $ msDS-Settings $ applicationName ) ) objectClasses: ( 1.2.840.113556.1.3.13 NAME 'classSchema' SUP top STRUCTURAL MUST ( subClassOf $ schemaIDGUID $ objectClassCategory $ governsID $ defaultObjectCategory $ cn ) MAY ( systemPossSuperiors $ systemOnly $ systemMustContain $ systemMayContain $ systemAuxiliaryClass $ schemaFlagsEx $ rDNAttID $ possSuperiors $ mustContain $ msDs-Schema-Extensions $ msDS-IntId $ mayContain $ lDAPDisplayName $ isDefunct $ defaultSecurityDescriptor $ defaultHidingValue $ classDisplayName $ auxiliaryClass ) ) objectClasses: ( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson STRUCTURAL MAY ( pager $ o $ mobile $ manager $ mail $ initials $ homePhone $ businessCategory $ userCertificate $ userWorkstations $ userSharedFolderOther $ userSharedFolder $ userPrincipalName $ userParameters $ userAccountControl $ unicodePwd $ terminalServer $ servicePrincipalName $ scriptPath $ pwdLastSet $ profilePath $ primaryGroupID $ preferredOU $ otherLoginWorkstations $ operatorCount $ ntPwdHistory $ networkAddress $ msRASSavedFramedRoute $ msRASSavedFramedIPAddress $ msRASSavedCallbackNumber $ msRADIUSServiceType $ msRADIUSFramedRoute $ msRADIUSFramedIPAddress $ msRADIUSCallbackNumber $ msNPSavedCallingStationID $ msNPCallingStationID $ msNPAllowDialin $ mSMQSignCertificatesMig $ mSMQSignCertificates $ mSMQDigestsMig $ mSMQDigests $ msIIS-FTPRoot $ msIIS-FTPDir $ msDS-User-Account-Control-Computed $ msDS-Site-Affinity $ mS-DS-CreatorSID $ msDS-Cached-Membership-Time-Stamp $ msDS-Cached-Membership $ msDRM-IdentityCertificate $ msCOM-UserPartitionSetLink $ maxStorage $ logonWorkstation $ logonHours $ logonCount $ lockoutTime $ localeID $ lmPwdHistory $ lastLogonTimestamp $ lastLogon $ lastLogoff $ homeDrive $ homeDirectory $ groupsToIgnore $ groupPriority $ groupMembershipSAM $ dynamicLDAPServer $ desktopProfile $ defaultClassStore $ dBCSPwd $ controlAccessRights $ codePage $ badPwdCount $ badPasswordTime $ adminCount $ aCSPolicyName $ accountExpires $ x500uniqueIdentifier $ userSMIMECertificate $ userPKCS12 $ uid $ secretary $ roomNumber $ preferredLanguage $ photo $ labeledURI $ jpegPhoto $ homePostalAddress $ givenName $ employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $ audio ) ) -- cgit From 49b335c756d22d7f6acfa32a07fa291e04b49a87 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Aug 2006 06:14:21 +0000 Subject: r17600: Finish the schema conversion tool, and add a mapping file, used to map OIDs and skip built-in attributes. Andrew Bartlett (This used to be commit cb2b9d800d1228d41f7872a7b7c8ea5f07816c61) --- source4/setup/provision_init.ldif | 2 ++ source4/setup/schema-map-openldap-2.3 | 31 +++++++++++++++++++++++++++++++ source4/setup/schema.ldif | 26 +++++++++++++------------- source4/setup/schema_samba4.ldif | 14 -------------- 4 files changed, 46 insertions(+), 27 deletions(-) create mode 100644 source4/setup/schema-map-openldap-2.3 (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 7414368d44..914184a35b 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -10,6 +10,8 @@ dn: @INDEXLIST @IDXATTR: unixName @IDXATTR: privilege @IDXATTR: nCName +@IDXATTR: lDAPDisplayName +@IDXATTR: subClassOf dn: @ATTRIBUTES userPrincipalName: CASE_INSENSITIVE diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 new file mode 100644 index 0000000000..f270b983c5 --- /dev/null +++ b/source4/setup/schema-map-openldap-2.3 @@ -0,0 +1,31 @@ +#Standard OpenLDAP attributes +name +labeledURI +objectClasses +createTimeStamp +attributeTypes +objectClass +userPassword +seeAlso +uid +subSchemaSubEntry +structuralObjectClass +modifyTimeStamp +distinguishedName +description +cn +dITContentRules +top +#Skip ObjectClasses +subSchema +# +#MiddleName has a conflicting OID +2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.1.8 +#This large integer format is unimplemented in OpenLDAP 2.3 +1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 +#This case insensitive string isn't available +1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1.44 +#This type of DN isn't in OpenLDAP +1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12 +#Treat Security Descriptors as binary +1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 \ No newline at end of file diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index f4d31a5ed0..6f8f62d080 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -568,19 +568,19 @@ adminDisplayName: houseIdentifier attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 -#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} -#cn: middleName -#name: middleName -#objectClass: top -#objectClass: attributeSchema -#lDAPDisplayName: middleName -#isSingleValued: TRUE -#systemFlags: 16 -#systemOnly: FALSE -#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -#adminDisplayName: Other-Name -#attributeID: 2.16.840.1.113730.3.1.34 -#attributeSyntax: 2.5.5.12 +dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} +cn: middleName +name: middleName +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: middleName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Other-Name +attributeID: 2.16.840.1.113730.3.1.34 +attributeSyntax: 2.5.5.12 dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN} cn: replTopologyStayOfExecution diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 94b79bd31f..61af0936dc 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -106,20 +106,6 @@ adminDisplayName: Privilege attributeID: 1.3.6.1.4.1.7165.4.1.7 attributeSyntax: 2.5.5.4 -dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} -cn: middleName -name: middleName -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: middleName -sSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Other-Name -attributeID: 1.3.6.1.4.1.7165.4.1.8 -attributeSyntax: 2.5.5.12 - dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} cn: unixName name: unixName -- cgit From cb4ebd891711b0a8ce687b450ab9e35e73f8445c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 21 Aug 2006 04:33:36 +0000 Subject: r17651: Commit the set of classess used to generate our schema and update the schema with the latest additions (This used to be commit 09a32726111200e421b6fcacf1586bfbe6024fa6) --- source4/setup/schema.ldif | 3348 ++++++++++++++++++++++++++------------------- 1 file changed, 1942 insertions(+), 1406 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 6f8f62d080..b84f162258 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -1,6 +1,6 @@ -dn: CN=sDRightsEffective,CN=Schema,CN=Configuration,${BASEDN} -cn: sDRightsEffective -name: sDRightsEffective +dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,${BASEDN} +cn: SD-Rights-Effective +name: SD-Rights-Effective objectClass: top objectClass: attributeSchema lDAPDisplayName: sDRightsEffective @@ -11,10 +11,11 @@ schemaIDGUID: c3dbafa6-33df-11d2-98b2-0000f87a57d4 adminDisplayName: SD-Rights-Effective attributeID: 1.2.840.113556.1.4.1304 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=ownerBL,CN=Schema,CN=Configuration,${BASEDN} -cn: ownerBL -name: ownerBL +dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-Exch-Owner-BL +name: ms-Exch-Owner-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: ownerBL @@ -26,10 +27,12 @@ schemaIDGUID: bf9679f4-0de6-11d0-a285-00aa003049e2 adminDisplayName: ms-Exch-Owner-BL attributeID: 1.2.840.113556.1.2.104 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=memberOf,CN=Schema,CN=Configuration,${BASEDN} -cn: memberOf -name: memberOf +dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,${BASEDN} +cn: Is-Member-Of-DL +name: Is-Member-Of-DL objectClass: top objectClass: attributeSchema lDAPDisplayName: memberOf @@ -41,10 +44,12 @@ schemaIDGUID: bf967991-0de6-11d0-a285-00aa003049e2 adminDisplayName: Is-Member-Of-DL attributeID: 1.2.840.113556.1.2.102 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=searchGuide,CN=Schema,CN=Configuration,${BASEDN} -cn: searchGuide -name: searchGuide +dn: CN=Search-Guide,CN=Schema,CN=Configuration,${BASEDN} +cn: Search-Guide +name: Search-Guide objectClass: top objectClass: attributeSchema lDAPDisplayName: searchGuide @@ -55,10 +60,11 @@ schemaIDGUID: bf967a2e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Search-Guide attributeID: 2.5.4.14 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=msDS-ReplicationEpoch,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-ReplicationEpoch -name: msDS-ReplicationEpoch +dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-ReplicationEpoch +name: ms-DS-ReplicationEpoch objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-ReplicationEpoch @@ -69,10 +75,11 @@ schemaIDGUID: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41 adminDisplayName: ms-DS-ReplicationEpoch attributeID: 1.2.840.113556.1.4.1720 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=auditingPolicy,CN=Schema,CN=Configuration,${BASEDN} -cn: auditingPolicy -name: auditingPolicy +dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,${BASEDN} +cn: Auditing-Policy +name: Auditing-Policy objectClass: top objectClass: attributeSchema lDAPDisplayName: auditingPolicy @@ -83,10 +90,11 @@ schemaIDGUID: 6da8a4fe-0e52-11d0-a286-00aa003049e2 adminDisplayName: Auditing-Policy attributeID: 1.2.840.113556.1.4.202 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=otherFacsimileTelephoneNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: otherFacsimileTelephoneNumber -name: otherFacsimileTelephoneNumber +dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Fax-Other +name: Phone-Fax-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: otherFacsimileTelephoneNumber @@ -97,10 +105,11 @@ schemaIDGUID: 0296c11d-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Phone-Fax-Other attributeID: 1.2.840.113556.1.4.646 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=streetAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: streetAddress -name: streetAddress +dn: CN=Address,CN=Schema,CN=Configuration,${BASEDN} +cn: Address +name: Address objectClass: top objectClass: attributeSchema lDAPDisplayName: streetAddress @@ -111,10 +120,11 @@ schemaIDGUID: f0f8ff84-1191-11d0-a060-00aa006c33ed adminDisplayName: Address attributeID: 1.2.840.113556.1.2.256 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=securityIdentifier,CN=Schema,CN=Configuration,${BASEDN} -cn: securityIdentifier -name: securityIdentifier +dn: CN=Security-Identifier,CN=Schema,CN=Configuration,${BASEDN} +cn: Security-Identifier +name: Security-Identifier objectClass: top objectClass: attributeSchema lDAPDisplayName: securityIdentifier @@ -125,30 +135,11 @@ schemaIDGUID: bf967a2f-0de6-11d0-a285-00aa003049e2 adminDisplayName: Security-Identifier attributeID: 1.2.840.113556.1.4.121 attributeSyntax: 2.5.5.17 - - -dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,${BASEDN} -objectClass: top -objectClass: attributeSchema -cn: Foreign-Identifier -instanceType: 4 -attributeID: 1.2.840.113556.1.4.356 -attributeSyntax: 2.5.5.10 -isSingleValued: TRUE -showInAdvancedViewOnly: TRUE -adminDisplayName: Foreign-Identifier -adminDescription: Foreign-Identifier oMSyntax: 4 -searchFlags: 0 -lDAPDisplayName: foreignIdentifier -name: Foreign-Identifier -schemaIDGUID: 3e97891e-8c01-11d0-afda-00c04fd930c9 -systemOnly: FALSE -systemFlags: 16 -dn: CN=msDS-KeyVersionNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-KeyVersionNumber -name: msDS-KeyVersionNumber +dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-KeyVersionNumber +name: ms-DS-KeyVersionNumber objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-KeyVersionNumber @@ -159,10 +150,11 @@ schemaIDGUID: c523e9c0-33b5-4ac8-8923-b57b927f42f6 adminDisplayName: ms-DS-KeyVersionNumber attributeID: 1.2.840.113556.1.4.1782 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=accountNameHistory,CN=Schema,CN=Configuration,${BASEDN} -cn: accountNameHistory -name: accountNameHistory +dn: CN=Account-Name-History,CN=Schema,CN=Configuration,${BASEDN} +cn: Account-Name-History +name: Account-Name-History objectClass: top objectClass: attributeSchema lDAPDisplayName: accountNameHistory @@ -173,6 +165,7 @@ schemaIDGUID: 031952ec-3b72-11d2-90cc-00c04fd91ab1 adminDisplayName: Account-Name-History attributeID: 1.2.840.113556.1.4.1307 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=preferredLanguage,CN=Schema,CN=Configuration,${BASEDN} cn: preferredLanguage @@ -187,10 +180,11 @@ schemaIDGUID: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d adminDisplayName: preferredLanguage attributeID: 2.16.840.1.113730.3.1.39 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=userSharedFolderOther,CN=Schema,CN=Configuration,${BASEDN} -cn: userSharedFolderOther -name: userSharedFolderOther +dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Shared-Folder-Other +name: User-Shared-Folder-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: userSharedFolderOther @@ -201,10 +195,11 @@ schemaIDGUID: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1 adminDisplayName: User-Shared-Folder-Other attributeID: 1.2.840.113556.1.4.752 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=userSharedFolder,CN=Schema,CN=Configuration,${BASEDN} -cn: userSharedFolder -name: userSharedFolder +dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Shared-Folder +name: User-Shared-Folder objectClass: top objectClass: attributeSchema lDAPDisplayName: userSharedFolder @@ -215,10 +210,11 @@ schemaIDGUID: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1 adminDisplayName: User-Shared-Folder attributeID: 1.2.840.113556.1.4.751 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=mSMQDigestsMig,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQDigestsMig -name: mSMQDigestsMig +dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Digests-Mig +name: MSMQ-Digests-Mig objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQDigestsMig @@ -229,10 +225,11 @@ schemaIDGUID: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1 adminDisplayName: MSMQ-Digests-Mig attributeID: 1.2.840.113556.1.4.966 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=legacyExchangeDN,CN=Schema,CN=Configuration,${BASEDN} -cn: legacyExchangeDN -name: legacyExchangeDN +dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,${BASEDN} +cn: Legacy-Exchange-DN +name: Legacy-Exchange-DN objectClass: top objectClass: attributeSchema lDAPDisplayName: legacyExchangeDN @@ -243,10 +240,11 @@ schemaIDGUID: 28630ebc-41d5-11d1-a9c1-0000f80367c1 adminDisplayName: Legacy-Exchange-DN attributeID: 1.2.840.113556.1.4.655 attributeSyntax: 2.5.5.4 +oMSyntax: 20 -dn: CN=wellKnownObjects,CN=Schema,CN=Configuration,${BASEDN} -cn: wellKnownObjects -name: wellKnownObjects +dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,${BASEDN} +cn: Well-Known-Objects +name: Well-Known-Objects objectClass: top objectClass: attributeSchema lDAPDisplayName: wellKnownObjects @@ -257,10 +255,12 @@ schemaIDGUID: 05308983-7688-11d1-aded-00c04fd8d5cd adminDisplayName: Well-Known-Objects attributeID: 1.2.840.113556.1.4.618 attributeSyntax: 2.5.5.7 +oMSyntax: 127 +oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=name,CN=Schema,CN=Configuration,${BASEDN} -cn: name -name: name +dn: CN=RDN,CN=Schema,CN=Configuration,${BASEDN} +cn: RDN +name: RDN objectClass: top objectClass: attributeSchema lDAPDisplayName: name @@ -271,10 +271,11 @@ schemaIDGUID: bf967a0e-0de6-11d0-a285-00aa003049e2 adminDisplayName: RDN attributeID: 1.2.840.113556.1.4.1 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=nonSecurityMemberBL,CN=Schema,CN=Configuration,${BASEDN} -cn: nonSecurityMemberBL -name: nonSecurityMemberBL +dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: Non-Security-Member-BL +name: Non-Security-Member-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: nonSecurityMemberBL @@ -286,10 +287,12 @@ schemaIDGUID: 52458019-ca6a-11d0-afff-0000f80367c1 adminDisplayName: Non-Security-Member-BL attributeID: 1.2.840.113556.1.4.531 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-ReplAttributeMetaData,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-ReplAttributeMetaData -name: msDS-ReplAttributeMetaData +dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Repl-Attribute-Meta-Data +name: ms-DS-Repl-Attribute-Meta-Data objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-ReplAttributeMetaData @@ -300,10 +303,11 @@ schemaIDGUID: d7c53242-724e-4c39-9d4c-2df8c9d66c7a adminDisplayName: ms-DS-Repl-Attribute-Meta-Data attributeID: 1.2.840.113556.1.4.1707 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=dNReferenceUpdate,CN=Schema,CN=Configuration,${BASEDN} -cn: dNReferenceUpdate -name: dNReferenceUpdate +dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,${BASEDN} +cn: DN-Reference-Update +name: DN-Reference-Update objectClass: top objectClass: attributeSchema lDAPDisplayName: dNReferenceUpdate @@ -314,10 +318,12 @@ schemaIDGUID: 2df90d86-009f-11d2-aa4c-00c04fd7d83a adminDisplayName: DN-Reference-Update attributeID: 1.2.840.113556.1.4.1242 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=gPOptions,CN=Schema,CN=Configuration,${BASEDN} -cn: gPOptions -name: gPOptions +dn: CN=GP-Options,CN=Schema,CN=Configuration,${BASEDN} +cn: GP-Options +name: GP-Options objectClass: top objectClass: attributeSchema lDAPDisplayName: gPOptions @@ -328,10 +334,11 @@ schemaIDGUID: f30e3bbf-9ff0-11d1-b603-0000f80367c1 adminDisplayName: GP-Options attributeID: 1.2.840.113556.1.4.892 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=msDS-PerUserTrustTombstonesQuota,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-PerUserTrustTombstonesQuota -name: msDS-PerUserTrustTombstonesQuota +dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DS-Per-User-Trust-Tombstones-Quota +name: MS-DS-Per-User-Trust-Tombstones-Quota objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-PerUserTrustTombstonesQuota @@ -342,10 +349,11 @@ schemaIDGUID: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota attributeID: 1.2.840.113556.1.4.1790 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=pager,CN=Schema,CN=Configuration,${BASEDN} -cn: pager -name: pager +dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Pager-Primary +name: Phone-Pager-Primary objectClass: top objectClass: attributeSchema lDAPDisplayName: pager @@ -356,10 +364,11 @@ schemaIDGUID: f0f8ffa6-1191-11d0-a060-00aa006c33ed adminDisplayName: Phone-Pager-Primary attributeID: 0.9.2342.19200300.100.1.42 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=siteGUID,CN=Schema,CN=Configuration,${BASEDN} -cn: siteGUID -name: siteGUID +dn: CN=Site-GUID,CN=Schema,CN=Configuration,${BASEDN} +cn: Site-GUID +name: Site-GUID objectClass: top objectClass: attributeSchema lDAPDisplayName: siteGUID @@ -370,10 +379,11 @@ schemaIDGUID: 3e978924-8c01-11d0-afda-00c04fd930c9 adminDisplayName: Site-GUID attributeID: 1.2.840.113556.1.4.362 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=msDS-AzScriptEngineCacheMax,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzScriptEngineCacheMax -name: msDS-AzScriptEngineCacheMax +dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Script-Engine-Cache-Max +name: ms-DS-Az-Script-Engine-Cache-Max objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzScriptEngineCacheMax @@ -384,10 +394,11 @@ schemaIDGUID: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8 adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max attributeID: 1.2.840.113556.1.4.1796 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=tokenGroupsNoGCAcceptable,CN=Schema,CN=Configuration,${BASEDN} -cn: tokenGroupsNoGCAcceptable -name: tokenGroupsNoGCAcceptable +dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,${BASEDN} +cn: Token-Groups-No-GC-Acceptable +name: Token-Groups-No-GC-Acceptable objectClass: top objectClass: attributeSchema lDAPDisplayName: tokenGroupsNoGCAcceptable @@ -398,10 +409,11 @@ schemaIDGUID: 040fc392-33df-11d2-98b2-0000f87a57d4 adminDisplayName: Token-Groups-No-GC-Acceptable attributeID: 1.2.840.113556.1.4.1303 attributeSyntax: 2.5.5.17 +oMSyntax: 4 -dn: CN=tokenGroupsGlobalAndUniversal,CN=Schema,CN=Configuration,${BASEDN} -cn: tokenGroupsGlobalAndUniversal -name: tokenGroupsGlobalAndUniversal +dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,${BASEDN} +cn: Token-Groups-Global-And-Universal +name: Token-Groups-Global-And-Universal objectClass: top objectClass: attributeSchema lDAPDisplayName: tokenGroupsGlobalAndUniversal @@ -412,10 +424,11 @@ schemaIDGUID: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2 adminDisplayName: Token-Groups-Global-And-Universal attributeID: 1.2.840.113556.1.4.1418 attributeSyntax: 2.5.5.17 +oMSyntax: 4 -dn: CN=altSecurityIdentities,CN=Schema,CN=Configuration,${BASEDN} -cn: altSecurityIdentities -name: altSecurityIdentities +dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,${BASEDN} +cn: Alt-Security-Identities +name: Alt-Security-Identities objectClass: top objectClass: attributeSchema lDAPDisplayName: altSecurityIdentities @@ -426,6 +439,7 @@ schemaIDGUID: 00fbf30c-91fe-11d1-aebc-0000f80367c1 adminDisplayName: Alt-Security-Identities attributeID: 1.2.840.113556.1.4.867 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=labeledURI,CN=Schema,CN=Configuration,${BASEDN} cn: labeledURI @@ -440,10 +454,11 @@ schemaIDGUID: c569bb46-c680-44bc-a273-e6c227d71b45 adminDisplayName: labeledURI attributeID: 1.3.6.1.4.1.250.1.57 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=pwdLastSet,CN=Schema,CN=Configuration,${BASEDN} -cn: pwdLastSet -name: pwdLastSet +dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,${BASEDN} +cn: Pwd-Last-Set +name: Pwd-Last-Set objectClass: top objectClass: attributeSchema lDAPDisplayName: pwdLastSet @@ -454,10 +469,11 @@ schemaIDGUID: bf967a0a-0de6-11d0-a285-00aa003049e2 adminDisplayName: Pwd-Last-Set attributeID: 1.2.840.113556.1.4.96 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=objectClasses,CN=Schema,CN=Configuration,${BASEDN} -cn: objectClasses -name: objectClasses +dn: CN=Object-Classes,CN=Schema,CN=Configuration,${BASEDN} +cn: Object-Classes +name: Object-Classes objectClass: top objectClass: attributeSchema lDAPDisplayName: objectClasses @@ -468,10 +484,11 @@ schemaIDGUID: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Object-Classes attributeID: 2.5.21.6 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=siteObject,CN=Schema,CN=Configuration,${BASEDN} -cn: siteObject -name: siteObject +dn: CN=Site-Object,CN=Schema,CN=Configuration,${BASEDN} +cn: Site-Object +name: Site-Object objectClass: top objectClass: attributeSchema lDAPDisplayName: siteObject @@ -483,10 +500,12 @@ schemaIDGUID: 3e10944c-c354-11d0-aff8-0000f80367c1 adminDisplayName: Site-Object attributeID: 1.2.840.113556.1.4.512 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=isPrivilegeHolder,CN=Schema,CN=Configuration,${BASEDN} -cn: isPrivilegeHolder -name: isPrivilegeHolder +dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,${BASEDN} +cn: Is-Privilege-Holder +name: Is-Privilege-Holder objectClass: top objectClass: attributeSchema lDAPDisplayName: isPrivilegeHolder @@ -498,10 +517,12 @@ schemaIDGUID: 19405b9c-3cfa-11d1-a9c0-0000f80367c1 adminDisplayName: Is-Privilege-Holder attributeID: 1.2.840.113556.1.4.638 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=dnsRoot,CN=Schema,CN=Configuration,${BASEDN} -cn: dnsRoot -name: dnsRoot +dn: CN=Dns-Root,CN=Schema,CN=Configuration,${BASEDN} +cn: Dns-Root +name: Dns-Root objectClass: top objectClass: attributeSchema lDAPDisplayName: dnsRoot @@ -512,10 +533,11 @@ schemaIDGUID: bf967959-0de6-11d0-a285-00aa003049e2 adminDisplayName: Dns-Root attributeID: 1.2.840.113556.1.4.28 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=modifiedCount,CN=Schema,CN=Configuration,${BASEDN} -cn: modifiedCount -name: modifiedCount +dn: CN=Modified-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: Modified-Count +name: Modified-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: modifiedCount @@ -526,10 +548,11 @@ schemaIDGUID: bf9679c5-0de6-11d0-a285-00aa003049e2 adminDisplayName: Modified-Count attributeID: 1.2.840.113556.1.4.168 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=internationalISDNNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: internationalISDNNumber -name: internationalISDNNumber +dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,${BASEDN} +cn: International-ISDN-Number +name: International-ISDN-Number objectClass: top objectClass: attributeSchema lDAPDisplayName: internationalISDNNumber @@ -540,10 +563,11 @@ schemaIDGUID: bf96798d-0de6-11d0-a285-00aa003049e2 adminDisplayName: International-ISDN-Number attributeID: 2.5.4.25 attributeSyntax: 2.5.5.6 +oMSyntax: 18 -dn: CN=businessCategory,CN=Schema,CN=Configuration,${BASEDN} -cn: businessCategory -name: businessCategory +dn: CN=Business-Category,CN=Schema,CN=Configuration,${BASEDN} +cn: Business-Category +name: Business-Category objectClass: top objectClass: attributeSchema lDAPDisplayName: businessCategory @@ -554,6 +578,7 @@ schemaIDGUID: bf967931-0de6-11d0-a285-00aa003049e2 adminDisplayName: Business-Category attributeID: 2.5.4.15 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=houseIdentifier,CN=Schema,CN=Configuration,${BASEDN} cn: houseIdentifier @@ -567,10 +592,11 @@ schemaIDGUID: a45398b7-c44a-4eb6-82d3-13c10946dbfe adminDisplayName: houseIdentifier attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN} -cn: middleName -name: middleName +dn: CN=Other-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Other-Name +name: Other-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: middleName @@ -581,10 +607,11 @@ schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 adminDisplayName: Other-Name attributeID: 2.16.840.1.113730.3.1.34 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN} -cn: replTopologyStayOfExecution -name: replTopologyStayOfExecution +dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,${BASEDN} +cn: Repl-Topology-Stay-Of-Execution +name: Repl-Topology-Stay-Of-Execution objectClass: top objectClass: attributeSchema lDAPDisplayName: replTopologyStayOfExecution @@ -595,10 +622,11 @@ schemaIDGUID: 7bfdcb83-4807-11d1-a9c3-0000f80367c1 adminDisplayName: Repl-Topology-Stay-Of-Execution attributeID: 1.2.840.113556.1.4.677 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=netbootGUID,CN=Schema,CN=Configuration,${BASEDN} -cn: netbootGUID -name: netbootGUID +dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,${BASEDN} +cn: Netboot-GUID +name: Netboot-GUID objectClass: top objectClass: attributeSchema lDAPDisplayName: netbootGUID @@ -609,10 +637,11 @@ schemaIDGUID: 3e978921-8c01-11d0-afda-00c04fd930c9 adminDisplayName: Netboot-GUID attributeID: 1.2.840.113556.1.4.359 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=rDNAttID,CN=Schema,CN=Configuration,${BASEDN} -cn: rDNAttID -name: rDNAttID +dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,${BASEDN} +cn: RDN-Att-ID +name: RDN-Att-ID objectClass: top objectClass: attributeSchema lDAPDisplayName: rDNAttID @@ -623,10 +652,11 @@ schemaIDGUID: bf967a0f-0de6-11d0-a285-00aa003049e2 adminDisplayName: RDN-Att-ID attributeID: 1.2.840.113556.1.2.26 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=mayContain,CN=Schema,CN=Configuration,${BASEDN} -cn: mayContain -name: mayContain +dn: CN=May-Contain,CN=Schema,CN=Configuration,${BASEDN} +cn: May-Contain +name: May-Contain objectClass: top objectClass: attributeSchema lDAPDisplayName: mayContain @@ -637,10 +667,11 @@ schemaIDGUID: bf9679bf-0de6-11d0-a285-00aa003049e2 adminDisplayName: May-Contain attributeID: 1.2.840.113556.1.2.25 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=serverReferenceBL,CN=Schema,CN=Configuration,${BASEDN} -cn: serverReferenceBL -name: serverReferenceBL +dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: Server-Reference-BL +name: Server-Reference-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: serverReferenceBL @@ -652,10 +683,12 @@ schemaIDGUID: 26d9736e-6070-11d1-a9c6-0000f80367c1 adminDisplayName: Server-Reference-BL attributeID: 1.2.840.113556.1.4.516 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=createTimeStamp,CN=Schema,CN=Configuration,${BASEDN} -cn: createTimeStamp -name: createTimeStamp +dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} +cn: Create-Time-Stamp +name: Create-Time-Stamp objectClass: top objectClass: attributeSchema lDAPDisplayName: createTimeStamp @@ -666,10 +699,11 @@ schemaIDGUID: 2df90d73-009f-11d2-aa4c-00c04fd7d83a adminDisplayName: Create-Time-Stamp attributeID: 2.5.18.1 attributeSyntax: 2.5.5.11 +oMSyntax: 24 -dn: CN=attributeDisplayNames,CN=Schema,CN=Configuration,${BASEDN} -cn: attributeDisplayNames -name: attributeDisplayNames +dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,${BASEDN} +cn: Attribute-Display-Names +name: Attribute-Display-Names objectClass: top objectClass: attributeSchema lDAPDisplayName: attributeDisplayNames @@ -680,10 +714,11 @@ schemaIDGUID: cb843f80-48d9-11d1-a9c3-0000f80367c1 adminDisplayName: Attribute-Display-Names attributeID: 1.2.840.113556.1.4.748 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=adminContextMenu,CN=Schema,CN=Configuration,${BASEDN} -cn: adminContextMenu -name: adminContextMenu +dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,${BASEDN} +cn: Admin-Context-Menu +name: Admin-Context-Menu objectClass: top objectClass: attributeSchema lDAPDisplayName: adminContextMenu @@ -694,10 +729,11 @@ schemaIDGUID: 553fd038-f32e-11d0-b0bc-00c04fd8dca6 adminDisplayName: Admin-Context-Menu attributeID: 1.2.840.113556.1.4.614 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=lSAModifiedCount,CN=Schema,CN=Configuration,${BASEDN} -cn: lSAModifiedCount -name: lSAModifiedCount +dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: LSA-Modified-Count +name: LSA-Modified-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: lSAModifiedCount @@ -708,10 +744,11 @@ schemaIDGUID: bf9679ae-0de6-11d0-a285-00aa003049e2 adminDisplayName: LSA-Modified-Count attributeID: 1.2.840.113556.1.4.67 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=lSACreationTime,CN=Schema,CN=Configuration,${BASEDN} -cn: lSACreationTime -name: lSACreationTime +dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: LSA-Creation-Time +name: LSA-Creation-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: lSACreationTime @@ -722,10 +759,11 @@ schemaIDGUID: bf9679ad-0de6-11d0-a285-00aa003049e2 adminDisplayName: LSA-Creation-Time attributeID: 1.2.840.113556.1.4.66 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=serverState,CN=Schema,CN=Configuration,${BASEDN} -cn: serverState -name: serverState +dn: CN=Server-State,CN=Schema,CN=Configuration,${BASEDN} +cn: Server-State +name: Server-State objectClass: top objectClass: attributeSchema lDAPDisplayName: serverState @@ -736,10 +774,11 @@ schemaIDGUID: bf967a34-0de6-11d0-a285-00aa003049e2 adminDisplayName: Server-State attributeID: 1.2.840.113556.1.4.154 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=supplementalCredentials,CN=Schema,CN=Configuration,${BASEDN} -cn: supplementalCredentials -name: supplementalCredentials +dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,${BASEDN} +cn: Supplemental-Credentials +name: Supplemental-Credentials objectClass: top objectClass: attributeSchema lDAPDisplayName: supplementalCredentials @@ -750,10 +789,11 @@ schemaIDGUID: bf967a3f-0de6-11d0-a285-00aa003049e2 adminDisplayName: Supplemental-Credentials attributeID: 1.2.840.113556.1.4.125 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=lDAPDisplayName,CN=Schema,CN=Configuration,${BASEDN} -cn: lDAPDisplayName -name: lDAPDisplayName +dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: LDAP-Display-Name +name: LDAP-Display-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: lDAPDisplayName @@ -764,6 +804,7 @@ schemaIDGUID: bf96799a-0de6-11d0-a285-00aa003049e2 adminDisplayName: LDAP-Display-Name attributeID: 1.2.840.113556.1.2.460 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,${BASEDN} cn: msNPSavedCallingStationID @@ -778,10 +819,11 @@ schemaIDGUID: db0c908e-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msNPSavedCallingStationID attributeID: 1.2.840.113556.1.4.1130 attributeSyntax: 2.5.5.5 +oMSyntax: 22 -dn: CN=flags,CN=Schema,CN=Configuration,${BASEDN} -cn: flags -name: flags +dn: CN=Flags,CN=Schema,CN=Configuration,${BASEDN} +cn: Flags +name: Flags objectClass: top objectClass: attributeSchema lDAPDisplayName: flags @@ -792,10 +834,11 @@ schemaIDGUID: bf967976-0de6-11d0-a285-00aa003049e2 adminDisplayName: Flags attributeID: 1.2.840.113556.1.4.38 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=createWizardExt,CN=Schema,CN=Configuration,${BASEDN} -cn: createWizardExt -name: createWizardExt +dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,${BASEDN} +cn: Create-Wizard-Ext +name: Create-Wizard-Ext objectClass: top objectClass: attributeSchema lDAPDisplayName: createWizardExt @@ -806,10 +849,11 @@ schemaIDGUID: 2b09958b-8931-11d1-aebc-0000f80367c1 adminDisplayName: Create-Wizard-Ext attributeID: 1.2.840.113556.1.4.812 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=dMDLocation,CN=Schema,CN=Configuration,${BASEDN} -cn: dMDLocation -name: dMDLocation +dn: CN=DMD-Location,CN=Schema,CN=Configuration,${BASEDN} +cn: DMD-Location +name: DMD-Location objectClass: top objectClass: attributeSchema lDAPDisplayName: dMDLocation @@ -820,10 +864,12 @@ schemaIDGUID: f0f8ff8b-1191-11d0-a060-00aa006c33ed adminDisplayName: DMD-Location attributeID: 1.2.840.113556.1.2.36 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msExchHouseIdentifier,CN=Schema,CN=Configuration,${BASEDN} -cn: msExchHouseIdentifier -name: msExchHouseIdentifier +dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-Exch-House-Identifier +name: ms-Exch-House-Identifier objectClass: top objectClass: attributeSchema lDAPDisplayName: msExchHouseIdentifier @@ -832,10 +878,11 @@ schemaIDGUID: a8df7407-c5ea-11d1-bbcb-0080c76670c0 adminDisplayName: ms-Exch-House-Identifier attributeID: 1.2.840.113556.1.2.596 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=otherMobile,CN=Schema,CN=Configuration,${BASEDN} -cn: otherMobile -name: otherMobile +dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Mobile-Other +name: Phone-Mobile-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: otherMobile @@ -846,10 +893,11 @@ schemaIDGUID: 0296c11e-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Phone-Mobile-Other attributeID: 1.2.840.113556.1.4.647 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=generationQualifier,CN=Schema,CN=Configuration,${BASEDN} -cn: generationQualifier -name: generationQualifier +dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,${BASEDN} +cn: Generation-Qualifier +name: Generation-Qualifier objectClass: top objectClass: attributeSchema lDAPDisplayName: generationQualifier @@ -860,10 +908,11 @@ schemaIDGUID: 16775804-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: Generation-Qualifier attributeID: 2.5.4.44 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=dSHeuristics,CN=Schema,CN=Configuration,${BASEDN} -cn: dSHeuristics -name: dSHeuristics +dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,${BASEDN} +cn: DS-Heuristics +name: DS-Heuristics objectClass: top objectClass: attributeSchema lDAPDisplayName: dSHeuristics @@ -874,10 +923,11 @@ schemaIDGUID: f0f8ff86-1191-11d0-a060-00aa006c33ed adminDisplayName: DS-Heuristics attributeID: 1.2.840.113556.1.2.212 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=serialNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: serialNumber -name: serialNumber +dn: CN=Serial-Number,CN=Schema,CN=Configuration,${BASEDN} +cn: Serial-Number +name: Serial-Number objectClass: top objectClass: attributeSchema lDAPDisplayName: serialNumber @@ -888,10 +938,11 @@ schemaIDGUID: bf967a32-0de6-11d0-a285-00aa003049e2 adminDisplayName: Serial-Number attributeID: 2.5.4.5 attributeSyntax: 2.5.5.5 +oMSyntax: 19 -dn: CN=msDS-Settings,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Settings -name: msDS-Settings +dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Settings +name: ms-DS-Settings objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Settings @@ -902,10 +953,11 @@ schemaIDGUID: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21 adminDisplayName: ms-DS-Settings attributeID: 1.2.840.113556.1.4.1697 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=operatorCount,CN=Schema,CN=Configuration,${BASEDN} -cn: operatorCount -name: operatorCount +dn: CN=Operator-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: Operator-Count +name: Operator-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: operatorCount @@ -916,6 +968,7 @@ schemaIDGUID: bf9679ee-0de6-11d0-a285-00aa003049e2 adminDisplayName: Operator-Count attributeID: 1.2.840.113556.1.4.144 attributeSyntax: 2.5.5.9 +oMSyntax: 2 dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,${BASEDN} cn: msRADIUSFramedIPAddress @@ -930,10 +983,11 @@ schemaIDGUID: db0c90a4-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msRADIUSFramedIPAddress attributeID: 1.2.840.113556.1.4.1153 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=homeDrive,CN=Schema,CN=Configuration,${BASEDN} -cn: homeDrive -name: homeDrive +dn: CN=Home-Drive,CN=Schema,CN=Configuration,${BASEDN} +cn: Home-Drive +name: Home-Drive objectClass: top objectClass: attributeSchema lDAPDisplayName: homeDrive @@ -944,10 +998,11 @@ schemaIDGUID: bf967986-0de6-11d0-a285-00aa003049e2 adminDisplayName: Home-Drive attributeID: 1.2.840.113556.1.4.45 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=attributeTypes,CN=Schema,CN=Configuration,${BASEDN} -cn: attributeTypes -name: attributeTypes +dn: CN=Attribute-Types,CN=Schema,CN=Configuration,${BASEDN} +cn: Attribute-Types +name: Attribute-Types objectClass: top objectClass: attributeSchema lDAPDisplayName: attributeTypes @@ -958,10 +1013,11 @@ schemaIDGUID: 9a7ad944-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Attribute-Types attributeID: 2.5.21.5 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=objectClass,CN=Schema,CN=Configuration,${BASEDN} -cn: objectClass -name: objectClass +dn: CN=Object-Class,CN=Schema,CN=Configuration,${BASEDN} +cn: Object-Class +name: Object-Class objectClass: top objectClass: attributeSchema lDAPDisplayName: objectClass @@ -972,10 +1028,11 @@ schemaIDGUID: bf9679e5-0de6-11d0-a285-00aa003049e2 adminDisplayName: Object-Class attributeID: 2.5.4.0 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=possibleInferiors,CN=Schema,CN=Configuration,${BASEDN} -cn: possibleInferiors -name: possibleInferiors +dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,${BASEDN} +cn: Possible-Inferiors +name: Possible-Inferiors objectClass: top objectClass: attributeSchema lDAPDisplayName: possibleInferiors @@ -986,10 +1043,11 @@ schemaIDGUID: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Possible-Inferiors attributeID: 1.2.840.113556.1.4.915 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=msDS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Approx-Immed-Subordinates -name: msDS-Approx-Immed-Subordinates +dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Approx-Immed-Subordinates +name: ms-DS-Approx-Immed-Subordinates objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Approx-Immed-Subordinates @@ -1000,10 +1058,11 @@ schemaIDGUID: e185d243-f6ce-4adb-b496-b0c005d7823c adminDisplayName: ms-DS-Approx-Immed-Subordinates attributeID: 1.2.840.113556.1.4.1669 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=msDS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Replication-Notify-Subsequent-DSA-Delay -name: msDS-Replication-Notify-Subsequent-DSA-Delay +dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay +name: ms-DS-Replication-Notify-Subsequent-DSA-Delay objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay @@ -1014,10 +1073,11 @@ schemaIDGUID: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6 adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay attributeID: 1.2.840.113556.1.4.1664 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=createDialog,CN=Schema,CN=Configuration,${BASEDN} -cn: createDialog -name: createDialog +dn: CN=Create-Dialog,CN=Schema,CN=Configuration,${BASEDN} +cn: Create-Dialog +name: Create-Dialog objectClass: top objectClass: attributeSchema lDAPDisplayName: createDialog @@ -1028,10 +1088,11 @@ schemaIDGUID: 2b09958a-8931-11d1-aebc-0000f80367c1 adminDisplayName: Create-Dialog attributeID: 1.2.840.113556.1.4.810 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=queryPolicyObject,CN=Schema,CN=Configuration,${BASEDN} -cn: queryPolicyObject -name: queryPolicyObject +dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,${BASEDN} +cn: Query-Policy-Object +name: Query-Policy-Object objectClass: top objectClass: attributeSchema lDAPDisplayName: queryPolicyObject @@ -1043,10 +1104,12 @@ schemaIDGUID: e1aea403-cd5b-11d0-afff-0000f80367c1 adminDisplayName: Query-Policy-Object attributeID: 1.2.840.113556.1.4.607 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=fRSRootPath,CN=Schema,CN=Configuration,${BASEDN} -cn: fRSRootPath -name: fRSRootPath +dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,${BASEDN} +cn: FRS-Root-Path +name: FRS-Root-Path objectClass: top objectClass: attributeSchema lDAPDisplayName: fRSRootPath @@ -1057,10 +1120,11 @@ schemaIDGUID: 1be8f174-a9ff-11d0-afe2-00c04fd930c9 adminDisplayName: FRS-Root-Path attributeID: 1.2.840.113556.1.4.487 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=ou,CN=Schema,CN=Configuration,${BASEDN} -cn: ou -name: ou +dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Organizational-Unit-Name +name: Organizational-Unit-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: ou @@ -1071,10 +1135,11 @@ schemaIDGUID: bf9679f0-0de6-11d0-a285-00aa003049e2 adminDisplayName: Organizational-Unit-Name attributeID: 2.5.4.11 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=telexNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: telexNumber -name: telexNumber +dn: CN=Telex-Number,CN=Schema,CN=Configuration,${BASEDN} +cn: Telex-Number +name: Telex-Number objectClass: top objectClass: attributeSchema lDAPDisplayName: telexNumber @@ -1085,10 +1150,11 @@ schemaIDGUID: bf967a4b-0de6-11d0-a285-00aa003049e2 adminDisplayName: Telex-Number attributeID: 2.5.4.21 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=homePostalAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: homePostalAddress -name: homePostalAddress +dn: CN=Address-Home,CN=Schema,CN=Configuration,${BASEDN} +cn: Address-Home +name: Address-Home objectClass: top objectClass: attributeSchema lDAPDisplayName: homePostalAddress @@ -1099,10 +1165,11 @@ schemaIDGUID: 16775781-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: Address-Home attributeID: 1.2.840.113556.1.2.617 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=assistant,CN=Schema,CN=Configuration,${BASEDN} -cn: assistant -name: assistant +dn: CN=Assistant,CN=Schema,CN=Configuration,${BASEDN} +cn: Assistant +name: Assistant objectClass: top objectClass: attributeSchema lDAPDisplayName: assistant @@ -1113,10 +1180,12 @@ schemaIDGUID: 0296c11c-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Assistant attributeID: 1.2.840.113556.1.4.652 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=netbootMachineFilePath,CN=Schema,CN=Configuration,${BASEDN} -cn: netbootMachineFilePath -name: netbootMachineFilePath +dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,${BASEDN} +cn: Netboot-Machine-File-Path +name: Netboot-Machine-File-Path objectClass: top objectClass: attributeSchema lDAPDisplayName: netbootMachineFilePath @@ -1127,6 +1196,7 @@ schemaIDGUID: 3e978923-8c01-11d0-afda-00c04fd930c9 adminDisplayName: Netboot-Machine-File-Path attributeID: 1.2.840.113556.1.4.361 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,${BASEDN} cn: x500uniqueIdentifier @@ -1141,10 +1211,11 @@ schemaIDGUID: d07da11f-8a3d-42b6-b0aa-76c962be719a adminDisplayName: x500uniqueIdentifier attributeID: 2.5.4.45 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=dBCSPwd,CN=Schema,CN=Configuration,${BASEDN} -cn: dBCSPwd -name: dBCSPwd +dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,${BASEDN} +cn: DBCS-Pwd +name: DBCS-Pwd objectClass: top objectClass: attributeSchema lDAPDisplayName: dBCSPwd @@ -1155,10 +1226,11 @@ schemaIDGUID: bf96799c-0de6-11d0-a285-00aa003049e2 adminDisplayName: DBCS-Pwd attributeID: 1.2.840.113556.1.4.55 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=prefixMap,CN=Schema,CN=Configuration,${BASEDN} -cn: prefixMap -name: prefixMap +dn: CN=Prefix-Map,CN=Schema,CN=Configuration,${BASEDN} +cn: Prefix-Map +name: Prefix-Map objectClass: top objectClass: attributeSchema lDAPDisplayName: prefixMap @@ -1169,10 +1241,11 @@ schemaIDGUID: 52458022-ca6a-11d0-afff-0000f80367c1 adminDisplayName: Prefix-Map attributeID: 1.2.840.113556.1.4.538 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=msDS-MembersForAzRoleBL,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-MembersForAzRoleBL -name: msDS-MembersForAzRoleBL +dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Members-For-Az-Role-BL +name: ms-DS-Members-For-Az-Role-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-MembersForAzRoleBL @@ -1184,10 +1257,12 @@ schemaIDGUID: ececcd20-a7e0-4688-9ccf-02ece5e287f5 adminDisplayName: MS-DS-Members-For-Az-Role-BL attributeID: 1.2.840.113556.1.4.1807 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=lastKnownParent,CN=Schema,CN=Configuration,${BASEDN} -cn: lastKnownParent -name: lastKnownParent +dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,${BASEDN} +cn: Last-Known-Parent +name: Last-Known-Parent objectClass: top objectClass: attributeSchema lDAPDisplayName: lastKnownParent @@ -1198,10 +1273,12 @@ schemaIDGUID: 52ab8670-5709-11d1-a9c6-0000f80367c1 adminDisplayName: Last-Known-Parent attributeID: 1.2.840.113556.1.4.781 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=fSMORoleOwner,CN=Schema,CN=Configuration,${BASEDN} -cn: fSMORoleOwner -name: fSMORoleOwner +dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,${BASEDN} +cn: FSMO-Role-Owner +name: FSMO-Role-Owner objectClass: top objectClass: attributeSchema lDAPDisplayName: fSMORoleOwner @@ -1212,10 +1289,12 @@ schemaIDGUID: 66171887-8f3c-11d0-afda-00c04fd930c9 adminDisplayName: FSMO-Role-Owner attributeID: 1.2.840.113556.1.4.369 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=retiredReplDSASignatures,CN=Schema,CN=Configuration,${BASEDN} -cn: retiredReplDSASignatures -name: retiredReplDSASignatures +dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,${BASEDN} +cn: Retired-Repl-DSA-Signatures +name: Retired-Repl-DSA-Signatures objectClass: top objectClass: attributeSchema lDAPDisplayName: retiredReplDSASignatures @@ -1226,10 +1305,11 @@ schemaIDGUID: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1 adminDisplayName: Retired-Repl-DSA-Signatures attributeID: 1.2.840.113556.1.4.673 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=networkAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: networkAddress -name: networkAddress +dn: CN=Network-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: Network-Address +name: Network-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: networkAddress @@ -1239,10 +1319,11 @@ schemaIDGUID: bf9679d9-0de6-11d0-a285-00aa003049e2 adminDisplayName: Network-Address attributeID: 1.2.840.113556.1.2.459 attributeSyntax: 2.5.5.4 +oMSyntax: 20 -dn: CN=schemaVersion,CN=Schema,CN=Configuration,${BASEDN} -cn: schemaVersion -name: schemaVersion +dn: CN=Schema-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: Schema-Version +name: Schema-Version objectClass: top objectClass: attributeSchema lDAPDisplayName: schemaVersion @@ -1253,10 +1334,11 @@ schemaIDGUID: bf967a2c-0de6-11d0-a285-00aa003049e2 adminDisplayName: Schema-Version attributeID: 1.2.840.113556.1.2.471 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=possSuperiors,CN=Schema,CN=Configuration,${BASEDN} -cn: possSuperiors -name: possSuperiors +dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,${BASEDN} +cn: Poss-Superiors +name: Poss-Superiors objectClass: top objectClass: attributeSchema lDAPDisplayName: possSuperiors @@ -1267,10 +1349,11 @@ schemaIDGUID: bf9679fa-0de6-11d0-a285-00aa003049e2 adminDisplayName: Poss-Superiors attributeID: 1.2.840.113556.1.2.8 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=defaultSecurityDescriptor,CN=Schema,CN=Configuration,${BASEDN} -cn: defaultSecurityDescriptor -name: defaultSecurityDescriptor +dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,${BASEDN} +cn: Default-Security-Descriptor +name: Default-Security-Descriptor objectClass: top objectClass: attributeSchema lDAPDisplayName: defaultSecurityDescriptor @@ -1281,10 +1364,11 @@ schemaIDGUID: 807a6d30-1669-11d0-a064-00aa006c33ed adminDisplayName: Default-Security-Descriptor attributeID: 1.2.840.113556.1.4.224 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=userSMIMECertificate,CN=Schema,CN=Configuration,${BASEDN} -cn: userSMIMECertificate -name: userSMIMECertificate +dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,${BASEDN} +cn: User-SMIME-Certificate +name: User-SMIME-Certificate objectClass: top objectClass: attributeSchema lDAPDisplayName: userSMIMECertificate @@ -1295,6 +1379,7 @@ schemaIDGUID: e16a9db2-403c-11d1-a9c0-0000f80367c1 adminDisplayName: User-SMIME-Certificate attributeID: 2.16.840.1.113730.3.140 attributeSyntax: 2.5.5.10 +oMSyntax: 4 dn: CN=userPKCS12,CN=Schema,CN=Configuration,${BASEDN} cn: userPKCS12 @@ -1309,10 +1394,11 @@ schemaIDGUID: 23998ab5-70f8-4007-a4c1-a84a38311f9a adminDisplayName: userPKCS12 attributeID: 2.16.840.1.113730.3.1.216 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=userAccountControl,CN=Schema,CN=Configuration,${BASEDN} -cn: userAccountControl -name: userAccountControl +dn: CN=User-Account-Control,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Account-Control +name: User-Account-Control objectClass: top objectClass: attributeSchema lDAPDisplayName: userAccountControl @@ -1323,10 +1409,11 @@ schemaIDGUID: bf967a68-0de6-11d0-a285-00aa003049e2 adminDisplayName: User-Account-Control attributeID: 1.2.840.113556.1.4.8 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=terminalServer,CN=Schema,CN=Configuration,${BASEDN} -cn: terminalServer -name: terminalServer +dn: CN=Terminal-Server,CN=Schema,CN=Configuration,${BASEDN} +cn: Terminal-Server +name: Terminal-Server objectClass: top objectClass: attributeSchema lDAPDisplayName: terminalServer @@ -1337,10 +1424,11 @@ schemaIDGUID: 6db69a1c-9422-11d1-aebd-0000f80367c1 adminDisplayName: Terminal-Server attributeID: 1.2.840.113556.1.4.885 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=accountExpires,CN=Schema,CN=Configuration,${BASEDN} -cn: accountExpires -name: accountExpires +dn: CN=Account-Expires,CN=Schema,CN=Configuration,${BASEDN} +cn: Account-Expires +name: Account-Expires objectClass: top objectClass: attributeSchema lDAPDisplayName: accountExpires @@ -1351,10 +1439,11 @@ schemaIDGUID: bf967915-0de6-11d0-a285-00aa003049e2 adminDisplayName: Account-Expires attributeID: 1.2.840.113556.1.4.159 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=groupType,CN=Schema,CN=Configuration,${BASEDN} -cn: groupType -name: groupType +dn: CN=Group-Type,CN=Schema,CN=Configuration,${BASEDN} +cn: Group-Type +name: Group-Type objectClass: top objectClass: attributeSchema lDAPDisplayName: groupType @@ -1365,10 +1454,11 @@ schemaIDGUID: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1 adminDisplayName: Group-Type attributeID: 1.2.840.113556.1.4.750 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=nTGroupMembers,CN=Schema,CN=Configuration,${BASEDN} -cn: nTGroupMembers -name: nTGroupMembers +dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,${BASEDN} +cn: NT-Group-Members +name: NT-Group-Members objectClass: top objectClass: attributeSchema lDAPDisplayName: nTGroupMembers @@ -1379,10 +1469,11 @@ schemaIDGUID: bf9679df-0de6-11d0-a285-00aa003049e2 adminDisplayName: NT-Group-Members attributeID: 1.2.840.113556.1.4.89 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=url,CN=Schema,CN=Configuration,${BASEDN} -cn: url -name: url +dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: WWW-Page-Other +name: WWW-Page-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: url @@ -1393,10 +1484,11 @@ schemaIDGUID: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1 adminDisplayName: WWW-Page-Other attributeID: 1.2.840.113556.1.4.749 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=revision,CN=Schema,CN=Configuration,${BASEDN} -cn: revision -name: revision +dn: CN=Revision,CN=Schema,CN=Configuration,${BASEDN} +cn: Revision +name: Revision objectClass: top objectClass: attributeSchema lDAPDisplayName: revision @@ -1407,10 +1499,11 @@ schemaIDGUID: bf967a21-0de6-11d0-a285-00aa003049e2 adminDisplayName: Revision attributeID: 1.2.840.113556.1.4.145 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=objectVersion,CN=Schema,CN=Configuration,${BASEDN} -cn: objectVersion -name: objectVersion +dn: CN=Object-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: Object-Version +name: Object-Version objectClass: top objectClass: attributeSchema lDAPDisplayName: objectVersion @@ -1421,10 +1514,11 @@ schemaIDGUID: 16775848-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: Object-Version attributeID: 1.2.840.113556.1.2.76 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=msDS-NCReplInboundNeighbors,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-NCReplInboundNeighbors -name: msDS-NCReplInboundNeighbors +dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-NC-Repl-Inbound-Neighbors +name: ms-DS-NC-Repl-Inbound-Neighbors objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-NCReplInboundNeighbors @@ -1435,10 +1529,11 @@ schemaIDGUID: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796 adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors attributeID: 1.2.840.113556.1.4.1705 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msCOM-UserLink,CN=Schema,CN=Configuration,${BASEDN} -cn: msCOM-UserLink -name: msCOM-UserLink +dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-COM-UserLink +name: ms-COM-UserLink objectClass: top objectClass: attributeSchema lDAPDisplayName: msCOM-UserLink @@ -1450,10 +1545,12 @@ schemaIDGUID: 9e6f3a4d-242c-4f37-b068-36b57f9fc852 adminDisplayName: ms-COM-UserLink attributeID: 1.2.840.113556.1.4.1425 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=masteredBy,CN=Schema,CN=Configuration,${BASEDN} -cn: masteredBy -name: masteredBy +dn: CN=Mastered-By,CN=Schema,CN=Configuration,${BASEDN} +cn: Mastered-By +name: Mastered-By objectClass: top objectClass: attributeSchema lDAPDisplayName: masteredBy @@ -1465,10 +1562,12 @@ schemaIDGUID: e48e64e0-12c9-11d3-9102-00c04fd91ab1 adminDisplayName: Mastered-By attributeID: 1.2.840.113556.1.4.1409 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=canonicalName,CN=Schema,CN=Configuration,${BASEDN} -cn: canonicalName -name: canonicalName +dn: CN=Canonical-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Canonical-Name +name: Canonical-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: canonicalName @@ -1479,10 +1578,11 @@ schemaIDGUID: 9a7ad945-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Canonical-Name attributeID: 1.2.840.113556.1.4.916 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-NC-Replica-Locations,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-NC-Replica-Locations -name: msDS-NC-Replica-Locations +dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-NC-Replica-Locations +name: ms-DS-NC-Replica-Locations objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-NC-Replica-Locations @@ -1494,10 +1594,12 @@ schemaIDGUID: 97de9615-b537-46bc-ac0f-10720f3909f3 adminDisplayName: ms-DS-NC-Replica-Locations attributeID: 1.2.840.113556.1.4.1661 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-UpdateScript,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-UpdateScript -name: msDS-UpdateScript +dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-UpdateScript +name: ms-DS-UpdateScript objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-UpdateScript @@ -1508,10 +1610,11 @@ schemaIDGUID: 146eb639-bb9f-4fc1-a825-e29e00c77920 adminDisplayName: ms-DS-UpdateScript attributeID: 1.2.840.113556.1.4.1721 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=nextRid,CN=Schema,CN=Configuration,${BASEDN} -cn: nextRid -name: nextRid +dn: CN=Next-Rid,CN=Schema,CN=Configuration,${BASEDN} +cn: Next-Rid +name: Next-Rid objectClass: top objectClass: attributeSchema lDAPDisplayName: nextRid @@ -1522,10 +1625,11 @@ schemaIDGUID: bf9679db-0de6-11d0-a285-00aa003049e2 adminDisplayName: Next-Rid attributeID: 1.2.840.113556.1.4.88 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=x121Address,CN=Schema,CN=Configuration,${BASEDN} -cn: x121Address -name: x121Address +dn: CN=X121-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: X121-Address +name: X121-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: x121Address @@ -1536,10 +1640,11 @@ schemaIDGUID: bf967a7b-0de6-11d0-a285-00aa003049e2 adminDisplayName: X121-Address attributeID: 2.5.4.24 attributeSyntax: 2.5.5.6 +oMSyntax: 18 -dn: CN=userPassword,CN=Schema,CN=Configuration,${BASEDN} -cn: userPassword -name: userPassword +dn: CN=User-Password,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Password +name: User-Password objectClass: top objectClass: attributeSchema lDAPDisplayName: userPassword @@ -1550,10 +1655,11 @@ schemaIDGUID: bf967a6e-0de6-11d0-a285-00aa003049e2 adminDisplayName: User-Password attributeID: 2.5.4.35 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=telephoneNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: telephoneNumber -name: telephoneNumber +dn: CN=Telephone-Number,CN=Schema,CN=Configuration,${BASEDN} +cn: Telephone-Number +name: Telephone-Number objectClass: top objectClass: attributeSchema lDAPDisplayName: telephoneNumber @@ -1564,10 +1670,11 @@ schemaIDGUID: bf967a49-0de6-11d0-a285-00aa003049e2 adminDisplayName: Telephone-Number attributeID: 2.5.4.20 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=department,CN=Schema,CN=Configuration,${BASEDN} -cn: department -name: department +dn: CN=Department,CN=Schema,CN=Configuration,${BASEDN} +cn: Department +name: Department objectClass: top objectClass: attributeSchema lDAPDisplayName: department @@ -1578,10 +1685,11 @@ schemaIDGUID: bf96794f-0de6-11d0-a285-00aa003049e2 adminDisplayName: Department attributeID: 1.2.840.113556.1.2.141 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=policyReplicationFlags,CN=Schema,CN=Configuration,${BASEDN} -cn: policyReplicationFlags -name: policyReplicationFlags +dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,${BASEDN} +cn: Policy-Replication-Flags +name: Policy-Replication-Flags objectClass: top objectClass: attributeSchema lDAPDisplayName: policyReplicationFlags @@ -1592,10 +1700,11 @@ schemaIDGUID: 19405b96-3cfa-11d1-a9c0-0000f80367c1 adminDisplayName: Policy-Replication-Flags attributeID: 1.2.840.113556.1.4.633 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=applicationName,CN=Schema,CN=Configuration,${BASEDN} -cn: applicationName -name: applicationName +dn: CN=Application-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Application-Name +name: Application-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: applicationName @@ -1606,10 +1715,11 @@ schemaIDGUID: dd712226-10e4-11d0-a05f-00aa006c33ed adminDisplayName: Application-Name attributeID: 1.2.840.113556.1.4.218 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=systemMayContain,CN=Schema,CN=Configuration,${BASEDN} -cn: systemMayContain -name: systemMayContain +dn: CN=System-May-Contain,CN=Schema,CN=Configuration,${BASEDN} +cn: System-May-Contain +name: System-May-Contain objectClass: top objectClass: attributeSchema lDAPDisplayName: systemMayContain @@ -1620,6 +1730,7 @@ schemaIDGUID: bf967a44-0de6-11d0-a285-00aa003049e2 adminDisplayName: System-May-Contain attributeID: 1.2.840.113556.1.4.196 attributeSyntax: 2.5.5.2 +oMSyntax: 6 dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,${BASEDN} cn: msRASSavedFramedRoute @@ -1634,6 +1745,7 @@ schemaIDGUID: db0c90c7-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msRASSavedFramedRoute attributeID: 1.2.840.113556.1.4.1191 attributeSyntax: 2.5.5.5 +oMSyntax: 22 dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,${BASEDN} cn: msRASSavedCallbackNumber @@ -1648,10 +1760,11 @@ schemaIDGUID: db0c90c5-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msRASSavedCallbackNumber attributeID: 1.2.840.113556.1.4.1189 attributeSyntax: 2.5.5.5 +oMSyntax: 22 -dn: CN=domainReplica,CN=Schema,CN=Configuration,${BASEDN} -cn: domainReplica -name: domainReplica +dn: CN=Domain-Replica,CN=Schema,CN=Configuration,${BASEDN} +cn: Domain-Replica +name: Domain-Replica objectClass: top objectClass: attributeSchema lDAPDisplayName: domainReplica @@ -1662,10 +1775,11 @@ schemaIDGUID: bf96795e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Domain-Replica attributeID: 1.2.840.113556.1.4.158 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=personalTitle,CN=Schema,CN=Configuration,${BASEDN} -cn: personalTitle -name: personalTitle +dn: CN=Personal-Title,CN=Schema,CN=Configuration,${BASEDN} +cn: Personal-Title +name: Personal-Title objectClass: top objectClass: attributeSchema lDAPDisplayName: personalTitle @@ -1676,10 +1790,11 @@ schemaIDGUID: 16775858-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: Personal-Title attributeID: 1.2.840.113556.1.2.615 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=otherMailbox,CN=Schema,CN=Configuration,${BASEDN} -cn: otherMailbox -name: otherMailbox +dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,${BASEDN} +cn: Other-Mailbox +name: Other-Mailbox objectClass: top objectClass: attributeSchema lDAPDisplayName: otherMailbox @@ -1689,10 +1804,11 @@ schemaIDGUID: 0296c123-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Other-Mailbox attributeID: 1.2.840.113556.1.4.651 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=mail,CN=Schema,CN=Configuration,${BASEDN} -cn: mail -name: mail +dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,${BASEDN} +cn: E-mail-Addresses +name: E-mail-Addresses objectClass: top objectClass: attributeSchema lDAPDisplayName: mail @@ -1703,10 +1819,11 @@ schemaIDGUID: bf967961-0de6-11d0-a285-00aa003049e2 adminDisplayName: E-mail-Addresses attributeID: 0.9.2342.19200300.100.1.3 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-Other-Settings,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Other-Settings -name: msDS-Other-Settings +dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Other-Settings +name: ms-DS-Other-Settings objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Other-Settings @@ -1717,10 +1834,11 @@ schemaIDGUID: 79d2f34c-9d7d-42bb-838f-866b3e4400e2 adminDisplayName: ms-DS-Other-Settings attributeID: 1.2.840.113556.1.4.1621 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=machineRole,CN=Schema,CN=Configuration,${BASEDN} -cn: machineRole -name: machineRole +dn: CN=Machine-Role,CN=Schema,CN=Configuration,${BASEDN} +cn: Machine-Role +name: Machine-Role objectClass: top objectClass: attributeSchema lDAPDisplayName: machineRole @@ -1731,10 +1849,11 @@ schemaIDGUID: bf9679b2-0de6-11d0-a285-00aa003049e2 adminDisplayName: Machine-Role attributeID: 1.2.840.113556.1.4.71 attributeSyntax: 2.5.5.9 +oMSyntax: 10 -dn: CN=msDS-AzDomainTimeout,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzDomainTimeout -name: msDS-AzDomainTimeout +dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Domain-Timeout +name: ms-DS-Az-Domain-Timeout objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzDomainTimeout @@ -1745,10 +1864,11 @@ schemaIDGUID: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0 adminDisplayName: MS-DS-Az-Domain-Timeout attributeID: 1.2.840.113556.1.4.1795 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=systemAuxiliaryClass,CN=Schema,CN=Configuration,${BASEDN} -cn: systemAuxiliaryClass -name: systemAuxiliaryClass +dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,${BASEDN} +cn: System-Auxiliary-Class +name: System-Auxiliary-Class objectClass: top objectClass: attributeSchema lDAPDisplayName: systemAuxiliaryClass @@ -1759,10 +1879,11 @@ schemaIDGUID: bf967a43-0de6-11d0-a285-00aa003049e2 adminDisplayName: System-Auxiliary-Class attributeID: 1.2.840.113556.1.4.198 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=isDefunct,CN=Schema,CN=Configuration,${BASEDN} -cn: isDefunct -name: isDefunct +dn: CN=Is-Defunct,CN=Schema,CN=Configuration,${BASEDN} +cn: Is-Defunct +name: Is-Defunct objectClass: top objectClass: attributeSchema lDAPDisplayName: isDefunct @@ -1773,10 +1894,11 @@ schemaIDGUID: 28630ebe-41d5-11d1-a9c1-0000f80367c1 adminDisplayName: Is-Defunct attributeID: 1.2.840.113556.1.4.661 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=primaryGroupID,CN=Schema,CN=Configuration,${BASEDN} -cn: primaryGroupID -name: primaryGroupID +dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,${BASEDN} +cn: Primary-Group-ID +name: Primary-Group-ID objectClass: top objectClass: attributeSchema lDAPDisplayName: primaryGroupID @@ -1787,10 +1909,11 @@ schemaIDGUID: bf967a00-0de6-11d0-a285-00aa003049e2 adminDisplayName: Primary-Group-ID attributeID: 1.2.840.113556.1.4.98 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=lmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} -cn: lmPwdHistory -name: lmPwdHistory +dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,${BASEDN} +cn: Lm-Pwd-History +name: Lm-Pwd-History objectClass: top objectClass: attributeSchema lDAPDisplayName: lmPwdHistory @@ -1801,10 +1924,11 @@ schemaIDGUID: bf96799d-0de6-11d0-a285-00aa003049e2 adminDisplayName: Lm-Pwd-History attributeID: 1.2.840.113556.1.4.160 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=groupMembershipSAM,CN=Schema,CN=Configuration,${BASEDN} -cn: groupMembershipSAM -name: groupMembershipSAM +dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,${BASEDN} +cn: Group-Membership-SAM +name: Group-Membership-SAM objectClass: top objectClass: attributeSchema lDAPDisplayName: groupMembershipSAM @@ -1815,10 +1939,11 @@ schemaIDGUID: bf967980-0de6-11d0-a285-00aa003049e2 adminDisplayName: Group-Membership-SAM attributeID: 1.2.840.113556.1.4.166 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=instanceType,CN=Schema,CN=Configuration,${BASEDN} -cn: instanceType -name: instanceType +dn: CN=Instance-Type,CN=Schema,CN=Configuration,${BASEDN} +cn: Instance-Type +name: Instance-Type objectClass: top objectClass: attributeSchema lDAPDisplayName: instanceType @@ -1829,10 +1954,11 @@ schemaIDGUID: bf96798c-0de6-11d0-a285-00aa003049e2 adminDisplayName: Instance-Type attributeID: 1.2.840.113556.1.2.1 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=treatAsLeaf,CN=Schema,CN=Configuration,${BASEDN} -cn: treatAsLeaf -name: treatAsLeaf +dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,${BASEDN} +cn: Treat-As-Leaf +name: Treat-As-Leaf objectClass: top objectClass: attributeSchema lDAPDisplayName: treatAsLeaf @@ -1843,10 +1969,11 @@ schemaIDGUID: 8fd044e3-771f-11d1-aeae-0000f80367c1 adminDisplayName: Treat-As-Leaf attributeID: 1.2.840.113556.1.4.806 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=adminPropertyPages,CN=Schema,CN=Configuration,${BASEDN} -cn: adminPropertyPages -name: adminPropertyPages +dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,${BASEDN} +cn: Admin-Property-Pages +name: Admin-Property-Pages objectClass: top objectClass: attributeSchema lDAPDisplayName: adminPropertyPages @@ -1857,10 +1984,11 @@ schemaIDGUID: 52458038-ca6a-11d0-afff-0000f80367c1 adminDisplayName: Admin-Property-Pages attributeID: 1.2.840.113556.1.4.562 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AzScopeName,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzScopeName -name: msDS-AzScopeName +dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Scope-Name +name: ms-DS-Az-Scope-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzScopeName @@ -1871,10 +1999,11 @@ schemaIDGUID: 515a6b06-2617-4173-8099-d5605df043c6 adminDisplayName: MS-DS-Az-Scope-Name attributeID: 1.2.840.113556.1.4.1799 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=seeAlso,CN=Schema,CN=Configuration,${BASEDN} -cn: seeAlso -name: seeAlso +dn: CN=See-Also,CN=Schema,CN=Configuration,${BASEDN} +cn: See-Also +name: See-Also objectClass: top objectClass: attributeSchema lDAPDisplayName: seeAlso @@ -1885,10 +2014,12 @@ schemaIDGUID: bf967a31-0de6-11d0-a285-00aa003049e2 adminDisplayName: See-Also attributeID: 2.5.4.34 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-RetiredReplNCSignatures,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-RetiredReplNCSignatures -name: msDS-RetiredReplNCSignatures +dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Retired-Repl-NC-Signatures +name: ms-DS-Retired-Repl-NC-Signatures objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-RetiredReplNCSignatures @@ -1899,10 +2030,11 @@ schemaIDGUID: d5b35506-19d6-4d26-9afb-11357ac99b5e adminDisplayName: ms-DS-Retired-Repl-NC-Signatures attributeID: 1.2.840.113556.1.4.1826 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=hasMasterNCs,CN=Schema,CN=Configuration,${BASEDN} -cn: hasMasterNCs -name: hasMasterNCs +dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,${BASEDN} +cn: Has-Master-NCs +name: Has-Master-NCs objectClass: top objectClass: attributeSchema lDAPDisplayName: hasMasterNCs @@ -1914,10 +2046,12 @@ schemaIDGUID: bf967982-0de6-11d0-a285-00aa003049e2 adminDisplayName: Has-Master-NCs attributeID: 1.2.840.113556.1.2.14 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=modifiedCountAtLastProm,CN=Schema,CN=Configuration,${BASEDN} -cn: modifiedCountAtLastProm -name: modifiedCountAtLastProm +dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,${BASEDN} +cn: Modified-Count-At-Last-Prom +name: Modified-Count-At-Last-Prom objectClass: top objectClass: attributeSchema lDAPDisplayName: modifiedCountAtLastProm @@ -1928,10 +2062,11 @@ schemaIDGUID: bf9679c6-0de6-11d0-a285-00aa003049e2 adminDisplayName: Modified-Count-At-Last-Prom attributeID: 1.2.840.113556.1.4.81 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=minPwdAge,CN=Schema,CN=Configuration,${BASEDN} -cn: minPwdAge -name: minPwdAge +dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,${BASEDN} +cn: Min-Pwd-Age +name: Min-Pwd-Age objectClass: top objectClass: attributeSchema lDAPDisplayName: minPwdAge @@ -1942,10 +2077,11 @@ schemaIDGUID: bf9679c2-0de6-11d0-a285-00aa003049e2 adminDisplayName: Min-Pwd-Age attributeID: 1.2.840.113556.1.4.78 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=forceLogoff,CN=Schema,CN=Configuration,${BASEDN} -cn: forceLogoff -name: forceLogoff +dn: CN=Force-Logoff,CN=Schema,CN=Configuration,${BASEDN} +cn: Force-Logoff +name: Force-Logoff objectClass: top objectClass: attributeSchema lDAPDisplayName: forceLogoff @@ -1956,10 +2092,11 @@ schemaIDGUID: bf967977-0de6-11d0-a285-00aa003049e2 adminDisplayName: Force-Logoff attributeID: 1.2.840.113556.1.4.39 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=msDS-AllowedToDelegateTo,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AllowedToDelegateTo -name: msDS-AllowedToDelegateTo +dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Allowed-To-Delegate-To +name: ms-DS-Allowed-To-Delegate-To objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AllowedToDelegateTo @@ -1970,10 +2107,11 @@ schemaIDGUID: 800d94d7-b7a1-42a1-b14d-7cae1423d07f adminDisplayName: ms-DS-Allowed-To-Delegate-To attributeID: 1.2.840.113556.1.4.1787 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=dNSHostName,CN=Schema,CN=Configuration,${BASEDN} -cn: dNSHostName -name: dNSHostName +dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: DNS-Host-Name +name: DNS-Host-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: dNSHostName @@ -1984,10 +2122,11 @@ schemaIDGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd adminDisplayName: DNS-Host-Name attributeID: 1.2.840.113556.1.4.619 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AzMinorVersion,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzMinorVersion -name: msDS-AzMinorVersion +dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Minor-Version +name: ms-DS-Az-Minor-Version objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzMinorVersion @@ -1998,10 +2137,11 @@ schemaIDGUID: ee85ed93-b209-4788-8165-e702f51bfbf3 adminDisplayName: MS-DS-Az-Minor-Version attributeID: 1.2.840.113556.1.4.1825 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=systemOnly,CN=Schema,CN=Configuration,${BASEDN} -cn: systemOnly -name: systemOnly +dn: CN=System-Only,CN=Schema,CN=Configuration,${BASEDN} +cn: System-Only +name: System-Only objectClass: top objectClass: attributeSchema lDAPDisplayName: systemOnly @@ -2012,10 +2152,11 @@ schemaIDGUID: bf967a46-0de6-11d0-a285-00aa003049e2 adminDisplayName: System-Only attributeID: 1.2.840.113556.1.4.170 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=msDS-IntId,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-IntId -name: msDS-IntId +dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-IntId +name: ms-DS-IntId objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-IntId @@ -2026,10 +2167,11 @@ schemaIDGUID: bc60096a-1b47-4b30-8877-602c93f56532 adminDisplayName: ms-DS-IntId attributeID: 1.2.840.113556.1.4.1716 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=badPasswordTime,CN=Schema,CN=Configuration,${BASEDN} -cn: badPasswordTime -name: badPasswordTime +dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: Bad-Password-Time +name: Bad-Password-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: badPasswordTime @@ -2040,10 +2182,11 @@ schemaIDGUID: bf96792d-0de6-11d0-a285-00aa003049e2 adminDisplayName: Bad-Password-Time attributeID: 1.2.840.113556.1.4.49 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=primaryGroupToken,CN=Schema,CN=Configuration,${BASEDN} -cn: primaryGroupToken -name: primaryGroupToken +dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,${BASEDN} +cn: Primary-Group-Token +name: Primary-Group-Token objectClass: top objectClass: attributeSchema lDAPDisplayName: primaryGroupToken @@ -2054,10 +2197,11 @@ schemaIDGUID: c0ed8738-7efd-4481-84d9-66d2db8be369 adminDisplayName: Primary-Group-Token attributeID: 1.2.840.113556.1.4.1412 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=USNIntersite,CN=Schema,CN=Configuration,${BASEDN} -cn: USNIntersite -name: USNIntersite +dn: CN=USN-Intersite,CN=Schema,CN=Configuration,${BASEDN} +cn: USN-Intersite +name: USN-Intersite objectClass: top objectClass: attributeSchema lDAPDisplayName: USNIntersite @@ -2068,10 +2212,11 @@ schemaIDGUID: a8df7498-c5ea-11d1-bbcb-0080c76670c0 adminDisplayName: USN-Intersite attributeID: 1.2.840.113556.1.2.469 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=fRSMemberReferenceBL,CN=Schema,CN=Configuration,${BASEDN} -cn: fRSMemberReferenceBL -name: fRSMemberReferenceBL +dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: FRS-Member-Reference-BL +name: FRS-Member-Reference-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: fRSMemberReferenceBL @@ -2083,10 +2228,12 @@ schemaIDGUID: 2a13257f-9373-11d1-aebc-0000f80367c1 adminDisplayName: FRS-Member-Reference-BL attributeID: 1.2.840.113556.1.4.876 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-SDReferenceDomain,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-SDReferenceDomain -name: msDS-SDReferenceDomain +dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-SD-Reference-Domain +name: ms-DS-SD-Reference-Domain objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-SDReferenceDomain @@ -2098,10 +2245,12 @@ schemaIDGUID: 4c51e316-f628-43a5-b06b-ffb695fcb4f3 adminDisplayName: ms-DS-SD-Reference-Domain attributeID: 1.2.840.113556.1.4.1711 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=lastBackupRestorationTime,CN=Schema,CN=Configuration,${BASEDN} -cn: lastBackupRestorationTime -name: lastBackupRestorationTime +dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: Last-Backup-Restoration-Time +name: Last-Backup-Restoration-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: lastBackupRestorationTime @@ -2112,10 +2261,11 @@ schemaIDGUID: 1fbb0be8-ba63-11d0-afef-0000f80367c1 adminDisplayName: Last-Backup-Restoration-Time attributeID: 1.2.840.113556.1.4.519 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=treeName,CN=Schema,CN=Configuration,${BASEDN} -cn: treeName -name: treeName +dn: CN=Tree-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Tree-Name +name: Tree-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: treeName @@ -2126,10 +2276,11 @@ schemaIDGUID: 28630ebd-41d5-11d1-a9c1-0000f80367c1 adminDisplayName: Tree-Name attributeID: 1.2.840.113556.1.4.660 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=oEMInformation,CN=Schema,CN=Configuration,${BASEDN} -cn: oEMInformation -name: oEMInformation +dn: CN=OEM-Information,CN=Schema,CN=Configuration,${BASEDN} +cn: OEM-Information +name: OEM-Information objectClass: top objectClass: attributeSchema lDAPDisplayName: oEMInformation @@ -2140,10 +2291,11 @@ schemaIDGUID: bf9679ea-0de6-11d0-a285-00aa003049e2 adminDisplayName: OEM-Information attributeID: 1.2.840.113556.1.4.151 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=givenName,CN=Schema,CN=Configuration,${BASEDN} -cn: givenName -name: givenName +dn: CN=Given-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Given-Name +name: Given-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: givenName @@ -2154,10 +2306,11 @@ schemaIDGUID: f0f8ff8e-1191-11d0-a060-00aa006c33ed adminDisplayName: Given-Name attributeID: 2.5.4.42 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=sPNMappings,CN=Schema,CN=Configuration,${BASEDN} -cn: sPNMappings -name: sPNMappings +dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,${BASEDN} +cn: SPN-Mappings +name: SPN-Mappings objectClass: top objectClass: attributeSchema lDAPDisplayName: sPNMappings @@ -2168,10 +2321,11 @@ schemaIDGUID: 2ab0e76c-7041-11d2-9905-0000f87a57d4 adminDisplayName: SPN-Mappings attributeID: 1.2.840.113556.1.4.1347 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=operatingSystemVersion,CN=Schema,CN=Configuration,${BASEDN} -cn: operatingSystemVersion -name: operatingSystemVersion +dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: Operating-System-Version +name: Operating-System-Version objectClass: top objectClass: attributeSchema lDAPDisplayName: operatingSystemVersion @@ -2182,10 +2336,11 @@ schemaIDGUID: 3e978926-8c01-11d0-afda-00c04fd930c9 adminDisplayName: Operating-System-Version attributeID: 1.2.840.113556.1.4.364 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=notificationList,CN=Schema,CN=Configuration,${BASEDN} -cn: notificationList -name: notificationList +dn: CN=Notification-List,CN=Schema,CN=Configuration,${BASEDN} +cn: Notification-List +name: Notification-List objectClass: top objectClass: attributeSchema lDAPDisplayName: notificationList @@ -2196,10 +2351,12 @@ schemaIDGUID: 19195a56-6da0-11d0-afd3-00c04fd930c9 adminDisplayName: Notification-List attributeID: 1.2.840.113556.1.4.303 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=tokenGroups,CN=Schema,CN=Configuration,${BASEDN} -cn: tokenGroups -name: tokenGroups +dn: CN=Token-Groups,CN=Schema,CN=Configuration,${BASEDN} +cn: Token-Groups +name: Token-Groups objectClass: top objectClass: attributeSchema lDAPDisplayName: tokenGroups @@ -2210,6 +2367,7 @@ schemaIDGUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 adminDisplayName: Token-Groups attributeID: 1.2.840.113556.1.4.1301 attributeSyntax: 2.5.5.17 +oMSyntax: 4 dn: CN=carLicense,CN=Schema,CN=Configuration,${BASEDN} cn: carLicense @@ -2224,10 +2382,11 @@ schemaIDGUID: d4159c92-957d-4a87-8a67-8d2934e01649 adminDisplayName: carLicense attributeID: 2.16.840.1.113730.3.1.1 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=preferredOU,CN=Schema,CN=Configuration,${BASEDN} -cn: preferredOU -name: preferredOU +dn: CN=Preferred-OU,CN=Schema,CN=Configuration,${BASEDN} +cn: Preferred-OU +name: Preferred-OU objectClass: top objectClass: attributeSchema lDAPDisplayName: preferredOU @@ -2238,10 +2397,12 @@ schemaIDGUID: bf9679ff-0de6-11d0-a285-00aa003049e2 adminDisplayName: Preferred-OU attributeID: 1.2.840.113556.1.4.97 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=mS-DS-CreatorSID,CN=Schema,CN=Configuration,${BASEDN} -cn: mS-DS-CreatorSID -name: mS-DS-CreatorSID +dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DS-Creator-SID +name: MS-DS-Creator-SID objectClass: top objectClass: attributeSchema lDAPDisplayName: mS-DS-CreatorSID @@ -2252,10 +2413,11 @@ schemaIDGUID: c5e60132-1480-11d3-91c1-0000f87a57d4 adminDisplayName: MS-DS-Creator-SID attributeID: 1.2.840.113556.1.4.1410 attributeSyntax: 2.5.5.17 +oMSyntax: 4 -dn: CN=msDS-NonMembers,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-NonMembers -name: msDS-NonMembers +dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Non-Members +name: ms-DS-Non-Members objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-NonMembers @@ -2267,10 +2429,12 @@ schemaIDGUID: cafcb1de-f23c-46b5-adf7-1e64957bd5db adminDisplayName: MS-DS-Non-Members attributeID: 1.2.840.113556.1.4.1793 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-TasksForAzRoleBL,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-TasksForAzRoleBL -name: msDS-TasksForAzRoleBL +dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Tasks-For-Az-Role-BL +name: ms-DS-Tasks-For-Az-Role-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-TasksForAzRoleBL @@ -2282,10 +2446,12 @@ schemaIDGUID: a0dcd536-5158-42fe-8c40-c00a7ad37959 adminDisplayName: MS-DS-Tasks-For-Az-Role-BL attributeID: 1.2.840.113556.1.4.1815 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=extensionName,CN=Schema,CN=Configuration,${BASEDN} -cn: extensionName -name: extensionName +dn: CN=Extension-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Extension-Name +name: Extension-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: extensionName @@ -2296,10 +2462,11 @@ schemaIDGUID: bf967972-0de6-11d0-a285-00aa003049e2 adminDisplayName: Extension-Name attributeID: 1.2.840.113556.1.2.227 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Replication-Notify-First-DSA-Delay -name: msDS-Replication-Notify-First-DSA-Delay +dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Replication-Notify-First-DSA-Delay +name: ms-DS-Replication-Notify-First-DSA-Delay objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay @@ -2310,10 +2477,11 @@ schemaIDGUID: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay attributeID: 1.2.840.113556.1.4.1663 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=maxPwdAge,CN=Schema,CN=Configuration,${BASEDN} -cn: maxPwdAge -name: maxPwdAge +dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,${BASEDN} +cn: Max-Pwd-Age +name: Max-Pwd-Age objectClass: top objectClass: attributeSchema lDAPDisplayName: maxPwdAge @@ -2324,10 +2492,11 @@ schemaIDGUID: bf9679bb-0de6-11d0-a285-00aa003049e2 adminDisplayName: Max-Pwd-Age attributeID: 1.2.840.113556.1.4.74 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=otherIpPhone,CN=Schema,CN=Configuration,${BASEDN} -cn: otherIpPhone -name: otherIpPhone +dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Ip-Other +name: Phone-Ip-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: otherIpPhone @@ -2338,6 +2507,7 @@ schemaIDGUID: 4d146e4b-48d4-11d1-a9c3-0000f80367c1 adminDisplayName: Phone-Ip-Other attributeID: 1.2.840.113556.1.4.722 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=secretary,CN=Schema,CN=Configuration,${BASEDN} cn: secretary @@ -2352,10 +2522,12 @@ schemaIDGUID: 01072d9a-98ad-4a53-9744-e83e287278fb adminDisplayName: secretary attributeID: 0.9.2342.19200300.100.1.21 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=userParameters,CN=Schema,CN=Configuration,${BASEDN} -cn: userParameters -name: userParameters +dn: CN=User-Parameters,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Parameters +name: User-Parameters objectClass: top objectClass: attributeSchema lDAPDisplayName: userParameters @@ -2366,10 +2538,11 @@ schemaIDGUID: bf967a6d-0de6-11d0-a285-00aa003049e2 adminDisplayName: User-Parameters attributeID: 1.2.840.113556.1.4.138 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=bridgeheadServerListBL,CN=Schema,CN=Configuration,${BASEDN} -cn: bridgeheadServerListBL -name: bridgeheadServerListBL +dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: Bridgehead-Server-List-BL +name: Bridgehead-Server-List-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: bridgeheadServerListBL @@ -2381,10 +2554,12 @@ schemaIDGUID: d50c2cdb-8951-11d1-aebc-0000f80367c1 adminDisplayName: Bridgehead-Server-List-BL attributeID: 1.2.840.113556.1.4.820 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-AzApplicationData,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzApplicationData -name: msDS-AzApplicationData +dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Application-Data +name: ms-DS-Az-Application-Data objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzApplicationData @@ -2395,10 +2570,11 @@ schemaIDGUID: 503fc3e8-1cc6-461a-99a3-9eee04f402a7 adminDisplayName: MS-DS-Az-Application-Data attributeID: 1.2.840.113556.1.4.1819 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=pekKeyChangeInterval,CN=Schema,CN=Configuration,${BASEDN} -cn: pekKeyChangeInterval -name: pekKeyChangeInterval +dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,${BASEDN} +cn: Pek-Key-Change-Interval +name: Pek-Key-Change-Interval objectClass: top objectClass: attributeSchema lDAPDisplayName: pekKeyChangeInterval @@ -2409,10 +2585,11 @@ schemaIDGUID: 07383084-91df-11d1-aebc-0000f80367c1 adminDisplayName: Pek-Key-Change-Interval attributeID: 1.2.840.113556.1.4.866 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=c,CN=Schema,CN=Configuration,${BASEDN} -cn: c -name: c +dn: CN=Country-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Country-Name +name: Country-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: c @@ -2423,10 +2600,11 @@ schemaIDGUID: bf967945-0de6-11d0-a285-00aa003049e2 adminDisplayName: Country-Name attributeID: 2.5.4.6 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=destinationIndicator,CN=Schema,CN=Configuration,${BASEDN} -cn: destinationIndicator -name: destinationIndicator +dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,${BASEDN} +cn: Destination-Indicator +name: Destination-Indicator objectClass: top objectClass: attributeSchema lDAPDisplayName: destinationIndicator @@ -2437,10 +2615,11 @@ schemaIDGUID: bf967951-0de6-11d0-a285-00aa003049e2 adminDisplayName: Destination-Indicator attributeID: 2.5.4.27 attributeSyntax: 2.5.5.5 +oMSyntax: 19 -dn: CN=countryCode,CN=Schema,CN=Configuration,${BASEDN} -cn: countryCode -name: countryCode +dn: CN=Country-Code,CN=Schema,CN=Configuration,${BASEDN} +cn: Country-Code +name: Country-Code objectClass: top objectClass: attributeSchema lDAPDisplayName: countryCode @@ -2451,10 +2630,11 @@ schemaIDGUID: 5fd42471-1262-11d0-a060-00aa006c33ed adminDisplayName: Country-Code attributeID: 1.2.840.113556.1.4.25 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=mobile,CN=Schema,CN=Configuration,${BASEDN} -cn: mobile -name: mobile +dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Mobile-Primary +name: Phone-Mobile-Primary objectClass: top objectClass: attributeSchema lDAPDisplayName: mobile @@ -2465,10 +2645,11 @@ schemaIDGUID: f0f8ffa3-1191-11d0-a060-00aa006c33ed adminDisplayName: Phone-Mobile-Primary attributeID: 0.9.2342.19200300.100.1.41 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=rIDSetReferences,CN=Schema,CN=Configuration,${BASEDN} -cn: rIDSetReferences -name: rIDSetReferences +dn: CN=RID-Set-References,CN=Schema,CN=Configuration,${BASEDN} +cn: RID-Set-References +name: RID-Set-References objectClass: top objectClass: attributeSchema lDAPDisplayName: rIDSetReferences @@ -2479,10 +2660,12 @@ schemaIDGUID: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1 adminDisplayName: RID-Set-References attributeID: 1.2.840.113556.1.4.669 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=schemaIDGUID,CN=Schema,CN=Configuration,${BASEDN} -cn: schemaIDGUID -name: schemaIDGUID +dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,${BASEDN} +cn: Schema-ID-GUID +name: Schema-ID-GUID objectClass: top objectClass: attributeSchema lDAPDisplayName: schemaIDGUID @@ -2493,10 +2676,11 @@ schemaIDGUID: bf967923-0de6-11d0-a285-00aa003049e2 adminDisplayName: Schema-ID-GUID attributeID: 1.2.840.113556.1.4.148 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=auxiliaryClass,CN=Schema,CN=Configuration,${BASEDN} -cn: auxiliaryClass -name: auxiliaryClass +dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,${BASEDN} +cn: Auxiliary-Class +name: Auxiliary-Class objectClass: top objectClass: attributeSchema lDAPDisplayName: auxiliaryClass @@ -2507,6 +2691,7 @@ schemaIDGUID: bf96792c-0de6-11d0-a285-00aa003049e2 adminDisplayName: Auxiliary-Class attributeID: 1.2.840.113556.1.2.351 attributeSyntax: 2.5.5.2 +oMSyntax: 6 dn: CN=uid,CN=Schema,CN=Configuration,${BASEDN} cn: uid @@ -2521,6 +2706,7 @@ schemaIDGUID: 0bb0fca0-1e89-429f-901a-1413894d9f59 adminDisplayName: uid attributeID: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=departmentNumber,CN=Schema,CN=Configuration,${BASEDN} cn: departmentNumber @@ -2535,10 +2721,11 @@ schemaIDGUID: be9ef6ee-cbc7-4f22-b27b-96967e7ee585 adminDisplayName: departmentNumber attributeID: 2.16.840.1.113730.3.1.2 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=wWWHomePage,CN=Schema,CN=Configuration,${BASEDN} -cn: wWWHomePage -name: wWWHomePage +dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,${BASEDN} +cn: WWW-Home-Page +name: WWW-Home-Page objectClass: top objectClass: attributeSchema lDAPDisplayName: wWWHomePage @@ -2549,10 +2736,11 @@ schemaIDGUID: bf967a7a-0de6-11d0-a285-00aa003049e2 adminDisplayName: WWW-Home-Page attributeID: 1.2.840.113556.1.2.464 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=uSNSource,CN=Schema,CN=Configuration,${BASEDN} -cn: uSNSource -name: uSNSource +dn: CN=USN-Source,CN=Schema,CN=Configuration,${BASEDN} +cn: USN-Source +name: USN-Source objectClass: top objectClass: attributeSchema lDAPDisplayName: uSNSource @@ -2563,10 +2751,11 @@ schemaIDGUID: 167758ad-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: USN-Source attributeID: 1.2.840.113556.1.4.896 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=mS-DS-ConsistencyGuid,CN=Schema,CN=Configuration,${BASEDN} -cn: mS-DS-ConsistencyGuid -name: mS-DS-ConsistencyGuid +dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DS-Consistency-Guid +name: MS-DS-Consistency-Guid objectClass: top objectClass: attributeSchema lDAPDisplayName: mS-DS-ConsistencyGuid @@ -2577,10 +2766,11 @@ schemaIDGUID: 23773dc2-b63a-11d2-90e1-00c04fd91ab1 adminDisplayName: MS-DS-Consistency-Guid attributeID: 1.2.840.113556.1.4.1360 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=frsComputerReferenceBL,CN=Schema,CN=Configuration,${BASEDN} -cn: frsComputerReferenceBL -name: frsComputerReferenceBL +dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: Frs-Computer-Reference-BL +name: Frs-Computer-Reference-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: frsComputerReferenceBL @@ -2592,10 +2782,12 @@ schemaIDGUID: 2a132579-9373-11d1-aebc-0000f80367c1 adminDisplayName: Frs-Computer-Reference-BL attributeID: 1.2.840.113556.1.4.870 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=allowedAttributes,CN=Schema,CN=Configuration,${BASEDN} -cn: allowedAttributes -name: allowedAttributes +dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,${BASEDN} +cn: Allowed-Attributes +name: Allowed-Attributes objectClass: top objectClass: attributeSchema lDAPDisplayName: allowedAttributes @@ -2606,10 +2798,11 @@ schemaIDGUID: 9a7ad940-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Allowed-Attributes attributeID: 1.2.840.113556.1.4.913 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=msDS-AzApplicationName,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzApplicationName -name: msDS-AzApplicationName +dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Application-Name +name: ms-DS-Az-Application-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzApplicationName @@ -2620,10 +2813,11 @@ schemaIDGUID: db5b0728-6208-4876-83b7-95d3e5695275 adminDisplayName: MS-DS-Az-Application-Name attributeID: 1.2.840.113556.1.4.1798 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=uPNSuffixes,CN=Schema,CN=Configuration,${BASEDN} -cn: uPNSuffixes -name: uPNSuffixes +dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,${BASEDN} +cn: UPN-Suffixes +name: UPN-Suffixes objectClass: top objectClass: attributeSchema lDAPDisplayName: uPNSuffixes @@ -2634,10 +2828,11 @@ schemaIDGUID: 032160bf-9824-11d1-aec0-0000f80367c1 adminDisplayName: UPN-Suffixes attributeID: 1.2.840.113556.1.4.890 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-PerUserTrustQuota,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-PerUserTrustQuota -name: msDS-PerUserTrustQuota +dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DS-Per-User-Trust-Quota +name: MS-DS-Per-User-Trust-Quota objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-PerUserTrustQuota @@ -2648,10 +2843,11 @@ schemaIDGUID: d161adf0-ca24-4993-a3aa-8b2c981302e8 adminDisplayName: MS-DS-Per-User-Trust-Quota attributeID: 1.2.840.113556.1.4.1788 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=ms-DS-MachineAccountQuota,CN=Schema,CN=Configuration,${BASEDN} -cn: ms-DS-MachineAccountQuota -name: ms-DS-MachineAccountQuota +dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DS-Machine-Account-Quota +name: MS-DS-Machine-Account-Quota objectClass: top objectClass: attributeSchema lDAPDisplayName: ms-DS-MachineAccountQuota @@ -2662,10 +2858,11 @@ schemaIDGUID: d064fb68-1480-11d3-91c1-0000f87a57d4 adminDisplayName: MS-DS-Machine-Account-Quota attributeID: 1.2.840.113556.1.4.1411 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=serverRole,CN=Schema,CN=Configuration,${BASEDN} -cn: serverRole -name: serverRole +dn: CN=Server-Role,CN=Schema,CN=Configuration,${BASEDN} +cn: Server-Role +name: Server-Role objectClass: top objectClass: attributeSchema lDAPDisplayName: serverRole @@ -2676,10 +2873,11 @@ schemaIDGUID: bf967a33-0de6-11d0-a285-00aa003049e2 adminDisplayName: Server-Role attributeID: 1.2.840.113556.1.4.157 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=homePhone,CN=Schema,CN=Configuration,${BASEDN} -cn: homePhone -name: homePhone +dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Home-Primary +name: Phone-Home-Primary objectClass: top objectClass: attributeSchema lDAPDisplayName: homePhone @@ -2690,10 +2888,11 @@ schemaIDGUID: f0f8ffa1-1191-11d0-a060-00aa006c33ed adminDisplayName: Phone-Home-Primary attributeID: 0.9.2342.19200300.100.1.20 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=operatingSystemHotfix,CN=Schema,CN=Configuration,${BASEDN} -cn: operatingSystemHotfix -name: operatingSystemHotfix +dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,${BASEDN} +cn: Operating-System-Hotfix +name: Operating-System-Hotfix objectClass: top objectClass: attributeSchema lDAPDisplayName: operatingSystemHotfix @@ -2704,10 +2903,11 @@ schemaIDGUID: bd951b3c-9c96-11d0-afdd-00c04fd930c9 adminDisplayName: Operating-System-Hotfix attributeID: 1.2.840.113556.1.4.415 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AdditionalDnsHostName,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AdditionalDnsHostName -name: msDS-AdditionalDnsHostName +dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Additional-Dns-Host-Name +name: ms-DS-Additional-Dns-Host-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AdditionalDnsHostName @@ -2718,10 +2918,11 @@ schemaIDGUID: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7 adminDisplayName: ms-DS-Additional-Dns-Host-Name attributeID: 1.2.840.113556.1.4.1717 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AzScriptTimeout,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzScriptTimeout -name: msDS-AzScriptTimeout +dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Script-Timeout +name: ms-DS-Az-Script-Timeout objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzScriptTimeout @@ -2732,10 +2933,11 @@ schemaIDGUID: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0 adminDisplayName: MS-DS-Az-Script-Timeout attributeID: 1.2.840.113556.1.4.1797 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=mustContain,CN=Schema,CN=Configuration,${BASEDN} -cn: mustContain -name: mustContain +dn: CN=Must-Contain,CN=Schema,CN=Configuration,${BASEDN} +cn: Must-Contain +name: Must-Contain objectClass: top objectClass: attributeSchema lDAPDisplayName: mustContain @@ -2746,10 +2948,11 @@ schemaIDGUID: bf9679d3-0de6-11d0-a285-00aa003049e2 adminDisplayName: Must-Contain attributeID: 1.2.840.113556.1.2.24 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=userCertificate,CN=Schema,CN=Configuration,${BASEDN} -cn: userCertificate -name: userCertificate +dn: CN=X509-Cert,CN=Schema,CN=Configuration,${BASEDN} +cn: X509-Cert +name: X509-Cert objectClass: top objectClass: attributeSchema lDAPDisplayName: userCertificate @@ -2760,6 +2963,7 @@ schemaIDGUID: bf967a7f-0de6-11d0-a285-00aa003049e2 adminDisplayName: X509-Cert attributeID: 2.5.4.36 attributeSyntax: 2.5.5.10 +oMSyntax: 4 dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,${BASEDN} cn: msNPCallingStationID @@ -2774,10 +2978,11 @@ schemaIDGUID: db0c908a-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msNPCallingStationID attributeID: 1.2.840.113556.1.4.1124 attributeSyntax: 2.5.5.5 +oMSyntax: 22 -dn: CN=msDS-User-Account-Control-Computed,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-User-Account-Control-Computed -name: msDS-User-Account-Control-Computed +dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-User-Account-Control-Computed +name: ms-DS-User-Account-Control-Computed objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-User-Account-Control-Computed @@ -2788,10 +2993,11 @@ schemaIDGUID: 2cc4b836-b63f-4940-8d23-ea7acf06af56 adminDisplayName: ms-DS-User-Account-Control-Computed attributeID: 1.2.840.113556.1.4.1460 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=homeDirectory,CN=Schema,CN=Configuration,${BASEDN} -cn: homeDirectory -name: homeDirectory +dn: CN=Home-Directory,CN=Schema,CN=Configuration,${BASEDN} +cn: Home-Directory +name: Home-Directory objectClass: top objectClass: attributeSchema lDAPDisplayName: homeDirectory @@ -2802,10 +3008,11 @@ schemaIDGUID: bf967985-0de6-11d0-a285-00aa003049e2 adminDisplayName: Home-Directory attributeID: 1.2.840.113556.1.4.44 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AzLDAPQuery,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzLDAPQuery -name: msDS-AzLDAPQuery +dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-LDAP-Query +name: ms-DS-Az-LDAP-Query objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzLDAPQuery @@ -2816,10 +3023,11 @@ schemaIDGUID: 5e53368b-fc94-45c8-9d7d-daf31ee7112d adminDisplayName: MS-DS-Az-LDAP-Query attributeID: 1.2.840.113556.1.4.1792 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=partialAttributeDeletionList,CN=Schema,CN=Configuration,${BASEDN} -cn: partialAttributeDeletionList -name: partialAttributeDeletionList +dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,${BASEDN} +cn: Partial-Attribute-Deletion-List +name: Partial-Attribute-Deletion-List objectClass: top objectClass: attributeSchema lDAPDisplayName: partialAttributeDeletionList @@ -2830,10 +3038,11 @@ schemaIDGUID: 28630ec0-41d5-11d1-a9c1-0000f80367c1 adminDisplayName: Partial-Attribute-Deletion-List attributeID: 1.2.840.113556.1.4.663 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=isCriticalSystemObject,CN=Schema,CN=Configuration,${BASEDN} -cn: isCriticalSystemObject -name: isCriticalSystemObject +dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,${BASEDN} +cn: Is-Critical-System-Object +name: Is-Critical-System-Object objectClass: top objectClass: attributeSchema lDAPDisplayName: isCriticalSystemObject @@ -2844,10 +3053,11 @@ schemaIDGUID: 00fbf30d-91fe-11d1-aebc-0000f80367c1 adminDisplayName: Is-Critical-System-Object attributeID: 1.2.840.113556.1.4.868 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=gPLink,CN=Schema,CN=Configuration,${BASEDN} -cn: gPLink -name: gPLink +dn: CN=GP-Link,CN=Schema,CN=Configuration,${BASEDN} +cn: GP-Link +name: GP-Link objectClass: top objectClass: attributeSchema lDAPDisplayName: gPLink @@ -2858,10 +3068,11 @@ schemaIDGUID: f30e3bbe-9ff0-11d1-b603-0000f80367c1 adminDisplayName: GP-Link attributeID: 1.2.840.113556.1.4.891 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=scopeFlags,CN=Schema,CN=Configuration,${BASEDN} -cn: scopeFlags -name: scopeFlags +dn: CN=Scope-Flags,CN=Schema,CN=Configuration,${BASEDN} +cn: Scope-Flags +name: Scope-Flags objectClass: top objectClass: attributeSchema lDAPDisplayName: scopeFlags @@ -2872,10 +3083,11 @@ schemaIDGUID: 16f3a4c2-7e79-11d2-9921-0000f87a57d4 adminDisplayName: Scope-Flags attributeID: 1.2.840.113556.1.4.1354 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=lockoutDuration,CN=Schema,CN=Configuration,${BASEDN} -cn: lockoutDuration -name: lockoutDuration +dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,${BASEDN} +cn: Lockout-Duration +name: Lockout-Duration objectClass: top objectClass: attributeSchema lDAPDisplayName: lockoutDuration @@ -2886,10 +3098,11 @@ schemaIDGUID: bf9679a5-0de6-11d0-a285-00aa003049e2 adminDisplayName: Lockout-Duration attributeID: 1.2.840.113556.1.4.60 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=msCOM-UserPartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} -cn: msCOM-UserPartitionSetLink -name: msCOM-UserPartitionSetLink +dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-COM-UserPartitionSetLink +name: ms-COM-UserPartitionSetLink objectClass: top objectClass: attributeSchema lDAPDisplayName: msCOM-UserPartitionSetLink @@ -2901,10 +3114,12 @@ schemaIDGUID: 8e940c8a-e477-4367-b08d-ff2ff942dcd7 adminDisplayName: ms-COM-UserPartitionSetLink attributeID: 1.2.840.113556.1.4.1426 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=thumbnailLogo,CN=Schema,CN=Configuration,${BASEDN} -cn: thumbnailLogo -name: thumbnailLogo +dn: CN=Logo,CN=Schema,CN=Configuration,${BASEDN} +cn: Logo +name: Logo objectClass: top objectClass: attributeSchema lDAPDisplayName: thumbnailLogo @@ -2915,10 +3130,11 @@ schemaIDGUID: bf9679a9-0de6-11d0-a285-00aa003049e2 adminDisplayName: Logo attributeID: 2.16.840.1.113730.3.1.36 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=thumbnailPhoto,CN=Schema,CN=Configuration,${BASEDN} -cn: thumbnailPhoto -name: thumbnailPhoto +dn: CN=Picture,CN=Schema,CN=Configuration,${BASEDN} +cn: Picture +name: Picture objectClass: top objectClass: attributeSchema lDAPDisplayName: thumbnailPhoto @@ -2929,10 +3145,11 @@ schemaIDGUID: 8d3bca50-1d7e-11d0-a081-00aa006c33ed adminDisplayName: Picture attributeID: 2.16.840.1.113730.3.1.35 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=location,CN=Schema,CN=Configuration,${BASEDN} -cn: location -name: location +dn: CN=Location,CN=Schema,CN=Configuration,${BASEDN} +cn: Location +name: Location objectClass: top objectClass: attributeSchema lDAPDisplayName: location @@ -2943,10 +3160,11 @@ schemaIDGUID: 09dcb79f-165f-11d0-a064-00aa006c33ed adminDisplayName: Location attributeID: 1.2.840.113556.1.4.222 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=userWorkstations,CN=Schema,CN=Configuration,${BASEDN} -cn: userWorkstations -name: userWorkstations +dn: CN=User-Workstations,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Workstations +name: User-Workstations objectClass: top objectClass: attributeSchema lDAPDisplayName: userWorkstations @@ -2957,10 +3175,11 @@ schemaIDGUID: bf9679d7-0de6-11d0-a285-00aa003049e2 adminDisplayName: User-Workstations attributeID: 1.2.840.113556.1.4.86 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=logonWorkstation,CN=Schema,CN=Configuration,${BASEDN} -cn: logonWorkstation -name: logonWorkstation +dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,${BASEDN} +cn: Logon-Workstation +name: Logon-Workstation objectClass: top objectClass: attributeSchema lDAPDisplayName: logonWorkstation @@ -2971,10 +3190,11 @@ schemaIDGUID: bf9679ac-0de6-11d0-a285-00aa003049e2 adminDisplayName: Logon-Workstation attributeID: 1.2.840.113556.1.4.65 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=lastLogonTimestamp,CN=Schema,CN=Configuration,${BASEDN} -cn: lastLogonTimestamp -name: lastLogonTimestamp +dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,${BASEDN} +cn: Last-Logon-Timestamp +name: Last-Logon-Timestamp objectClass: top objectClass: attributeSchema lDAPDisplayName: lastLogonTimestamp @@ -2985,10 +3205,11 @@ schemaIDGUID: c0e20a04-0e5a-4ff3-9482-5efeaecd7060 adminDisplayName: Last-Logon-Timestamp attributeID: 1.2.840.113556.1.4.1696 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=priorValue,CN=Schema,CN=Configuration,${BASEDN} -cn: priorValue -name: priorValue +dn: CN=Prior-Value,CN=Schema,CN=Configuration,${BASEDN} +cn: Prior-Value +name: Prior-Value objectClass: top objectClass: attributeSchema lDAPDisplayName: priorValue @@ -2999,10 +3220,11 @@ schemaIDGUID: bf967a02-0de6-11d0-a285-00aa003049e2 adminDisplayName: Prior-Value attributeID: 1.2.840.113556.1.4.100 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=lastSetTime,CN=Schema,CN=Configuration,${BASEDN} -cn: lastSetTime -name: lastSetTime +dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: Last-Set-Time +name: Last-Set-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: lastSetTime @@ -3013,10 +3235,11 @@ schemaIDGUID: bf967998-0de6-11d0-a285-00aa003049e2 adminDisplayName: Last-Set-Time attributeID: 1.2.840.113556.1.4.53 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=objectGUID,CN=Schema,CN=Configuration,${BASEDN} -cn: objectGUID -name: objectGUID +dn: CN=Object-Guid,CN=Schema,CN=Configuration,${BASEDN} +cn: Object-Guid +name: Object-Guid objectClass: top objectClass: attributeSchema lDAPDisplayName: objectGUID @@ -3027,10 +3250,11 @@ schemaIDGUID: bf9679e7-0de6-11d0-a285-00aa003049e2 adminDisplayName: Object-Guid attributeID: 1.2.840.113556.1.4.2 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=msDS-TasksForAzTaskBL,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-TasksForAzTaskBL -name: msDS-TasksForAzTaskBL +dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Tasks-For-Az-Task-BL +name: ms-DS-Tasks-For-Az-Task-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-TasksForAzTaskBL @@ -3042,10 +3266,12 @@ schemaIDGUID: df446e52-b5fa-4ca2-a42f-13f98a526c8f adminDisplayName: MS-DS-Tasks-For-Az-Task-BL attributeID: 1.2.840.113556.1.4.1811 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=managedBy,CN=Schema,CN=Configuration,${BASEDN} -cn: managedBy -name: managedBy +dn: CN=Managed-By,CN=Schema,CN=Configuration,${BASEDN} +cn: Managed-By +name: Managed-By objectClass: top objectClass: attributeSchema lDAPDisplayName: managedBy @@ -3057,10 +3283,12 @@ schemaIDGUID: 0296c120-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Managed-By attributeID: 1.2.840.113556.1.4.653 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=pwdProperties,CN=Schema,CN=Configuration,${BASEDN} -cn: pwdProperties -name: pwdProperties +dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,${BASEDN} +cn: Pwd-Properties +name: Pwd-Properties objectClass: top objectClass: attributeSchema lDAPDisplayName: pwdProperties @@ -3071,10 +3299,11 @@ schemaIDGUID: bf967a0b-0de6-11d0-a285-00aa003049e2 adminDisplayName: Pwd-Properties attributeID: 1.2.840.113556.1.4.93 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=builtinCreationTime,CN=Schema,CN=Configuration,${BASEDN} -cn: builtinCreationTime -name: builtinCreationTime +dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: Builtin-Creation-Time +name: Builtin-Creation-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: builtinCreationTime @@ -3085,10 +3314,11 @@ schemaIDGUID: bf96792f-0de6-11d0-a285-00aa003049e2 adminDisplayName: Builtin-Creation-Time attributeID: 1.2.840.113556.1.4.13 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=postOfficeBox,CN=Schema,CN=Configuration,${BASEDN} -cn: postOfficeBox -name: postOfficeBox +dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,${BASEDN} +cn: Post-Office-Box +name: Post-Office-Box objectClass: top objectClass: attributeSchema lDAPDisplayName: postOfficeBox @@ -3099,10 +3329,11 @@ schemaIDGUID: bf9679fb-0de6-11d0-a285-00aa003049e2 adminDisplayName: Post-Office-Box attributeID: 2.5.4.18 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=company,CN=Schema,CN=Configuration,${BASEDN} -cn: company -name: company +dn: CN=Company,CN=Schema,CN=Configuration,${BASEDN} +cn: Company +name: Company objectClass: top objectClass: attributeSchema lDAPDisplayName: company @@ -3113,10 +3344,11 @@ schemaIDGUID: f0f8ff88-1191-11d0-a060-00aa006c33ed adminDisplayName: Company attributeID: 1.2.840.113556.1.2.146 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=catalogs,CN=Schema,CN=Configuration,${BASEDN} -cn: catalogs -name: catalogs +dn: CN=Catalogs,CN=Schema,CN=Configuration,${BASEDN} +cn: Catalogs +name: Catalogs objectClass: top objectClass: attributeSchema lDAPDisplayName: catalogs @@ -3127,10 +3359,11 @@ schemaIDGUID: 7bfdcb81-4807-11d1-a9c3-0000f80367c1 adminDisplayName: Catalogs attributeID: 1.2.840.113556.1.4.675 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=defaultObjectCategory,CN=Schema,CN=Configuration,${BASEDN} -cn: defaultObjectCategory -name: defaultObjectCategory +dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,${BASEDN} +cn: Default-Object-Category +name: Default-Object-Category objectClass: top objectClass: attributeSchema lDAPDisplayName: defaultObjectCategory @@ -3141,6 +3374,8 @@ schemaIDGUID: 26d97367-6070-11d1-a9c6-0000f80367c1 adminDisplayName: Default-Object-Category attributeID: 1.2.840.113556.1.4.783 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,${BASEDN} cn: msRADIUSFramedRoute @@ -3155,10 +3390,11 @@ schemaIDGUID: db0c90a9-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msRADIUSFramedRoute attributeID: 1.2.840.113556.1.4.1158 attributeSyntax: 2.5.5.5 +oMSyntax: 22 -dn: CN=priorSetTime,CN=Schema,CN=Configuration,${BASEDN} -cn: priorSetTime -name: priorSetTime +dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: Prior-Set-Time +name: Prior-Set-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: priorSetTime @@ -3169,10 +3405,11 @@ schemaIDGUID: bf967a01-0de6-11d0-a285-00aa003049e2 adminDisplayName: Prior-Set-Time attributeID: 1.2.840.113556.1.4.99 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=userCert,CN=Schema,CN=Configuration,${BASEDN} -cn: userCert -name: userCert +dn: CN=User-Cert,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Cert +name: User-Cert objectClass: top objectClass: attributeSchema lDAPDisplayName: userCert @@ -3183,10 +3420,11 @@ schemaIDGUID: bf967a69-0de6-11d0-a285-00aa003049e2 adminDisplayName: User-Cert attributeID: 1.2.840.113556.1.4.645 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=nonSecurityMember,CN=Schema,CN=Configuration,${BASEDN} -cn: nonSecurityMember -name: nonSecurityMember +dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,${BASEDN} +cn: Non-Security-Member +name: Non-Security-Member objectClass: top objectClass: attributeSchema lDAPDisplayName: nonSecurityMember @@ -3198,10 +3436,12 @@ schemaIDGUID: 52458018-ca6a-11d0-afff-0000f80367c1 adminDisplayName: Non-Security-Member attributeID: 1.2.840.113556.1.4.530 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=member,CN=Schema,CN=Configuration,${BASEDN} -cn: member -name: member +dn: CN=Member,CN=Schema,CN=Configuration,${BASEDN} +cn: Member +name: Member objectClass: top objectClass: attributeSchema lDAPDisplayName: member @@ -3213,10 +3453,12 @@ schemaIDGUID: bf9679c0-0de6-11d0-a285-00aa003049e2 adminDisplayName: Member attributeID: 2.5.4.31 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=groupAttributes,CN=Schema,CN=Configuration,${BASEDN} -cn: groupAttributes -name: groupAttributes +dn: CN=Group-Attributes,CN=Schema,CN=Configuration,${BASEDN} +cn: Group-Attributes +name: Group-Attributes objectClass: top objectClass: attributeSchema lDAPDisplayName: groupAttributes @@ -3227,10 +3469,11 @@ schemaIDGUID: bf96797e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Group-Attributes attributeID: 1.2.840.113556.1.4.152 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=systemFlags,CN=Schema,CN=Configuration,${BASEDN} -cn: systemFlags -name: systemFlags +dn: CN=System-Flags,CN=Schema,CN=Configuration,${BASEDN} +cn: System-Flags +name: System-Flags objectClass: top objectClass: attributeSchema lDAPDisplayName: systemFlags @@ -3241,10 +3484,11 @@ schemaIDGUID: e0fa1e62-9b45-11d0-afdd-00c04fd930c9 adminDisplayName: System-Flags attributeID: 1.2.840.113556.1.4.375 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=proxiedObjectName,CN=Schema,CN=Configuration,${BASEDN} -cn: proxiedObjectName -name: proxiedObjectName +dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Proxied-Object-Name +name: Proxied-Object-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: proxiedObjectName @@ -3255,10 +3499,12 @@ schemaIDGUID: e1aea402-cd5b-11d0-afff-0000f80367c1 adminDisplayName: Proxied-Object-Name attributeID: 1.2.840.113556.1.4.1249 attributeSyntax: 2.5.5.7 +oMSyntax: 127 +oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=msDS-ReplValueMetaData,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-ReplValueMetaData -name: msDS-ReplValueMetaData +dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Repl-Value-Meta-Data +name: ms-DS-Repl-Value-Meta-Data objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-ReplValueMetaData @@ -3269,10 +3515,11 @@ schemaIDGUID: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd adminDisplayName: ms-DS-Repl-Value-Meta-Data attributeID: 1.2.840.113556.1.4.1708 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=allowedChildClassesEffective,CN=Schema,CN=Configuration,${BASEDN} -cn: allowedChildClassesEffective -name: allowedChildClassesEffective +dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,${BASEDN} +cn: Allowed-Child-Classes-Effective +name: Allowed-Child-Classes-Effective objectClass: top objectClass: attributeSchema lDAPDisplayName: allowedChildClassesEffective @@ -3283,10 +3530,11 @@ schemaIDGUID: 9a7ad943-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Allowed-Child-Classes-Effective attributeID: 1.2.840.113556.1.4.912 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=msDS-AzGenerateAudits,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzGenerateAudits -name: msDS-AzGenerateAudits +dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Generate-Audits +name: ms-DS-Az-Generate-Audits objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzGenerateAudits @@ -3297,10 +3545,11 @@ schemaIDGUID: f90abab0-186c-4418-bb85-88447c87222a adminDisplayName: MS-DS-Az-Generate-Audits attributeID: 1.2.840.113556.1.4.1805 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=msDS-AzApplicationVersion,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzApplicationVersion -name: msDS-AzApplicationVersion +dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Application-Version +name: ms-DS-Az-Application-Version objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzApplicationVersion @@ -3311,10 +3560,11 @@ schemaIDGUID: 7184a120-3ac4-47ae-848f-fe0ab20784d4 adminDisplayName: MS-DS-Az-Application-Version attributeID: 1.2.840.113556.1.4.1817 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=iconPath,CN=Schema,CN=Configuration,${BASEDN} -cn: iconPath -name: iconPath +dn: CN=Icon-Path,CN=Schema,CN=Configuration,${BASEDN} +cn: Icon-Path +name: Icon-Path objectClass: top objectClass: attributeSchema lDAPDisplayName: iconPath @@ -3325,10 +3575,11 @@ schemaIDGUID: f0f8ff83-1191-11d0-a060-00aa006c33ed adminDisplayName: Icon-Path attributeID: 1.2.840.113556.1.4.219 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=street,CN=Schema,CN=Configuration,${BASEDN} -cn: street -name: street +dn: CN=Street-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: Street-Address +name: Street-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: street @@ -3339,10 +3590,11 @@ schemaIDGUID: bf967a3a-0de6-11d0-a285-00aa003049e2 adminDisplayName: Street-Address attributeID: 2.5.4.9 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-ExecuteScriptPassword,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-ExecuteScriptPassword -name: msDS-ExecuteScriptPassword +dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-ExecuteScriptPassword +name: ms-DS-ExecuteScriptPassword objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-ExecuteScriptPassword @@ -3353,10 +3605,11 @@ schemaIDGUID: 9d054a5a-d187-46c1-9d85-42dfc44a56dd adminDisplayName: ms-DS-ExecuteScriptPassword attributeID: 1.2.840.113556.1.4.1783 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=msDS-LogonTimeSyncInterval,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-LogonTimeSyncInterval -name: msDS-LogonTimeSyncInterval +dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Logon-Time-Sync-Interval +name: ms-DS-Logon-Time-Sync-Interval objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-LogonTimeSyncInterval @@ -3367,10 +3620,11 @@ schemaIDGUID: ad7940f8-e43a-4a42-83bc-d688e59ea605 adminDisplayName: ms-DS-Logon-Time-Sync-Interval attributeID: 1.2.840.113556.1.4.1784 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=garbageCollPeriod,CN=Schema,CN=Configuration,${BASEDN} -cn: garbageCollPeriod -name: garbageCollPeriod +dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,${BASEDN} +cn: Garbage-Coll-Period +name: Garbage-Coll-Period objectClass: top objectClass: attributeSchema lDAPDisplayName: garbageCollPeriod @@ -3381,10 +3635,11 @@ schemaIDGUID: 5fd424a1-1262-11d0-a060-00aa006c33ed adminDisplayName: Garbage-Coll-Period attributeID: 1.2.840.113556.1.2.301 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=mSMQSignCertificatesMig,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQSignCertificatesMig -name: mSMQSignCertificatesMig +dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Sign-Certificates-Mig +name: MSMQ-Sign-Certificates-Mig objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQSignCertificatesMig @@ -3395,10 +3650,11 @@ schemaIDGUID: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1 adminDisplayName: MSMQ-Sign-Certificates-Mig attributeID: 1.2.840.113556.1.4.967 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=msDS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Cached-Membership-Time-Stamp -name: msDS-Cached-Membership-Time-Stamp +dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Cached-Membership-Time-Stamp +name: ms-DS-Cached-Membership-Time-Stamp objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Cached-Membership-Time-Stamp @@ -3409,10 +3665,11 @@ schemaIDGUID: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1 adminDisplayName: ms-DS-Cached-Membership-Time-Stamp attributeID: 1.2.840.113556.1.4.1442 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=logonCount,CN=Schema,CN=Configuration,${BASEDN} -cn: logonCount -name: logonCount +dn: CN=Logon-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: Logon-Count +name: Logon-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: logonCount @@ -3423,10 +3680,11 @@ schemaIDGUID: bf9679aa-0de6-11d0-a285-00aa003049e2 adminDisplayName: Logon-Count attributeID: 1.2.840.113556.1.4.169 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=localeID,CN=Schema,CN=Configuration,${BASEDN} -cn: localeID -name: localeID +dn: CN=Locale-ID,CN=Schema,CN=Configuration,${BASEDN} +cn: Locale-ID +name: Locale-ID objectClass: top objectClass: attributeSchema lDAPDisplayName: localeID @@ -3437,10 +3695,11 @@ schemaIDGUID: bf9679a1-0de6-11d0-a285-00aa003049e2 adminDisplayName: Locale-ID attributeID: 1.2.840.113556.1.4.58 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=badPwdCount,CN=Schema,CN=Configuration,${BASEDN} -cn: badPwdCount -name: badPwdCount +dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: Bad-Pwd-Count +name: Bad-Pwd-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: badPwdCount @@ -3451,10 +3710,11 @@ schemaIDGUID: bf96792e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Bad-Pwd-Count attributeID: 1.2.840.113556.1.4.12 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=subSchemaSubEntry,CN=Schema,CN=Configuration,${BASEDN} -cn: subSchemaSubEntry -name: subSchemaSubEntry +dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,${BASEDN} +cn: SubSchemaSubEntry +name: SubSchemaSubEntry objectClass: top objectClass: attributeSchema lDAPDisplayName: subSchemaSubEntry @@ -3465,10 +3725,12 @@ schemaIDGUID: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: SubSchemaSubEntry attributeID: 2.5.18.10 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=structuralObjectClass,CN=Schema,CN=Configuration,${BASEDN} -cn: structuralObjectClass -name: structuralObjectClass +dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,${BASEDN} +cn: Structural-Object-Class +name: Structural-Object-Class objectClass: top objectClass: attributeSchema lDAPDisplayName: structuralObjectClass @@ -3479,10 +3741,11 @@ schemaIDGUID: 3860949f-f6a8-4b38-9950-81ecb6bc2982 adminDisplayName: Structural-Object-Class attributeID: 2.5.21.9 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=isDeleted,CN=Schema,CN=Configuration,${BASEDN} -cn: isDeleted -name: isDeleted +dn: CN=Is-Deleted,CN=Schema,CN=Configuration,${BASEDN} +cn: Is-Deleted +name: Is-Deleted objectClass: top objectClass: attributeSchema lDAPDisplayName: isDeleted @@ -3493,10 +3756,11 @@ schemaIDGUID: bf96798f-0de6-11d0-a285-00aa003049e2 adminDisplayName: Is-Deleted attributeID: 1.2.840.113556.1.2.48 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=extraColumns,CN=Schema,CN=Configuration,${BASEDN} -cn: extraColumns -name: extraColumns +dn: CN=Extra-Columns,CN=Schema,CN=Configuration,${BASEDN} +cn: Extra-Columns +name: Extra-Columns objectClass: top objectClass: attributeSchema lDAPDisplayName: extraColumns @@ -3507,10 +3771,11 @@ schemaIDGUID: d24e2846-1dd9-4bcf-99d7-a6227cc86da7 adminDisplayName: Extra-Columns attributeID: 1.2.840.113556.1.4.1687 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=adminMultiselectPropertyPages,CN=Schema,CN=Configuration,${BASEDN} -cn: adminMultiselectPropertyPages -name: adminMultiselectPropertyPages +dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,${BASEDN} +cn: Admin-Multiselect-Property-Pages +name: Admin-Multiselect-Property-Pages objectClass: top objectClass: attributeSchema lDAPDisplayName: adminMultiselectPropertyPages @@ -3521,10 +3786,11 @@ schemaIDGUID: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba adminDisplayName: Admin-Multiselect-Property-Pages attributeID: 1.2.840.113556.1.4.1690 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=options,CN=Schema,CN=Configuration,${BASEDN} -cn: options -name: options +dn: CN=Options,CN=Schema,CN=Configuration,${BASEDN} +cn: Options +name: Options objectClass: top objectClass: attributeSchema lDAPDisplayName: options @@ -3535,10 +3801,11 @@ schemaIDGUID: 19195a53-6da0-11d0-afd3-00c04fd930c9 adminDisplayName: Options attributeID: 1.2.840.113556.1.4.307 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=lockOutObservationWindow,CN=Schema,CN=Configuration,${BASEDN} -cn: lockOutObservationWindow -name: lockOutObservationWindow +dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,${BASEDN} +cn: Lock-Out-Observation-Window +name: Lock-Out-Observation-Window objectClass: top objectClass: attributeSchema lDAPDisplayName: lockOutObservationWindow @@ -3549,10 +3816,11 @@ schemaIDGUID: bf9679a4-0de6-11d0-a285-00aa003049e2 adminDisplayName: Lock-Out-Observation-Window attributeID: 1.2.840.113556.1.4.61 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=defaultLocalPolicyObject,CN=Schema,CN=Configuration,${BASEDN} -cn: defaultLocalPolicyObject -name: defaultLocalPolicyObject +dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,${BASEDN} +cn: Default-Local-Policy-Object +name: Default-Local-Policy-Object objectClass: top objectClass: attributeSchema lDAPDisplayName: defaultLocalPolicyObject @@ -3563,10 +3831,12 @@ schemaIDGUID: bf96799f-0de6-11d0-a285-00aa003049e2 adminDisplayName: Default-Local-Policy-Object attributeID: 1.2.840.113556.1.4.57 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=creationTime,CN=Schema,CN=Configuration,${BASEDN} -cn: creationTime -name: creationTime +dn: CN=Creation-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: Creation-Time +name: Creation-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: creationTime @@ -3577,10 +3847,11 @@ schemaIDGUID: bf967946-0de6-11d0-a285-00aa003049e2 adminDisplayName: Creation-Time attributeID: 1.2.840.113556.1.4.26 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=registeredAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: registeredAddress -name: registeredAddress +dn: CN=Registered-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: Registered-Address +name: Registered-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: registeredAddress @@ -3590,10 +3861,11 @@ schemaIDGUID: bf967a10-0de6-11d0-a285-00aa003049e2 adminDisplayName: Registered-Address attributeID: 2.5.4.26 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=postalAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: postalAddress -name: postalAddress +dn: CN=Postal-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: Postal-Address +name: Postal-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: postalAddress @@ -3604,10 +3876,11 @@ schemaIDGUID: bf9679fc-0de6-11d0-a285-00aa003049e2 adminDisplayName: Postal-Address attributeID: 2.5.4.16 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=initials,CN=Schema,CN=Configuration,${BASEDN} -cn: initials -name: initials +dn: CN=Initials,CN=Schema,CN=Configuration,${BASEDN} +cn: Initials +name: Initials objectClass: top objectClass: attributeSchema lDAPDisplayName: initials @@ -3618,10 +3891,11 @@ schemaIDGUID: f0f8ff90-1191-11d0-a060-00aa006c33ed adminDisplayName: Initials attributeID: 2.5.4.43 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=netbootSIFFile,CN=Schema,CN=Configuration,${BASEDN} -cn: netbootSIFFile -name: netbootSIFFile +dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,${BASEDN} +cn: Netboot-SIF-File +name: Netboot-SIF-File objectClass: top objectClass: attributeSchema lDAPDisplayName: netbootSIFFile @@ -3632,10 +3906,11 @@ schemaIDGUID: 2df90d84-009f-11d2-aa4c-00c04fd7d83a adminDisplayName: Netboot-SIF-File attributeID: 1.2.840.113556.1.4.1240 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AdditionalSamAccountName,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AdditionalSamAccountName -name: msDS-AdditionalSamAccountName +dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Additional-Sam-Account-Name +name: ms-DS-Additional-Sam-Account-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AdditionalSamAccountName @@ -3646,10 +3921,11 @@ schemaIDGUID: 975571df-a4d5-429a-9f59-cdc6581d91e6 adminDisplayName: ms-DS-Additional-Sam-Account-Name attributeID: 1.2.840.113556.1.4.1718 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=systemPossSuperiors,CN=Schema,CN=Configuration,${BASEDN} -cn: systemPossSuperiors -name: systemPossSuperiors +dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,${BASEDN} +cn: System-Poss-Superiors +name: System-Poss-Superiors objectClass: top objectClass: attributeSchema lDAPDisplayName: systemPossSuperiors @@ -3660,6 +3936,7 @@ schemaIDGUID: bf967a47-0de6-11d0-a285-00aa003049e2 adminDisplayName: System-Poss-Superiors attributeID: 1.2.840.113556.1.4.195 attributeSyntax: 2.5.5.2 +oMSyntax: 6 dn: CN=photo,CN=Schema,CN=Configuration,${BASEDN} cn: photo @@ -3674,10 +3951,11 @@ schemaIDGUID: 9c979768-ba1a-4c08-9632-c6a5c1ed649a adminDisplayName: photo attributeID: 0.9.2342.19200300.100.1.7 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=employeeNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: employeeNumber -name: employeeNumber +dn: CN=Employee-Number,CN=Schema,CN=Configuration,${BASEDN} +cn: Employee-Number +name: Employee-Number objectClass: top objectClass: attributeSchema lDAPDisplayName: employeeNumber @@ -3688,10 +3966,11 @@ schemaIDGUID: a8df73ef-c5ea-11d1-bbcb-0080c76670c0 adminDisplayName: Employee-Number attributeID: 1.2.840.113556.1.2.610 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=lockoutTime,CN=Schema,CN=Configuration,${BASEDN} -cn: lockoutTime -name: lockoutTime +dn: CN=Lockout-Time,CN=Schema,CN=Configuration,${BASEDN} +cn: Lockout-Time +name: Lockout-Time objectClass: top objectClass: attributeSchema lDAPDisplayName: lockoutTime @@ -3702,10 +3981,11 @@ schemaIDGUID: 28630ebf-41d5-11d1-a9c1-0000f80367c1 adminDisplayName: Lockout-Time attributeID: 1.2.840.113556.1.4.662 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=dynamicLDAPServer,CN=Schema,CN=Configuration,${BASEDN} -cn: dynamicLDAPServer -name: dynamicLDAPServer +dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,${BASEDN} +cn: Dynamic-LDAP-Server +name: Dynamic-LDAP-Server objectClass: top objectClass: attributeSchema lDAPDisplayName: dynamicLDAPServer @@ -3716,10 +3996,12 @@ schemaIDGUID: 52458021-ca6a-11d0-afff-0000f80367c1 adminDisplayName: Dynamic-LDAP-Server attributeID: 1.2.840.113556.1.4.537 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=extendedAttributeInfo,CN=Schema,CN=Configuration,${BASEDN} -cn: extendedAttributeInfo -name: extendedAttributeInfo +dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,${BASEDN} +cn: Extended-Attribute-Info +name: Extended-Attribute-Info objectClass: top objectClass: attributeSchema lDAPDisplayName: extendedAttributeInfo @@ -3730,10 +4012,11 @@ schemaIDGUID: 9a7ad947-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Extended-Attribute-Info attributeID: 1.2.840.113556.1.4.909 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msExchAssistantName,CN=Schema,CN=Configuration,${BASEDN} -cn: msExchAssistantName -name: msExchAssistantName +dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-Exch-Assistant-Name +name: ms-Exch-Assistant-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: msExchAssistantName @@ -3742,10 +4025,11 @@ schemaIDGUID: a8df7394-c5ea-11d1-bbcb-0080c76670c0 adminDisplayName: ms-Exch-Assistant-Name attributeID: 1.2.840.113556.1.2.444 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-NonMembersBL,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-NonMembersBL -name: msDS-NonMembersBL +dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Non-Members-BL +name: ms-DS-Non-Members-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-NonMembersBL @@ -3757,10 +4041,12 @@ schemaIDGUID: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74 adminDisplayName: ms-DS-Non-Members-BL attributeID: 1.2.840.113556.1.4.1794 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=adminDisplayName,CN=Schema,CN=Configuration,${BASEDN} -cn: adminDisplayName -name: adminDisplayName +dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Admin-Display-Name +name: Admin-Display-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: adminDisplayName @@ -3771,10 +4057,11 @@ schemaIDGUID: bf96791a-0de6-11d0-a285-00aa003049e2 adminDisplayName: Admin-Display-Name attributeID: 1.2.840.113556.1.2.194 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=contextMenu,CN=Schema,CN=Configuration,${BASEDN} -cn: contextMenu -name: contextMenu +dn: CN=Context-Menu,CN=Schema,CN=Configuration,${BASEDN} +cn: Context-Menu +name: Context-Menu objectClass: top objectClass: attributeSchema lDAPDisplayName: contextMenu @@ -3785,6 +4072,7 @@ schemaIDGUID: 4d8601ee-ac85-11d0-afe3-00c04fd930c9 adminDisplayName: Context-Menu attributeID: 1.2.840.113556.1.4.499 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,${BASEDN} cn: attributeCertificateAttribute @@ -3799,10 +4087,11 @@ schemaIDGUID: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e adminDisplayName: attributeCertificateAttribute attributeID: 2.5.4.58 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=sn,CN=Schema,CN=Configuration,${BASEDN} -cn: sn -name: sn +dn: CN=Surname,CN=Schema,CN=Configuration,${BASEDN} +cn: Surname +name: Surname objectClass: top objectClass: attributeSchema lDAPDisplayName: sn @@ -3813,10 +4102,11 @@ schemaIDGUID: bf967a41-0de6-11d0-a285-00aa003049e2 adminDisplayName: Surname attributeID: 2.5.4.4 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=sAMAccountName,CN=Schema,CN=Configuration,${BASEDN} -cn: sAMAccountName -name: sAMAccountName +dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: SAM-Account-Name +name: SAM-Account-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: sAMAccountName @@ -3827,10 +4117,11 @@ schemaIDGUID: 3e0abfd0-126a-11d0-a060-00aa006c33ed adminDisplayName: SAM-Account-Name attributeID: 1.2.840.113556.1.4.221 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=governsID,CN=Schema,CN=Configuration,${BASEDN} -cn: governsID -name: governsID +dn: CN=Governs-ID,CN=Schema,CN=Configuration,${BASEDN} +cn: Governs-ID +name: Governs-ID objectClass: top objectClass: attributeSchema lDAPDisplayName: governsID @@ -3841,6 +4132,7 @@ schemaIDGUID: bf96797d-0de6-11d0-a285-00aa003049e2 adminDisplayName: Governs-ID attributeID: 1.2.840.113556.1.2.22 attributeSyntax: 2.5.5.2 +oMSyntax: 6 dn: CN=jpegPhoto,CN=Schema,CN=Configuration,${BASEDN} cn: jpegPhoto @@ -3855,10 +4147,11 @@ schemaIDGUID: bac80572-09c4-4fa9-9ae6-7628d7adbe0e adminDisplayName: jpegPhoto attributeID: 0.9.2342.19200300.100.1.60 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=mSMQSignCertificates,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQSignCertificates -name: mSMQSignCertificates +dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Sign-Certificates +name: MSMQ-Sign-Certificates objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQSignCertificates @@ -3869,10 +4162,11 @@ schemaIDGUID: 9a0dc33b-c100-11d1-bbc5-0080c76670c0 adminDisplayName: MSMQ-Sign-Certificates attributeID: 1.2.840.113556.1.4.947 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=textEncodedORAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: textEncodedORAddress -name: textEncodedORAddress +dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: Text-Encoded-OR-Address +name: Text-Encoded-OR-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: textEncodedORAddress @@ -3882,10 +4176,11 @@ schemaIDGUID: a8df7489-c5ea-11d1-bbcb-0080c76670c0 adminDisplayName: Text-Encoded-OR-Address attributeID: 0.9.2342.19200300.100.1.2 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=uSNDSALastObjRemoved,CN=Schema,CN=Configuration,${BASEDN} -cn: uSNDSALastObjRemoved -name: uSNDSALastObjRemoved +dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,${BASEDN} +cn: USN-DSA-Last-Obj-Removed +name: USN-DSA-Last-Obj-Removed objectClass: top objectClass: attributeSchema lDAPDisplayName: uSNDSALastObjRemoved @@ -3896,10 +4191,11 @@ schemaIDGUID: bf967a71-0de6-11d0-a285-00aa003049e2 adminDisplayName: USN-DSA-Last-Obj-Removed attributeID: 1.2.840.113556.1.2.267 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=msDS-OperationsForAzRoleBL,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-OperationsForAzRoleBL -name: msDS-OperationsForAzRoleBL +dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Operations-For-Az-Role-BL +name: ms-DS-Operations-For-Az-Role-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-OperationsForAzRoleBL @@ -3911,10 +4207,12 @@ schemaIDGUID: f85b6228-3734-4525-b6b7-3f3bb220902c adminDisplayName: MS-DS-Operations-For-Az-Role-BL attributeID: 1.2.840.113556.1.4.1813 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=mS-DS-ConsistencyChildCount,CN=Schema,CN=Configuration,${BASEDN} -cn: mS-DS-ConsistencyChildCount -name: mS-DS-ConsistencyChildCount +dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DS-Consistency-Child-Count +name: MS-DS-Consistency-Child-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: mS-DS-ConsistencyChildCount @@ -3925,10 +4223,11 @@ schemaIDGUID: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1 adminDisplayName: MS-DS-Consistency-Child-Count attributeID: 1.2.840.113556.1.4.1361 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=dSASignature,CN=Schema,CN=Configuration,${BASEDN} -cn: dSASignature -name: dSASignature +dn: CN=DSA-Signature,CN=Schema,CN=Configuration,${BASEDN} +cn: DSA-Signature +name: DSA-Signature objectClass: top objectClass: attributeSchema lDAPDisplayName: dSASignature @@ -3939,10 +4238,11 @@ schemaIDGUID: 167757bc-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: DSA-Signature attributeID: 1.2.840.113556.1.2.74 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=allowedChildClasses,CN=Schema,CN=Configuration,${BASEDN} -cn: allowedChildClasses -name: allowedChildClasses +dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,${BASEDN} +cn: Allowed-Child-Classes +name: Allowed-Child-Classes objectClass: top objectClass: attributeSchema lDAPDisplayName: allowedChildClasses @@ -3953,10 +4253,11 @@ schemaIDGUID: 9a7ad942-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Allowed-Child-Classes attributeID: 1.2.840.113556.1.4.911 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=allowedAttributesEffective,CN=Schema,CN=Configuration,${BASEDN} -cn: allowedAttributesEffective -name: allowedAttributesEffective +dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,${BASEDN} +cn: Allowed-Attributes-Effective +name: Allowed-Attributes-Effective objectClass: top objectClass: attributeSchema lDAPDisplayName: allowedAttributesEffective @@ -3967,10 +4268,11 @@ schemaIDGUID: 9a7ad941-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Allowed-Attributes-Effective attributeID: 1.2.840.113556.1.4.914 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=nTMixedDomain,CN=Schema,CN=Configuration,${BASEDN} -cn: nTMixedDomain -name: nTMixedDomain +dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,${BASEDN} +cn: NT-Mixed-Domain +name: NT-Mixed-Domain objectClass: top objectClass: attributeSchema lDAPDisplayName: nTMixedDomain @@ -3981,10 +4283,11 @@ schemaIDGUID: 3e97891f-8c01-11d0-afda-00c04fd930c9 adminDisplayName: NT-Mixed-Domain attributeID: 1.2.840.113556.1.4.357 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=msDS-HasInstantiatedNCs,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-HasInstantiatedNCs -name: msDS-HasInstantiatedNCs +dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Has-Instantiated-NCs +name: ms-DS-Has-Instantiated-NCs objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-HasInstantiatedNCs @@ -3996,10 +4299,12 @@ schemaIDGUID: 11e9a5bc-4517-4049-af9c-51554fb0fc09 adminDisplayName: ms-DS-Has-Instantiated-NCs attributeID: 1.2.840.113556.1.4.1709 attributeSyntax: 2.5.5.7 +oMSyntax: 127 +oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=minPwdLength,CN=Schema,CN=Configuration,${BASEDN} -cn: minPwdLength -name: minPwdLength +dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,${BASEDN} +cn: Min-Pwd-Length +name: Min-Pwd-Length objectClass: top objectClass: attributeSchema lDAPDisplayName: minPwdLength @@ -4010,10 +4315,11 @@ schemaIDGUID: bf9679c3-0de6-11d0-a285-00aa003049e2 adminDisplayName: Min-Pwd-Length attributeID: 1.2.840.113556.1.4.79 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=domainPolicyObject,CN=Schema,CN=Configuration,${BASEDN} -cn: domainPolicyObject -name: domainPolicyObject +dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,${BASEDN} +cn: Domain-Policy-Object +name: Domain-Policy-Object objectClass: top objectClass: attributeSchema lDAPDisplayName: domainPolicyObject @@ -4024,10 +4330,12 @@ schemaIDGUID: bf96795d-0de6-11d0-a285-00aa003049e2 adminDisplayName: Domain-Policy-Object attributeID: 1.2.840.113556.1.4.32 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=physicalDeliveryOfficeName,CN=Schema,CN=Configuration,${BASEDN} -cn: physicalDeliveryOfficeName -name: physicalDeliveryOfficeName +dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Physical-Delivery-Office-Name +name: Physical-Delivery-Office-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: physicalDeliveryOfficeName @@ -4038,10 +4346,11 @@ schemaIDGUID: bf9679f7-0de6-11d0-a285-00aa003049e2 adminDisplayName: Physical-Delivery-Office-Name attributeID: 2.5.4.19 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=volumeCount,CN=Schema,CN=Configuration,${BASEDN} -cn: volumeCount -name: volumeCount +dn: CN=Volume-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: Volume-Count +name: Volume-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: volumeCount @@ -4052,6 +4361,7 @@ schemaIDGUID: 34aaa217-b699-11d0-afee-0000f80367c1 adminDisplayName: Volume-Count attributeID: 1.2.840.113556.1.4.507 attributeSyntax: 2.5.5.9 +oMSyntax: 2 dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,${BASEDN} cn: msRADIUSServiceType @@ -4066,10 +4376,11 @@ schemaIDGUID: db0c90b6-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msRADIUSServiceType attributeID: 1.2.840.113556.1.4.1171 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=lastLogon,CN=Schema,CN=Configuration,${BASEDN} -cn: lastLogon -name: lastLogon +dn: CN=Last-Logon,CN=Schema,CN=Configuration,${BASEDN} +cn: Last-Logon +name: Last-Logon objectClass: top objectClass: attributeSchema lDAPDisplayName: lastLogon @@ -4080,10 +4391,11 @@ schemaIDGUID: bf967997-0de6-11d0-a285-00aa003049e2 adminDisplayName: Last-Logon attributeID: 1.2.840.113556.1.4.52 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=groupsToIgnore,CN=Schema,CN=Configuration,${BASEDN} -cn: groupsToIgnore -name: groupsToIgnore +dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,${BASEDN} +cn: Groups-to-Ignore +name: Groups-to-Ignore objectClass: top objectClass: attributeSchema lDAPDisplayName: groupsToIgnore @@ -4094,10 +4406,11 @@ schemaIDGUID: eea65904-8ac6-11d0-afda-00c04fd930c9 adminDisplayName: Groups-to-Ignore attributeID: 1.2.840.113556.1.4.344 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=schemaInfo,CN=Schema,CN=Configuration,${BASEDN} -cn: schemaInfo -name: schemaInfo +dn: CN=Schema-Info,CN=Schema,CN=Configuration,${BASEDN} +cn: Schema-Info +name: Schema-Info objectClass: top objectClass: attributeSchema lDAPDisplayName: schemaInfo @@ -4108,10 +4421,11 @@ schemaIDGUID: f9fb64ae-93b4-11d2-9945-0000f87a57d4 adminDisplayName: Schema-Info attributeID: 1.2.840.113556.1.4.1358 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=dc,CN=Schema,CN=Configuration,${BASEDN} -cn: dc -name: dc +dn: CN=Domain-Component,CN=Schema,CN=Configuration,${BASEDN} +cn: Domain-Component +name: Domain-Component objectClass: top objectClass: attributeSchema lDAPDisplayName: dc @@ -4122,10 +4436,11 @@ schemaIDGUID: 19195a55-6da0-11d0-afd3-00c04fd930c9 adminDisplayName: Domain-Component attributeID: 0.9.2342.19200300.100.1.25 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=objectCategory,CN=Schema,CN=Configuration,${BASEDN} -cn: objectCategory -name: objectCategory +dn: CN=Object-Category,CN=Schema,CN=Configuration,${BASEDN} +cn: Object-Category +name: Object-Category objectClass: top objectClass: attributeSchema lDAPDisplayName: objectCategory @@ -4136,10 +4451,12 @@ schemaIDGUID: 26d97369-6070-11d1-a9c6-0000f80367c1 adminDisplayName: Object-Category attributeID: 1.2.840.113556.1.4.782 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=modifyTimeStamp,CN=Schema,CN=Configuration,${BASEDN} -cn: modifyTimeStamp -name: modifyTimeStamp +dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} +cn: Modify-Time-Stamp +name: Modify-Time-Stamp objectClass: top objectClass: attributeSchema lDAPDisplayName: modifyTimeStamp @@ -4150,10 +4467,11 @@ schemaIDGUID: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Modify-Time-Stamp attributeID: 2.5.18.2 attributeSyntax: 2.5.5.11 +oMSyntax: 24 -dn: CN=displayName,CN=Schema,CN=Configuration,${BASEDN} -cn: displayName -name: displayName +dn: CN=Display-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Display-Name +name: Display-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: displayName @@ -4164,10 +4482,11 @@ schemaIDGUID: bf967953-0de6-11d0-a285-00aa003049e2 adminDisplayName: Display-Name attributeID: 1.2.840.113556.1.2.13 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=adminDescription,CN=Schema,CN=Configuration,${BASEDN} -cn: adminDescription -name: adminDescription +dn: CN=Admin-Description,CN=Schema,CN=Configuration,${BASEDN} +cn: Admin-Description +name: Admin-Description objectClass: top objectClass: attributeSchema lDAPDisplayName: adminDescription @@ -4178,10 +4497,11 @@ schemaIDGUID: bf967919-0de6-11d0-a285-00aa003049e2 adminDisplayName: Admin-Description attributeID: 1.2.840.113556.1.2.226 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-DnsRootAlias,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-DnsRootAlias -name: msDS-DnsRootAlias +dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-DnsRootAlias +name: ms-DS-DnsRootAlias objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-DnsRootAlias @@ -4192,10 +4512,11 @@ schemaIDGUID: 2143acca-eead-4d29-b591-85fa49ce9173 adminDisplayName: ms-DS-DnsRootAlias attributeID: 1.2.840.113556.1.4.1719 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=creationWizard,CN=Schema,CN=Configuration,${BASEDN} -cn: creationWizard -name: creationWizard +dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,${BASEDN} +cn: Creation-Wizard +name: Creation-Wizard objectClass: top objectClass: attributeSchema lDAPDisplayName: creationWizard @@ -4206,10 +4527,11 @@ schemaIDGUID: 4d8601ed-ac85-11d0-afe3-00c04fd930c9 adminDisplayName: Creation-Wizard attributeID: 1.2.840.113556.1.4.498 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=hasPartialReplicaNCs,CN=Schema,CN=Configuration,${BASEDN} -cn: hasPartialReplicaNCs -name: hasPartialReplicaNCs +dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,${BASEDN} +cn: Has-Partial-Replica-NCs +name: Has-Partial-Replica-NCs objectClass: top objectClass: attributeSchema lDAPDisplayName: hasPartialReplicaNCs @@ -4221,10 +4543,12 @@ schemaIDGUID: bf967981-0de6-11d0-a285-00aa003049e2 adminDisplayName: Has-Partial-Replica-NCs attributeID: 1.2.840.113556.1.2.15 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=controlAccessRights,CN=Schema,CN=Configuration,${BASEDN} -cn: controlAccessRights -name: controlAccessRights +dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,${BASEDN} +cn: Control-Access-Rights +name: Control-Access-Rights objectClass: top objectClass: attributeSchema lDAPDisplayName: controlAccessRights @@ -4235,10 +4559,11 @@ schemaIDGUID: 6da8a4fc-0e52-11d0-a286-00aa003049e2 adminDisplayName: Control-Access-Rights attributeID: 1.2.840.113556.1.4.200 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=uASCompat,CN=Schema,CN=Configuration,${BASEDN} -cn: uASCompat -name: uASCompat +dn: CN=UAS-Compat,CN=Schema,CN=Configuration,${BASEDN} +cn: UAS-Compat +name: UAS-Compat objectClass: top objectClass: attributeSchema lDAPDisplayName: uASCompat @@ -4249,10 +4574,11 @@ schemaIDGUID: bf967a61-0de6-11d0-a285-00aa003049e2 adminDisplayName: UAS-Compat attributeID: 1.2.840.113556.1.4.155 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=objectSid,CN=Schema,CN=Configuration,${BASEDN} -cn: objectSid -name: objectSid +dn: CN=Object-Sid,CN=Schema,CN=Configuration,${BASEDN} +cn: Object-Sid +name: Object-Sid objectClass: top objectClass: attributeSchema lDAPDisplayName: objectSid @@ -4263,10 +4589,11 @@ schemaIDGUID: bf9679e8-0de6-11d0-a285-00aa003049e2 adminDisplayName: Object-Sid attributeID: 1.2.840.113556.1.4.146 attributeSyntax: 2.5.5.17 +oMSyntax: 4 -dn: CN=title,CN=Schema,CN=Configuration,${BASEDN} -cn: title -name: title +dn: CN=Title,CN=Schema,CN=Configuration,${BASEDN} +cn: Title +name: Title objectClass: top objectClass: attributeSchema lDAPDisplayName: title @@ -4277,10 +4604,11 @@ schemaIDGUID: bf967a55-0de6-11d0-a285-00aa003049e2 adminDisplayName: Title attributeID: 2.5.4.12 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=otherPager,CN=Schema,CN=Configuration,${BASEDN} -cn: otherPager -name: otherPager +dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Pager-Other +name: Phone-Pager-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: otherPager @@ -4291,10 +4619,11 @@ schemaIDGUID: f0f8ffa4-1191-11d0-a060-00aa006c33ed adminDisplayName: Phone-Pager-Other attributeID: 1.2.840.113556.1.2.118 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=division,CN=Schema,CN=Configuration,${BASEDN} -cn: division -name: division +dn: CN=Division,CN=Schema,CN=Configuration,${BASEDN} +cn: Division +name: Division objectClass: top objectClass: attributeSchema lDAPDisplayName: division @@ -4305,10 +4634,11 @@ schemaIDGUID: fe6136a0-2073-11d0-a9c2-00aa006c33ed adminDisplayName: Division attributeID: 1.2.840.113556.1.4.261 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=sAMAccountType,CN=Schema,CN=Configuration,${BASEDN} -cn: sAMAccountType -name: sAMAccountType +dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,${BASEDN} +cn: SAM-Account-Type +name: SAM-Account-Type objectClass: top objectClass: attributeSchema lDAPDisplayName: sAMAccountType @@ -4319,10 +4649,11 @@ schemaIDGUID: 6e7b626c-64f2-11d0-afd2-00c04fd930c9 adminDisplayName: SAM-Account-Type attributeID: 1.2.840.113556.1.4.302 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=objectClassCategory,CN=Schema,CN=Configuration,${BASEDN} -cn: objectClassCategory -name: objectClassCategory +dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,${BASEDN} +cn: Object-Class-Category +name: Object-Class-Category objectClass: top objectClass: attributeSchema lDAPDisplayName: objectClassCategory @@ -4333,10 +4664,11 @@ schemaIDGUID: bf9679e6-0de6-11d0-a285-00aa003049e2 adminDisplayName: Object-Class-Category attributeID: 1.2.840.113556.1.2.370 attributeSyntax: 2.5.5.9 +oMSyntax: 10 -dn: CN=defaultHidingValue,CN=Schema,CN=Configuration,${BASEDN} -cn: defaultHidingValue -name: defaultHidingValue +dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,${BASEDN} +cn: Default-Hiding-Value +name: Default-Hiding-Value objectClass: top objectClass: attributeSchema lDAPDisplayName: defaultHidingValue @@ -4347,6 +4679,7 @@ schemaIDGUID: b7b13116-b82e-11d0-afee-0000f80367c1 adminDisplayName: Default-Hiding-Value attributeID: 1.2.840.113556.1.4.518 attributeSyntax: 2.5.5.8 +oMSyntax: 1 dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,${BASEDN} cn: msNPAllowDialin @@ -4361,10 +4694,11 @@ schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msNPAllowDialin attributeID: 1.2.840.113556.1.4.1119 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=codePage,CN=Schema,CN=Configuration,${BASEDN} -cn: codePage -name: codePage +dn: CN=Code-Page,CN=Schema,CN=Configuration,${BASEDN} +cn: Code-Page +name: Code-Page objectClass: top objectClass: attributeSchema lDAPDisplayName: codePage @@ -4375,10 +4709,11 @@ schemaIDGUID: bf967938-0de6-11d0-a285-00aa003049e2 adminDisplayName: Code-Page attributeID: 1.2.840.113556.1.4.16 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=adminCount,CN=Schema,CN=Configuration,${BASEDN} -cn: adminCount -name: adminCount +dn: CN=Admin-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: Admin-Count +name: Admin-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: adminCount @@ -4389,10 +4724,11 @@ schemaIDGUID: bf967918-0de6-11d0-a285-00aa003049e2 adminDisplayName: Admin-Count attributeID: 1.2.840.113556.1.4.150 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=schemaUpdate,CN=Schema,CN=Configuration,${BASEDN} -cn: schemaUpdate -name: schemaUpdate +dn: CN=Schema-Update,CN=Schema,CN=Configuration,${BASEDN} +cn: Schema-Update +name: Schema-Update objectClass: top objectClass: attributeSchema lDAPDisplayName: schemaUpdate @@ -4403,6 +4739,7 @@ schemaIDGUID: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9 adminDisplayName: Schema-Update attributeID: 1.2.840.113556.1.4.481 attributeSyntax: 2.5.5.11 +oMSyntax: 24 dn: CN=Enabled,CN=Schema,CN=Configuration,${BASEDN} cn: Enabled @@ -4417,10 +4754,11 @@ schemaIDGUID: a8df73f2-c5ea-11d1-bbcb-0080c76670c0 adminDisplayName: Enabled attributeID: 1.2.840.113556.1.2.557 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=l,CN=Schema,CN=Configuration,${BASEDN} -cn: l -name: l +dn: CN=Locality-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Locality-Name +name: Locality-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: l @@ -4431,10 +4769,11 @@ schemaIDGUID: bf9679a2-0de6-11d0-a285-00aa003049e2 adminDisplayName: Locality-Name attributeID: 2.5.4.7 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=eFSPolicy,CN=Schema,CN=Configuration,${BASEDN} -cn: eFSPolicy -name: eFSPolicy +dn: CN=EFSPolicy,CN=Schema,CN=Configuration,${BASEDN} +cn: EFSPolicy +name: EFSPolicy objectClass: top objectClass: attributeSchema lDAPDisplayName: eFSPolicy @@ -4445,10 +4784,11 @@ schemaIDGUID: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9 adminDisplayName: EFSPolicy attributeID: 1.2.840.113556.1.4.268 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=builtinModifiedCount,CN=Schema,CN=Configuration,${BASEDN} -cn: builtinModifiedCount -name: builtinModifiedCount +dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,${BASEDN} +cn: Builtin-Modified-Count +name: Builtin-Modified-Count objectClass: top objectClass: attributeSchema lDAPDisplayName: builtinModifiedCount @@ -4459,10 +4799,11 @@ schemaIDGUID: bf967930-0de6-11d0-a285-00aa003049e2 adminDisplayName: Builtin-Modified-Count attributeID: 1.2.840.113556.1.4.14 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=otherTelephone,CN=Schema,CN=Configuration,${BASEDN} -cn: otherTelephone -name: otherTelephone +dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Office-Other +name: Phone-Office-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: otherTelephone @@ -4473,10 +4814,11 @@ schemaIDGUID: f0f8ffa5-1191-11d0-a060-00aa006c33ed adminDisplayName: Phone-Office-Other attributeID: 1.2.840.113556.1.2.18 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=primaryInternationalISDNNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: primaryInternationalISDNNumber -name: primaryInternationalISDNNumber +dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-ISDN-Primary +name: Phone-ISDN-Primary objectClass: top objectClass: attributeSchema lDAPDisplayName: primaryInternationalISDNNumber @@ -4487,10 +4829,11 @@ schemaIDGUID: 0296c11f-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Phone-ISDN-Primary attributeID: 1.2.840.113556.1.4.649 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=employeeID,CN=Schema,CN=Configuration,${BASEDN} -cn: employeeID -name: employeeID +dn: CN=Employee-ID,CN=Schema,CN=Configuration,${BASEDN} +cn: Employee-ID +name: Employee-ID objectClass: top objectClass: attributeSchema lDAPDisplayName: employeeID @@ -4501,10 +4844,11 @@ schemaIDGUID: bf967962-0de6-11d0-a285-00aa003049e2 adminDisplayName: Employee-ID attributeID: 1.2.840.113556.1.4.35 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=tombstoneLifetime,CN=Schema,CN=Configuration,${BASEDN} -cn: tombstoneLifetime -name: tombstoneLifetime +dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,${BASEDN} +cn: Tombstone-Lifetime +name: Tombstone-Lifetime objectClass: top objectClass: attributeSchema lDAPDisplayName: tombstoneLifetime @@ -4515,10 +4859,11 @@ schemaIDGUID: 16c3a860-1273-11d0-a060-00aa006c33ed adminDisplayName: Tombstone-Lifetime attributeID: 1.2.840.113556.1.2.54 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=operatingSystemServicePack,CN=Schema,CN=Configuration,${BASEDN} -cn: operatingSystemServicePack -name: operatingSystemServicePack +dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,${BASEDN} +cn: Operating-System-Service-Pack +name: Operating-System-Service-Pack objectClass: top objectClass: attributeSchema lDAPDisplayName: operatingSystemServicePack @@ -4529,10 +4874,11 @@ schemaIDGUID: 3e978927-8c01-11d0-afda-00c04fd930c9 adminDisplayName: Operating-System-Service-Pack attributeID: 1.2.840.113556.1.4.365 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=netbootInitialization,CN=Schema,CN=Configuration,${BASEDN} -cn: netbootInitialization -name: netbootInitialization +dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,${BASEDN} +cn: Netboot-Initialization +name: Netboot-Initialization objectClass: top objectClass: attributeSchema lDAPDisplayName: netbootInitialization @@ -4543,10 +4889,11 @@ schemaIDGUID: 3e978920-8c01-11d0-afda-00c04fd930c9 adminDisplayName: Netboot-Initialization attributeID: 1.2.840.113556.1.4.358 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=userPrincipalName,CN=Schema,CN=Configuration,${BASEDN} -cn: userPrincipalName -name: userPrincipalName +dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Principal-Name +name: User-Principal-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: userPrincipalName @@ -4557,10 +4904,11 @@ schemaIDGUID: 28630ebb-41d5-11d1-a9c1-0000f80367c1 adminDisplayName: User-Principal-Name attributeID: 1.2.840.113556.1.4.656 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=servicePrincipalName,CN=Schema,CN=Configuration,${BASEDN} -cn: servicePrincipalName -name: servicePrincipalName +dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Service-Principal-Name +name: Service-Principal-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: servicePrincipalName @@ -4571,10 +4919,11 @@ schemaIDGUID: f3a64788-5306-11d1-a9c5-0000f80367c1 adminDisplayName: Service-Principal-Name attributeID: 1.2.840.113556.1.4.771 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=otherLoginWorkstations,CN=Schema,CN=Configuration,${BASEDN} -cn: otherLoginWorkstations -name: otherLoginWorkstations +dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,${BASEDN} +cn: Other-Login-Workstations +name: Other-Login-Workstations objectClass: top objectClass: attributeSchema lDAPDisplayName: otherLoginWorkstations @@ -4585,10 +4934,11 @@ schemaIDGUID: bf9679f1-0de6-11d0-a285-00aa003049e2 adminDisplayName: Other-Login-Workstations attributeID: 1.2.840.113556.1.4.91 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msIIS-FTPDir,CN=Schema,CN=Configuration,${BASEDN} -cn: msIIS-FTPDir -name: msIIS-FTPDir +dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-IIS-FTP-Dir +name: ms-IIS-FTP-Dir objectClass: top objectClass: attributeSchema lDAPDisplayName: msIIS-FTPDir @@ -4599,10 +4949,11 @@ schemaIDGUID: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee adminDisplayName: ms-IIS-FTP-Dir attributeID: 1.2.840.113556.1.4.1786 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-Site-Affinity,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Site-Affinity -name: msDS-Site-Affinity +dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Site-Affinity +name: ms-DS-Site-Affinity objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Site-Affinity @@ -4613,10 +4964,11 @@ schemaIDGUID: c17c5602-bcb7-46f0-9656-6370ca884b72 adminDisplayName: ms-DS-Site-Affinity attributeID: 1.2.840.113556.1.4.1443 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=maxStorage,CN=Schema,CN=Configuration,${BASEDN} -cn: maxStorage -name: maxStorage +dn: CN=Max-Storage,CN=Schema,CN=Configuration,${BASEDN} +cn: Max-Storage +name: Max-Storage objectClass: top objectClass: attributeSchema lDAPDisplayName: maxStorage @@ -4627,10 +4979,11 @@ schemaIDGUID: bf9679bd-0de6-11d0-a285-00aa003049e2 adminDisplayName: Max-Storage attributeID: 1.2.840.113556.1.4.76 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=nTSecurityDescriptor,CN=Schema,CN=Configuration,${BASEDN} -cn: nTSecurityDescriptor -name: nTSecurityDescriptor +dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,${BASEDN} +cn: NT-Security-Descriptor +name: NT-Security-Descriptor objectClass: top objectClass: attributeSchema lDAPDisplayName: nTSecurityDescriptor @@ -4641,10 +4994,11 @@ schemaIDGUID: bf9679e3-0de6-11d0-a285-00aa003049e2 adminDisplayName: NT-Security-Descriptor attributeID: 1.2.840.113556.1.2.281 attributeSyntax: 2.5.5.15 +oMSyntax: 66 -dn: CN=siteObjectBL,CN=Schema,CN=Configuration,${BASEDN} -cn: siteObjectBL -name: siteObjectBL +dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: Site-Object-BL +name: Site-Object-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: siteObjectBL @@ -4656,10 +5010,12 @@ schemaIDGUID: 3e10944d-c354-11d0-aff8-0000f80367c1 adminDisplayName: Site-Object-BL attributeID: 1.2.840.113556.1.4.513 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=queryPolicyBL,CN=Schema,CN=Configuration,${BASEDN} -cn: queryPolicyBL -name: queryPolicyBL +dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: Query-Policy-BL +name: Query-Policy-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: queryPolicyBL @@ -4671,10 +5027,12 @@ schemaIDGUID: e1aea404-cd5b-11d0-afff-0000f80367c1 adminDisplayName: Query-Policy-BL attributeID: 1.2.840.113556.1.4.608 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=partialAttributeSet,CN=Schema,CN=Configuration,${BASEDN} -cn: partialAttributeSet -name: partialAttributeSet +dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,${BASEDN} +cn: Partial-Attribute-Set +name: Partial-Attribute-Set objectClass: top objectClass: attributeSchema lDAPDisplayName: partialAttributeSet @@ -4685,10 +5043,11 @@ schemaIDGUID: 19405b9e-3cfa-11d1-a9c0-0000f80367c1 adminDisplayName: Partial-Attribute-Set attributeID: 1.2.840.113556.1.4.640 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=distinguishedName,CN=Schema,CN=Configuration,${BASEDN} -cn: distinguishedName -name: distinguishedName +dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Obj-Dist-Name +name: Obj-Dist-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: distinguishedName @@ -4699,10 +5058,12 @@ schemaIDGUID: bf9679e4-0de6-11d0-a285-00aa003049e2 adminDisplayName: Obj-Dist-Name attributeID: 2.5.4.49 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=description,CN=Schema,CN=Configuration,${BASEDN} -cn: description -name: description +dn: CN=Description,CN=Schema,CN=Configuration,${BASEDN} +cn: Description +name: Description objectClass: top objectClass: attributeSchema lDAPDisplayName: description @@ -4713,10 +5074,11 @@ schemaIDGUID: bf967950-0de6-11d0-a285-00aa003049e2 adminDisplayName: Description attributeID: 2.5.4.13 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AzClassId,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzClassId -name: msDS-AzClassId +dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Class-ID +name: ms-DS-Az-Class-ID objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzClassId @@ -4727,10 +5089,11 @@ schemaIDGUID: 013a7277-5c2d-49ef-a7de-b765b36a3f6f adminDisplayName: MS-DS-Az-Class-ID attributeID: 1.2.840.113556.1.4.1816 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=rIDAvailablePool,CN=Schema,CN=Configuration,${BASEDN} -cn: rIDAvailablePool -name: rIDAvailablePool +dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,${BASEDN} +cn: RID-Available-Pool +name: RID-Available-Pool objectClass: top objectClass: attributeSchema lDAPDisplayName: rIDAvailablePool @@ -4741,10 +5104,11 @@ schemaIDGUID: 66171888-8f3c-11d0-afda-00c04fd930c9 adminDisplayName: RID-Available-Pool attributeID: 1.2.840.113556.1.4.370 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=shellPropertyPages,CN=Schema,CN=Configuration,${BASEDN} -cn: shellPropertyPages -name: shellPropertyPages +dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,${BASEDN} +cn: Shell-Property-Pages +name: Shell-Property-Pages objectClass: top objectClass: attributeSchema lDAPDisplayName: shellPropertyPages @@ -4755,10 +5119,11 @@ schemaIDGUID: 52458039-ca6a-11d0-afff-0000f80367c1 adminDisplayName: Shell-Property-Pages attributeID: 1.2.840.113556.1.4.563 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-SPNSuffixes,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-SPNSuffixes -name: msDS-SPNSuffixes +dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-SPN-Suffixes +name: ms-DS-SPN-Suffixes objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-SPNSuffixes @@ -4769,10 +5134,11 @@ schemaIDGUID: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5 adminDisplayName: ms-DS-SPN-Suffixes attributeID: 1.2.840.113556.1.4.1715 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=privateKey,CN=Schema,CN=Configuration,${BASEDN} -cn: privateKey -name: privateKey +dn: CN=Private-Key,CN=Schema,CN=Configuration,${BASEDN} +cn: Private-Key +name: Private-Key objectClass: top objectClass: attributeSchema lDAPDisplayName: privateKey @@ -4783,10 +5149,11 @@ schemaIDGUID: bf967a03-0de6-11d0-a285-00aa003049e2 adminDisplayName: Private-Key attributeID: 1.2.840.113556.1.4.101 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=facsimileTelephoneNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: facsimileTelephoneNumber -name: facsimileTelephoneNumber +dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,${BASEDN} +cn: Facsimile-Telephone-Number +name: Facsimile-Telephone-Number objectClass: top objectClass: attributeSchema lDAPDisplayName: facsimileTelephoneNumber @@ -4797,10 +5164,11 @@ schemaIDGUID: bf967974-0de6-11d0-a285-00aa003049e2 adminDisplayName: Facsimile-Telephone-Number attributeID: 2.5.4.23 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=mSMQNt4Stub,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQNt4Stub -name: mSMQNt4Stub +dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Nt4-Stub +name: MSMQ-Nt4-Stub objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQNt4Stub @@ -4811,10 +5179,11 @@ schemaIDGUID: 6f914be6-d57e-11d1-90a2-00c04fd91ab1 adminDisplayName: MSMQ-Nt4-Stub attributeID: 1.2.840.113556.1.4.960 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=schemaFlagsEx,CN=Schema,CN=Configuration,${BASEDN} -cn: schemaFlagsEx -name: schemaFlagsEx +dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,${BASEDN} +cn: Schema-Flags-Ex +name: Schema-Flags-Ex objectClass: top objectClass: attributeSchema lDAPDisplayName: schemaFlagsEx @@ -4825,10 +5194,11 @@ schemaIDGUID: bf967a2b-0de6-11d0-a285-00aa003049e2 adminDisplayName: Schema-Flags-Ex attributeID: 1.2.840.113556.1.4.120 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=msIIS-FTPRoot,CN=Schema,CN=Configuration,${BASEDN} -cn: msIIS-FTPRoot -name: msIIS-FTPRoot +dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-IIS-FTP-Root +name: ms-IIS-FTP-Root objectClass: top objectClass: attributeSchema lDAPDisplayName: msIIS-FTPRoot @@ -4839,10 +5209,11 @@ schemaIDGUID: 2a7827a4-1483-49a5-9d84-52e3812156b4 adminDisplayName: ms-IIS-FTP-Root attributeID: 1.2.840.113556.1.4.1785 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=groupPriority,CN=Schema,CN=Configuration,${BASEDN} -cn: groupPriority -name: groupPriority +dn: CN=Group-Priority,CN=Schema,CN=Configuration,${BASEDN} +cn: Group-Priority +name: Group-Priority objectClass: top objectClass: attributeSchema lDAPDisplayName: groupPriority @@ -4853,10 +5224,11 @@ schemaIDGUID: eea65905-8ac6-11d0-afda-00c04fd930c9 adminDisplayName: Group-Priority attributeID: 1.2.840.113556.1.4.345 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=bridgeheadTransportList,CN=Schema,CN=Configuration,${BASEDN} -cn: bridgeheadTransportList -name: bridgeheadTransportList +dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,${BASEDN} +cn: Bridgehead-Transport-List +name: Bridgehead-Transport-List objectClass: top objectClass: attributeSchema lDAPDisplayName: bridgeheadTransportList @@ -4868,10 +5240,12 @@ schemaIDGUID: d50c2cda-8951-11d1-aebc-0000f80367c1 adminDisplayName: Bridgehead-Transport-List attributeID: 1.2.840.113556.1.4.819 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=extendedClassInfo,CN=Schema,CN=Configuration,${BASEDN} -cn: extendedClassInfo -name: extendedClassInfo +dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,${BASEDN} +cn: Extended-Class-Info +name: Extended-Class-Info objectClass: top objectClass: attributeSchema lDAPDisplayName: extendedClassInfo @@ -4882,10 +5256,11 @@ schemaIDGUID: 9a7ad948-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: Extended-Class-Info attributeID: 1.2.840.113556.1.4.908 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=wbemPath,CN=Schema,CN=Configuration,${BASEDN} -cn: wbemPath -name: wbemPath +dn: CN=Wbem-Path,CN=Schema,CN=Configuration,${BASEDN} +cn: Wbem-Path +name: Wbem-Path objectClass: top objectClass: attributeSchema lDAPDisplayName: wbemPath @@ -4896,10 +5271,11 @@ schemaIDGUID: 244b2970-5abd-11d0-afd2-00c04fd930c9 adminDisplayName: Wbem-Path attributeID: 1.2.840.113556.1.4.301 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-NCReplOutboundNeighbors,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-NCReplOutboundNeighbors -name: msDS-NCReplOutboundNeighbors +dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-NC-Repl-Outbound-Neighbors +name: ms-DS-NC-Repl-Outbound-Neighbors objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-NCReplOutboundNeighbors @@ -4910,10 +5286,11 @@ schemaIDGUID: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors attributeID: 1.2.840.113556.1.4.1706 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-OperationsForAzTaskBL,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-OperationsForAzTaskBL -name: msDS-OperationsForAzTaskBL +dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Operations-For-Az-Task-BL +name: ms-DS-Operations-For-Az-Task-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-OperationsForAzTaskBL @@ -4925,10 +5302,12 @@ schemaIDGUID: a637d211-5739-4ed1-89b2-88974548bc59 adminDisplayName: MS-DS-Operations-For-Az-Task-BL attributeID: 1.2.840.113556.1.4.1809 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=showInAdvancedViewOnly,CN=Schema,CN=Configuration,${BASEDN} -cn: showInAdvancedViewOnly -name: showInAdvancedViewOnly +dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,${BASEDN} +cn: Show-In-Advanced-View-Only +name: Show-In-Advanced-View-Only objectClass: top objectClass: attributeSchema lDAPDisplayName: showInAdvancedViewOnly @@ -4939,10 +5318,11 @@ schemaIDGUID: bf967984-0de6-11d0-a285-00aa003049e2 adminDisplayName: Show-In-Advanced-View-Only attributeID: 1.2.840.113556.1.2.169 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=msDS-Behavior-Version,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Behavior-Version -name: msDS-Behavior-Version +dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Behavior-Version +name: ms-DS-Behavior-Version objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Behavior-Version @@ -4953,10 +5333,11 @@ schemaIDGUID: d31a8757-2447-4545-8081-3bb610cacbf2 adminDisplayName: ms-DS-Behavior-Version attributeID: 1.2.840.113556.1.4.1459 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=msDS-hasMasterNCs,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-hasMasterNCs -name: msDS-hasMasterNCs +dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Has-Master-NCs +name: ms-DS-Has-Master-NCs objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-hasMasterNCs @@ -4968,10 +5349,12 @@ schemaIDGUID: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad adminDisplayName: ms-DS-Has-Master-NCs attributeID: 1.2.840.113556.1.4.1836 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=pwdHistoryLength,CN=Schema,CN=Configuration,${BASEDN} -cn: pwdHistoryLength -name: pwdHistoryLength +dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,${BASEDN} +cn: Pwd-History-Length +name: Pwd-History-Length objectClass: top objectClass: attributeSchema lDAPDisplayName: pwdHistoryLength @@ -4982,10 +5365,11 @@ schemaIDGUID: bf967a09-0de6-11d0-a285-00aa003049e2 adminDisplayName: Pwd-History-Length attributeID: 1.2.840.113556.1.4.95 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=pekList,CN=Schema,CN=Configuration,${BASEDN} -cn: pekList -name: pekList +dn: CN=Pek-List,CN=Schema,CN=Configuration,${BASEDN} +cn: Pek-List +name: Pek-List objectClass: top objectClass: attributeSchema lDAPDisplayName: pekList @@ -4996,10 +5380,11 @@ schemaIDGUID: 07383083-91df-11d1-aebc-0000f80367c1 adminDisplayName: Pek-List attributeID: 1.2.840.113556.1.4.865 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=postalCode,CN=Schema,CN=Configuration,${BASEDN} -cn: postalCode -name: postalCode +dn: CN=Postal-Code,CN=Schema,CN=Configuration,${BASEDN} +cn: Postal-Code +name: Postal-Code objectClass: top objectClass: attributeSchema lDAPDisplayName: postalCode @@ -5010,10 +5395,11 @@ schemaIDGUID: bf9679fd-0de6-11d0-a285-00aa003049e2 adminDisplayName: Postal-Code attributeID: 2.5.4.17 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=netbootMirrorDataFile,CN=Schema,CN=Configuration,${BASEDN} -cn: netbootMirrorDataFile -name: netbootMirrorDataFile +dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,${BASEDN} +cn: Netboot-Mirror-Data-File +name: Netboot-Mirror-Data-File objectClass: top objectClass: attributeSchema lDAPDisplayName: netbootMirrorDataFile @@ -5024,10 +5410,11 @@ schemaIDGUID: 2df90d85-009f-11d2-aa4c-00c04fd7d83a adminDisplayName: Netboot-Mirror-Data-File attributeID: 1.2.840.113556.1.4.1241 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=defaultClassStore,CN=Schema,CN=Configuration,${BASEDN} -cn: defaultClassStore -name: defaultClassStore +dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,${BASEDN} +cn: Default-Class-Store +name: Default-Class-Store objectClass: top objectClass: attributeSchema lDAPDisplayName: defaultClassStore @@ -5038,10 +5425,12 @@ schemaIDGUID: bf967948-0de6-11d0-a285-00aa003049e2 adminDisplayName: Default-Class-Store attributeID: 1.2.840.113556.1.4.213 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=mSMQSiteID,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQSiteID -name: mSMQSiteID +dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Site-ID +name: MSMQ-Site-ID objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQSiteID @@ -5052,10 +5441,11 @@ schemaIDGUID: 9a0dc340-c100-11d1-bbc5-0080c76670c0 adminDisplayName: MSMQ-Site-ID attributeID: 1.2.840.113556.1.4.953 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=showInAddressBook,CN=Schema,CN=Configuration,${BASEDN} -cn: showInAddressBook -name: showInAddressBook +dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,${BASEDN} +cn: Show-In-Address-Book +name: Show-In-Address-Book objectClass: top objectClass: attributeSchema lDAPDisplayName: showInAddressBook @@ -5066,10 +5456,12 @@ schemaIDGUID: 3e74f60e-3e73-11d1-a9c0-0000f80367c1 adminDisplayName: Show-In-Address-Book attributeID: 1.2.840.113556.1.4.644 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=whenCreated,CN=Schema,CN=Configuration,${BASEDN} -cn: whenCreated -name: whenCreated +dn: CN=When-Created,CN=Schema,CN=Configuration,${BASEDN} +cn: When-Created +name: When-Created objectClass: top objectClass: attributeSchema lDAPDisplayName: whenCreated @@ -5080,10 +5472,11 @@ schemaIDGUID: bf967a78-0de6-11d0-a285-00aa003049e2 adminDisplayName: When-Created attributeID: 1.2.840.113556.1.2.2 attributeSyntax: 2.5.5.11 +oMSyntax: 24 -dn: CN=dSCorePropagationData,CN=Schema,CN=Configuration,${BASEDN} -cn: dSCorePropagationData -name: dSCorePropagationData +dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,${BASEDN} +cn: DS-Core-Propagation-Data +name: DS-Core-Propagation-Data objectClass: top objectClass: attributeSchema lDAPDisplayName: dSCorePropagationData @@ -5094,10 +5487,11 @@ schemaIDGUID: d167aa4b-8b08-11d2-9939-0000f87a57d4 adminDisplayName: DS-Core-Propagation-Data attributeID: 1.2.840.113556.1.4.1357 attributeSyntax: 2.5.5.11 +oMSyntax: 24 -dn: CN=displayNamePrintable,CN=Schema,CN=Configuration,${BASEDN} -cn: displayNamePrintable -name: displayNamePrintable +dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,${BASEDN} +cn: Display-Name-Printable +name: Display-Name-Printable objectClass: top objectClass: attributeSchema lDAPDisplayName: displayNamePrintable @@ -5108,10 +5502,11 @@ schemaIDGUID: bf967954-0de6-11d0-a285-00aa003049e2 adminDisplayName: Display-Name-Printable attributeID: 1.2.840.113556.1.2.353 attributeSyntax: 2.5.5.5 +oMSyntax: 19 -dn: CN=st,CN=Schema,CN=Configuration,${BASEDN} -cn: st -name: st +dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: State-Or-Province-Name +name: State-Or-Province-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: st @@ -5122,10 +5517,11 @@ schemaIDGUID: bf967a39-0de6-11d0-a285-00aa003049e2 adminDisplayName: State-Or-Province-Name attributeID: 2.5.4.8 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=serverReference,CN=Schema,CN=Configuration,${BASEDN} -cn: serverReference -name: serverReference +dn: CN=Server-Reference,CN=Schema,CN=Configuration,${BASEDN} +cn: Server-Reference +name: Server-Reference objectClass: top objectClass: attributeSchema lDAPDisplayName: serverReference @@ -5137,10 +5533,12 @@ schemaIDGUID: 26d9736d-6070-11d1-a9c6-0000f80367c1 adminDisplayName: Server-Reference attributeID: 1.2.840.113556.1.4.515 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-HasDomainNCs,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-HasDomainNCs -name: msDS-HasDomainNCs +dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Has-Domain-NCs +name: ms-DS-Has-Domain-NCs objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-HasDomainNCs @@ -5152,10 +5550,12 @@ schemaIDGUID: 6f17e347-a842-4498-b8b3-15e007da4fed adminDisplayName: ms-DS-Has-Domain-NCs attributeID: 1.2.840.113556.1.4.1820 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=invocationId,CN=Schema,CN=Configuration,${BASEDN} -cn: invocationId -name: invocationId +dn: CN=Invocation-Id,CN=Schema,CN=Configuration,${BASEDN} +cn: Invocation-Id +name: Invocation-Id objectClass: top objectClass: attributeSchema lDAPDisplayName: invocationId @@ -5166,10 +5566,11 @@ schemaIDGUID: bf96798e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Invocation-Id attributeID: 1.2.840.113556.1.2.115 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=replicaSource,CN=Schema,CN=Configuration,${BASEDN} -cn: replicaSource -name: replicaSource +dn: CN=Replica-Source,CN=Schema,CN=Configuration,${BASEDN} +cn: Replica-Source +name: Replica-Source objectClass: top objectClass: attributeSchema lDAPDisplayName: replicaSource @@ -5180,10 +5581,11 @@ schemaIDGUID: bf967a18-0de6-11d0-a285-00aa003049e2 adminDisplayName: Replica-Source attributeID: 1.2.840.113556.1.4.109 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=ipPhone,CN=Schema,CN=Configuration,${BASEDN} -cn: ipPhone -name: ipPhone +dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Ip-Primary +name: Phone-Ip-Primary objectClass: top objectClass: attributeSchema lDAPDisplayName: ipPhone @@ -5194,10 +5596,11 @@ schemaIDGUID: 4d146e4a-48d4-11d1-a9c3-0000f80367c1 adminDisplayName: Phone-Ip-Primary attributeID: 1.2.840.113556.1.4.721 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=otherHomePhone,CN=Schema,CN=Configuration,${BASEDN} -cn: otherHomePhone -name: otherHomePhone +dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,${BASEDN} +cn: Phone-Home-Other +name: Phone-Home-Other objectClass: top objectClass: attributeSchema lDAPDisplayName: otherHomePhone @@ -5208,10 +5611,11 @@ schemaIDGUID: f0f8ffa2-1191-11d0-a060-00aa006c33ed adminDisplayName: Phone-Home-Other attributeID: 1.2.840.113556.1.2.277 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=o,CN=Schema,CN=Configuration,${BASEDN} -cn: o -name: o +dn: CN=Organization-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Organization-Name +name: Organization-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: o @@ -5222,10 +5626,11 @@ schemaIDGUID: bf9679ef-0de6-11d0-a285-00aa003049e2 adminDisplayName: Organization-Name attributeID: 2.5.4.10 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=operatingSystem,CN=Schema,CN=Configuration,${BASEDN} -cn: operatingSystem -name: operatingSystem +dn: CN=Operating-System,CN=Schema,CN=Configuration,${BASEDN} +cn: Operating-System +name: Operating-System objectClass: top objectClass: attributeSchema lDAPDisplayName: operatingSystem @@ -5236,10 +5641,11 @@ schemaIDGUID: 3e978925-8c01-11d0-afda-00c04fd930c9 adminDisplayName: Operating-System attributeID: 1.2.840.113556.1.4.363 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-ObjectReference,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-ObjectReference -name: msDS-ObjectReference +dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Object-Reference +name: ms-DS-Object-Reference objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-ObjectReference @@ -5250,10 +5656,12 @@ schemaIDGUID: 638ec2e8-22e7-409c-85d2-11b21bee72de adminDisplayName: ms-DS-Object-Reference attributeID: 1.2.840.113556.1.4.1840 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=mSMQInterval1,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQInterval1 -name: mSMQInterval1 +dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Interval1 +name: MSMQ-Interval1 objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQInterval1 @@ -5264,10 +5672,11 @@ schemaIDGUID: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1 adminDisplayName: MSMQ-Interval1 attributeID: 1.2.840.113556.1.4.1308 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=rid,CN=Schema,CN=Configuration,${BASEDN} -cn: rid -name: rid +dn: CN=Rid,CN=Schema,CN=Configuration,${BASEDN} +cn: Rid +name: Rid objectClass: top objectClass: attributeSchema lDAPDisplayName: rid @@ -5278,10 +5687,11 @@ schemaIDGUID: bf967a22-0de6-11d0-a285-00aa003049e2 adminDisplayName: Rid attributeID: 1.2.840.113556.1.4.153 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=profilePath,CN=Schema,CN=Configuration,${BASEDN} -cn: profilePath -name: profilePath +dn: CN=Profile-Path,CN=Schema,CN=Configuration,${BASEDN} +cn: Profile-Path +name: Profile-Path objectClass: top objectClass: attributeSchema lDAPDisplayName: profilePath @@ -5292,6 +5702,7 @@ schemaIDGUID: bf967a05-0de6-11d0-a285-00aa003049e2 adminDisplayName: Profile-Path attributeID: 1.2.840.113556.1.4.139 attributeSyntax: 2.5.5.12 +oMSyntax: 64 dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,${BASEDN} cn: msRADIUSCallbackNumber @@ -5306,10 +5717,11 @@ schemaIDGUID: db0c909c-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msRADIUSCallbackNumber attributeID: 1.2.840.113556.1.4.1145 attributeSyntax: 2.5.5.5 +oMSyntax: 22 -dn: CN=aCSPolicyName,CN=Schema,CN=Configuration,${BASEDN} -cn: aCSPolicyName -name: aCSPolicyName +dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: ACS-Policy-Name +name: ACS-Policy-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: aCSPolicyName @@ -5320,10 +5732,11 @@ schemaIDGUID: 1cb3559a-56d0-11d1-a9c6-0000f80367c1 adminDisplayName: ACS-Policy-Name attributeID: 1.2.840.113556.1.4.772 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=info,CN=Schema,CN=Configuration,${BASEDN} -cn: info -name: info +dn: CN=Comment,CN=Schema,CN=Configuration,${BASEDN} +cn: Comment +name: Comment objectClass: top objectClass: attributeSchema lDAPDisplayName: info @@ -5334,10 +5747,11 @@ schemaIDGUID: bf96793e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Comment attributeID: 1.2.840.113556.1.2.81 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-ObjectReferenceBL,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-ObjectReferenceBL -name: msDS-ObjectReferenceBL +dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Object-Reference-BL +name: ms-DS-Object-Reference-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-ObjectReferenceBL @@ -5349,10 +5763,12 @@ schemaIDGUID: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4 adminDisplayName: ms-DS-Object-Reference-BL attributeID: 1.2.840.113556.1.4.1841 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=whenChanged,CN=Schema,CN=Configuration,${BASEDN} -cn: whenChanged -name: whenChanged +dn: CN=When-Changed,CN=Schema,CN=Configuration,${BASEDN} +cn: When-Changed +name: When-Changed objectClass: top objectClass: attributeSchema lDAPDisplayName: whenChanged @@ -5363,10 +5779,11 @@ schemaIDGUID: bf967a77-0de6-11d0-a285-00aa003049e2 adminDisplayName: When-Changed attributeID: 1.2.840.113556.1.2.3 attributeSyntax: 2.5.5.11 +oMSyntax: 24 -dn: CN=uSNLastObjRem,CN=Schema,CN=Configuration,${BASEDN} -cn: uSNLastObjRem -name: uSNLastObjRem +dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,${BASEDN} +cn: USN-Last-Obj-Rem +name: USN-Last-Obj-Rem objectClass: top objectClass: attributeSchema lDAPDisplayName: uSNLastObjRem @@ -5377,10 +5794,11 @@ schemaIDGUID: bf967a73-0de6-11d0-a285-00aa003049e2 adminDisplayName: USN-Last-Obj-Rem attributeID: 1.2.840.113556.1.2.121 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=repsTo,CN=Schema,CN=Configuration,${BASEDN} -cn: repsTo -name: repsTo +dn: CN=Reps-To,CN=Schema,CN=Configuration,${BASEDN} +cn: Reps-To +name: Reps-To objectClass: top objectClass: attributeSchema lDAPDisplayName: repsTo @@ -5391,10 +5809,12 @@ schemaIDGUID: bf967a1e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Reps-To attributeID: 1.2.840.113556.1.2.83 attributeSyntax: 2.5.5.10 +oMSyntax: 127 +oMObjectClass:: KoZIhvcUAQEBBg== -dn: CN=replUpToDateVector,CN=Schema,CN=Configuration,${BASEDN} -cn: replUpToDateVector -name: replUpToDateVector +dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,${BASEDN} +cn: Repl-UpToDate-Vector +name: Repl-UpToDate-Vector objectClass: top objectClass: attributeSchema lDAPDisplayName: replUpToDateVector @@ -5405,10 +5825,11 @@ schemaIDGUID: bf967a16-0de6-11d0-a285-00aa003049e2 adminDisplayName: Repl-UpToDate-Vector attributeID: 1.2.840.113556.1.4.4 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=netbootSCPBL,CN=Schema,CN=Configuration,${BASEDN} -cn: netbootSCPBL -name: netbootSCPBL +dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,${BASEDN} +cn: netboot-SCP-BL +name: netboot-SCP-BL objectClass: top objectClass: attributeSchema lDAPDisplayName: netbootSCPBL @@ -5420,10 +5841,12 @@ schemaIDGUID: 07383082-91df-11d1-aebc-0000f80367c1 adminDisplayName: netboot-SCP-BL attributeID: 1.2.840.113556.1.4.864 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDs-masteredBy,CN=Schema,CN=Configuration,${BASEDN} -cn: msDs-masteredBy -name: msDs-masteredBy +dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Mastered-By +name: ms-DS-Mastered-By objectClass: top objectClass: attributeSchema lDAPDisplayName: msDs-masteredBy @@ -5435,10 +5858,12 @@ schemaIDGUID: 60234769-4819-4615-a1b2-49d2f119acb5 adminDisplayName: ms-DS-Mastered-By attributeID: 1.2.840.113556.1.4.1837 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msCOM-PartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} -cn: msCOM-PartitionSetLink -name: msCOM-PartitionSetLink +dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-COM-PartitionSetLink +name: ms-COM-PartitionSetLink objectClass: top objectClass: attributeSchema lDAPDisplayName: msCOM-PartitionSetLink @@ -5450,10 +5875,12 @@ schemaIDGUID: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34 adminDisplayName: ms-COM-PartitionSetLink attributeID: 1.2.840.113556.1.4.1424 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=cn,CN=Schema,CN=Configuration,${BASEDN} -cn: cn -name: cn +dn: CN=Common-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Common-Name +name: Common-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: cn @@ -5464,10 +5891,11 @@ schemaIDGUID: bf96793f-0de6-11d0-a285-00aa003049e2 adminDisplayName: Common-Name attributeID: 2.5.4.3 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msDS-AllUsersTrustQuota,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AllUsersTrustQuota -name: msDS-AllUsersTrustQuota +dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DS-All-Users-Trust-Quota +name: MS-DS-All-Users-Trust-Quota objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AllUsersTrustQuota @@ -5478,10 +5906,11 @@ schemaIDGUID: d3aa4a5c-4e03-4810-97aa-2b339e7a434b adminDisplayName: MS-DS-All-Users-Trust-Quota attributeID: 1.2.840.113556.1.4.1789 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=defaultGroup,CN=Schema,CN=Configuration,${BASEDN} -cn: defaultGroup -name: defaultGroup +dn: CN=Default-Group,CN=Schema,CN=Configuration,${BASEDN} +cn: Default-Group +name: Default-Group objectClass: top objectClass: attributeSchema lDAPDisplayName: defaultGroup @@ -5492,10 +5921,12 @@ schemaIDGUID: 720bc4e2-a54a-11d0-afdf-00c04fd930c9 adminDisplayName: Default-Group attributeID: 1.2.840.113556.1.4.480 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=comment,CN=Schema,CN=Configuration,${BASEDN} -cn: comment -name: comment +dn: CN=User-Comment,CN=Schema,CN=Configuration,${BASEDN} +cn: User-Comment +name: User-Comment objectClass: top objectClass: attributeSchema lDAPDisplayName: comment @@ -5506,10 +5937,11 @@ schemaIDGUID: bf967a6a-0de6-11d0-a285-00aa003049e2 adminDisplayName: User-Comment attributeID: 1.2.840.113556.1.4.156 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=localPolicyFlags,CN=Schema,CN=Configuration,${BASEDN} -cn: localPolicyFlags -name: localPolicyFlags +dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,${BASEDN} +cn: Local-Policy-Flags +name: Local-Policy-Flags objectClass: top objectClass: attributeSchema lDAPDisplayName: localPolicyFlags @@ -5520,10 +5952,11 @@ schemaIDGUID: bf96799e-0de6-11d0-a285-00aa003049e2 adminDisplayName: Local-Policy-Flags attributeID: 1.2.840.113556.1.4.56 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=mSMQInterval2,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQInterval2 -name: mSMQInterval2 +dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Interval2 +name: MSMQ-Interval2 objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQInterval2 @@ -5534,10 +5967,11 @@ schemaIDGUID: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1 adminDisplayName: MSMQ-Interval2 attributeID: 1.2.840.113556.1.4.1309 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=sIDHistory,CN=Schema,CN=Configuration,${BASEDN} -cn: sIDHistory -name: sIDHistory +dn: CN=SID-History,CN=Schema,CN=Configuration,${BASEDN} +cn: SID-History +name: SID-History objectClass: top objectClass: attributeSchema lDAPDisplayName: sIDHistory @@ -5548,10 +5982,11 @@ schemaIDGUID: 17eb4278-d167-11d0-b002-0000f80367c1 adminDisplayName: SID-History attributeID: 1.2.840.113556.1.4.609 attributeSyntax: 2.5.5.17 +oMSyntax: 4 -dn: CN=msDs-Schema-Extensions,CN=Schema,CN=Configuration,${BASEDN} -cn: msDs-Schema-Extensions -name: msDs-Schema-Extensions +dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-ds-Schema-Extensions +name: ms-ds-Schema-Extensions objectClass: top objectClass: attributeSchema lDAPDisplayName: msDs-Schema-Extensions @@ -5562,10 +5997,11 @@ schemaIDGUID: b39a61be-ed07-4cab-9a4a-4963ed0141e1 adminDisplayName: ms-ds-Schema-Extensions attributeID: 1.2.840.113556.1.4.1440 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=unicodePwd,CN=Schema,CN=Configuration,${BASEDN} -cn: unicodePwd -name: unicodePwd +dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,${BASEDN} +cn: Unicode-Pwd +name: Unicode-Pwd objectClass: top objectClass: attributeSchema lDAPDisplayName: unicodePwd @@ -5576,6 +6012,7 @@ schemaIDGUID: bf9679e1-0de6-11d0-a285-00aa003049e2 adminDisplayName: Unicode-Pwd attributeID: 1.2.840.113556.1.4.90 attributeSyntax: 2.5.5.10 +oMSyntax: 4 dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,${BASEDN} cn: msRASSavedFramedIPAddress @@ -5590,10 +6027,11 @@ schemaIDGUID: db0c90c6-c1f2-11d1-bbc5-0080c76670c0 adminDisplayName: msRASSavedFramedIPAddress attributeID: 1.2.840.113556.1.4.1190 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=msDRM-IdentityCertificate,CN=Schema,CN=Configuration,${BASEDN} -cn: msDRM-IdentityCertificate -name: msDRM-IdentityCertificate +dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,${BASEDN} +cn: MS-DRM-Identity-Certificate +name: MS-DRM-Identity-Certificate objectClass: top objectClass: attributeSchema lDAPDisplayName: msDRM-IdentityCertificate @@ -5603,10 +6041,11 @@ schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 adminDisplayName: ms-DRM-Identity-Certificate attributeID: 1.2.840.113556.1.4.1843 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=lastLogoff,CN=Schema,CN=Configuration,${BASEDN} -cn: lastLogoff -name: lastLogoff +dn: CN=Last-Logoff,CN=Schema,CN=Configuration,${BASEDN} +cn: Last-Logoff +name: Last-Logoff objectClass: top objectClass: attributeSchema lDAPDisplayName: lastLogoff @@ -5617,10 +6056,11 @@ schemaIDGUID: bf967996-0de6-11d0-a285-00aa003049e2 adminDisplayName: Last-Logoff attributeID: 1.2.840.113556.1.4.51 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=dmdName,CN=Schema,CN=Configuration,${BASEDN} -cn: dmdName -name: dmdName +dn: CN=DMD-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: DMD-Name +name: DMD-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: dmdName @@ -5631,10 +6071,11 @@ schemaIDGUID: 167757b9-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: DMD-Name attributeID: 1.2.840.113556.1.2.598 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=msExchLabeledURI,CN=Schema,CN=Configuration,${BASEDN} -cn: msExchLabeledURI -name: msExchLabeledURI +dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-Exch-LabeledURI +name: ms-Exch-LabeledURI objectClass: top objectClass: attributeSchema lDAPDisplayName: msExchLabeledURI @@ -5643,10 +6084,11 @@ schemaIDGUID: 16775820-47f3-11d1-a9c3-0000f80367c1 adminDisplayName: ms-Exch-LabeledURI attributeID: 1.2.840.113556.1.2.593 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=directReports,CN=Schema,CN=Configuration,${BASEDN} -cn: directReports -name: directReports +dn: CN=Reports,CN=Schema,CN=Configuration,${BASEDN} +cn: Reports +name: Reports objectClass: top objectClass: attributeSchema lDAPDisplayName: directReports @@ -5658,10 +6100,12 @@ schemaIDGUID: bf967a1c-0de6-11d0-a285-00aa003049e2 adminDisplayName: Reports attributeID: 1.2.840.113556.1.2.436 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=replPropertyMetaData,CN=Schema,CN=Configuration,${BASEDN} -cn: replPropertyMetaData -name: replPropertyMetaData +dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,${BASEDN} +cn: Repl-Property-Meta-Data +name: Repl-Property-Meta-Data objectClass: top objectClass: attributeSchema lDAPDisplayName: replPropertyMetaData @@ -5672,10 +6116,11 @@ schemaIDGUID: 281416c0-1968-11d0-a28f-00aa003049e2 adminDisplayName: Repl-Property-Meta-Data attributeID: 1.2.840.113556.1.4.3 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=fromEntry,CN=Schema,CN=Configuration,${BASEDN} -cn: fromEntry -name: fromEntry +dn: CN=From-Entry,CN=Schema,CN=Configuration,${BASEDN} +cn: From-Entry +name: From-Entry objectClass: top objectClass: attributeSchema lDAPDisplayName: fromEntry @@ -5686,10 +6131,11 @@ schemaIDGUID: 9a7ad949-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: From-Entry attributeID: 1.2.840.113556.1.4.910 attributeSyntax: 2.5.5.8 +oMSyntax: 1 -dn: CN=trustParent,CN=Schema,CN=Configuration,${BASEDN} -cn: trustParent -name: trustParent +dn: CN=Trust-Parent,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Parent +name: Trust-Parent objectClass: top objectClass: attributeSchema lDAPDisplayName: trustParent @@ -5700,10 +6146,12 @@ schemaIDGUID: b000ea7a-a086-11d0-afdd-00c04fd930c9 adminDisplayName: Trust-Parent attributeID: 1.2.840.113556.1.4.471 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=rIDManagerReference,CN=Schema,CN=Configuration,${BASEDN} -cn: rIDManagerReference -name: rIDManagerReference +dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,${BASEDN} +cn: RID-Manager-Reference +name: RID-Manager-Reference objectClass: top objectClass: attributeSchema lDAPDisplayName: rIDManagerReference @@ -5714,10 +6162,12 @@ schemaIDGUID: 66171886-8f3c-11d0-afda-00c04fd930c9 adminDisplayName: RID-Manager-Reference attributeID: 1.2.840.113556.1.4.368 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=lockoutThreshold,CN=Schema,CN=Configuration,${BASEDN} -cn: lockoutThreshold -name: lockoutThreshold +dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,${BASEDN} +cn: Lockout-Threshold +name: Lockout-Threshold objectClass: top objectClass: attributeSchema lDAPDisplayName: lockoutThreshold @@ -5728,10 +6178,11 @@ schemaIDGUID: bf9679a6-0de6-11d0-a285-00aa003049e2 adminDisplayName: Lockout-Threshold attributeID: 1.2.840.113556.1.4.73 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=desktopProfile,CN=Schema,CN=Configuration,${BASEDN} -cn: desktopProfile -name: desktopProfile +dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,${BASEDN} +cn: Desktop-Profile +name: Desktop-Profile objectClass: top objectClass: attributeSchema lDAPDisplayName: desktopProfile @@ -5742,10 +6193,11 @@ schemaIDGUID: eea65906-8ac6-11d0-afda-00c04fd930c9 adminDisplayName: Desktop-Profile attributeID: 1.2.840.113556.1.4.346 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=co,CN=Schema,CN=Configuration,${BASEDN} -cn: co -name: co +dn: CN=Text-Country,CN=Schema,CN=Configuration,${BASEDN} +cn: Text-Country +name: Text-Country objectClass: top objectClass: attributeSchema lDAPDisplayName: co @@ -5756,10 +6208,11 @@ schemaIDGUID: f0f8ffa7-1191-11d0-a060-00aa006c33ed adminDisplayName: Text-Country attributeID: 1.2.840.113556.1.2.131 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=teletexTerminalIdentifier,CN=Schema,CN=Configuration,${BASEDN} -cn: teletexTerminalIdentifier -name: teletexTerminalIdentifier +dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,${BASEDN} +cn: Teletex-Terminal-Identifier +name: Teletex-Terminal-Identifier objectClass: top objectClass: attributeSchema lDAPDisplayName: teletexTerminalIdentifier @@ -5770,10 +6223,11 @@ schemaIDGUID: bf967a4a-0de6-11d0-a285-00aa003049e2 adminDisplayName: Teletex-Terminal-Identifier attributeID: 2.5.4.22 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=primaryTelexNumber,CN=Schema,CN=Configuration,${BASEDN} -cn: primaryTelexNumber -name: primaryTelexNumber +dn: CN=Telex-Primary,CN=Schema,CN=Configuration,${BASEDN} +cn: Telex-Primary +name: Telex-Primary objectClass: top objectClass: attributeSchema lDAPDisplayName: primaryTelexNumber @@ -5784,10 +6238,11 @@ schemaIDGUID: 0296c121-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Telex-Primary attributeID: 1.2.840.113556.1.4.648 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=manager,CN=Schema,CN=Configuration,${BASEDN} -cn: manager -name: manager +dn: CN=Manager,CN=Schema,CN=Configuration,${BASEDN} +cn: Manager +name: Manager objectClass: top objectClass: attributeSchema lDAPDisplayName: manager @@ -5799,10 +6254,12 @@ schemaIDGUID: bf9679b5-0de6-11d0-a285-00aa003049e2 adminDisplayName: Manager attributeID: 0.9.2342.19200300.100.1.10 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=physicalLocationObject,CN=Schema,CN=Configuration,${BASEDN} -cn: physicalLocationObject -name: physicalLocationObject +dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,${BASEDN} +cn: Physical-Location-Object +name: Physical-Location-Object objectClass: top objectClass: attributeSchema lDAPDisplayName: physicalLocationObject @@ -5813,10 +6270,12 @@ schemaIDGUID: b7b13119-b82e-11d0-afee-0000f80367c1 adminDisplayName: Physical-Location-Object attributeID: 1.2.840.113556.1.4.514 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-AzMajorVersion,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzMajorVersion -name: msDS-AzMajorVersion +dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Major-Version +name: ms-DS-Az-Major-Version objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AzMajorVersion @@ -5827,10 +6286,11 @@ schemaIDGUID: cfb9adb7-c4b7-4059-9568-1ed9db6b7248 adminDisplayName: MS-DS-Az-Major-Version attributeID: 1.2.840.113556.1.4.1824 attributeSyntax: 2.5.5.9 +oMSyntax: 2 -dn: CN=subClassOf,CN=Schema,CN=Configuration,${BASEDN} -cn: subClassOf -name: subClassOf +dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,${BASEDN} +cn: Sub-Class-Of +name: Sub-Class-Of objectClass: top objectClass: attributeSchema lDAPDisplayName: subClassOf @@ -5841,10 +6301,11 @@ schemaIDGUID: bf967a3b-0de6-11d0-a285-00aa003049e2 adminDisplayName: Sub-Class-Of attributeID: 1.2.840.113556.1.2.21 attributeSyntax: 2.5.5.2 +oMSyntax: 6 -dn: CN=systemMustContain,CN=Schema,CN=Configuration,${BASEDN} -cn: systemMustContain -name: systemMustContain +dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,${BASEDN} +cn: System-Must-Contain +name: System-Must-Contain objectClass: top objectClass: attributeSchema lDAPDisplayName: systemMustContain @@ -5855,6 +6316,7 @@ schemaIDGUID: bf967a45-0de6-11d0-a285-00aa003049e2 adminDisplayName: System-Must-Contain attributeID: 1.2.840.113556.1.4.197 attributeSyntax: 2.5.5.2 +oMSyntax: 6 dn: CN=roomNumber,CN=Schema,CN=Configuration,${BASEDN} cn: roomNumber @@ -5869,10 +6331,11 @@ schemaIDGUID: 81d7f8c2-e327-4a0d-91c6-b42d4009115f adminDisplayName: roomNumber attributeID: 0.9.2342.19200300.100.1.6 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=employeeType,CN=Schema,CN=Configuration,${BASEDN} -cn: employeeType -name: employeeType +dn: CN=Employee-Type,CN=Schema,CN=Configuration,${BASEDN} +cn: Employee-Type +name: Employee-Type objectClass: top objectClass: attributeSchema lDAPDisplayName: employeeType @@ -5883,10 +6346,11 @@ schemaIDGUID: a8df73f0-c5ea-11d1-bbcb-0080c76670c0 adminDisplayName: Employee-Type attributeID: 1.2.840.113556.1.2.613 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=currentValue,CN=Schema,CN=Configuration,${BASEDN} -cn: currentValue -name: currentValue +dn: CN=Current-Value,CN=Schema,CN=Configuration,${BASEDN} +cn: Current-Value +name: Current-Value objectClass: top objectClass: attributeSchema lDAPDisplayName: currentValue @@ -5897,10 +6361,11 @@ schemaIDGUID: bf967947-0de6-11d0-a285-00aa003049e2 adminDisplayName: Current-Value attributeID: 1.2.840.113556.1.4.27 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=dITContentRules,CN=Schema,CN=Configuration,${BASEDN} -cn: dITContentRules -name: dITContentRules +dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,${BASEDN} +cn: DIT-Content-Rules +name: DIT-Content-Rules objectClass: top objectClass: attributeSchema lDAPDisplayName: dITContentRules @@ -5911,10 +6376,11 @@ schemaIDGUID: 9a7ad946-ca53-11d1-bbd0-0080c76670c0 adminDisplayName: DIT-Content-Rules attributeID: 2.5.21.2 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=uSNCreated,CN=Schema,CN=Configuration,${BASEDN} -cn: uSNCreated -name: uSNCreated +dn: CN=USN-Created,CN=Schema,CN=Configuration,${BASEDN} +cn: USN-Created +name: USN-Created objectClass: top objectClass: attributeSchema lDAPDisplayName: uSNCreated @@ -5925,10 +6391,11 @@ schemaIDGUID: bf967a70-0de6-11d0-a285-00aa003049e2 adminDisplayName: USN-Created attributeID: 1.2.840.113556.1.2.19 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=subRefs,CN=Schema,CN=Configuration,${BASEDN} -cn: subRefs -name: subRefs +dn: CN=Sub-Refs,CN=Schema,CN=Configuration,${BASEDN} +cn: Sub-Refs +name: Sub-Refs objectClass: top objectClass: attributeSchema lDAPDisplayName: subRefs @@ -5939,10 +6406,12 @@ schemaIDGUID: bf967a3c-0de6-11d0-a285-00aa003049e2 adminDisplayName: Sub-Refs attributeID: 1.2.840.113556.1.2.7 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=proxyAddresses,CN=Schema,CN=Configuration,${BASEDN} -cn: proxyAddresses -name: proxyAddresses +dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,${BASEDN} +cn: Proxy-Addresses +name: Proxy-Addresses objectClass: top objectClass: attributeSchema lDAPDisplayName: proxyAddresses @@ -5953,10 +6422,11 @@ schemaIDGUID: bf967a06-0de6-11d0-a285-00aa003049e2 adminDisplayName: Proxy-Addresses attributeID: 1.2.840.113556.1.2.210 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=superiorDNSRoot,CN=Schema,CN=Configuration,${BASEDN} -cn: superiorDNSRoot -name: superiorDNSRoot +dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,${BASEDN} +cn: Superior-DNS-Root +name: Superior-DNS-Root objectClass: top objectClass: attributeSchema lDAPDisplayName: superiorDNSRoot @@ -5967,10 +6437,11 @@ schemaIDGUID: 5245801d-ca6a-11d0-afff-0000f80367c1 adminDisplayName: Superior-DNS-Root attributeID: 1.2.840.113556.1.4.532 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=rootTrust,CN=Schema,CN=Configuration,${BASEDN} -cn: rootTrust -name: rootTrust +dn: CN=Root-Trust,CN=Schema,CN=Configuration,${BASEDN} +cn: Root-Trust +name: Root-Trust objectClass: top objectClass: attributeSchema lDAPDisplayName: rootTrust @@ -5981,10 +6452,12 @@ schemaIDGUID: 7bfdcb80-4807-11d1-a9c3-0000f80367c1 adminDisplayName: Root-Trust attributeID: 1.2.840.113556.1.4.674 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=shellContextMenu,CN=Schema,CN=Configuration,${BASEDN} -cn: shellContextMenu -name: shellContextMenu +dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,${BASEDN} +cn: Shell-Context-Menu +name: Shell-Context-Menu objectClass: top objectClass: attributeSchema lDAPDisplayName: shellContextMenu @@ -5995,10 +6468,11 @@ schemaIDGUID: 553fd039-f32e-11d0-b0bc-00c04fd8dca6 adminDisplayName: Shell-Context-Menu attributeID: 1.2.840.113556.1.4.615 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=classDisplayName,CN=Schema,CN=Configuration,${BASEDN} -cn: classDisplayName -name: classDisplayName +dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Class-Display-Name +name: Class-Display-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: classDisplayName @@ -6009,10 +6483,11 @@ schemaIDGUID: 548e1c22-dea6-11d0-b010-0000f80367c1 adminDisplayName: Class-Display-Name attributeID: 1.2.840.113556.1.4.610 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=cACertificate,CN=Schema,CN=Configuration,${BASEDN} -cn: cACertificate -name: cACertificate +dn: CN=CA-Certificate,CN=Schema,CN=Configuration,${BASEDN} +cn: CA-Certificate +name: CA-Certificate objectClass: top objectClass: attributeSchema lDAPDisplayName: cACertificate @@ -6023,10 +6498,11 @@ schemaIDGUID: bf967932-0de6-11d0-a285-00aa003049e2 adminDisplayName: CA-Certificate attributeID: 2.5.4.37 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=mhsORAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: mhsORAddress -name: mhsORAddress +dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: MHS-OR-Address +name: MHS-OR-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: mhsORAddress @@ -6037,10 +6513,11 @@ schemaIDGUID: 0296c122-40da-11d1-a9c0-0000f80367c1 adminDisplayName: MHS-OR-Address attributeID: 1.2.840.113556.1.4.650 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=ntPwdHistory,CN=Schema,CN=Configuration,${BASEDN} -cn: ntPwdHistory -name: ntPwdHistory +dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,${BASEDN} +cn: Nt-Pwd-History +name: Nt-Pwd-History objectClass: top objectClass: attributeSchema lDAPDisplayName: ntPwdHistory @@ -6051,10 +6528,11 @@ schemaIDGUID: bf9679e2-0de6-11d0-a285-00aa003049e2 adminDisplayName: Nt-Pwd-History attributeID: 1.2.840.113556.1.4.94 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=mailAddress,CN=Schema,CN=Configuration,${BASEDN} -cn: mailAddress -name: mailAddress +dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,${BASEDN} +cn: SMTP-Mail-Address +name: SMTP-Mail-Address objectClass: top objectClass: attributeSchema lDAPDisplayName: mailAddress @@ -6065,10 +6543,26 @@ schemaIDGUID: 26d9736f-6070-11d1-a9c6-0000f80367c1 adminDisplayName: SMTP-Mail-Address attributeID: 1.2.840.113556.1.4.786 attributeSyntax: 2.5.5.12 +oMSyntax: 64 + +dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,${BASEDN} +cn: Foreign-Identifier +name: Foreign-Identifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: foreignIdentifier +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 3e97891e-8c01-11d0-afda-00c04fd930c9 +adminDisplayName: Foreign-Identifier +attributeID: 1.2.840.113556.1.4.356 +attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=uSNChanged,CN=Schema,CN=Configuration,${BASEDN} -cn: uSNChanged -name: uSNChanged +dn: CN=USN-Changed,CN=Schema,CN=Configuration,${BASEDN} +cn: USN-Changed +name: USN-Changed objectClass: top objectClass: attributeSchema lDAPDisplayName: uSNChanged @@ -6079,10 +6573,11 @@ schemaIDGUID: bf967a6f-0de6-11d0-a285-00aa003049e2 adminDisplayName: USN-Changed attributeID: 1.2.840.113556.1.2.120 attributeSyntax: 2.5.5.16 +oMSyntax: 65 -dn: CN=repsFrom,CN=Schema,CN=Configuration,${BASEDN} -cn: repsFrom -name: repsFrom +dn: CN=Reps-From,CN=Schema,CN=Configuration,${BASEDN} +cn: Reps-From +name: Reps-From objectClass: top objectClass: attributeSchema lDAPDisplayName: repsFrom @@ -6093,10 +6588,12 @@ schemaIDGUID: bf967a1d-0de6-11d0-a285-00aa003049e2 adminDisplayName: Reps-From attributeID: 1.2.840.113556.1.2.91 attributeSyntax: 2.5.5.10 +oMSyntax: 127 +oMObjectClass:: KoZIhvcUAQEBBg== -dn: CN=otherWellKnownObjects,CN=Schema,CN=Configuration,${BASEDN} -cn: otherWellKnownObjects -name: otherWellKnownObjects +dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,${BASEDN} +cn: Other-Well-Known-Objects +name: Other-Well-Known-Objects objectClass: top objectClass: attributeSchema lDAPDisplayName: otherWellKnownObjects @@ -6107,10 +6604,12 @@ schemaIDGUID: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1 adminDisplayName: Other-Well-Known-Objects attributeID: 1.2.840.113556.1.4.1359 attributeSyntax: 2.5.5.7 +oMSyntax: 127 +oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=msDS-NCReplCursors,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-NCReplCursors -name: msDS-NCReplCursors +dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-NC-Repl-Cursors +name: ms-DS-NC-Repl-Cursors objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-NCReplCursors @@ -6121,10 +6620,11 @@ schemaIDGUID: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc adminDisplayName: ms-DS-NC-Repl-Cursors attributeID: 1.2.840.113556.1.4.1704 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=managedObjects,CN=Schema,CN=Configuration,${BASEDN} -cn: managedObjects -name: managedObjects +dn: CN=Managed-Objects,CN=Schema,CN=Configuration,${BASEDN} +cn: Managed-Objects +name: Managed-Objects objectClass: top objectClass: attributeSchema lDAPDisplayName: managedObjects @@ -6136,10 +6636,12 @@ schemaIDGUID: 0296c124-40da-11d1-a9c0-0000f80367c1 adminDisplayName: Managed-Objects attributeID: 1.2.840.113556.1.4.654 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=msDS-AllowedDNSSuffixes,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AllowedDNSSuffixes -name: msDS-AllowedDNSSuffixes +dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Allowed-DNS-Suffixes +name: ms-DS-Allowed-DNS-Suffixes objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-AllowedDNSSuffixes @@ -6150,10 +6652,11 @@ schemaIDGUID: 8469441b-9ac4-4e45-8205-bd219dbf672d adminDisplayName: ms-DS-Allowed-DNS-Suffixes attributeID: 1.2.840.113556.1.4.1710 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=nCName,CN=Schema,CN=Configuration,${BASEDN} -cn: nCName -name: nCName +dn: CN=NC-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: NC-Name +name: NC-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: nCName @@ -6164,10 +6667,12 @@ schemaIDGUID: bf9679d6-0de6-11d0-a285-00aa003049e2 adminDisplayName: NC-Name attributeID: 1.2.840.113556.1.2.16 attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK -dn: CN=nETBIOSName,CN=Schema,CN=Configuration,${BASEDN} -cn: nETBIOSName -name: nETBIOSName +dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: NETBIOS-Name +name: NETBIOS-Name objectClass: top objectClass: attributeSchema lDAPDisplayName: nETBIOSName @@ -6178,10 +6683,11 @@ schemaIDGUID: bf9679d8-0de6-11d0-a285-00aa003049e2 adminDisplayName: NETBIOS-Name attributeID: 1.2.840.113556.1.4.87 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=queryFilter,CN=Schema,CN=Configuration,${BASEDN} -cn: queryFilter -name: queryFilter +dn: CN=Query-Filter,CN=Schema,CN=Configuration,${BASEDN} +cn: Query-Filter +name: Query-Filter objectClass: top objectClass: attributeSchema lDAPDisplayName: queryFilter @@ -6192,10 +6698,11 @@ schemaIDGUID: cbf70a26-7e78-11d2-9921-0000f87a57d4 adminDisplayName: Query-Filter attributeID: 1.2.840.113556.1.4.1355 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=preferredDeliveryMethod,CN=Schema,CN=Configuration,${BASEDN} -cn: preferredDeliveryMethod -name: preferredDeliveryMethod +dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,${BASEDN} +cn: Preferred-Delivery-Method +name: Preferred-Delivery-Method objectClass: top objectClass: attributeSchema lDAPDisplayName: preferredDeliveryMethod @@ -6206,10 +6713,11 @@ schemaIDGUID: bf9679fe-0de6-11d0-a285-00aa003049e2 adminDisplayName: Preferred-Delivery-Method attributeID: 2.5.4.28 attributeSyntax: 2.5.5.9 +oMSyntax: 10 -dn: CN=mSMQSiteForeign,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQSiteForeign -name: mSMQSiteForeign +dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Site-Foreign +name: MSMQ-Site-Foreign objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQSiteForeign @@ -6220,6 +6728,7 @@ schemaIDGUID: fd129d8a-d57e-11d1-90a2-00c04fd91ab1 adminDisplayName: MSMQ-Site-Foreign attributeID: 1.2.840.113556.1.4.961 attributeSyntax: 2.5.5.8 +oMSyntax: 1 dn: CN=audio,CN=Schema,CN=Configuration,${BASEDN} cn: audio @@ -6234,10 +6743,11 @@ schemaIDGUID: d0e1d224-e1a0-42ce-a2da-793ba5244f35 adminDisplayName: audio attributeID: 0.9.2342.19200300.100.1.55 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=scriptPath,CN=Schema,CN=Configuration,${BASEDN} -cn: scriptPath -name: scriptPath +dn: CN=Script-Path,CN=Schema,CN=Configuration,${BASEDN} +cn: Script-Path +name: Script-Path objectClass: top objectClass: attributeSchema lDAPDisplayName: scriptPath @@ -6248,10 +6758,11 @@ schemaIDGUID: bf9679a8-0de6-11d0-a285-00aa003049e2 adminDisplayName: Script-Path attributeID: 1.2.840.113556.1.4.62 attributeSyntax: 2.5.5.12 +oMSyntax: 64 -dn: CN=mSMQDigests,CN=Schema,CN=Configuration,${BASEDN} -cn: mSMQDigests -name: mSMQDigests +dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,${BASEDN} +cn: MSMQ-Digests +name: MSMQ-Digests objectClass: top objectClass: attributeSchema lDAPDisplayName: mSMQDigests @@ -6262,10 +6773,11 @@ schemaIDGUID: 9a0dc33c-c100-11d1-bbc5-0080c76670c0 adminDisplayName: MSMQ-Digests attributeID: 1.2.840.113556.1.4.948 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=msDS-Cached-Membership,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-Cached-Membership -name: msDS-Cached-Membership +dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Cached-Membership +name: ms-DS-Cached-Membership objectClass: top objectClass: attributeSchema lDAPDisplayName: msDS-Cached-Membership @@ -6276,10 +6788,11 @@ schemaIDGUID: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20 adminDisplayName: ms-DS-Cached-Membership attributeID: 1.2.840.113556.1.4.1441 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=logonHours,CN=Schema,CN=Configuration,${BASEDN} -cn: logonHours -name: logonHours +dn: CN=Logon-Hours,CN=Schema,CN=Configuration,${BASEDN} +cn: Logon-Hours +name: Logon-Hours objectClass: top objectClass: attributeSchema lDAPDisplayName: logonHours @@ -6290,10 +6803,11 @@ schemaIDGUID: bf9679ab-0de6-11d0-a285-00aa003049e2 adminDisplayName: Logon-Hours attributeID: 1.2.840.113556.1.4.64 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -dn: CN=top,CN=Schema,CN=Configuration,${BASEDN} -cn: top -name: top +dn: CN=Top,CN=Schema,CN=Configuration,${BASEDN} +cn: Top +name: Top objectClass: top objectClass: classSchema systemPossSuperiors: lostAndFound @@ -6401,9 +6915,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967ab7-0de6-11d0-a285-00aa003049e2 -dn: CN=domainDNS,CN=Schema,CN=Configuration,${BASEDN} -cn: domainDNS -name: domainDNS +dn: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +cn: Domain-DNS +name: Domain-DNS objectClass: top objectClass: classSchema systemAuxiliaryClass: samDomain @@ -6459,9 +6973,9 @@ possibleInferiors: contact possibleInferiors: mSMQMigratedUser schemaIDGUID: 19195a5b-6da0-11d0-afd3-00c04fd930c9 -dn: CN=msDS-AzApplication,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzApplication -name: msDS-AzApplication +dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Application +name: ms-DS-Az-Application objectClass: top objectClass: classSchema systemPossSuperiors: msDS-AzAdminManager @@ -6493,9 +7007,9 @@ possibleInferiors: msExchConfigurationContainer possibleInferiors: msDS-AzOperation schemaIDGUID: ddf8de9b-cba5-4e12-842e-28d8b66f75ec -dn: CN=builtinDomain,CN=Schema,CN=Configuration,${BASEDN} -cn: builtinDomain -name: builtinDomain +dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +cn: Builtin-Domain +name: Builtin-Domain objectClass: top objectClass: classSchema systemAuxiliaryClass: samDomainBase @@ -6519,9 +7033,9 @@ possibleInferiors: inetOrgPerson possibleInferiors: mSMQMigratedUser schemaIDGUID: bf967a81-0de6-11d0-a285-00aa003049e2 -dn: CN=infrastructureUpdate,CN=Schema,CN=Configuration,${BASEDN} -cn: infrastructureUpdate -name: infrastructureUpdate +dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +cn: Infrastructure-Update +name: Infrastructure-Update objectClass: top objectClass: classSchema systemPossSuperiors: infrastructureUpdate @@ -6540,9 +7054,9 @@ defaultSecurityDescriptor: D:(A;;GA;;;SY) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: 2df90d89-009f-11d2-aa4c-00c04fd7d83a -dn: CN=configuration,CN=Schema,CN=Configuration,${BASEDN} -cn: configuration -name: configuration +dn: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +cn: Configuration +name: Configuration objectClass: top objectClass: classSchema systemPossSuperiors: domainDNS @@ -6571,9 +7085,9 @@ possibleInferiors: msExchConfigurationContainer possibleInferiors: msDS-QuotaContainer schemaIDGUID: bf967a87-0de6-11d0-a285-00aa003049e2 -dn: CN=crossRef,CN=Schema,CN=Configuration,${BASEDN} -cn: crossRef -name: crossRef +dn: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +cn: Cross-Ref +name: Cross-Ref objectClass: top objectClass: classSchema systemPossSuperiors: crossRefContainer @@ -6605,9 +7119,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967a8d-0de6-11d0-a285-00aa003049e2 -dn: CN=rIDManager,CN=Schema,CN=Configuration,${BASEDN} -cn: rIDManager -name: rIDManager +dn: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +cn: RID-Manager +name: RID-Manager objectClass: top objectClass: classSchema systemPossSuperiors: container @@ -6625,9 +7139,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: 6617188d-8f3c-11d0-afda-00c04fd930c9 -dn: CN=displaySpecifier,CN=Schema,CN=Configuration,${BASEDN} -cn: displaySpecifier -name: displaySpecifier +dn: CN=Display-Specifier,CN=Schema,CN=Configuration,${BASEDN} +cn: Display-Specifier +name: Display-Specifier objectClass: top objectClass: classSchema systemPossSuperiors: container @@ -6660,9 +7174,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: e0fa1e8a-9b45-11d0-afdd-00c04fd930c9 -dn: CN=msDS-AzScope,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzScope -name: msDS-AzScope +dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Scope +name: ms-DS-Az-Scope objectClass: top objectClass: classSchema systemPossSuperiors: msDS-AzApplication @@ -6689,9 +7203,9 @@ possibleInferiors: msDS-AzRole possibleInferiors: msExchConfigurationContainer schemaIDGUID: 4feae054-ce55-47bb-860e-5b12063a51de -dn: CN=locality,CN=Schema,CN=Configuration,${BASEDN} -cn: locality -name: locality +dn: CN=Locality,CN=Schema,CN=Configuration,${BASEDN} +cn: Locality +name: Locality objectClass: top objectClass: classSchema systemPossSuperiors: domainDNS @@ -6722,9 +7236,9 @@ possibleInferiors: locality possibleInferiors: physicalLocation schemaIDGUID: bf967aa0-0de6-11d0-a285-00aa003049e2 -dn: CN=crossRefContainer,CN=Schema,CN=Configuration,${BASEDN} -cn: crossRefContainer -name: crossRefContainer +dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +cn: Cross-Ref-Container +name: Cross-Ref-Container objectClass: top objectClass: classSchema systemPossSuperiors: configuration @@ -6747,9 +7261,9 @@ objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: crossRef schemaIDGUID: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 -dn: CN=subnetContainer,CN=Schema,CN=Configuration,${BASEDN} -cn: subnetContainer -name: subnetContainer +dn: CN=Subnet-Container,CN=Schema,CN=Configuration,${BASEDN} +cn: Subnet-Container +name: Subnet-Container objectClass: top objectClass: classSchema systemPossSuperiors: sitesContainer @@ -6767,9 +7281,9 @@ objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: subnet schemaIDGUID: b7b13125-b82e-11d0-afee-0000f80367c1 -dn: CN=nTDSDSA,CN=Schema,CN=Configuration,${BASEDN} -cn: nTDSDSA -name: nTDSDSA +dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +cn: NTDS-DSA +name: NTDS-DSA objectClass: top objectClass: classSchema systemPossSuperiors: organization @@ -6806,9 +7320,9 @@ objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: nTDSConnection schemaIDGUID: f0f8ffab-1191-11d0-a060-00aa006c33ed -dn: CN=samDomain,CN=Schema,CN=Configuration,${BASEDN} -cn: samDomain -name: samDomain +dn: CN=Sam-Domain,CN=Schema,CN=Configuration,${BASEDN} +cn: Sam-Domain +name: Sam-Domain objectClass: top objectClass: classSchema systemAuxiliaryClass: samDomainBase @@ -6863,9 +7377,9 @@ defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967a90-0de6-11d0-a285-00aa003049e2 -dn: CN=samDomainBase,CN=Schema,CN=Configuration,${BASEDN} -cn: samDomainBase -name: samDomainBase +dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,${BASEDN} +cn: Sam-Domain-Base +name: Sam-Domain-Base objectClass: top objectClass: classSchema lDAPDisplayName: samDomainBase @@ -6901,9 +7415,9 @@ systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967a91-0de6-11d0-a285-00aa003049e2 -dn: CN=country,CN=Schema,CN=Configuration,${BASEDN} -cn: country -name: country +dn: CN=Country,CN=Schema,CN=Configuration,${BASEDN} +cn: Country +name: Country objectClass: top objectClass: classSchema systemPossSuperiors: domainDNS @@ -6928,9 +7442,9 @@ possibleInferiors: physicalLocation possibleInferiors: organizationalUnit schemaIDGUID: bf967a8c-0de6-11d0-a285-00aa003049e2 -dn: CN=organizationalUnit,CN=Schema,CN=Configuration,${BASEDN} -cn: organizationalUnit -name: organizationalUnit +dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +cn: Organizational-Unit +name: Organizational-Unit objectClass: top objectClass: classSchema systemPossSuperiors: country @@ -7041,9 +7555,9 @@ possibleInferiors: mSMQMigratedUser possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: bf967aa5-0de6-11d0-a285-00aa003049e2 -dn: CN=organizationalPerson,CN=Schema,CN=Configuration,${BASEDN} -cn: organizationalPerson -name: organizationalPerson +dn: CN=Organizational-Person,CN=Schema,CN=Configuration,${BASEDN} +cn: Organizational-Person +name: Organizational-Person objectClass: top objectClass: classSchema systemPossSuperiors: organizationalUnit @@ -7117,9 +7631,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967aa4-0de6-11d0-a285-00aa003049e2 -dn: CN=nTDSService,CN=Schema,CN=Configuration,${BASEDN} -cn: nTDSService -name: nTDSService +dn: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} +cn: NTDS-Service +name: NTDS-Service objectClass: top objectClass: classSchema systemPossSuperiors: container @@ -7146,9 +7660,9 @@ possibleInferiors: groupPolicyContainer possibleInferiors: msExchConfigurationContainer schemaIDGUID: 19195a5f-6da0-11d0-afd3-00c04fd930c9 -dn: CN=serversContainer,CN=Schema,CN=Configuration,${BASEDN} -cn: serversContainer -name: serversContainer +dn: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} +cn: Servers-Container +name: Servers-Container objectClass: top objectClass: classSchema systemPossSuperiors: site @@ -7166,9 +7680,9 @@ objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: server schemaIDGUID: f780acc0-56f0-11d1-a9c6-0000f80367c1 -dn: CN=computer,CN=Schema,CN=Configuration,${BASEDN} -cn: computer -name: computer +dn: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +cn: Computer +name: Computer objectClass: top objectClass: classSchema systemPossSuperiors: container @@ -7243,9 +7757,9 @@ possibleInferiors: storage possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2 -dn: CN=person,CN=Schema,CN=Configuration,${BASEDN} -cn: person -name: person +dn: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +cn: Person +name: Person objectClass: top objectClass: classSchema systemPossSuperiors: organizationalUnit @@ -7270,9 +7784,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967aa7-0de6-11d0-a285-00aa003049e2 -dn: CN=container,CN=Schema,CN=Configuration,${BASEDN} -cn: container -name: container +dn: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +cn: Container +name: Container objectClass: top objectClass: classSchema systemPossSuperiors: msDS-AzScope @@ -7403,9 +7917,9 @@ possibleInferiors: contact possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: bf967a8b-0de6-11d0-a285-00aa003049e2 -dn: CN=site,CN=Schema,CN=Configuration,${BASEDN} -cn: site -name: site +dn: CN=Site,CN=Schema,CN=Configuration,${BASEDN} +cn: Site +name: Site objectClass: top objectClass: classSchema systemPossSuperiors: sitesContainer @@ -7435,9 +7949,9 @@ possibleInferiors: serversContainer possibleInferiors: licensingSiteSettings schemaIDGUID: bf967ab3-0de6-11d0-a285-00aa003049e2 -dn: CN=organization,CN=Schema,CN=Configuration,${BASEDN} -cn: organization -name: organization +dn: CN=Organization,CN=Schema,CN=Configuration,${BASEDN} +cn: Organization +name: Organization objectClass: top objectClass: classSchema systemPossSuperiors: locality @@ -7499,9 +8013,9 @@ possibleInferiors: organizationalPerson possibleInferiors: contact schemaIDGUID: bf967aa3-0de6-11d0-a285-00aa003049e2 -dn: CN=msDS-AzAdminManager,CN=Schema,CN=Configuration,${BASEDN} -cn: msDS-AzAdminManager -name: msDS-AzAdminManager +dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Az-Admin-Manager +name: ms-DS-Az-Admin-Manager objectClass: top objectClass: classSchema systemPossSuperiors: domainDNS @@ -7534,9 +8048,9 @@ possibleInferiors: groupPolicyContainer possibleInferiors: msExchConfigurationContainer schemaIDGUID: cfee1051-5f28-4bae-a863-5d0cc18a8ed1 -dn: CN=securityPrincipal,CN=Schema,CN=Configuration,${BASEDN} -cn: securityPrincipal -name: securityPrincipal +dn: CN=Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +cn: Security-Principal +name: Security-Principal objectClass: top objectClass: classSchema lDAPDisplayName: securityPrincipal @@ -7565,9 +8079,9 @@ systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967ab0-0de6-11d0-a285-00aa003049e2 -dn: CN=applicationSettings,CN=Schema,CN=Configuration,${BASEDN} -cn: applicationSettings -name: applicationSettings +dn: CN=Application-Settings,CN=Schema,CN=Configuration,${BASEDN} +cn: Application-Settings +name: Application-Settings objectClass: top objectClass: classSchema systemPossSuperiors: server @@ -7586,9 +8100,9 @@ systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: f780acc1-56f0-11d1-a9c6-0000f80367c1 -dn: CN=classSchema,CN=Schema,CN=Configuration,${BASEDN} -cn: classSchema -name: classSchema +dn: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +cn: Class-Schema +name: Class-Schema objectClass: top objectClass: classSchema systemPossSuperiors: dMD @@ -7629,9 +8143,9 @@ defaultSecurityDescriptor: D:S: objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967a83-0de6-11d0-a285-00aa003049e2 -dn: CN=user,CN=Schema,CN=Configuration,${BASEDN} -cn: user -name: user +dn: CN=User,CN=Schema,CN=Configuration,${BASEDN} +cn: User +name: User objectClass: top objectClass: classSchema systemAuxiliaryClass: securityPrincipal @@ -7748,9 +8262,9 @@ possibleInferiors: nTFRSSubscriptions possibleInferiors: classStore schemaIDGUID: bf967aba-0de6-11d0-a285-00aa003049e2 -dn: CN=dMD,CN=Schema,CN=Configuration,${BASEDN} -cn: dMD -name: dMD +dn: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +cn: DMD +name: DMD objectClass: top objectClass: classSchema systemPossSuperiors: configuration @@ -7777,9 +8291,9 @@ possibleInferiors: attributeSchema possibleInferiors: classSchema schemaIDGUID: bf967a8f-0de6-11d0-a285-00aa003049e2 -dn: CN=leaf,CN=Schema,CN=Configuration,${BASEDN} -cn: leaf -name: leaf +dn: CN=Leaf,CN=Schema,CN=Configuration,${BASEDN} +cn: Leaf +name: Leaf objectClass: top objectClass: classSchema lDAPDisplayName: leaf @@ -7795,9 +8309,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967a9e-0de6-11d0-a285-00aa003049e2 -dn: CN=secret,CN=Schema,CN=Configuration,${BASEDN} -cn: secret -name: secret +dn: CN=Secret,CN=Schema,CN=Configuration,${BASEDN} +cn: Secret +name: Secret objectClass: top objectClass: classSchema systemPossSuperiors: container @@ -7818,9 +8332,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967aae-0de6-11d0-a285-00aa003049e2 -dn: CN=sitesContainer,CN=Schema,CN=Configuration,${BASEDN} -cn: sitesContainer -name: sitesContainer +dn: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} +cn: Sites-Container +name: Sites-Container objectClass: top objectClass: classSchema systemPossSuperiors: configuration @@ -7840,9 +8354,9 @@ possibleInferiors: site possibleInferiors: interSiteTransportContainer schemaIDGUID: 7a4117da-cd67-11d0-afff-0000f80367c1 -dn: CN=server,CN=Schema,CN=Configuration,${BASEDN} -cn: server -name: server +dn: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +cn: Server +name: Server objectClass: top objectClass: classSchema systemPossSuperiors: serversContainer @@ -7875,9 +8389,9 @@ possibleInferiors: nTFRSSettings possibleInferiors: dSA schemaIDGUID: bf967a92-0de6-11d0-a285-00aa003049e2 -dn: CN=subSchema,CN=Schema,CN=Configuration,${BASEDN} -cn: subSchema -name: subSchema +dn: CN=SubSchema,CN=Schema,CN=Configuration,${BASEDN} +cn: SubSchema +name: SubSchema objectClass: top objectClass: classSchema systemPossSuperiors: dMD @@ -7900,9 +8414,9 @@ defaultSecurityDescriptor: D:S: objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: 5a8b3261-c38d-11d1-bbc9-0080c76670c0 -dn: CN=domain,CN=Schema,CN=Configuration,${BASEDN} -cn: domain -name: domain +dn: CN=Domain,CN=Schema,CN=Configuration,${BASEDN} +cn: Domain +name: Domain objectClass: top objectClass: classSchema systemPossSuperiors: domain @@ -7922,9 +8436,30 @@ possibleInferiors: rFC822LocalPart possibleInferiors: domainDNS schemaIDGUID: 19195a5a-6da0-11d0-afd3-00c04fd930c9 -dn: CN=subnet,CN=Schema,CN=Configuration,${BASEDN} -cn: subnet -name: subnet +dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +cn: Foreign-Security-Principal +name: Foreign-Security-Principal +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +lDAPDisplayName: foreignSecurityPrincipal +governsID: 1.2.840.113556.1.5.76 +rDNAttID: cn +systemMustContain: objectSid +systemMayContain: foreignIdentifier +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: 89e31c12-8530-11d0-afda-00c04fd930c9 + +dn: CN=Subnet,CN=Schema,CN=Configuration,${BASEDN} +cn: Subnet +name: Subnet objectClass: top objectClass: classSchema systemPossSuperiors: subnetContainer @@ -7948,9 +8483,9 @@ possibleInferiors: groupPolicyContainer possibleInferiors: msExchConfigurationContainer schemaIDGUID: b7b13124-b82e-11d0-afee-0000f80367c1 -dn: CN=mailRecipient,CN=Schema,CN=Configuration,${BASEDN} -cn: mailRecipient -name: mailRecipient +dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,${BASEDN} +cn: Mail-Recipient +name: Mail-Recipient objectClass: top objectClass: classSchema systemPossSuperiors: container @@ -7981,9 +8516,9 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: bf967aa1-0de6-11d0-a285-00aa003049e2 -dn: CN=group,CN=Schema,CN=Configuration,${BASEDN} -cn: group -name: group +dn: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +cn: Group +name: Group objectClass: top objectClass: classSchema systemAuxiliaryClass: mailRecipient @@ -8059,7 +8594,6 @@ objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( noti objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) ) objectClasses: ( 1.2.840.113556.1.5.234 NAME 'msDS-AzAdminManager' SUP top STRUCTURAL MAY ( msDS-AzMinorVersion $ msDS-AzMajorVersion $ msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzScriptTimeout $ msDS-AzScriptEngineCacheMax $ msDS-AzDomainTimeout $ description ) ) objectClasses: ( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' SUP top AUXILIARY MUST ( sAMAccountName $ objectSid ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory ) ) -objectClasses: ( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top STRUCTURAL MUST (objectSid ) MAY (foreignIdentifier ) ) objectClasses: ( 1.2.840.113556.1.5.7000.49 NAME 'applicationSettings' SUP top ABSTRACT MAY ( notificationList $ msDS-Settings $ applicationName ) ) objectClasses: ( 1.2.840.113556.1.3.13 NAME 'classSchema' SUP top STRUCTURAL MUST ( subClassOf $ schemaIDGUID $ objectClassCategory $ governsID $ defaultObjectCategory $ cn ) MAY ( systemPossSuperiors $ systemOnly $ systemMustContain $ systemMayContain $ systemAuxiliaryClass $ schemaFlagsEx $ rDNAttID $ possSuperiors $ mustContain $ msDs-Schema-Extensions $ msDS-IntId $ mayContain $ lDAPDisplayName $ isDefunct $ defaultSecurityDescriptor $ defaultHidingValue $ classDisplayName $ auxiliaryClass ) ) objectClasses: ( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson STRUCTURAL MAY ( pager $ o $ mobile $ manager $ mail $ initials $ homePhone $ businessCategory $ userCertificate $ userWorkstations $ userSharedFolderOther $ userSharedFolder $ userPrincipalName $ userParameters $ userAccountControl $ unicodePwd $ terminalServer $ servicePrincipalName $ scriptPath $ pwdLastSet $ profilePath $ primaryGroupID $ preferredOU $ otherLoginWorkstations $ operatorCount $ ntPwdHistory $ networkAddress $ msRASSavedFramedRoute $ msRASSavedFramedIPAddress $ msRASSavedCallbackNumber $ msRADIUSServiceType $ msRADIUSFramedRoute $ msRADIUSFramedIPAddress $ msRADIUSCallbackNumber $ msNPSavedCallingStationID $ msNPCallingStationID $ msNPAllowDialin $ mSMQSignCertificatesMig $ mSMQSignCertificates $ mSMQDigestsMig $ mSMQDigests $ msIIS-FTPRoot $ msIIS-FTPDir $ msDS-User-Account-Control-Computed $ msDS-Site-Affinity $ mS-DS-CreatorSID $ msDS-Cached-Membership-Time-Stamp $ msDS-Cached-Membership $ msDRM-IdentityCertificate $ msCOM-UserPartitionSetLink $ maxStorage $ logonWorkstation $ logonHours $ logonCount $ lockoutTime $ localeID $ lmPwdHistory $ lastLogonTimestamp $ lastLogon $ lastLogoff $ homeDrive $ homeDirectory $ groupsToIgnore $ groupPriority $ groupMembershipSAM $ dynamicLDAPServer $ desktopProfile $ defaultClassStore $ dBCSPwd $ controlAccessRights $ codePage $ badPwdCount $ badPasswordTime $ adminCount $ aCSPolicyName $ accountExpires $ x500uniqueIdentifier $ userSMIMECertificate $ userPKCS12 $ uid $ secretary $ roomNumber $ preferredLanguage $ photo $ labeledURI $ jpegPhoto $ homePostalAddress $ givenName $ employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $ audio ) ) @@ -8070,6 +8604,7 @@ objectClasses: ( 1.2.840.113556.1.5.107 NAME 'sitesContainer' SUP top STRUCTURAL objectClasses: ( 1.2.840.113556.1.5.17 NAME 'server' SUP top STRUCTURAL MAY ( mailAddress $ serverReference $ serialNumber $ managedBy $ dNSHostName $ bridgeheadTransportList ) ) objectClasses: ( 2.5.20.1 NAME 'subSchema' SUP top STRUCTURAL MAY ( objectClasses $ modifyTimeStamp $ extendedClassInfo $ extendedAttributeInfo $ dITContentRules $ attributeTypes ) ) objectClasses: ( 1.2.840.113556.1.5.66 NAME 'domain' SUP top ABSTRACT MUST ( dc ) ) +objectClasses: ( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top STRUCTURAL MUST ( objectSid ) MAY ( foreignIdentifier ) ) objectClasses: ( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY ( siteObject $ physicalLocationObject $ location ) ) objectClasses: ( 1.2.840.113556.1.3.46 NAME 'mailRecipient' SUP top AUXILIARY MUST ( cn ) MAY ( userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST ( groupType ) MAY ( primaryGroupToken $ operatorCount $ nTGroupMembers $ nonSecurityMember $ msDS-NonMembers $ msDS-AzLDAPQuery $ member $ managedBy $ groupMembershipSAM $ groupAttributes $ mail $ desktopProfile $ controlAccessRights $ adminCount ) ) @@ -8503,6 +9038,7 @@ attributeTypes: ( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121 attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.356 NAME 'foreignIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.120 NAME 'uSNChanged' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.91 NAME 'repsFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.1359 NAME 'otherWellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) -- cgit From d7799784af14a6e79e5e2b49f492c6e7f60ab217 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 21 Aug 2006 04:44:38 +0000 Subject: r17652: add oMSyntax to these attributes (This used to be commit 425fda84e2a4636c87b30df9df3f2c998202c933) --- source4/setup/schema_samba4.ldif | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 61af0936dc..129a963055 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -21,6 +21,7 @@ schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592 adminDisplayName: NT-PWD-Hash attributeID: 1.3.6.1.4.1.7165.4.1.1 attributeSyntax: 2.5.5.10 +oMSyntax: 4 dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN} cn: lmpwdHash @@ -35,6 +36,7 @@ schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253 adminDisplayName: LM-PWD-Hash attributeID: 1.3.6.1.4.1.7165.4.1.2 attributeSyntax: 2.5.5.10 +oMSyntax: 4 dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN} cn: sambaNtPwdHistory @@ -49,6 +51,7 @@ schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B adminDisplayName: SAMBA-NT-PWD-History attributeID: 1.3.6.1.4.1.7165.4.1.3 attributeSyntax: 2.5.5.10 +oMSyntax: 4 dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} cn: sambaLmPwdHistory @@ -63,6 +66,7 @@ schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 adminDisplayName: SAMBA-LM-PWDHistory attributeID: 1.3.6.1.4.1.7165.4.1.4 attributeSyntax: 2.5.5.10 +oMSyntax: 4 dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN} cn: sambaPassword @@ -77,6 +81,7 @@ schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A adminDisplayName: SAMBA-Password attributeID: 1.3.6.1.4.1.7165.4.1.5 attributeSyntax: 2.5.5.5 +oMSyntax: 22 dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN} cn: dnsDomain @@ -91,6 +96,7 @@ schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 adminDisplayName: SAMBA-Password attributeID: 1.3.6.1.4.1.7165.4.1.6 attributeSyntax: 2.5.5.4 +oMSyntax: 20 dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN} cn: privilege @@ -105,6 +111,7 @@ schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 adminDisplayName: Privilege attributeID: 1.3.6.1.4.1.7165.4.1.7 attributeSyntax: 2.5.5.4 +oMSyntax: 20 dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} cn: unixName @@ -119,6 +126,7 @@ schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 adminDisplayName: Unix-Name attributeID: 1.3.6.1.4.1.7165.4.1.9 attributeSyntax: 2.5.5.4 +oMSyntax: 20 dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN} cn: krb5Key @@ -133,3 +141,4 @@ schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 adminDisplayName: krb5-Key attributeID: 1.3.6.1.4.1.5322.10.1.10 attributeSyntax: 2.5.5.10 +oMSyntax: 4 -- cgit From 3f229bd5838cf09bd3d5cf1942269143ecb7ea9e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 21 Aug 2006 05:01:55 +0000 Subject: r17653: fix typo (This used to be commit aca800bdcc5f402c1fc241e9e9c495933c85b715) --- source4/setup/schema_samba4.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 129a963055..2ebf991c02 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -119,7 +119,7 @@ name: unixName objectClass: top objectClass: attributeSchema lDAPDisplayName: unixName -sSingleValued: TRUE +isSingleValued: TRUE systemFlags: 16 systemOnly: FALSE schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -- cgit From 7cb4dcf146b7ca41b8504571151911f0b3161e28 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 21 Aug 2006 13:04:14 +0000 Subject: r17662: some more enhancements to our schema extraction tool, with a nasty hack in minschema.js that I really hate (This used to be commit 74c40719f2965e2bc055e539f0933d95df070fbf) --- source4/setup/schema.ldif | 205 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index b84f162258..3a583faf2e 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -2094,6 +2094,21 @@ attributeID: 1.2.840.113556.1.4.39 attributeSyntax: 2.5.5.16 oMSyntax: 65 +dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,${BASEDN} +cn: Move-Tree-State +name: Move-Tree-State +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: moveTreeState +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1 +adminDisplayName: Move-Tree-State +attributeID: 1.2.840.113556.1.4.1305 +attributeSyntax: 2.5.5.10 +oMSyntax: 4 + dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,${BASEDN} cn: ms-DS-Allowed-To-Delegate-To name: ms-DS-Allowed-To-Delegate-To @@ -7555,6 +7570,194 @@ possibleInferiors: mSMQMigratedUser possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: bf967aa5-0de6-11d0-a285-00aa003049e2 +dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,${BASEDN} +cn: Lost-And-Found +name: Lost-And-Found +objectClass: top +objectClass: classSchema +systemPossSuperiors: configuration +systemPossSuperiors: domainDNS +systemPossSuperiors: dMD +lDAPDisplayName: lostAndFound +governsID: 1.2.840.113556.1.5.139 +rDNAttID: cn +systemMayContain: moveTreeState +objectClassCategory: 1 +subClassOf: top +defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +possibleInferiors: applicationEntity +possibleInferiors: msWMI-RangeParam +possibleInferiors: pKIEnrollmentService +possibleInferiors: mSMQEnterpriseSettings +possibleInferiors: serviceInstance +possibleInferiors: samServer +possibleInferiors: group +possibleInferiors: msWMI-UnknownRangeParam +possibleInferiors: applicationVersion +possibleInferiors: msPKI-Key-Recovery-Agent +possibleInferiors: msDS-AzApplication +possibleInferiors: lostAndFound +possibleInferiors: rpcProfile +possibleInferiors: nTDSSiteSettings +possibleInferiors: linkTrackOMTEntry +possibleInferiors: meeting +possibleInferiors: trustedDomain +possibleInferiors: linkTrackObjectMoveTable +possibleInferiors: fTDfs +possibleInferiors: mS-SQL-SQLRepository +possibleInferiors: msWMI-ShadowObject +possibleInferiors: rpcProfileElement +possibleInferiors: rpcContainer +possibleInferiors: dSUISettings +possibleInferiors: subnetContainer +possibleInferiors: interSiteTransport +possibleInferiors: msieee80211-Policy +possibleInferiors: builtinDomain +possibleInferiors: msMQ-Custom-Recipient +possibleInferiors: mSMQSiteLink +possibleInferiors: msWMI-PolicyTemplate +possibleInferiors: documentSeries +possibleInferiors: msCOM-Partition +possibleInferiors: device +possibleInferiors: friendlyCountry +possibleInferiors: sitesContainer +possibleInferiors: msWMI-PolicyType +possibleInferiors: linkTrackVolEntry +possibleInferiors: msCOM-PartitionSet +possibleInferiors: serversContainer +possibleInferiors: attributeSchema +possibleInferiors: serviceClass +possibleInferiors: serviceAdministrationPoint +possibleInferiors: packageRegistration +possibleInferiors: msWMI-StringSetParam +possibleInferiors: classSchema +possibleInferiors: computer +possibleInferiors: fileLinkTracking +possibleInferiors: rRASAdministrationConnectionPoint +possibleInferiors: organizationalRole +possibleInferiors: certificationAuthority +possibleInferiors: residentialPerson +possibleInferiors: msWMI-ObjectEncoding +possibleInferiors: mS-SQL-OLAPServer +possibleInferiors: mSMQQueue +possibleInferiors: fileLinkTrackingEntry +possibleInferiors: msWMI-UintRangeParam +possibleInferiors: foreignSecurityPrincipal +possibleInferiors: user +possibleInferiors: nTDSConnection +possibleInferiors: msWMI-UintSetParam +possibleInferiors: addressBookContainer +possibleInferiors: mS-SQL-OLAPCube +possibleInferiors: document +possibleInferiors: container +possibleInferiors: comConnectionPoint +possibleInferiors: rFC822LocalPart +possibleInferiors: msDS-AzScope +possibleInferiors: nTFRSMember +possibleInferiors: dHCPClass +possibleInferiors: siteLinkBridge +possibleInferiors: dnsNode +possibleInferiors: groupPolicyContainer +possibleInferiors: remoteStorageServicePoint +possibleInferiors: mS-SQL-SQLPublication +possibleInferiors: nTFRSSubscriptions +possibleInferiors: site +possibleInferiors: organization +possibleInferiors: msDS-AppData +possibleInferiors: inetOrgPerson +possibleInferiors: domainDNS +possibleInferiors: siteLink +possibleInferiors: licensingSiteSettings +possibleInferiors: rpcServer +possibleInferiors: groupOfNames +possibleInferiors: nTFRSSubscriber +possibleInferiors: mS-SQL-SQLDatabase +possibleInferiors: person +possibleInferiors: intellimirrorSCP +possibleInferiors: msWMI-WMIGPO +possibleInferiors: aCSResourceLimits +possibleInferiors: interSiteTransportContainer +possibleInferiors: printQueue +possibleInferiors: msTAPI-RtPerson +possibleInferiors: volume +possibleInferiors: ipsecNFA +possibleInferiors: queryPolicy +possibleInferiors: msDS-AzTask +possibleInferiors: msPKI-Enterprise-Oid +possibleInferiors: msDS-AzRole +possibleInferiors: mS-SQL-OLAPDatabase +possibleInferiors: dfsConfiguration +possibleInferiors: aCSPolicy +possibleInferiors: typeLibrary +possibleInferiors: rpcGroup +possibleInferiors: locality +possibleInferiors: msDS-App-Configuration +possibleInferiors: serviceConnectionPoint +possibleInferiors: rpcServerElement +possibleInferiors: intellimirrorGroup +possibleInferiors: mSMQConfiguration +possibleInferiors: msPKI-PrivateKeyRecoveryAgent +possibleInferiors: msWMI-IntRangeParam +possibleInferiors: physicalLocation +possibleInferiors: msWMI-MergeablePolicyTemplate +possibleInferiors: ipsecNegotiationPolicy +possibleInferiors: subnet +possibleInferiors: msDS-AzAdminManager +possibleInferiors: mS-SQL-SQLServer +possibleInferiors: msWMI-RealRangeParam +possibleInferiors: crossRef +possibleInferiors: mSMQSettings +possibleInferiors: controlAccessRight +possibleInferiors: displaySpecifier +possibleInferiors: nTDSService +possibleInferiors: indexServerCatalog +possibleInferiors: displayTemplate +possibleInferiors: msExchConfigurationContainer +possibleInferiors: msDS-QuotaContainer +possibleInferiors: groupOfUniqueNames +possibleInferiors: country +possibleInferiors: addressTemplate +possibleInferiors: msWMI-Rule +possibleInferiors: msWMI-IntSetParam +possibleInferiors: nTFRSSettings +possibleInferiors: msWMI-SimplePolicyTemplate +possibleInferiors: pKICertificateTemplate +possibleInferiors: rRASAdministrationDictionary +possibleInferiors: organizationalUnit +possibleInferiors: msTAPI-RtConference +possibleInferiors: linkTrackVolumeTable +possibleInferiors: msWMI-Som +possibleInferiors: secret +possibleInferiors: room +possibleInferiors: aCSSubnet +possibleInferiors: msMQ-Group +possibleInferiors: remoteMailRecipient +possibleInferiors: classStore +possibleInferiors: ipsecPolicy +possibleInferiors: dSA +possibleInferiors: categoryRegistration +possibleInferiors: msDS-AzOperation +possibleInferiors: ipsecFilter +possibleInferiors: organizationalPerson +possibleInferiors: account +possibleInferiors: storage +possibleInferiors: domainPolicy +possibleInferiors: server +possibleInferiors: classRegistration +possibleInferiors: nTFRSReplicaSet +possibleInferiors: cRLDistributionPoint +possibleInferiors: dnsZone +possibleInferiors: contact +possibleInferiors: msDS-QuotaControl +possibleInferiors: mSMQMigratedUser +possibleInferiors: ipsecISAKMPPolicy +schemaIDGUID: 52ab8671-5709-11d1-a9c6-0000f80367c1 + dn: CN=Organizational-Person,CN=Schema,CN=Configuration,${BASEDN} cn: Organizational-Person name: Organizational-Person @@ -8584,6 +8787,7 @@ objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( t objectClasses: ( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuide ) ) objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) ) +objectClasses: ( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY ( moveTreeState ) ) objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) ) objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY ( tombstoneLifetime $ sPNMappings $ replTopologyStayOfExecution $ msDS-Other-Settings $ garbageCollPeriod $ dSHeuristics ) ) objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL ) @@ -8746,6 +8950,7 @@ attributeTypes: ( 1.2.840.113556.1.2.14 NAME 'hasMasterNCs' SYNTAX '1.3.6.1.4.1. attributeTypes: ( 1.2.840.113556.1.4.81 NAME 'modifiedCountAtLastProm' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.78 NAME 'minPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.39 NAME 'forceLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1305 NAME 'moveTreeState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.1787 NAME 'msDS-AllowedToDelegateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.619 NAME 'dNSHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1825 NAME 'msDS-AzMinorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -- cgit From 7fcafb7a9e04791834728ab5ced99e866fde1d83 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Aug 2006 03:21:29 +0000 Subject: r17682: Add newline to end of file (This used to be commit 0e97b71386601a80f4bc264ee54e90a3a8a5841d) --- source4/setup/schema-map-openldap-2.3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index f270b983c5..485b58a44a 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -28,4 +28,4 @@ subSchema #This type of DN isn't in OpenLDAP 1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12 #Treat Security Descriptors as binary -1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 \ No newline at end of file +1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 -- cgit From 7783080810e0c6d71568a3b24fd7f2c7d856c24c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 22 Aug 2006 10:20:38 +0000 Subject: r17705: Use the paged_searches module by default against the LDAP backend, if selected. Andrew Bartlett (This used to be commit 3bb0a0d91eeb64db1ad2eeb13eab50f338caeb46) --- source4/setup/provision | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 4d4716ee1a..619d029541 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -112,7 +112,7 @@ for (r in options) { } if (options["ldap-backend"] != undefined) { - subobj["LDAPMODULES"] = "entryUUID"; + subobj["LDAPMODULES"] = "entryUUID,paged_searches"; } else { subobj["LDAPMODULES"] = "objectguid"; } -- cgit From 25ba47eaf8a8c66ab131701e61a6ea8c2a0e49d8 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 26 Aug 2006 15:38:01 +0000 Subject: r17839: do not reference possibleInferiors we have not extracted trim duplicate may attributes (This used to be commit 4975659fd70abdbae42ee378b7be766102f4df55) --- source4/setup/schema.ldif | 396 ---------------------------------------------- 1 file changed, 396 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 3a583faf2e..c664a55ba9 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -6951,41 +6951,18 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: samServer possibleInferiors: group -possibleInferiors: msPKI-Key-Recovery-Agent possibleInferiors: lostAndFound -possibleInferiors: rpcContainer possibleInferiors: builtinDomain -possibleInferiors: msMQ-Custom-Recipient -possibleInferiors: msCOM-Partition -possibleInferiors: friendlyCountry -possibleInferiors: msCOM-PartitionSet possibleInferiors: computer possibleInferiors: user possibleInferiors: container -possibleInferiors: rFC822LocalPart -possibleInferiors: groupPolicyContainer possibleInferiors: organization -possibleInferiors: inetOrgPerson possibleInferiors: domainDNS -possibleInferiors: printQueue -possibleInferiors: volume -possibleInferiors: dfsConfiguration possibleInferiors: locality -possibleInferiors: intellimirrorGroup -possibleInferiors: physicalLocation possibleInferiors: msDS-AzAdminManager -possibleInferiors: msExchConfigurationContainer -possibleInferiors: msDS-QuotaContainer -possibleInferiors: groupOfUniqueNames possibleInferiors: country possibleInferiors: organizationalUnit -possibleInferiors: remoteMailRecipient -possibleInferiors: classStore -possibleInferiors: domainPolicy -possibleInferiors: contact -possibleInferiors: mSMQMigratedUser schemaIDGUID: 19195a5b-6da0-11d0-afd3-00c04fd930c9 dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,${BASEDN} @@ -7012,14 +6989,8 @@ systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: group -possibleInferiors: rpcContainer possibleInferiors: container possibleInferiors: msDS-AzScope -possibleInferiors: groupPolicyContainer -possibleInferiors: msDS-AzTask -possibleInferiors: msDS-AzRole -possibleInferiors: msExchConfigurationContainer -possibleInferiors: msDS-AzOperation schemaIDGUID: ddf8de9b-cba5-4e12-842e-28d8b66f75ec dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} @@ -7041,11 +7012,8 @@ systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: group -possibleInferiors: msPKI-Key-Recovery-Agent possibleInferiors: computer possibleInferiors: user -possibleInferiors: inetOrgPerson -possibleInferiors: mSMQMigratedUser schemaIDGUID: bf967a81-0de6-11d0-a285-00aa003049e2 dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} @@ -7090,14 +7058,8 @@ systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: lostAndFound -possibleInferiors: rpcContainer possibleInferiors: sitesContainer -possibleInferiors: addressBookContainer possibleInferiors: container -possibleInferiors: groupPolicyContainer -possibleInferiors: physicalLocation -possibleInferiors: msExchConfigurationContainer -possibleInferiors: msDS-QuotaContainer schemaIDGUID: bf967a87-0de6-11d0-a285-00aa003049e2 dn: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} @@ -7210,12 +7172,7 @@ systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: group -possibleInferiors: rpcContainer possibleInferiors: container -possibleInferiors: groupPolicyContainer -possibleInferiors: msDS-AzTask -possibleInferiors: msDS-AzRole -possibleInferiors: msExchConfigurationContainer schemaIDGUID: 4feae054-ce55-47bb-860e-5b12063a51de dn: CN=Locality,CN=Schema,CN=Configuration,${BASEDN} @@ -7244,11 +7201,8 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: residentialPerson possibleInferiors: organization -possibleInferiors: groupOfNames possibleInferiors: locality -possibleInferiors: physicalLocation schemaIDGUID: bf967aa0-0de6-11d0-a285-00aa003049e2 dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -7332,7 +7286,6 @@ systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: nTDSConnection schemaIDGUID: f0f8ffab-1191-11d0-a060-00aa006c33ed dn: CN=Sam-Domain,CN=Schema,CN=Configuration,${BASEDN} @@ -7453,7 +7406,6 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: organization possibleInferiors: locality -possibleInferiors: physicalLocation possibleInferiors: organizationalUnit schemaIDGUID: bf967a8c-0de6-11d0-a285-00aa003049e2 @@ -7509,65 +7461,15 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: applicationEntity possibleInferiors: group -possibleInferiors: applicationVersion -possibleInferiors: msPKI-Key-Recovery-Agent -possibleInferiors: rpcContainer -possibleInferiors: msieee80211-Policy -possibleInferiors: msMQ-Custom-Recipient -possibleInferiors: documentSeries -possibleInferiors: msCOM-Partition -possibleInferiors: device -possibleInferiors: msCOM-PartitionSet -possibleInferiors: serviceAdministrationPoint possibleInferiors: computer -possibleInferiors: rRASAdministrationConnectionPoint -possibleInferiors: organizationalRole -possibleInferiors: residentialPerson -possibleInferiors: mS-SQL-OLAPServer possibleInferiors: user -possibleInferiors: document possibleInferiors: container -possibleInferiors: rFC822LocalPart -possibleInferiors: groupPolicyContainer -possibleInferiors: remoteStorageServicePoint -possibleInferiors: msDS-AppData -possibleInferiors: inetOrgPerson -possibleInferiors: groupOfNames possibleInferiors: person -possibleInferiors: intellimirrorSCP -possibleInferiors: printQueue -possibleInferiors: msTAPI-RtPerson -possibleInferiors: volume -possibleInferiors: ipsecNFA possibleInferiors: locality -possibleInferiors: msDS-App-Configuration -possibleInferiors: serviceConnectionPoint -possibleInferiors: intellimirrorGroup -possibleInferiors: physicalLocation -possibleInferiors: ipsecNegotiationPolicy possibleInferiors: msDS-AzAdminManager -possibleInferiors: mS-SQL-SQLServer -possibleInferiors: indexServerCatalog -possibleInferiors: msExchConfigurationContainer -possibleInferiors: groupOfUniqueNames -possibleInferiors: nTFRSSettings possibleInferiors: organizationalUnit -possibleInferiors: msTAPI-RtConference -possibleInferiors: room -possibleInferiors: msMQ-Group -possibleInferiors: remoteMailRecipient -possibleInferiors: classStore -possibleInferiors: ipsecPolicy -possibleInferiors: dSA -possibleInferiors: ipsecFilter possibleInferiors: organizationalPerson -possibleInferiors: account -possibleInferiors: domainPolicy -possibleInferiors: contact -possibleInferiors: mSMQMigratedUser -possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: bf967aa5-0de6-11d0-a285-00aa003049e2 dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,${BASEDN} @@ -7590,172 +7492,34 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: applicationEntity -possibleInferiors: msWMI-RangeParam -possibleInferiors: pKIEnrollmentService -possibleInferiors: mSMQEnterpriseSettings -possibleInferiors: serviceInstance -possibleInferiors: samServer possibleInferiors: group -possibleInferiors: msWMI-UnknownRangeParam -possibleInferiors: applicationVersion -possibleInferiors: msPKI-Key-Recovery-Agent possibleInferiors: msDS-AzApplication possibleInferiors: lostAndFound -possibleInferiors: rpcProfile -possibleInferiors: nTDSSiteSettings -possibleInferiors: linkTrackOMTEntry -possibleInferiors: meeting -possibleInferiors: trustedDomain -possibleInferiors: linkTrackObjectMoveTable -possibleInferiors: fTDfs -possibleInferiors: mS-SQL-SQLRepository -possibleInferiors: msWMI-ShadowObject -possibleInferiors: rpcProfileElement -possibleInferiors: rpcContainer -possibleInferiors: dSUISettings possibleInferiors: subnetContainer -possibleInferiors: interSiteTransport -possibleInferiors: msieee80211-Policy possibleInferiors: builtinDomain -possibleInferiors: msMQ-Custom-Recipient -possibleInferiors: mSMQSiteLink -possibleInferiors: msWMI-PolicyTemplate -possibleInferiors: documentSeries -possibleInferiors: msCOM-Partition -possibleInferiors: device -possibleInferiors: friendlyCountry possibleInferiors: sitesContainer -possibleInferiors: msWMI-PolicyType -possibleInferiors: linkTrackVolEntry -possibleInferiors: msCOM-PartitionSet possibleInferiors: serversContainer -possibleInferiors: attributeSchema -possibleInferiors: serviceClass -possibleInferiors: serviceAdministrationPoint -possibleInferiors: packageRegistration -possibleInferiors: msWMI-StringSetParam possibleInferiors: classSchema possibleInferiors: computer -possibleInferiors: fileLinkTracking -possibleInferiors: rRASAdministrationConnectionPoint -possibleInferiors: organizationalRole -possibleInferiors: certificationAuthority -possibleInferiors: residentialPerson -possibleInferiors: msWMI-ObjectEncoding -possibleInferiors: mS-SQL-OLAPServer -possibleInferiors: mSMQQueue -possibleInferiors: fileLinkTrackingEntry -possibleInferiors: msWMI-UintRangeParam possibleInferiors: foreignSecurityPrincipal possibleInferiors: user -possibleInferiors: nTDSConnection -possibleInferiors: msWMI-UintSetParam -possibleInferiors: addressBookContainer -possibleInferiors: mS-SQL-OLAPCube -possibleInferiors: document possibleInferiors: container -possibleInferiors: comConnectionPoint -possibleInferiors: rFC822LocalPart possibleInferiors: msDS-AzScope -possibleInferiors: nTFRSMember -possibleInferiors: dHCPClass -possibleInferiors: siteLinkBridge -possibleInferiors: dnsNode -possibleInferiors: groupPolicyContainer -possibleInferiors: remoteStorageServicePoint -possibleInferiors: mS-SQL-SQLPublication -possibleInferiors: nTFRSSubscriptions possibleInferiors: site possibleInferiors: organization -possibleInferiors: msDS-AppData -possibleInferiors: inetOrgPerson possibleInferiors: domainDNS -possibleInferiors: siteLink -possibleInferiors: licensingSiteSettings -possibleInferiors: rpcServer -possibleInferiors: groupOfNames -possibleInferiors: nTFRSSubscriber -possibleInferiors: mS-SQL-SQLDatabase possibleInferiors: person -possibleInferiors: intellimirrorSCP -possibleInferiors: msWMI-WMIGPO -possibleInferiors: aCSResourceLimits -possibleInferiors: interSiteTransportContainer -possibleInferiors: printQueue -possibleInferiors: msTAPI-RtPerson -possibleInferiors: volume -possibleInferiors: ipsecNFA -possibleInferiors: queryPolicy -possibleInferiors: msDS-AzTask -possibleInferiors: msPKI-Enterprise-Oid -possibleInferiors: msDS-AzRole -possibleInferiors: mS-SQL-OLAPDatabase -possibleInferiors: dfsConfiguration -possibleInferiors: aCSPolicy -possibleInferiors: typeLibrary -possibleInferiors: rpcGroup possibleInferiors: locality -possibleInferiors: msDS-App-Configuration -possibleInferiors: serviceConnectionPoint -possibleInferiors: rpcServerElement -possibleInferiors: intellimirrorGroup -possibleInferiors: mSMQConfiguration -possibleInferiors: msPKI-PrivateKeyRecoveryAgent -possibleInferiors: msWMI-IntRangeParam -possibleInferiors: physicalLocation -possibleInferiors: msWMI-MergeablePolicyTemplate -possibleInferiors: ipsecNegotiationPolicy possibleInferiors: subnet possibleInferiors: msDS-AzAdminManager -possibleInferiors: mS-SQL-SQLServer -possibleInferiors: msWMI-RealRangeParam possibleInferiors: crossRef -possibleInferiors: mSMQSettings -possibleInferiors: controlAccessRight possibleInferiors: displaySpecifier possibleInferiors: nTDSService -possibleInferiors: indexServerCatalog -possibleInferiors: displayTemplate -possibleInferiors: msExchConfigurationContainer -possibleInferiors: msDS-QuotaContainer -possibleInferiors: groupOfUniqueNames possibleInferiors: country -possibleInferiors: addressTemplate -possibleInferiors: msWMI-Rule -possibleInferiors: msWMI-IntSetParam -possibleInferiors: nTFRSSettings -possibleInferiors: msWMI-SimplePolicyTemplate -possibleInferiors: pKICertificateTemplate -possibleInferiors: rRASAdministrationDictionary possibleInferiors: organizationalUnit -possibleInferiors: msTAPI-RtConference -possibleInferiors: linkTrackVolumeTable -possibleInferiors: msWMI-Som possibleInferiors: secret -possibleInferiors: room -possibleInferiors: aCSSubnet -possibleInferiors: msMQ-Group -possibleInferiors: remoteMailRecipient -possibleInferiors: classStore -possibleInferiors: ipsecPolicy -possibleInferiors: dSA -possibleInferiors: categoryRegistration -possibleInferiors: msDS-AzOperation -possibleInferiors: ipsecFilter possibleInferiors: organizationalPerson -possibleInferiors: account -possibleInferiors: storage -possibleInferiors: domainPolicy possibleInferiors: server -possibleInferiors: classRegistration -possibleInferiors: nTFRSReplicaSet -possibleInferiors: cRLDistributionPoint -possibleInferiors: dnsZone -possibleInferiors: contact -possibleInferiors: msDS-QuotaControl -possibleInferiors: mSMQMigratedUser -possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: 52ab8671-5709-11d1-a9c6-0000f80367c1 dn: CN=Organizational-Person,CN=Schema,CN=Configuration,${BASEDN} @@ -7857,10 +7621,7 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: rpcContainer possibleInferiors: container -possibleInferiors: groupPolicyContainer -possibleInferiors: msExchConfigurationContainer schemaIDGUID: 19195a5f-6da0-11d0-afd3-00c04fd930c9 dn: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} @@ -7927,37 +7688,6 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: serviceInstance -possibleInferiors: applicationVersion -possibleInferiors: rpcProfile -possibleInferiors: rpcProfileElement -possibleInferiors: msieee80211-Policy -possibleInferiors: serviceAdministrationPoint -possibleInferiors: rRASAdministrationConnectionPoint -possibleInferiors: mS-SQL-OLAPServer -possibleInferiors: comConnectionPoint -possibleInferiors: remoteStorageServicePoint -possibleInferiors: nTFRSSubscriptions -possibleInferiors: msDS-AppData -possibleInferiors: rpcServer -possibleInferiors: intellimirrorSCP -possibleInferiors: printQueue -possibleInferiors: volume -possibleInferiors: ipsecNFA -possibleInferiors: rpcGroup -possibleInferiors: msDS-App-Configuration -possibleInferiors: serviceConnectionPoint -possibleInferiors: rpcServerElement -possibleInferiors: mSMQConfiguration -possibleInferiors: ipsecNegotiationPolicy -possibleInferiors: mS-SQL-SQLServer -possibleInferiors: indexServerCatalog -possibleInferiors: classStore -possibleInferiors: ipsecPolicy -possibleInferiors: dSA -possibleInferiors: ipsecFilter -possibleInferiors: storage -possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2 dn: CN=Person,CN=Schema,CN=Configuration,${BASEDN} @@ -8018,106 +7748,17 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: applicationEntity -possibleInferiors: pKIEnrollmentService -possibleInferiors: mSMQEnterpriseSettings -possibleInferiors: serviceInstance -possibleInferiors: samServer possibleInferiors: group -possibleInferiors: applicationVersion -possibleInferiors: msPKI-Key-Recovery-Agent -possibleInferiors: rpcProfile -possibleInferiors: meeting -possibleInferiors: trustedDomain -possibleInferiors: linkTrackObjectMoveTable -possibleInferiors: rpcProfileElement -possibleInferiors: rpcContainer -possibleInferiors: dSUISettings -possibleInferiors: msieee80211-Policy -possibleInferiors: msMQ-Custom-Recipient -possibleInferiors: msWMI-PolicyTemplate -possibleInferiors: documentSeries -possibleInferiors: msCOM-Partition -possibleInferiors: device -possibleInferiors: msWMI-PolicyType -possibleInferiors: msCOM-PartitionSet -possibleInferiors: serviceClass -possibleInferiors: serviceAdministrationPoint possibleInferiors: computer -possibleInferiors: fileLinkTracking -possibleInferiors: rRASAdministrationConnectionPoint -possibleInferiors: organizationalRole -possibleInferiors: certificationAuthority -possibleInferiors: residentialPerson -possibleInferiors: msWMI-ObjectEncoding -possibleInferiors: mS-SQL-OLAPServer possibleInferiors: foreignSecurityPrincipal possibleInferiors: user -possibleInferiors: document possibleInferiors: container -possibleInferiors: comConnectionPoint -possibleInferiors: rFC822LocalPart -possibleInferiors: dHCPClass -possibleInferiors: groupPolicyContainer -possibleInferiors: remoteStorageServicePoint -possibleInferiors: msDS-AppData -possibleInferiors: inetOrgPerson -possibleInferiors: rpcServer -possibleInferiors: groupOfNames possibleInferiors: person -possibleInferiors: intellimirrorSCP -possibleInferiors: msWMI-WMIGPO -possibleInferiors: aCSResourceLimits -possibleInferiors: printQueue -possibleInferiors: volume -possibleInferiors: ipsecNFA -possibleInferiors: queryPolicy -possibleInferiors: msDS-AzTask -possibleInferiors: msPKI-Enterprise-Oid -possibleInferiors: msDS-AzRole -possibleInferiors: dfsConfiguration -possibleInferiors: aCSPolicy -possibleInferiors: rpcGroup -possibleInferiors: msDS-App-Configuration -possibleInferiors: serviceConnectionPoint -possibleInferiors: rpcServerElement -possibleInferiors: intellimirrorGroup -possibleInferiors: msPKI-PrivateKeyRecoveryAgent -possibleInferiors: msWMI-MergeablePolicyTemplate -possibleInferiors: ipsecNegotiationPolicy possibleInferiors: msDS-AzAdminManager -possibleInferiors: mS-SQL-SQLServer -possibleInferiors: controlAccessRight possibleInferiors: displaySpecifier possibleInferiors: nTDSService -possibleInferiors: indexServerCatalog -possibleInferiors: displayTemplate -possibleInferiors: msExchConfigurationContainer -possibleInferiors: groupOfUniqueNames -possibleInferiors: addressTemplate -possibleInferiors: msWMI-Rule -possibleInferiors: nTFRSSettings -possibleInferiors: msWMI-SimplePolicyTemplate -possibleInferiors: pKICertificateTemplate -possibleInferiors: rRASAdministrationDictionary -possibleInferiors: linkTrackVolumeTable -possibleInferiors: msWMI-Som possibleInferiors: secret -possibleInferiors: room -possibleInferiors: aCSSubnet -possibleInferiors: classStore -possibleInferiors: ipsecPolicy -possibleInferiors: dSA -possibleInferiors: msDS-AzOperation -possibleInferiors: ipsecFilter possibleInferiors: organizationalPerson -possibleInferiors: account -possibleInferiors: storage -possibleInferiors: domainPolicy -possibleInferiors: cRLDistributionPoint -possibleInferiors: dnsZone -possibleInferiors: contact -possibleInferiors: ipsecISAKMPPolicy schemaIDGUID: bf967a8b-0de6-11d0-a285-00aa003049e2 dn: CN=Site,CN=Schema,CN=Configuration,${BASEDN} @@ -8147,9 +7788,7 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: nTDSSiteSettings possibleInferiors: serversContainer -possibleInferiors: licensingSiteSettings schemaIDGUID: bf967ab3-0de6-11d0-a285-00aa003049e2 dn: CN=Organization,CN=Schema,CN=Configuration,${BASEDN} @@ -8192,28 +7831,14 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: msPKI-Key-Recovery-Agent -possibleInferiors: rpcContainer -possibleInferiors: device -possibleInferiors: friendlyCountry possibleInferiors: computer -possibleInferiors: organizationalRole possibleInferiors: user possibleInferiors: container -possibleInferiors: rFC822LocalPart -possibleInferiors: groupPolicyContainer -possibleInferiors: inetOrgPerson possibleInferiors: domainDNS -possibleInferiors: groupOfNames -possibleInferiors: msTAPI-RtPerson possibleInferiors: locality -possibleInferiors: physicalLocation -possibleInferiors: msExchConfigurationContainer possibleInferiors: country -possibleInferiors: nTFRSSettings possibleInferiors: organizationalUnit possibleInferiors: organizationalPerson -possibleInferiors: contact schemaIDGUID: bf967aa3-0de6-11d0-a285-00aa003049e2 dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,${BASEDN} @@ -8245,10 +7870,7 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: group possibleInferiors: msDS-AzApplication -possibleInferiors: rpcContainer possibleInferiors: container -possibleInferiors: groupPolicyContainer -possibleInferiors: msExchConfigurationContainer schemaIDGUID: cfee1051-5f28-4bae-a863-5d0cc18a8ed1 dn: CN=Security-Principal,CN=Schema,CN=Configuration,${BASEDN} @@ -8461,8 +8083,6 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: nTFRSSubscriptions -possibleInferiors: classStore schemaIDGUID: bf967aba-0de6-11d0-a285-00aa003049e2 dn: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} @@ -8490,7 +8110,6 @@ systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: lostAndFound -possibleInferiors: attributeSchema possibleInferiors: classSchema schemaIDGUID: bf967a8f-0de6-11d0-a285-00aa003049e2 @@ -8554,7 +8173,6 @@ defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCL objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: subnetContainer possibleInferiors: site -possibleInferiors: interSiteTransportContainer schemaIDGUID: 7a4117da-cd67-11d0-afff-0000f80367c1 dn: CN=Server,CN=Schema,CN=Configuration,${BASEDN} @@ -8580,16 +8198,7 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: applicationVersion -possibleInferiors: rpcContainer possibleInferiors: container -possibleInferiors: groupPolicyContainer -possibleInferiors: msDS-AppData -possibleInferiors: msDS-App-Configuration -possibleInferiors: mSMQSettings -possibleInferiors: msExchConfigurationContainer -possibleInferiors: nTFRSSettings -possibleInferiors: dSA schemaIDGUID: bf967a92-0de6-11d0-a285-00aa003049e2 dn: CN=SubSchema,CN=Schema,CN=Configuration,${BASEDN} @@ -8635,7 +8244,6 @@ defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: rFC822LocalPart possibleInferiors: domainDNS schemaIDGUID: 19195a5a-6da0-11d0-afd3-00c04fd930c9 @@ -8680,10 +8288,7 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: rpcContainer possibleInferiors: container -possibleInferiors: groupPolicyContainer -possibleInferiors: msExchConfigurationContainer schemaIDGUID: b7b13124-b82e-11d0-afee-0000f80367c1 dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,${BASEDN} @@ -8759,7 +8364,6 @@ systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} -possibleInferiors: classStore schemaIDGUID: bf967a9c-0de6-11d0-a285-00aa003049e2 dn: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} -- cgit From 2b99336a56a47838510f9b8a01aab05363c424b6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 28 Aug 2006 05:26:42 +0000 Subject: r17876: Require one less patch for the LDAP backend to work. This lets the modules or backend generate the host and domain GUID, rather than the randguid() function. These can still be specified from the command line. Andrew Bartlett (This used to be commit 32996ca9d62568006f8bee85a1f2f37c64c04fb5) --- source4/setup/provision_basedn_modify.ldif | 4 +--- source4/setup/provision_users.ldif | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index d8765a3c0a..ca02975a0e 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -9,9 +9,6 @@ dnsDomain: ${DNSDOMAIN} replace: dc dc: ${RDN_DC} - -replace: objectGUID -objectGUID: ${DOMAINGUID} -- replace: forceLogoff forceLogoff: 9223372036854775808 - @@ -79,4 +76,5 @@ replace: subRefs subRefs: CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} - +${DOMAINGUID_MOD} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 5cd5991c41..10830dde0b 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -71,7 +71,6 @@ privilege: SeRemoteInteractiveLogonRight dn: CN=${NETBIOSNAME},CN=Domain Controllers,${BASEDN} objectClass: computer cn: ${NETBIOSNAME} -objectGUID: ${HOSTGUID} userAccountControl: 532480 localPolicyFlags: 0 primaryGroupID: 516 @@ -89,7 +88,7 @@ servicePrincipalName: HOST/${DNSNAME}/${REALM} servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} - +${HOSTGUID_ADD} dn: CN=Users,CN=Builtin,${BASEDN} objectClass: top -- cgit From 6c68f1ae9ec1ef6afbde634cd0ea591860916524 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 29 Aug 2006 22:50:49 +0000 Subject: r17926: add trustedDomain class (This used to be commit 43e95f4572778fec70ea4a62b6b4d20d8f96a2f8) --- source4/setup/schema.ldif | 263 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 263 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index c664a55ba9..9f646d4d5b 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -227,6 +227,21 @@ attributeID: 1.2.840.113556.1.4.966 attributeSyntax: 2.5.5.10 oMSyntax: 4 +dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,${BASEDN} +cn: Domain-Identifier +name: Domain-Identifier +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: domainIdentifier +isSingleValued: TRUE +systemFlags: 16 +systemOnly: TRUE +schemaIDGUID: 7f561278-5301-11d1-a9c5-0000f80367c1 +adminDisplayName: Domain-Identifier +attributeID: 1.2.840.113556.1.4.755 +attributeSyntax: 2.5.5.9 +oMSyntax: 2 + dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,${BASEDN} cn: Legacy-Exchange-DN name: Legacy-Exchange-DN @@ -486,6 +501,36 @@ attributeID: 2.5.21.6 attributeSyntax: 2.5.5.12 oMSyntax: 64 +dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Attributes +name: Trust-Attributes +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustAttributes +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 80a67e5a-9f22-11d0-afdd-00c04fd930c9 +adminDisplayName: Trust-Attributes +attributeID: 1.2.840.113556.1.4.470 +attributeSyntax: 2.5.5.9 +oMSyntax: 2 + +dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,${BASEDN} +cn: ms-DS-Trust-Forest-Trust-Info +name: ms-DS-Trust-Forest-Trust-Info +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: msDS-TrustForestTrustInfo +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 29cc866e-49d3-4969-942e-1dbc0925d183 +adminDisplayName: ms-DS-Trust-Forest-Trust-Info +attributeID: 1.2.840.113556.1.4.1702 +attributeSyntax: 2.5.5.10 +oMSyntax: 4 + dn: CN=Site-Object,CN=Schema,CN=Configuration,${BASEDN} cn: Site-Object name: Site-Object @@ -669,6 +714,21 @@ attributeID: 1.2.840.113556.1.2.25 attributeSyntax: 2.5.5.2 oMSyntax: 6 +dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Auth-Outgoing +name: Trust-Auth-Outgoing +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustAuthOutgoing +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a5f-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Trust-Auth-Outgoing +attributeID: 1.2.840.113556.1.4.135 +attributeSyntax: 2.5.5.10 +oMSyntax: 4 + dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} cn: Server-Reference-BL name: Server-Reference-BL @@ -1015,6 +1075,21 @@ attributeID: 2.5.21.5 attributeSyntax: 2.5.5.12 oMSyntax: 64 +dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,${BASEDN} +cn: Initial-Auth-Outgoing +name: Initial-Auth-Outgoing +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: initialAuthOutgoing +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 52458024-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Initial-Auth-Outgoing +attributeID: 1.2.840.113556.1.4.540 +attributeSyntax: 2.5.5.12 +oMSyntax: 64 + dn: CN=Object-Class,CN=Schema,CN=Configuration,${BASEDN} cn: Object-Class name: Object-Class @@ -1762,6 +1837,21 @@ attributeID: 1.2.840.113556.1.4.1189 attributeSyntax: 2.5.5.5 oMSyntax: 22 +dn: CN=Trust-Type,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Type +name: Trust-Type +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustType +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a60-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Trust-Type +attributeID: 1.2.840.113556.1.4.136 +attributeSyntax: 2.5.5.9 +oMSyntax: 2 + dn: CN=Domain-Replica,CN=Schema,CN=Configuration,${BASEDN} cn: Domain-Replica name: Domain-Replica @@ -1941,6 +2031,21 @@ attributeID: 1.2.840.113556.1.4.166 attributeSyntax: 2.5.5.10 oMSyntax: 4 +dn: CN=Trust-Partner,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Partner +name: Trust-Partner +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustPartner +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a5d-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Trust-Partner +attributeID: 1.2.840.113556.1.4.133 +attributeSyntax: 2.5.5.12 +oMSyntax: 64 + dn: CN=Instance-Type,CN=Schema,CN=Configuration,${BASEDN} cn: Instance-Type name: Instance-Type @@ -2555,6 +2660,21 @@ attributeID: 1.2.840.113556.1.4.138 attributeSyntax: 2.5.5.12 oMSyntax: 64 +dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Posix-Offset +name: Trust-Posix-Offset +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustPosixOffset +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a5e-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Trust-Posix-Offset +attributeID: 1.2.840.113556.1.4.134 +attributeSyntax: 2.5.5.9 +oMSyntax: 2 + dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,${BASEDN} cn: Bridgehead-Server-List-BL name: Bridgehead-Server-List-BL @@ -2738,6 +2858,21 @@ attributeID: 2.16.840.1.113730.3.1.2 attributeSyntax: 2.5.5.12 oMSyntax: 64 +dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,${BASEDN} +cn: Additional-Trusted-Service-Names +name: Additional-Trusted-Service-Names +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: additionalTrustedServiceNames +isSingleValued: FALSE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 032160be-9824-11d1-aec0-0000f80367c1 +adminDisplayName: Additional-Trusted-Service-Names +attributeID: 1.2.840.113556.1.4.889 +attributeSyntax: 2.5.5.12 +oMSyntax: 64 + dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,${BASEDN} cn: WWW-Home-Page name: WWW-Home-Page @@ -3727,6 +3862,21 @@ attributeID: 1.2.840.113556.1.4.12 attributeSyntax: 2.5.5.9 oMSyntax: 2 +dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Auth-Incoming +name: Trust-Auth-Incoming +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustAuthIncoming +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a59-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Trust-Auth-Incoming +attributeID: 1.2.840.113556.1.4.129 +attributeSyntax: 2.5.5.10 +oMSyntax: 4 + dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,${BASEDN} cn: SubSchemaSubEntry name: SubSchemaSubEntry @@ -4179,6 +4329,37 @@ attributeID: 1.2.840.113556.1.4.947 attributeSyntax: 2.5.5.10 oMSyntax: 4 +dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,${BASEDN} +cn: Initial-Auth-Incoming +name: Initial-Auth-Incoming +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: initialAuthIncoming +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: 52458023-ca6a-11d0-afff-0000f80367c1 +adminDisplayName: Initial-Auth-Incoming +attributeID: 1.2.840.113556.1.4.539 +attributeSyntax: 2.5.5.12 +oMSyntax: 64 + +dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +cn: Domain-Cross-Ref +name: Domain-Cross-Ref +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: domainCrossRef +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: b000ea7b-a086-11d0-afdd-00c04fd930c9 +adminDisplayName: Domain-Cross-Ref +attributeID: 1.2.840.113556.1.4.472 +attributeSyntax: 2.5.5.1 +oMSyntax: 127 +oMObjectClass:: KwwCh3McAIVK + dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,${BASEDN} cn: Text-Encoded-OR-Address name: Text-Encoded-OR-Address @@ -4756,6 +4937,21 @@ attributeID: 1.2.840.113556.1.4.481 attributeSyntax: 2.5.5.11 oMSyntax: 24 +dn: CN=Trust-Direction,CN=Schema,CN=Configuration,${BASEDN} +cn: Trust-Direction +name: Trust-Direction +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: trustDirection +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: bf967a5c-0de6-11d0-a285-00aa003049e2 +adminDisplayName: Trust-Direction +attributeID: 1.2.840.113556.1.4.132 +attributeSyntax: 2.5.5.9 +oMSyntax: 2 + dn: CN=Enabled,CN=Schema,CN=Configuration,${BASEDN} cn: Enabled name: Enabled @@ -5273,6 +5469,21 @@ attributeID: 1.2.840.113556.1.4.908 attributeSyntax: 2.5.5.12 oMSyntax: 64 +dn: CN=Flat-Name,CN=Schema,CN=Configuration,${BASEDN} +cn: Flat-Name +name: Flat-Name +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: flatName +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: b7b13117-b82e-11d0-afee-0000f80367c1 +adminDisplayName: Flat-Name +attributeID: 1.2.840.113556.1.4.511 +attributeSyntax: 2.5.5.12 +oMSyntax: 64 + dn: CN=Wbem-Path,CN=Schema,CN=Configuration,${BASEDN} cn: Wbem-Path name: Wbem-Path @@ -7495,6 +7706,7 @@ objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: group possibleInferiors: msDS-AzApplication possibleInferiors: lostAndFound +possibleInferiors: trustedDomain possibleInferiors: subnetContainer possibleInferiors: builtinDomain possibleInferiors: sitesContainer @@ -7749,6 +7961,7 @@ systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} possibleInferiors: group +possibleInferiors: trustedDomain possibleInferiors: computer possibleInferiors: foreignSecurityPrincipal possibleInferiors: user @@ -8226,6 +8439,41 @@ defaultSecurityDescriptor: D:S: objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} schemaIDGUID: 5a8b3261-c38d-11d1-bbc9-0080c76670c0 +dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,${BASEDN} +cn: Trusted-Domain +name: Trusted-Domain +objectClass: top +objectClass: classSchema +systemPossSuperiors: container +lDAPDisplayName: trustedDomain +governsID: 1.2.840.113556.1.5.34 +rDNAttID: cn +systemMayContain: trustType +systemMayContain: trustPosixOffset +systemMayContain: trustPartner +systemMayContain: trustDirection +systemMayContain: trustAuthOutgoing +systemMayContain: trustAuthIncoming +systemMayContain: trustAttributes +systemMayContain: securityIdentifier +systemMayContain: msDS-TrustForestTrustInfo +systemMayContain: mS-DS-CreatorSID +systemMayContain: initialAuthOutgoing +systemMayContain: initialAuthIncoming +systemMayContain: flatName +systemMayContain: domainIdentifier +systemMayContain: domainCrossRef +systemMayContain: additionalTrustedServiceNames +objectClassCategory: 1 +subClassOf: leaf +defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,${BASEDN} +defaultHidingValue: TRUE +systemFlags: 16 +systemOnly: FALSE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO) +objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +schemaIDGUID: bf967ab8-0de6-11d0-a285-00aa003049e2 + dn: CN=Domain,CN=Schema,CN=Configuration,${BASEDN} cn: Domain name: Domain @@ -8411,6 +8659,7 @@ objectClasses: ( 1.2.840.113556.1.5.28 NAME 'secret' SUP leaf STRUCTURAL MAY ( p objectClasses: ( 1.2.840.113556.1.5.107 NAME 'sitesContainer' SUP top STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.5.17 NAME 'server' SUP top STRUCTURAL MAY ( mailAddress $ serverReference $ serialNumber $ managedBy $ dNSHostName $ bridgeheadTransportList ) ) objectClasses: ( 2.5.20.1 NAME 'subSchema' SUP top STRUCTURAL MAY ( objectClasses $ modifyTimeStamp $ extendedClassInfo $ extendedAttributeInfo $ dITContentRules $ attributeTypes ) ) +objectClasses: ( 1.2.840.113556.1.5.34 NAME 'trustedDomain' SUP leaf STRUCTURAL MAY ( trustType $ trustPosixOffset $ trustPartner $ trustDirection $ trustAuthOutgoing $ trustAuthIncoming $ trustAttributes $ securityIdentifier $ msDS-TrustForestTrustInfo $ mS-DS-CreatorSID $ initialAuthOutgoing $ initialAuthIncoming $ flatName $ domainIdentifier $ domainCrossRef $ additionalTrustedServiceNames ) ) objectClasses: ( 1.2.840.113556.1.5.66 NAME 'domain' SUP top ABSTRACT MUST ( dc ) ) objectClasses: ( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top STRUCTURAL MUST ( objectSid ) MAY ( foreignIdentifier ) ) objectClasses: ( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY ( siteObject $ physicalLocationObject $ location ) ) @@ -8431,6 +8680,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' SYNTAX '1.3. attributeTypes: ( 1.2.840.113556.1.4.752 NAME 'userSharedFolderOther' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.751 NAME 'userSharedFolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.966 NAME 'mSMQDigestsMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.755 NAME 'domainIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.655 NAME 'legacyExchangeDN' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.618 NAME 'wellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) attributeTypes: ( 1.2.840.113556.1.4.1 NAME 'name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) @@ -8448,6 +8698,8 @@ attributeTypes: ( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities' SYNTAX '1. attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.96 NAME 'pwdLastSet' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 2.5.21.6 NAME 'objectClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.470 NAME 'trustAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1702 NAME 'msDS-TrustForestTrustInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.512 NAME 'siteObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.638 NAME 'isPrivilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.28 NAME 'dnsRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -8460,6 +8712,7 @@ attributeTypes: ( 1.2.840.113556.1.4.677 NAME 'replTopologyStayOfExecution' SYNT attributeTypes: ( 1.2.840.113556.1.4.359 NAME 'netbootGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.25 NAME 'mayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.135 NAME 'trustAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.748 NAME 'attributeDisplayNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -8483,6 +8736,7 @@ attributeTypes: ( 1.2.840.113556.1.4.144 NAME 'operatorCount' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.4.1153 NAME 'msRADIUSFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.45 NAME 'homeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.540 NAME 'initialAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -8532,6 +8786,7 @@ attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1. attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) attributeTypes: ( 1.2.840.113556.1.4.1189 NAME 'msRASSavedCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.136 NAME 'trustType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.158 NAME 'domainReplica' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.615 NAME 'personalTitle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.651 NAME 'otherMailbox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -8544,6 +8799,7 @@ attributeTypes: ( 1.2.840.113556.1.4.661 NAME 'isDefunct' SYNTAX '1.3.6.1.4.1.14 attributeTypes: ( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.160 NAME 'lmPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.166 NAME 'groupMembershipSAM' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.133 NAME 'trustPartner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.1 NAME 'instanceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.806 NAME 'treatAsLeaf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.562 NAME 'adminPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -8584,6 +8840,7 @@ attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556. attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.820 NAME 'bridgeheadServerListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.1819 NAME 'msDS-AzApplicationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.866 NAME 'pekKeyChangeInterval' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) @@ -8596,6 +8853,7 @@ attributeTypes: ( 1.2.840.113556.1.4.148 NAME 'schemaIDGUID' SYNTAX '1.3.6.1.4.1 attributeTypes: ( 1.2.840.113556.1.2.351 NAME 'auxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME 'uid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.889 NAME 'additionalTrustedServiceNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.2.464 NAME 'wWWHomePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.896 NAME 'uSNSource' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1360 NAME 'mS-DS-ConsistencyGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) @@ -8661,6 +8919,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1442 NAME 'msDS-Cached-Membership-Time-Stam attributeTypes: ( 1.2.840.113556.1.4.169 NAME 'logonCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.58 NAME 'localeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) attributeTypes: ( 1.2.840.113556.1.4.12 NAME 'badPwdCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.129 NAME 'trustAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 2.5.18.10 NAME 'subSchemaSubEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 1.2.840.113556.1.2.48 NAME 'isDeleted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) @@ -8691,6 +8950,8 @@ attributeTypes: ( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTAX '1.3.6.1.4 attributeTypes: ( 1.2.840.113556.1.2.22 NAME 'governsID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.947 NAME 'mSMQSignCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.539 NAME 'initialAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.472 NAME 'domainCrossRef' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) @@ -8729,6 +8990,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1119 NAME 'msNPAllowDialin' SYNTAX '1.3.6.1 attributeTypes: ( 1.2.840.113556.1.4.16 NAME 'codePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.150 NAME 'adminCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'schemaUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.132 NAME 'trustDirection' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.557 NAME 'Enabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 2.5.4.7 NAME 'l' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.268 NAME 'eFSPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) @@ -8763,6 +9025,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1785 NAME 'msIIS-FTPRoot' SYNTAX '1.3.6.1.4 attributeTypes: ( 1.2.840.113556.1.4.345 NAME 'groupPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.819 NAME 'bridgeheadTransportList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.511 NAME 'flatName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.301 NAME 'wbemPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1706 NAME 'msDS-NCReplOutboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1809 NAME 'msDS-OperationsForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -- cgit From ba1c80524ae34662b11b4c5acbaa90d831a5213a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 1 Sep 2006 04:34:21 +0000 Subject: r17982: One final hack... When against a real, schema-checking LDAP backend, we need extensibleObject on the baseDN entry (as entryUUID isn't run for creating this basic ldif) output. (This used to be commit befac43f59c4688f6c6827eb2e4e916c1056a740) --- source4/setup/provision_basedn.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 4111f77789..ab79319f20 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -5,5 +5,6 @@ dn: ${BASEDN} objectClass: top objectClass: domain objectClass: domainDNS +${EXTENSIBLEOBJECT} dc: ${RDN_DC} -- cgit From b2355bf077d8695b986a53fdd6042ccee9c5abf4 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 10 Sep 2006 02:46:17 +0000 Subject: r18316: Build the parent too (This used to be commit 1fcf725bc0a10454be8d276920ac14f346eb4a21) --- source4/setup/display_specifiers.ldif | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index 22c852e0d7..b5af79842a 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -1,3 +1,12 @@ +dn: CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +objectClass: top +objectClass: container +cn: 409 +name: 409 +instanceType: 4 +showInAdvancedViewOnly: TRUE +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} objectClass: top objectClass: displaySpecifier -- cgit From 6c48dc861266242ff85bf8aad9b7e4bb7f94411f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 13 Sep 2006 03:56:31 +0000 Subject: r18440: "builtinDomain" is not a child of "domain" (This used to be commit b34646f202d4e8016e627c4bb88842c21d6b2e10) --- source4/setup/provision_init.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 914184a35b..d893819336 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -43,7 +43,6 @@ top: domain top: person top: group domain: domainDNS -domain: builtinDomain person: organizationalPerson organizationalPerson: user user: computer -- cgit From df7ec4a31a0c29b18e41f3b31e3d694ac91bea65 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 26 Sep 2006 22:14:15 +0000 Subject: r18933: Add helpful emacs marker (This used to be commit 5fd53ea6a3a6d7638a9f542f46623a19143ff81d) --- source4/setup/provision.zone | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index bb0f890386..371dfd9e72 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -1,3 +1,4 @@ +; -*- zone -*- ; generated by provision.pl $ORIGIN ${DNSDOMAIN}. $TTL 1W -- cgit From 736e797983d8fa5bd7467a1d47bd137290abb478 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 28 Sep 2006 17:08:17 +0000 Subject: r18979: With these extra indexes (also added for the normal case) and a DB_CONFIG file, we now get reasonable enought performance to pass 'make test' against OpenLDAP. We do have to double the maximum runtime for the torture client however. Andrew Bartlett (This used to be commit 5b3c8cc036c1180c9e96d9aaacd3f2e0a83460e5) --- source4/setup/provision_init.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index d893819336..a703251783 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -12,6 +12,8 @@ dn: @INDEXLIST @IDXATTR: nCName @IDXATTR: lDAPDisplayName @IDXATTR: subClassOf +@IDXATTR: dnsRoot +@IDXATTR: nETBIOSName dn: @ATTRIBUTES userPrincipalName: CASE_INSENSITIVE -- cgit From 08478f8f921662b98e0e8548df49e333742339ad Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Oct 2006 07:09:22 +0000 Subject: r19115: Add the mapping required between Samba4's AD schema OIDs and what Fedora DS can support. Andrew Bartlett (This used to be commit bdeb10de2e751e7f0b12d5658ad55a4e7827bbd5) --- source4/setup/schema-map-fedora-ds-1.0 | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 source4/setup/schema-map-fedora-ds-1.0 (limited to 'source4/setup') diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 new file mode 100644 index 0000000000..2b5faedd7d --- /dev/null +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -0,0 +1,28 @@ +#Standard OpenLDAP attributes +name +objectClasses +createTimeStamp +attributeTypes +objectClass +userPassword +seeAlso +modifyTimeStamp +distinguishedName +description +cn +dITContentRules +top +#Skip ObjectClasses +# +#MiddleName has a conflicting OID +2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.1.8 +#This large integer format is unimplemented in OpenLDAP 2.3 +1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 +#This case insensitive string isn't available +1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1.15 +#This type of DN isn't in OpenLDAP +1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12 +#Treat Security Descriptors as binary +1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 +#NumbericString is not supported in Fedora DS 1.0, map to a directory string +1.3.6.1.4.1.1466.115.121.1.36:1.3.6.1.4.1.1466.115.121.1.15 -- cgit From 7135bb9e6372b5514dcbd27c64b140bb4025edec Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 Oct 2006 04:20:50 +0000 Subject: r19216: Merge from SAMBA_4_0_RELEASE: Move default for subobj.LDAPMODULES into scripting/libjs/provision.js so that SWAT can provision again. Andrew Bartlett (This used to be commit a4aafe307d6d1396fa79b0c48b0a36cbf682f0ce) --- source4/setup/provision | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 619d029541..229deb1622 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -113,8 +113,6 @@ for (r in options) { if (options["ldap-backend"] != undefined) { subobj["LDAPMODULES"] = "entryUUID,paged_searches"; -} else { - subobj["LDAPMODULES"] = "objectguid"; } var blank = (options["blank"] != undefined); -- cgit From 557ca55ed73750bd807bc7582d06728aa2c54aba Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 12 Oct 2006 08:33:48 +0000 Subject: r19253: its not so useful to index on objectclass. Much better to search on objectCategory provision now takes 2.4 secs, down from 24s on my laptop (This used to be commit 3d3144cc06b9987adb3f17e43f2858e7c416b6ae) --- source4/setup/provision_init.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a703251783..8f4258ae1b 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -2,7 +2,6 @@ dn: @INDEXLIST @IDXATTR: name @IDXATTR: sAMAccountName @IDXATTR: objectSid -@IDXATTR: objectClass @IDXATTR: objectCategory @IDXATTR: member @IDXATTR: uidNumber -- cgit From d70fbdbefa321825998b5bf558c23733fb46425a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 13 Oct 2006 01:35:52 +0000 Subject: r19258: Don't delete the contents of the partitions twice, and in particular don't delete their contents until we have specified the new partition locations. However, preserve the important part of tridge's change, that is to ensure that no database index is present when the mass delete occours. In my testing, it is best to leave the index until the provision is compleated. Andrew Bartlett (This used to be commit 962219df7dc53ce6f6889f4b71ee19850c7ff7b5) --- source4/setup/provision_index.ldif | 16 ++++++++++++++++ source4/setup/provision_init.ldif | 16 ---------------- 2 files changed, 16 insertions(+), 16 deletions(-) create mode 100644 source4/setup/provision_index.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision_index.ldif b/source4/setup/provision_index.ldif new file mode 100644 index 0000000000..2dd2e7d60f --- /dev/null +++ b/source4/setup/provision_index.ldif @@ -0,0 +1,16 @@ +dn: @INDEXLIST +@IDXATTR: name +@IDXATTR: sAMAccountName +@IDXATTR: objectSid +@IDXATTR: objectCategory +@IDXATTR: member +@IDXATTR: uidNumber +@IDXATTR: gidNumber +@IDXATTR: unixName +@IDXATTR: privilege +@IDXATTR: nCName +@IDXATTR: lDAPDisplayName +@IDXATTR: subClassOf +@IDXATTR: dnsRoot +@IDXATTR: nETBIOSName + diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 8f4258ae1b..a3eb60ab94 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -1,19 +1,3 @@ -dn: @INDEXLIST -@IDXATTR: name -@IDXATTR: sAMAccountName -@IDXATTR: objectSid -@IDXATTR: objectCategory -@IDXATTR: member -@IDXATTR: uidNumber -@IDXATTR: gidNumber -@IDXATTR: unixName -@IDXATTR: privilege -@IDXATTR: nCName -@IDXATTR: lDAPDisplayName -@IDXATTR: subClassOf -@IDXATTR: dnsRoot -@IDXATTR: nETBIOSName - dn: @ATTRIBUTES userPrincipalName: CASE_INSENSITIVE servicePrincipalName: CASE_INSENSITIVE -- cgit From e0294c9f66ef328e3d8dc62494f681a767c673be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Oct 2006 01:36:22 +0000 Subject: r19310: Add another conflicting oid Cope with there being no attributes to skip in the ad2oLscheam tool Andrew Bartlett (This used to be commit 942d7ad0c3534770ad05977b180e1c8111a5b6a6) --- source4/setup/schema-map-openldap-2.3 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index 485b58a44a..bb6aabd4ca 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -21,6 +21,8 @@ subSchema # #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.1.8 +#defaultGroup has a conflicting OID +1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.1.11 #This large integer format is unimplemented in OpenLDAP 2.3 1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 #This case insensitive string isn't available -- cgit From 227831537ae5d50a36d21347cbec8940372859de Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Oct 2006 01:38:00 +0000 Subject: r19311: Try to keep the schema map files fairly similar (hope for less weird bugs). Andrew Bartlett (This used to be commit a1f14d10fd0779eba244d63529600556ba9e9292) --- source4/setup/schema-map-fedora-ds-1.0 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index 2b5faedd7d..2382aea212 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -16,6 +16,8 @@ top # #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.1.8 +#defaultGroup has a conflicting OID +1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.1.11 #This large integer format is unimplemented in OpenLDAP 2.3 1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 #This case insensitive string isn't available -- cgit From 064b605fab5393a1f9856d06ff56994676d57541 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Oct 2006 03:19:11 +0000 Subject: r19315: Record some OID allocations. Andrew Bartlett (This used to be commit 0ceffb52eb218cd2beff0054679a07f137f0f23a) --- source4/setup/schema_samba4.ldif | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 2ebf991c02..4efcfc4c12 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -113,6 +113,9 @@ attributeID: 1.3.6.1.4.1.7165.4.1.7 attributeSyntax: 2.5.5.4 oMSyntax: 20 +#Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.1.7 + + dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} cn: unixName name: unixName @@ -142,3 +145,6 @@ adminDisplayName: krb5-Key attributeID: 1.3.6.1.4.1.5322.10.1.10 attributeSyntax: 2.5.5.10 oMSyntax: 4 + + +#Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.1.11 -- cgit From e350ca0bcbc76d4298a4c24ccef9e430ba75b8a8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Oct 2006 12:29:31 +0000 Subject: r19336: Merge from release branch: new Mapped OIDs, in own subtree. Andrew Bartlett (This used to be commit ac5abff4b66619c29357adb7e013700bdf686709) --- source4/setup/schema-map-fedora-ds-1.0 | 4 ++-- source4/setup/schema-map-openldap-2.3 | 4 ++-- source4/setup/schema_samba4.ldif | 7 ++++--- 3 files changed, 8 insertions(+), 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index 2382aea212..3bbd34ecb4 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -15,9 +15,9 @@ top #Skip ObjectClasses # #MiddleName has a conflicting OID -2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.1.8 +2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID -1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.1.11 +1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2 #This large integer format is unimplemented in OpenLDAP 2.3 1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 #This case insensitive string isn't available diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index bb6aabd4ca..e9880f272a 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -20,9 +20,9 @@ top subSchema # #MiddleName has a conflicting OID -2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.1.8 +2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID -1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.1.11 +1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2 #This large integer format is unimplemented in OpenLDAP 2.3 1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 #This case insensitive string isn't available diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 4efcfc4c12..383ebb0edb 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -4,6 +4,7 @@ ## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema ## 1.3.6.1.4.1.7165.4.1.x - attributetypes ## 1.3.6.1.4.1.7165.4.2.x - objectclasses +## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track # # @@ -113,8 +114,6 @@ attributeID: 1.3.6.1.4.1.7165.4.1.7 attributeSyntax: 2.5.5.4 oMSyntax: 20 -#Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.1.7 - dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} cn: unixName @@ -147,4 +146,6 @@ attributeSyntax: 2.5.5.10 oMSyntax: 4 -#Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.1.11 +#Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 + +#Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2 -- cgit From bddd8ed5c4cf13305bc42b3873b731a7b011010d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 13 Dec 2006 20:47:24 +0000 Subject: r20152: Commit missing files from last night's commit. We no longer maintain a distinction between PDC and BDC in the configuration files, only as an entry in the ldb. Andrew Bartlett (This used to be commit dc9eee7cb37e4a6828c2cba23b0d836df9eac7b5) --- source4/setup/provision.ldif | 1 + source4/setup/provision.smb.conf | 2 +- source4/setup/provision_basedn_modify.ldif | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c047d6d93a..4526ee515c 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -221,6 +221,7 @@ objectClass: top objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings +options: 1 instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 33554432 diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf index e99c82a91a..9d922c49c9 100644 --- a/source4/setup/provision.smb.conf +++ b/source4/setup/provision.smb.conf @@ -2,6 +2,6 @@ netbios name = ${HOSTNAME} workgroup = ${DOMAIN} realm = ${REALM} - server role = pdc + server role = domain controller diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index ca02975a0e..e3baaa5118 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -69,6 +69,9 @@ modifiedCount: 1 replace: objectCategory objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} - +replace: fSMORoleOwner +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +- replace: isCriticalSystemObject isCriticalSystemObject: TRUE - -- cgit From d9a1d365e3fa0695eac6d4371e4c29ae2f669e85 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 23 Dec 2006 10:55:45 +0000 Subject: r20332: add mastered-By and msDs-mastered-By attributes to the domain object the config and schema head objects already have them metze (This used to be commit 6d43c1963856c5140ca3447aa2f9a276035eff8c) --- source4/setup/provision_basedn_modify.ldif | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index e3baaa5118..b5dfa80f66 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -79,5 +79,10 @@ replace: subRefs subRefs: CN=Configuration,${BASEDN} subRefs: CN=Schema,CN=Configuration,${BASEDN} - +replace: masteredBy +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +- +replace: msDs-masteredBy +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +- ${DOMAINGUID_MOD} - -- cgit From 9fc3e164df198f92134acb2b16c1a3236f680583 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 2 Jan 2007 11:50:04 +0000 Subject: r20468: Patch from Martin Kuehl to make it easier to load into an exsting LDAP server. (Allow some parts to pre-exist, and try to blow away less data). Andrew Bartlett (This used to be commit 99faff0ad8fa12d596c599064a0125a6b3365134) --- source4/setup/provision | 9 +- source4/setup/provision.ldif | 206 -------------------------- source4/setup/provision_computers_add.ldif | 3 + source4/setup/provision_computers_modify.ldif | 19 +++ source4/setup/provision_configuration.ldif | 182 +++++++++++++++++++++++ source4/setup/provision_users_add.ldif | 3 + source4/setup/provision_users_modify.ldif | 23 +++ 7 files changed, 235 insertions(+), 210 deletions(-) create mode 100644 source4/setup/provision_computers_add.ldif create mode 100644 source4/setup/provision_computers_modify.ldif create mode 100644 source4/setup/provision_configuration.ldif create mode 100644 source4/setup/provision_users_add.ldif create mode 100644 source4/setup/provision_users_modify.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 229deb1622..163cb93274 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -28,9 +28,9 @@ options = GetOptions(ARGV, 'wheel=s', 'users=s', 'quiet', - 'blank', + 'blank', 'ldap-base', - 'ldap-backend=s'); + 'ldap-backend=s'); if (options == undefined) { println("Failed to parse options"); @@ -43,7 +43,7 @@ libinclude("provision.js"); /* print a message if quiet is not set */ -function message() +function message() { if (options["quiet"] == undefined) { print(vsprintf(arguments)); @@ -117,6 +117,7 @@ if (options["ldap-backend"] != undefined) { var blank = (options["blank"] != undefined); var ldapbase = (options["ldap-base"] != undefined); +var ldapbackend = (options["ldap-backend"] != undefined); if (!provision_validate(subobj, message)) { return -1; @@ -130,7 +131,7 @@ message("Using administrator password: %s\n", subobj.ADMINPASS); if (ldapbase) { provision_ldapbase(subobj, message, paths); } else { - provision(subobj, message, blank, paths, system_session, creds); + provision(subobj, message, blank, paths, system_session, creds, ldapbackend); provision_dns(subobj, message, paths, system_session, creds); } message("All OK\n"); diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 4526ee515c..910a2db669 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,27 +1,3 @@ -dn: CN=Users,${BASEDN} -objectClass: top -objectClass: container -cn: Users -description: Default container for upgraded user accounts -instanceType: 4 -showInAdvancedViewOnly: FALSE -systemFlags: 2348810240 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE -allowedChildClassesEffective: user -allowedChildClassesEffective: group - -dn: CN=Computers,${BASEDN} -objectClass: top -objectClass: container -cn: Computers -description: Default container for upgraded computer accounts -instanceType: 4 -showInAdvancedViewOnly: FALSE -systemFlags: 2348810240 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} -isCriticalSystemObject: TRUE - dn: CN=Domain Controllers,${BASEDN} objectClass: top objectClass: container @@ -119,185 +95,3 @@ modifiedCount: 1 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE -############################### -# Configuration Naming Context -############################### -dn: CN=Configuration,${BASEDN} -objectClass: top -objectClass: configuration -cn: Configuration -instanceType: 13 -showInAdvancedViewOnly: TRUE -objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} -subRefs: CN=Schema,CN=Configuration,${BASEDN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} - -dn: CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRefContainer -cn: Partitions -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 2147483648 -objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} -msDS-Behavior-Version: 0 -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} - -dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRef -cn: Enterprise Configuration -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 1 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: CN=Configuration,${BASEDN} -dnsRoot: ${DNSDOMAIN} - -dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRef -cn: Enterprise Schema -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 1 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: CN=Schema,CN=Configuration,${BASEDN} -dnsRoot: ${DNSDOMAIN} - -dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN} -objectClass: top -objectClass: crossRef -cn: ${DOMAIN} -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 3 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: ${BASEDN} -nETBIOSName: ${DOMAIN} -dnsRoot: ${DNSDOMAIN} - -dn: CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: sitesContainer -cn: Sites -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 2181038080 -objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: site -cn: ${DEFAULTSITE} -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 2181038080 -objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: serversContainer -cn: Servers -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 2181038080 -objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: server -cn: ${NETBIOSNAME} -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 1375731712 -objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} -dNSHostName: ${DNSNAME} -serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} - -dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectClass: top -objectClass: applicationSettings -objectClass: nTDSDSA -cn: NTDS Settings -options: 1 -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 33554432 -objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} -dMDLocation: CN=Schema,CN=Configuration,${BASEDN} -objectGUID: ${INVOCATIONID} -invocationId: ${INVOCATIONID} -msDS-Behavior-Version: 2 - -dn: CN=Services,CN=Configuration,${BASEDN} -objectClass: top -objectClass: container -cn: Services -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 2147483648 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} -objectClass: top -objectClass: container -cn: Windows NT -instanceType: 4 -showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} -objectClass: top -objectClass: nTDSService -cn: Directory Service -instanceType: 4 -showInAdvancedViewOnly: TRUE -objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} -sPNMappings: host=ldap,dns,cifs,http - -dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} -objectClass: top -objectClass: container -cn: Query-Policies -instanceType: 4 -showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} - -dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} -objectClass: top -objectClass: queryPolicy -cn: Default Query Policy -instanceType: 4 -showInAdvancedViewOnly: TRUE -objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN} -lDAPAdminLimits: MaxValRange=1500 -lDAPAdminLimits: MaxReceiveBuffer=10485760 -lDAPAdminLimits: MaxDatagramRecv=4096 -lDAPAdminLimits: MaxPoolThreads=4 -lDAPAdminLimits: MaxResultSetSize=262144 -lDAPAdminLimits: MaxTempTableSize=10000 -lDAPAdminLimits: MaxQueryDuration=120 -lDAPAdminLimits: MaxPageSize=1000 -lDAPAdminLimits: MaxNotificationPerConn=5 -lDAPAdminLimits: MaxActiveQueries=20 -lDAPAdminLimits: MaxConnIdleTime=900 -lDAPAdminLimits: InitRecvTimeout=120 -lDAPAdminLimits: MaxConnections=5000 - - -############################### -# Schema Naming Context -############################### -dn: CN=Schema,CN=Configuration,${BASEDN} -objectClass: top -objectClass: dMD -cn: Schema -instanceType: 13 -showInAdvancedViewOnly: TRUE -objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -objectVersion: 30 diff --git a/source4/setup/provision_computers_add.ldif b/source4/setup/provision_computers_add.ldif new file mode 100644 index 0000000000..c89742fe3f --- /dev/null +++ b/source4/setup/provision_computers_add.ldif @@ -0,0 +1,3 @@ +dn: CN=Computers,${BASEDN} +objectClass: top +objectClass: container diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif new file mode 100644 index 0000000000..0ba101a33c --- /dev/null +++ b/source4/setup/provision_computers_modify.ldif @@ -0,0 +1,19 @@ +dn: CN=Computers,${BASEDN} +changetype: modify +replace: description +description: Default container for upgraded computer accounts +- +replace: instanceType +instanceType: 4 +- +replace: showInAdvancedViewOnly +showInAdvancedViewOnly: FALSE +- +replace: systemFlags +systemFlags: 2348810240 +- +replace: objectCategory +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +- +replace: isCriticalSystemObject +isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif new file mode 100644 index 0000000000..d76b7afc72 --- /dev/null +++ b/source4/setup/provision_configuration.ldif @@ -0,0 +1,182 @@ +############################### +# Configuration Naming Context +############################### +dn: CN=Configuration,${BASEDN} +objectClass: top +objectClass: configuration +cn: Configuration +instanceType: 13 +showInAdvancedViewOnly: TRUE +objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +subRefs: CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRefContainer +cn: Partitions +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 2147483648 +objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +msDS-Behavior-Version: 0 +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} + +dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Configuration +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 1 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: Enterprise Schema +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 1 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: CN=Schema,CN=Configuration,${BASEDN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN} +objectClass: top +objectClass: crossRef +cn: ${DOMAIN} +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 3 +objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +nCName: ${BASEDN} +nETBIOSName: ${DOMAIN} +dnsRoot: ${DNSDOMAIN} + +dn: CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: sitesContainer +cn: Sites +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 2181038080 +objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: site +cn: ${DEFAULTSITE} +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 2181038080 +objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: serversContainer +cn: Servers +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 2181038080 +objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: server +cn: ${NETBIOSNAME} +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 1375731712 +objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +dNSHostName: ${DNSNAME} +serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} + +dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectClass: top +objectClass: applicationSettings +objectClass: nTDSDSA +cn: NTDS Settings +options: 1 +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 33554432 +objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +dMDLocation: CN=Schema,CN=Configuration,${BASEDN} +objectGUID: ${INVOCATIONID} +invocationId: ${INVOCATIONID} +msDS-Behavior-Version: 2 + +dn: CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: container +cn: Services +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 2147483648 +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: container +cn: Windows NT +instanceType: 4 +showInAdvancedViewOnly: TRUE +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: nTDSService +cn: Directory Service +instanceType: 4 +showInAdvancedViewOnly: TRUE +objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} +sPNMappings: host=ldap,dns,cifs,http + +dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: container +cn: Query-Policies +instanceType: 4 +showInAdvancedViewOnly: TRUE +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} + +dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +objectClass: top +objectClass: queryPolicy +cn: Default Query Policy +instanceType: 4 +showInAdvancedViewOnly: TRUE +objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN} +lDAPAdminLimits: MaxValRange=1500 +lDAPAdminLimits: MaxReceiveBuffer=10485760 +lDAPAdminLimits: MaxDatagramRecv=4096 +lDAPAdminLimits: MaxPoolThreads=4 +lDAPAdminLimits: MaxResultSetSize=262144 +lDAPAdminLimits: MaxTempTableSize=10000 +lDAPAdminLimits: MaxQueryDuration=120 +lDAPAdminLimits: MaxPageSize=1000 +lDAPAdminLimits: MaxNotificationPerConn=5 +lDAPAdminLimits: MaxActiveQueries=20 +lDAPAdminLimits: MaxConnIdleTime=900 +lDAPAdminLimits: InitRecvTimeout=120 +lDAPAdminLimits: MaxConnections=5000 + + +############################### +# Schema Naming Context +############################### +dn: CN=Schema,CN=Configuration,${BASEDN} +objectClass: top +objectClass: dMD +cn: Schema +instanceType: 13 +showInAdvancedViewOnly: TRUE +objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectVersion: 30 diff --git a/source4/setup/provision_users_add.ldif b/source4/setup/provision_users_add.ldif new file mode 100644 index 0000000000..56a2623cfc --- /dev/null +++ b/source4/setup/provision_users_add.ldif @@ -0,0 +1,3 @@ +dn: CN=Users,${BASEDN} +objectClass: top +objectClass: container diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif new file mode 100644 index 0000000000..b979ecbb05 --- /dev/null +++ b/source4/setup/provision_users_modify.ldif @@ -0,0 +1,23 @@ +dn: CN=Users,${BASEDN} +changetype: modify +replace: description +description: Default container for upgraded user accounts +- +replace: instanceType +instanceType: 4 +- +replace: showInAdvancedViewOnly +showInAdvancedViewOnly: FALSE +- +replace: systemFlags +systemFlags: 2348810240 +- +replace: objectCategory +objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +- +replace: isCriticalSystemObject +isCriticalSystemObject: TRUE +- +replace: allowedChildClassesEffective +allowedChildClassesEffective: user +allowedChildClassesEffective: group -- cgit From bf4c652af7824478ca3f029cc653aace3da1022f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Jan 2007 03:19:02 +0000 Subject: r20492: Add in instructions/sample LDIF to setup Fedora DS as a backend. Add a new module entrypoint to handle the new, interesting and different mappings required for Fedora DS. Andrew Bartlett (This used to be commit 600c7f1a68c175b835ce45d13794a6f66bcc8493) --- source4/setup/fedora-ds-init.ldif | 26 ++++++++++++++++++++++++++ source4/setup/provision | 6 ++++-- 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 source4/setup/fedora-ds-init.ldif (limited to 'source4/setup') diff --git a/source4/setup/fedora-ds-init.ldif b/source4/setup/fedora-ds-init.ldif new file mode 100644 index 0000000000..f7d350c550 --- /dev/null +++ b/source4/setup/fedora-ds-init.ldif @@ -0,0 +1,26 @@ +# These entries need to be added to get the container for the +# provision to be aimed at. + +dn: cn="dc=tammy,dc=abartlet,dc=net",cn=mapping tree,cn=config +objectclass: top +objectclass: extensibleObject +objectclass: nsMappingTree +nsslapd-state: backend +nsslapd-backend: UserData +cn: dc=tammy,dc=abartlet,dc=net + +dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config +objectclass: extensibleObject +objectclass: nsBackendInstance +nsslapd-suffix: dc=tammy,dc=abartlet,dc=net + +# Generate 99_ad.ldif with + +# bin/ad2oLschema -I setup/fedora-ds-init.ldif --option=convert:target=fedora-ds -O /opt/fedora-ds/slapd-piglett/config/schema/99_ad.ldif -H /data/samba/samba4/prefix/private/sam.ldb +# Then install 00_staish_core.ldif 30ns-common.ldif and 99_ad.ldif +# into /opt/fedora-ds/slapd-piglett/config/schema/ +# + + +# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid + diff --git a/source4/setup/provision b/source4/setup/provision index 163cb93274..8912b28792 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -30,7 +30,8 @@ options = GetOptions(ARGV, 'quiet', 'blank', 'ldap-base', - 'ldap-backend=s'); + 'ldap-backend=s', + 'ldap-module=s'); if (options == undefined) { println("Failed to parse options"); @@ -79,6 +80,7 @@ provision [options] --blank do not add users or groups, just the structure --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision + --ldap-module= MODULE LDB mapping module to use for the LDAP backend You must provide at least a realm and domain @@ -112,7 +114,7 @@ for (r in options) { } if (options["ldap-backend"] != undefined) { - subobj["LDAPMODULES"] = "entryUUID,paged_searches"; + subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches"; } var blank = (options["blank"] != undefined); -- cgit From e8dfa06d45b4aaa784b9f8795f4197451aed4188 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Jan 2007 05:31:50 +0000 Subject: r20495: Further notes on joining with fedora DS. Add in a hook for adding an ACI, needed to allow anonymous access until we hook across a SYSTEM token to the LDAP server. Andrew Bartlett (This used to be commit f45504e2714680978f101b4a98516686a17531df) --- source4/setup/fedora-ds-init.ldif | 3 ++- source4/setup/provision | 8 ++++++-- source4/setup/provision_basedn.ldif | 1 + 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/fedora-ds-init.ldif b/source4/setup/fedora-ds-init.ldif index f7d350c550..83cdb6b392 100644 --- a/source4/setup/fedora-ds-init.ldif +++ b/source4/setup/fedora-ds-init.ldif @@ -22,5 +22,6 @@ nsslapd-suffix: dc=tammy,dc=abartlet,dc=net # -# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid +# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid --aci='aci: (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)' + diff --git a/source4/setup/provision b/source4/setup/provision index 8912b28792..8f1d422f51 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -31,7 +31,8 @@ options = GetOptions(ARGV, 'blank', 'ldap-base', 'ldap-backend=s', - 'ldap-module=s'); + 'ldap-module=s', + 'aci=s'); if (options == undefined) { println("Failed to parse options"); @@ -81,7 +82,7 @@ provision [options] --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision --ldap-module= MODULE LDB mapping module to use for the LDAP backend - + --aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server You must provide at least a realm and domain "); @@ -112,6 +113,9 @@ for (r in options) { var key = strupper(join("", split("-", r))); subobj[key] = options[r]; } +if (options["aci"] != undefined) { + println("set ACI: " + subobj["ACI"]); +} if (options["ldap-backend"] != undefined) { subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches"; diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index ab79319f20..e8cf8005f3 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -6,5 +6,6 @@ objectClass: top objectClass: domain objectClass: domainDNS ${EXTENSIBLEOBJECT} +${ACI} dc: ${RDN_DC} -- cgit From 28b078ea03fa3a414f3816ad617616235eb4f8bf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 15:53:19 +0000 Subject: r20551: use variable instead of hardcoded value for the default site metze (This used to be commit 21f433018afbb7b94089969f7ee9acda40ee1a70) --- source4/setup/provision_init.ldif | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a3eb60ab94..7572346b8f 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -45,7 +45,7 @@ passwordAttribute: krb5key # the rootDSE module looks in this record for its base data dn: cn=ROOTDSE subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} -dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,${BASEDN} +dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} defaultNamingContext: ${BASEDN} rootDomainNamingContext: ${BASEDN} configurationNamingContext: CN=Configuration,${BASEDN} @@ -53,7 +53,7 @@ schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} supportedLDAPVersion: 3 dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} -serverName: CN=${NETBIOSNAME},CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,${BASEDN} +serverName: CN=${NETBIOSNAME},CN=Servers,${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 -- cgit From 8b70764038cd08020ab1c22b7f54cbec10acc6a0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 16:12:30 +0000 Subject: r20553: add ${CONFIGDN} and ${SCHEMADN} instead of using hardcoded paths under ${BASEDN} metze (This used to be commit 09ca6aae12d8e10b76971cf269f7c62f228a4c87) --- source4/setup/display_specifiers.ldif | 18 +- source4/setup/provision.ldif | 20 +- source4/setup/provision_basedn_modify.ldif | 12 +- source4/setup/provision_computers_modify.ldif | 2 +- source4/setup/provision_configuration.ldif | 84 +- source4/setup/provision_init.ldif | 10 +- source4/setup/provision_partitions.ldif | 8 +- source4/setup/provision_templates.ldif | 10 +- source4/setup/provision_users.ldif | 32 +- source4/setup/provision_users_modify.ldif | 2 +- source4/setup/schema.ldif | 1192 ++++++++++++------------- source4/setup/schema_samba4.ldif | 18 +- 12 files changed, 704 insertions(+), 704 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index b5af79842a..ad691b1ad2 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -1,13 +1,13 @@ -dn: CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 name: 409 instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} -dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: user-Display @@ -26,7 +26,7 @@ shellPropertyPages: 1,{f5d121ed-c8ac-11d0-bcdb-00c04fd8d5b6} adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} adminMultiselectPropertyPages: 1,{50d30564-9911-11d1-b9af-00c04fd8d5b0} -dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: group-Display @@ -40,7 +40,7 @@ shellPropertyPages: 2,{dde2c5e9-c8ae-11d0-bcdb-00c04fd8d5b6} shellPropertyPages: 1,{f5d121ee-c8ac-11d0-bcdb-00c04fd8d5b6} adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} -dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=domainDNS-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: domainDNS-Display @@ -54,7 +54,7 @@ shellPropertyPages: 1,{f5d121ef-c8ac-11d0-bcdb-00c04fd8d5b6} adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D} -dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: computer-Display @@ -72,7 +72,7 @@ shellPropertyPages: 1,{f5d121f4-c8ac-11d0-bcdb-00c04fd8d5b6} adminContextMenu: 1,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} createWizardExt: 1,{D6D8C25A-4E83-11d2-8424-00C04FA372D4} -dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: organizationalUnit-Display @@ -88,7 +88,7 @@ shellPropertyPages: 1,{f2c3faae-c8ac-11d0-bcdb-00c04fd8d5b6} adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D} -dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: container-Display @@ -103,7 +103,7 @@ adminContextMenu: 3,{EEBD2F15-87EE-4F93-856F-6AD7E31787B3} adminContextMenu: 2,{08eb4fa6-6ffd-11d1-b0e0-00c04fd8dca6} adminContextMenu: 1,{6BA3F852-23C6-11D1-B91F-00A0C9A06D2D} -dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,${BASEDN} +dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: default-Display diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 910a2db669..652770c813 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -6,7 +6,7 @@ description: Default container for domain controllers instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=ForeignSecurityPrincipals,${BASEDN} @@ -17,7 +17,7 @@ description: Default container for security identifiers (SIDs) associated with o instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=System,${BASEDN} @@ -28,7 +28,7 @@ description: Builtin system settings instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=RID Manager$,CN=System,${BASEDN} @@ -38,9 +38,9 @@ cn: RID Manager$ instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=RID-Manager,${SCHEMADN} isCriticalSystemObject: TRUE -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} rIDAvailablePool: 4611686014132423217 dn: CN=DomainUpdates,CN=System,${BASEDN} @@ -49,7 +49,7 @@ objectClass: container cn: DomainUpdates instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} objectClass: top @@ -57,7 +57,7 @@ objectClass: container cn: Windows2003Update instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} revision: 8 dn: CN=Infrastructure,${BASEDN} @@ -67,9 +67,9 @@ cn: Infrastructure instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Infrastructure-Update,${SCHEMADN} isCriticalSystemObject: TRUE -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} dn: CN=Builtin,${BASEDN} objectClass: top @@ -92,6 +92,6 @@ objectSid: S-1-5-32 serverState: 1 uASCompat: 1 modifiedCount: 1 -objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Builtin-Domain,${SCHEMADN} isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index b5dfa80f66..189c3161d9 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -67,22 +67,22 @@ replace: modifiedCount modifiedCount: 1 - replace: objectCategory -objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Domain-DNS,${SCHEMADN} - replace: fSMORoleOwner -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - replace: isCriticalSystemObject isCriticalSystemObject: TRUE - replace: subRefs -subRefs: CN=Configuration,${BASEDN} -subRefs: CN=Schema,CN=Configuration,${BASEDN} +subRefs: ${CONFIGDN} +subRefs: ${SCHEMADN} - replace: masteredBy -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - replace: msDs-masteredBy -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - ${DOMAINGUID_MOD} diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif index 0ba101a33c..aab32e8665 100644 --- a/source4/setup/provision_computers_modify.ldif +++ b/source4/setup/provision_computers_modify.ldif @@ -13,7 +13,7 @@ replace: systemFlags systemFlags: 2348810240 - replace: objectCategory -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} - replace: isCriticalSystemObject isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index d76b7afc72..b6eaa30529 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -1,101 +1,101 @@ ############################### # Configuration Naming Context ############################### -dn: CN=Configuration,${BASEDN} +dn: ${CONFIGDN} objectClass: top objectClass: configuration cn: Configuration instanceType: 13 showInAdvancedViewOnly: TRUE -objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} -subRefs: CN=Schema,CN=Configuration,${BASEDN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectCategory: CN=Configuration,${SCHEMADN} +subRefs: ${SCHEMADN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -dn: CN=Partitions,CN=Configuration,${BASEDN} +dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer cn: Partitions instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 -objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Cross-Ref-Container,${SCHEMADN} msDS-Behavior-Version: 0 -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN} +dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Configuration instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: CN=Configuration,${BASEDN} +objectCategory: CN=Cross-Ref,${SCHEMADN} +nCName: ${CONFIGDN} dnsRoot: ${DNSDOMAIN} -dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN} +dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Schema instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} -nCName: CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Cross-Ref,${SCHEMADN} +nCName: ${SCHEMADN} dnsRoot: ${DNSDOMAIN} -dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN} +dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: ${DOMAIN} instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 3 -objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Cross-Ref,${SCHEMADN} nCName: ${BASEDN} nETBIOSName: ${DOMAIN} dnsRoot: ${DNSDOMAIN} -dn: CN=Sites,CN=Configuration,${BASEDN} +dn: CN=Sites,${CONFIGDN} objectClass: top objectClass: sitesContainer cn: Sites instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 -objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Sites-Container,${SCHEMADN} -dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: site cn: ${DEFAULTSITE} instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 -objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Site,${SCHEMADN} -dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: serversContainer cn: Servers instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 -objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Servers-Container,${SCHEMADN} -dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: server cn: ${NETBIOSNAME} instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1375731712 -objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Server,${SCHEMADN} dNSHostName: ${DNSNAME} serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} -dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: applicationSettings objectClass: nTDSDSA @@ -104,53 +104,53 @@ options: 1 instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 33554432 -objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} -dMDLocation: CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=NTDS-DSA,${SCHEMADN} +dMDLocation: ${SCHEMADN} objectGUID: ${INVOCATIONID} invocationId: ${INVOCATIONID} msDS-Behavior-Version: 2 -dn: CN=Services,CN=Configuration,${BASEDN} +dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Services instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} -dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Windows NT instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} -dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: nTDSService cn: Directory Service instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=NTDS-Service,${SCHEMADN} sPNMappings: host=ldap,dns,cifs,http -dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Query-Policies instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} -dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} +dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: queryPolicy cn: Default Query Policy instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Query-Policy,${SCHEMADN} lDAPAdminLimits: MaxValRange=1500 lDAPAdminLimits: MaxReceiveBuffer=10485760 lDAPAdminLimits: MaxDatagramRecv=4096 @@ -169,14 +169,14 @@ lDAPAdminLimits: MaxConnections=5000 ############################### # Schema Naming Context ############################### -dn: CN=Schema,CN=Configuration,${BASEDN} +dn: ${SCHEMADN} objectClass: top objectClass: dMD cn: Schema instanceType: 13 showInAdvancedViewOnly: TRUE -objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +objectCategory: CN=DMD,${SCHEMADN} +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectVersion: 30 diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 7572346b8f..92fc17822f 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -44,16 +44,16 @@ passwordAttribute: krb5key # the rootDSE module looks in this record for its base data dn: cn=ROOTDSE -subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} -dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +subschemaSubentry: CN=Aggregate,${SCHEMADN} +dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} defaultNamingContext: ${BASEDN} rootDomainNamingContext: ${BASEDN} -configurationNamingContext: CN=Configuration,${BASEDN} -schemaNamingContext: CN=Schema,CN=Configuration,${BASEDN} +configurationNamingContext: ${CONFIGDN} +schemaNamingContext: ${SCHEMADN} supportedLDAPVersion: 3 dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} -serverName: CN=${NETBIOSNAME},CN=Servers,${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} +serverName: CN=${NETBIOSNAME},CN=Servers,${DEFAULTSITE},CN=Sites,${CONFIGDN} domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index e9a273795a..9acc140683 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -1,12 +1,12 @@ dn: @PARTITION -partition: CN=Schema,CN=Configuration,${BASEDN}:schema.ldb -partition: CN=Configuration,${BASEDN}:configuration.ldb +partition: ${SCHEMADN}:schema.ldb +partition: ${CONFIGDN}:configuration.ldb partition: ${BASEDN}:${LDAPBACKEND} replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST -modules:CN=Schema,CN=Configuration,${BASEDN}:objectguid -modules:CN=Configuration,${BASEDN}:objectguid +modules:${SCHEMADN}:objectguid +modules:${CONFIGDN}:objectguid modules:${BASEDN}:${LDAPMODULES} #Add modules to the list to activate them by default diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 3b70d42520..467ba2922a 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -6,7 +6,7 @@ description: Container for SAM account templates instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE ### @@ -34,7 +34,7 @@ primaryGroupID: 513 accountExpires: -1 logonCount: 0 sAMAccountType: 805306368 -objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Person,${SCHEMADN} dn: CN=TemplateComputer,CN=Templates objectClass: top @@ -56,7 +56,7 @@ primaryGroupID: 513 accountExpires: -1 logonCount: 0 sAMAccountType: 805306369 -objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Computer,${SCHEMADN} dn: CN=TemplateTrustingDomain,CN=Templates objectClass: top @@ -84,7 +84,7 @@ cn: TemplateGroup instanceType: 4 groupType: -2147483646 sAMAccountType: 268435456 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} # Currently this isn't used, we don't have a way to detect it different from an incoming alias # @@ -104,7 +104,7 @@ objectClass: foreignSecurityPrincipalTemplate cn: TemplateForeignSecurityPrincipal instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Foreign-Security-Principal,${SCHEMADN} dn: CN=TemplateSecret,CN=Templates objectClass: top diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 10830dde0b..f5a445b4b5 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -40,7 +40,7 @@ sAMAccountName: Administrators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeSecurityPrivilege privilege: SeBackupPrivilege @@ -101,7 +101,7 @@ sAMAccountName: Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Guests,CN=Builtin,${BASEDN} @@ -116,7 +116,7 @@ sAMAccountName: Guests sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Print Operators,CN=Builtin,${BASEDN} @@ -130,7 +130,7 @@ sAMAccountName: Print Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeLoadDriverPrivilege privilege: SeShutdownPrivilege @@ -147,7 +147,7 @@ sAMAccountName: Backup Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege privilege: SeRestorePrivilege @@ -165,7 +165,7 @@ sAMAccountName: Replicator sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} @@ -178,7 +178,7 @@ sAMAccountName: Remote Desktop Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} @@ -191,7 +191,7 @@ sAMAccountName: Network Configuration Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} @@ -204,7 +204,7 @@ sAMAccountName: Performance Monitor Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Performance Log Users,CN=Builtin,${BASEDN} @@ -217,7 +217,7 @@ sAMAccountName: Performance Log Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=krbtgt,CN=Users,${BASEDN} @@ -245,7 +245,7 @@ cn: Domain Computers description: All workstations and servers joined to the domain objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Domain Controllers,CN=Users,${BASEDN} @@ -290,7 +290,7 @@ groupType: 2147483652 sAMAccountType: 536870912 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Domain Admins,CN=Users,${BASEDN} @@ -333,7 +333,7 @@ description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${BASEDN} objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} @@ -346,7 +346,7 @@ objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 536870912 groupType: 2147483652 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Server Operators,CN=Builtin,${BASEDN} @@ -361,7 +361,7 @@ sAMAccountName: Server Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege privilege: SeSystemtimePrivilege @@ -382,7 +382,7 @@ sAMAccountName: Account Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif index b979ecbb05..5766d672f7 100644 --- a/source4/setup/provision_users_modify.ldif +++ b/source4/setup/provision_users_modify.ldif @@ -13,7 +13,7 @@ replace: systemFlags systemFlags: 2348810240 - replace: objectCategory -objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Container,${SCHEMADN} - replace: isCriticalSystemObject isCriticalSystemObject: TRUE diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 9f646d4d5b..743bf36f17 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -1,4 +1,4 @@ -dn: CN=SD-Rights-Effective,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SD-Rights-Effective,${SCHEMADN} cn: SD-Rights-Effective name: SD-Rights-Effective objectClass: top @@ -13,7 +13,7 @@ attributeID: 1.2.840.113556.1.4.1304 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=ms-Exch-Owner-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-Exch-Owner-BL,${SCHEMADN} cn: ms-Exch-Owner-BL name: ms-Exch-Owner-BL objectClass: top @@ -30,7 +30,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Is-Member-Of-DL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Is-Member-Of-DL,${SCHEMADN} cn: Is-Member-Of-DL name: Is-Member-Of-DL objectClass: top @@ -47,7 +47,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Search-Guide,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Search-Guide,${SCHEMADN} cn: Search-Guide name: Search-Guide objectClass: top @@ -62,7 +62,7 @@ attributeID: 2.5.4.14 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-ReplicationEpoch,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-ReplicationEpoch,${SCHEMADN} cn: ms-DS-ReplicationEpoch name: ms-DS-ReplicationEpoch objectClass: top @@ -77,7 +77,7 @@ attributeID: 1.2.840.113556.1.4.1720 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Auditing-Policy,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Auditing-Policy,${SCHEMADN} cn: Auditing-Policy name: Auditing-Policy objectClass: top @@ -92,7 +92,7 @@ attributeID: 1.2.840.113556.1.4.202 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Phone-Fax-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Fax-Other,${SCHEMADN} cn: Phone-Fax-Other name: Phone-Fax-Other objectClass: top @@ -107,7 +107,7 @@ attributeID: 1.2.840.113556.1.4.646 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Address,${SCHEMADN} cn: Address name: Address objectClass: top @@ -122,7 +122,7 @@ attributeID: 1.2.840.113556.1.2.256 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Security-Identifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Security-Identifier,${SCHEMADN} cn: Security-Identifier name: Security-Identifier objectClass: top @@ -137,7 +137,7 @@ attributeID: 1.2.840.113556.1.4.121 attributeSyntax: 2.5.5.17 oMSyntax: 4 -dn: CN=ms-DS-KeyVersionNumber,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-KeyVersionNumber,${SCHEMADN} cn: ms-DS-KeyVersionNumber name: ms-DS-KeyVersionNumber objectClass: top @@ -152,7 +152,7 @@ attributeID: 1.2.840.113556.1.4.1782 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Account-Name-History,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Account-Name-History,${SCHEMADN} cn: Account-Name-History name: Account-Name-History objectClass: top @@ -167,7 +167,7 @@ attributeID: 1.2.840.113556.1.4.1307 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=preferredLanguage,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=preferredLanguage,${SCHEMADN} cn: preferredLanguage name: preferredLanguage objectClass: top @@ -182,7 +182,7 @@ attributeID: 2.16.840.1.113730.3.1.39 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=User-Shared-Folder-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Shared-Folder-Other,${SCHEMADN} cn: User-Shared-Folder-Other name: User-Shared-Folder-Other objectClass: top @@ -197,7 +197,7 @@ attributeID: 1.2.840.113556.1.4.752 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=User-Shared-Folder,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Shared-Folder,${SCHEMADN} cn: User-Shared-Folder name: User-Shared-Folder objectClass: top @@ -212,7 +212,7 @@ attributeID: 1.2.840.113556.1.4.751 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=MSMQ-Digests-Mig,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Digests-Mig,${SCHEMADN} cn: MSMQ-Digests-Mig name: MSMQ-Digests-Mig objectClass: top @@ -227,7 +227,7 @@ attributeID: 1.2.840.113556.1.4.966 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Domain-Identifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Domain-Identifier,${SCHEMADN} cn: Domain-Identifier name: Domain-Identifier objectClass: top @@ -242,7 +242,7 @@ attributeID: 1.2.840.113556.1.4.755 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Legacy-Exchange-DN,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Legacy-Exchange-DN,${SCHEMADN} cn: Legacy-Exchange-DN name: Legacy-Exchange-DN objectClass: top @@ -257,7 +257,7 @@ attributeID: 1.2.840.113556.1.4.655 attributeSyntax: 2.5.5.4 oMSyntax: 20 -dn: CN=Well-Known-Objects,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Well-Known-Objects,${SCHEMADN} cn: Well-Known-Objects name: Well-Known-Objects objectClass: top @@ -273,7 +273,7 @@ attributeSyntax: 2.5.5.7 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=RDN,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=RDN,${SCHEMADN} cn: RDN name: RDN objectClass: top @@ -288,7 +288,7 @@ attributeID: 1.2.840.113556.1.4.1 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Non-Security-Member-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Non-Security-Member-BL,${SCHEMADN} cn: Non-Security-Member-BL name: Non-Security-Member-BL objectClass: top @@ -305,7 +305,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Repl-Attribute-Meta-Data,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Repl-Attribute-Meta-Data,${SCHEMADN} cn: ms-DS-Repl-Attribute-Meta-Data name: ms-DS-Repl-Attribute-Meta-Data objectClass: top @@ -320,7 +320,7 @@ attributeID: 1.2.840.113556.1.4.1707 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=DN-Reference-Update,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DN-Reference-Update,${SCHEMADN} cn: DN-Reference-Update name: DN-Reference-Update objectClass: top @@ -336,7 +336,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=GP-Options,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=GP-Options,${SCHEMADN} cn: GP-Options name: GP-Options objectClass: top @@ -351,7 +351,7 @@ attributeID: 1.2.840.113556.1.4.892 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,${SCHEMADN} cn: MS-DS-Per-User-Trust-Tombstones-Quota name: MS-DS-Per-User-Trust-Tombstones-Quota objectClass: top @@ -366,7 +366,7 @@ attributeID: 1.2.840.113556.1.4.1790 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Phone-Pager-Primary,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Pager-Primary,${SCHEMADN} cn: Phone-Pager-Primary name: Phone-Pager-Primary objectClass: top @@ -381,7 +381,7 @@ attributeID: 0.9.2342.19200300.100.1.42 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Site-GUID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Site-GUID,${SCHEMADN} cn: Site-GUID name: Site-GUID objectClass: top @@ -396,7 +396,7 @@ attributeID: 1.2.840.113556.1.4.362 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-Az-Script-Engine-Cache-Max,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Script-Engine-Cache-Max,${SCHEMADN} cn: ms-DS-Az-Script-Engine-Cache-Max name: ms-DS-Az-Script-Engine-Cache-Max objectClass: top @@ -411,7 +411,7 @@ attributeID: 1.2.840.113556.1.4.1796 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Token-Groups-No-GC-Acceptable,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Token-Groups-No-GC-Acceptable,${SCHEMADN} cn: Token-Groups-No-GC-Acceptable name: Token-Groups-No-GC-Acceptable objectClass: top @@ -426,7 +426,7 @@ attributeID: 1.2.840.113556.1.4.1303 attributeSyntax: 2.5.5.17 oMSyntax: 4 -dn: CN=Token-Groups-Global-And-Universal,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Token-Groups-Global-And-Universal,${SCHEMADN} cn: Token-Groups-Global-And-Universal name: Token-Groups-Global-And-Universal objectClass: top @@ -441,7 +441,7 @@ attributeID: 1.2.840.113556.1.4.1418 attributeSyntax: 2.5.5.17 oMSyntax: 4 -dn: CN=Alt-Security-Identities,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Alt-Security-Identities,${SCHEMADN} cn: Alt-Security-Identities name: Alt-Security-Identities objectClass: top @@ -456,7 +456,7 @@ attributeID: 1.2.840.113556.1.4.867 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=labeledURI,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=labeledURI,${SCHEMADN} cn: labeledURI name: labeledURI objectClass: top @@ -471,7 +471,7 @@ attributeID: 1.3.6.1.4.1.250.1.57 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Pwd-Last-Set,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Pwd-Last-Set,${SCHEMADN} cn: Pwd-Last-Set name: Pwd-Last-Set objectClass: top @@ -486,7 +486,7 @@ attributeID: 1.2.840.113556.1.4.96 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Object-Classes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Object-Classes,${SCHEMADN} cn: Object-Classes name: Object-Classes objectClass: top @@ -501,7 +501,7 @@ attributeID: 2.5.21.6 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Trust-Attributes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Attributes,${SCHEMADN} cn: Trust-Attributes name: Trust-Attributes objectClass: top @@ -516,7 +516,7 @@ attributeID: 1.2.840.113556.1.4.470 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=ms-DS-Trust-Forest-Trust-Info,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Trust-Forest-Trust-Info,${SCHEMADN} cn: ms-DS-Trust-Forest-Trust-Info name: ms-DS-Trust-Forest-Trust-Info objectClass: top @@ -531,7 +531,7 @@ attributeID: 1.2.840.113556.1.4.1702 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Site-Object,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Site-Object,${SCHEMADN} cn: Site-Object name: Site-Object objectClass: top @@ -548,7 +548,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Is-Privilege-Holder,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Is-Privilege-Holder,${SCHEMADN} cn: Is-Privilege-Holder name: Is-Privilege-Holder objectClass: top @@ -565,7 +565,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Dns-Root,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Dns-Root,${SCHEMADN} cn: Dns-Root name: Dns-Root objectClass: top @@ -580,7 +580,7 @@ attributeID: 1.2.840.113556.1.4.28 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Modified-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Modified-Count,${SCHEMADN} cn: Modified-Count name: Modified-Count objectClass: top @@ -595,7 +595,7 @@ attributeID: 1.2.840.113556.1.4.168 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=International-ISDN-Number,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=International-ISDN-Number,${SCHEMADN} cn: International-ISDN-Number name: International-ISDN-Number objectClass: top @@ -610,7 +610,7 @@ attributeID: 2.5.4.25 attributeSyntax: 2.5.5.6 oMSyntax: 18 -dn: CN=Business-Category,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Business-Category,${SCHEMADN} cn: Business-Category name: Business-Category objectClass: top @@ -625,7 +625,7 @@ attributeID: 2.5.4.15 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=houseIdentifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=houseIdentifier,${SCHEMADN} cn: houseIdentifier name: houseIdentifier objectClass: top @@ -639,7 +639,7 @@ attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Other-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Other-Name,${SCHEMADN} cn: Other-Name name: Other-Name objectClass: top @@ -654,7 +654,7 @@ attributeID: 2.16.840.1.113730.3.1.34 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Repl-Topology-Stay-Of-Execution,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Repl-Topology-Stay-Of-Execution,${SCHEMADN} cn: Repl-Topology-Stay-Of-Execution name: Repl-Topology-Stay-Of-Execution objectClass: top @@ -669,7 +669,7 @@ attributeID: 1.2.840.113556.1.4.677 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Netboot-GUID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Netboot-GUID,${SCHEMADN} cn: Netboot-GUID name: Netboot-GUID objectClass: top @@ -684,7 +684,7 @@ attributeID: 1.2.840.113556.1.4.359 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=RDN-Att-ID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=RDN-Att-ID,${SCHEMADN} cn: RDN-Att-ID name: RDN-Att-ID objectClass: top @@ -699,7 +699,7 @@ attributeID: 1.2.840.113556.1.2.26 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=May-Contain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=May-Contain,${SCHEMADN} cn: May-Contain name: May-Contain objectClass: top @@ -714,7 +714,7 @@ attributeID: 1.2.840.113556.1.2.25 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=Trust-Auth-Outgoing,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Auth-Outgoing,${SCHEMADN} cn: Trust-Auth-Outgoing name: Trust-Auth-Outgoing objectClass: top @@ -729,7 +729,7 @@ attributeID: 1.2.840.113556.1.4.135 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Server-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Server-Reference-BL,${SCHEMADN} cn: Server-Reference-BL name: Server-Reference-BL objectClass: top @@ -746,7 +746,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Create-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Create-Time-Stamp,${SCHEMADN} cn: Create-Time-Stamp name: Create-Time-Stamp objectClass: top @@ -761,7 +761,7 @@ attributeID: 2.5.18.1 attributeSyntax: 2.5.5.11 oMSyntax: 24 -dn: CN=Attribute-Display-Names,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Attribute-Display-Names,${SCHEMADN} cn: Attribute-Display-Names name: Attribute-Display-Names objectClass: top @@ -776,7 +776,7 @@ attributeID: 1.2.840.113556.1.4.748 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Admin-Context-Menu,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Admin-Context-Menu,${SCHEMADN} cn: Admin-Context-Menu name: Admin-Context-Menu objectClass: top @@ -791,7 +791,7 @@ attributeID: 1.2.840.113556.1.4.614 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=LSA-Modified-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=LSA-Modified-Count,${SCHEMADN} cn: LSA-Modified-Count name: LSA-Modified-Count objectClass: top @@ -806,7 +806,7 @@ attributeID: 1.2.840.113556.1.4.67 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=LSA-Creation-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=LSA-Creation-Time,${SCHEMADN} cn: LSA-Creation-Time name: LSA-Creation-Time objectClass: top @@ -821,7 +821,7 @@ attributeID: 1.2.840.113556.1.4.66 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Server-State,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Server-State,${SCHEMADN} cn: Server-State name: Server-State objectClass: top @@ -836,7 +836,7 @@ attributeID: 1.2.840.113556.1.4.154 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Supplemental-Credentials,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Supplemental-Credentials,${SCHEMADN} cn: Supplemental-Credentials name: Supplemental-Credentials objectClass: top @@ -851,7 +851,7 @@ attributeID: 1.2.840.113556.1.4.125 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=LDAP-Display-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=LDAP-Display-Name,${SCHEMADN} cn: LDAP-Display-Name name: LDAP-Display-Name objectClass: top @@ -866,7 +866,7 @@ attributeID: 1.2.840.113556.1.2.460 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=msNPSavedCallingStationID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msNPSavedCallingStationID,${SCHEMADN} cn: msNPSavedCallingStationID name: msNPSavedCallingStationID objectClass: top @@ -881,7 +881,7 @@ attributeID: 1.2.840.113556.1.4.1130 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: CN=Flags,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Flags,${SCHEMADN} cn: Flags name: Flags objectClass: top @@ -896,7 +896,7 @@ attributeID: 1.2.840.113556.1.4.38 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Create-Wizard-Ext,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Create-Wizard-Ext,${SCHEMADN} cn: Create-Wizard-Ext name: Create-Wizard-Ext objectClass: top @@ -911,7 +911,7 @@ attributeID: 1.2.840.113556.1.4.812 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=DMD-Location,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DMD-Location,${SCHEMADN} cn: DMD-Location name: DMD-Location objectClass: top @@ -927,7 +927,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-Exch-House-Identifier,${SCHEMADN} cn: ms-Exch-House-Identifier name: ms-Exch-House-Identifier objectClass: top @@ -940,7 +940,7 @@ attributeID: 1.2.840.113556.1.2.596 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Phone-Mobile-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Mobile-Other,${SCHEMADN} cn: Phone-Mobile-Other name: Phone-Mobile-Other objectClass: top @@ -955,7 +955,7 @@ attributeID: 1.2.840.113556.1.4.647 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Generation-Qualifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Generation-Qualifier,${SCHEMADN} cn: Generation-Qualifier name: Generation-Qualifier objectClass: top @@ -970,7 +970,7 @@ attributeID: 2.5.4.44 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=DS-Heuristics,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DS-Heuristics,${SCHEMADN} cn: DS-Heuristics name: DS-Heuristics objectClass: top @@ -985,7 +985,7 @@ attributeID: 1.2.840.113556.1.2.212 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Serial-Number,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Serial-Number,${SCHEMADN} cn: Serial-Number name: Serial-Number objectClass: top @@ -1000,7 +1000,7 @@ attributeID: 2.5.4.5 attributeSyntax: 2.5.5.5 oMSyntax: 19 -dn: CN=ms-DS-Settings,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Settings,${SCHEMADN} cn: ms-DS-Settings name: ms-DS-Settings objectClass: top @@ -1015,7 +1015,7 @@ attributeID: 1.2.840.113556.1.4.1697 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Operator-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Operator-Count,${SCHEMADN} cn: Operator-Count name: Operator-Count objectClass: top @@ -1030,7 +1030,7 @@ attributeID: 1.2.840.113556.1.4.144 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=msRADIUSFramedIPAddress,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msRADIUSFramedIPAddress,${SCHEMADN} cn: msRADIUSFramedIPAddress name: msRADIUSFramedIPAddress objectClass: top @@ -1045,7 +1045,7 @@ attributeID: 1.2.840.113556.1.4.1153 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Home-Drive,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Home-Drive,${SCHEMADN} cn: Home-Drive name: Home-Drive objectClass: top @@ -1060,7 +1060,7 @@ attributeID: 1.2.840.113556.1.4.45 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Attribute-Types,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Attribute-Types,${SCHEMADN} cn: Attribute-Types name: Attribute-Types objectClass: top @@ -1075,7 +1075,7 @@ attributeID: 2.5.21.5 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Initial-Auth-Outgoing,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Initial-Auth-Outgoing,${SCHEMADN} cn: Initial-Auth-Outgoing name: Initial-Auth-Outgoing objectClass: top @@ -1090,7 +1090,7 @@ attributeID: 1.2.840.113556.1.4.540 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Object-Class,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Object-Class,${SCHEMADN} cn: Object-Class name: Object-Class objectClass: top @@ -1105,7 +1105,7 @@ attributeID: 2.5.4.0 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=Possible-Inferiors,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Possible-Inferiors,${SCHEMADN} cn: Possible-Inferiors name: Possible-Inferiors objectClass: top @@ -1120,7 +1120,7 @@ attributeID: 1.2.840.113556.1.4.915 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=ms-DS-Approx-Immed-Subordinates,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Approx-Immed-Subordinates,${SCHEMADN} cn: ms-DS-Approx-Immed-Subordinates name: ms-DS-Approx-Immed-Subordinates objectClass: top @@ -1135,7 +1135,7 @@ attributeID: 1.2.840.113556.1.4.1669 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,${SCHEMADN} cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay name: ms-DS-Replication-Notify-Subsequent-DSA-Delay objectClass: top @@ -1150,7 +1150,7 @@ attributeID: 1.2.840.113556.1.4.1664 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Create-Dialog,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Create-Dialog,${SCHEMADN} cn: Create-Dialog name: Create-Dialog objectClass: top @@ -1165,7 +1165,7 @@ attributeID: 1.2.840.113556.1.4.810 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Query-Policy-Object,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Query-Policy-Object,${SCHEMADN} cn: Query-Policy-Object name: Query-Policy-Object objectClass: top @@ -1182,7 +1182,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=FRS-Root-Path,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=FRS-Root-Path,${SCHEMADN} cn: FRS-Root-Path name: FRS-Root-Path objectClass: top @@ -1197,7 +1197,7 @@ attributeID: 1.2.840.113556.1.4.487 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Organizational-Unit-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Organizational-Unit-Name,${SCHEMADN} cn: Organizational-Unit-Name name: Organizational-Unit-Name objectClass: top @@ -1212,7 +1212,7 @@ attributeID: 2.5.4.11 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Telex-Number,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Telex-Number,${SCHEMADN} cn: Telex-Number name: Telex-Number objectClass: top @@ -1227,7 +1227,7 @@ attributeID: 2.5.4.21 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Address-Home,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Address-Home,${SCHEMADN} cn: Address-Home name: Address-Home objectClass: top @@ -1242,7 +1242,7 @@ attributeID: 1.2.840.113556.1.2.617 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Assistant,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Assistant,${SCHEMADN} cn: Assistant name: Assistant objectClass: top @@ -1258,7 +1258,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Netboot-Machine-File-Path,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Netboot-Machine-File-Path,${SCHEMADN} cn: Netboot-Machine-File-Path name: Netboot-Machine-File-Path objectClass: top @@ -1273,7 +1273,7 @@ attributeID: 1.2.840.113556.1.4.361 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=x500uniqueIdentifier,${SCHEMADN} cn: x500uniqueIdentifier name: x500uniqueIdentifier objectClass: top @@ -1288,7 +1288,7 @@ attributeID: 2.5.4.45 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=DBCS-Pwd,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DBCS-Pwd,${SCHEMADN} cn: DBCS-Pwd name: DBCS-Pwd objectClass: top @@ -1303,7 +1303,7 @@ attributeID: 1.2.840.113556.1.4.55 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Prefix-Map,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Prefix-Map,${SCHEMADN} cn: Prefix-Map name: Prefix-Map objectClass: top @@ -1318,7 +1318,7 @@ attributeID: 1.2.840.113556.1.4.538 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-Members-For-Az-Role-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Members-For-Az-Role-BL,${SCHEMADN} cn: ms-DS-Members-For-Az-Role-BL name: ms-DS-Members-For-Az-Role-BL objectClass: top @@ -1335,7 +1335,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Last-Known-Parent,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Last-Known-Parent,${SCHEMADN} cn: Last-Known-Parent name: Last-Known-Parent objectClass: top @@ -1351,7 +1351,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=FSMO-Role-Owner,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=FSMO-Role-Owner,${SCHEMADN} cn: FSMO-Role-Owner name: FSMO-Role-Owner objectClass: top @@ -1367,7 +1367,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Retired-Repl-DSA-Signatures,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Retired-Repl-DSA-Signatures,${SCHEMADN} cn: Retired-Repl-DSA-Signatures name: Retired-Repl-DSA-Signatures objectClass: top @@ -1382,7 +1382,7 @@ attributeID: 1.2.840.113556.1.4.673 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Network-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Network-Address,${SCHEMADN} cn: Network-Address name: Network-Address objectClass: top @@ -1396,7 +1396,7 @@ attributeID: 1.2.840.113556.1.2.459 attributeSyntax: 2.5.5.4 oMSyntax: 20 -dn: CN=Schema-Version,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Schema-Version,${SCHEMADN} cn: Schema-Version name: Schema-Version objectClass: top @@ -1411,7 +1411,7 @@ attributeID: 1.2.840.113556.1.2.471 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Poss-Superiors,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Poss-Superiors,${SCHEMADN} cn: Poss-Superiors name: Poss-Superiors objectClass: top @@ -1426,7 +1426,7 @@ attributeID: 1.2.840.113556.1.2.8 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=Default-Security-Descriptor,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Default-Security-Descriptor,${SCHEMADN} cn: Default-Security-Descriptor name: Default-Security-Descriptor objectClass: top @@ -1441,7 +1441,7 @@ attributeID: 1.2.840.113556.1.4.224 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-SMIME-Certificate,${SCHEMADN} cn: User-SMIME-Certificate name: User-SMIME-Certificate objectClass: top @@ -1456,7 +1456,7 @@ attributeID: 2.16.840.1.113730.3.140 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=userPKCS12,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=userPKCS12,${SCHEMADN} cn: userPKCS12 name: userPKCS12 objectClass: top @@ -1471,7 +1471,7 @@ attributeID: 2.16.840.1.113730.3.1.216 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=User-Account-Control,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Account-Control,${SCHEMADN} cn: User-Account-Control name: User-Account-Control objectClass: top @@ -1486,7 +1486,7 @@ attributeID: 1.2.840.113556.1.4.8 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Terminal-Server,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Terminal-Server,${SCHEMADN} cn: Terminal-Server name: Terminal-Server objectClass: top @@ -1501,7 +1501,7 @@ attributeID: 1.2.840.113556.1.4.885 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Account-Expires,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Account-Expires,${SCHEMADN} cn: Account-Expires name: Account-Expires objectClass: top @@ -1516,7 +1516,7 @@ attributeID: 1.2.840.113556.1.4.159 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Group-Type,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Group-Type,${SCHEMADN} cn: Group-Type name: Group-Type objectClass: top @@ -1531,7 +1531,7 @@ attributeID: 1.2.840.113556.1.4.750 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=NT-Group-Members,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=NT-Group-Members,${SCHEMADN} cn: NT-Group-Members name: NT-Group-Members objectClass: top @@ -1546,7 +1546,7 @@ attributeID: 1.2.840.113556.1.4.89 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=WWW-Page-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=WWW-Page-Other,${SCHEMADN} cn: WWW-Page-Other name: WWW-Page-Other objectClass: top @@ -1561,7 +1561,7 @@ attributeID: 1.2.840.113556.1.4.749 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Revision,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Revision,${SCHEMADN} cn: Revision name: Revision objectClass: top @@ -1576,7 +1576,7 @@ attributeID: 1.2.840.113556.1.4.145 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Object-Version,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Object-Version,${SCHEMADN} cn: Object-Version name: Object-Version objectClass: top @@ -1591,7 +1591,7 @@ attributeID: 1.2.840.113556.1.2.76 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,${SCHEMADN} cn: ms-DS-NC-Repl-Inbound-Neighbors name: ms-DS-NC-Repl-Inbound-Neighbors objectClass: top @@ -1606,7 +1606,7 @@ attributeID: 1.2.840.113556.1.4.1705 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-COM-UserLink,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-COM-UserLink,${SCHEMADN} cn: ms-COM-UserLink name: ms-COM-UserLink objectClass: top @@ -1623,7 +1623,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Mastered-By,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Mastered-By,${SCHEMADN} cn: Mastered-By name: Mastered-By objectClass: top @@ -1640,7 +1640,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Canonical-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Canonical-Name,${SCHEMADN} cn: Canonical-Name name: Canonical-Name objectClass: top @@ -1655,7 +1655,7 @@ attributeID: 1.2.840.113556.1.4.916 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-NC-Replica-Locations,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-NC-Replica-Locations,${SCHEMADN} cn: ms-DS-NC-Replica-Locations name: ms-DS-NC-Replica-Locations objectClass: top @@ -1672,7 +1672,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-UpdateScript,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-UpdateScript,${SCHEMADN} cn: ms-DS-UpdateScript name: ms-DS-UpdateScript objectClass: top @@ -1687,7 +1687,7 @@ attributeID: 1.2.840.113556.1.4.1721 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Next-Rid,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Next-Rid,${SCHEMADN} cn: Next-Rid name: Next-Rid objectClass: top @@ -1702,7 +1702,7 @@ attributeID: 1.2.840.113556.1.4.88 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=X121-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=X121-Address,${SCHEMADN} cn: X121-Address name: X121-Address objectClass: top @@ -1717,7 +1717,7 @@ attributeID: 2.5.4.24 attributeSyntax: 2.5.5.6 oMSyntax: 18 -dn: CN=User-Password,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Password,${SCHEMADN} cn: User-Password name: User-Password objectClass: top @@ -1732,7 +1732,7 @@ attributeID: 2.5.4.35 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Telephone-Number,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Telephone-Number,${SCHEMADN} cn: Telephone-Number name: Telephone-Number objectClass: top @@ -1747,7 +1747,7 @@ attributeID: 2.5.4.20 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Department,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Department,${SCHEMADN} cn: Department name: Department objectClass: top @@ -1762,7 +1762,7 @@ attributeID: 1.2.840.113556.1.2.141 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Policy-Replication-Flags,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Policy-Replication-Flags,${SCHEMADN} cn: Policy-Replication-Flags name: Policy-Replication-Flags objectClass: top @@ -1777,7 +1777,7 @@ attributeID: 1.2.840.113556.1.4.633 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Application-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Application-Name,${SCHEMADN} cn: Application-Name name: Application-Name objectClass: top @@ -1792,7 +1792,7 @@ attributeID: 1.2.840.113556.1.4.218 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=System-May-Contain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=System-May-Contain,${SCHEMADN} cn: System-May-Contain name: System-May-Contain objectClass: top @@ -1807,7 +1807,7 @@ attributeID: 1.2.840.113556.1.4.196 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=msRASSavedFramedRoute,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msRASSavedFramedRoute,${SCHEMADN} cn: msRASSavedFramedRoute name: msRASSavedFramedRoute objectClass: top @@ -1822,7 +1822,7 @@ attributeID: 1.2.840.113556.1.4.1191 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: CN=msRASSavedCallbackNumber,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msRASSavedCallbackNumber,${SCHEMADN} cn: msRASSavedCallbackNumber name: msRASSavedCallbackNumber objectClass: top @@ -1837,7 +1837,7 @@ attributeID: 1.2.840.113556.1.4.1189 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: CN=Trust-Type,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Type,${SCHEMADN} cn: Trust-Type name: Trust-Type objectClass: top @@ -1852,7 +1852,7 @@ attributeID: 1.2.840.113556.1.4.136 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Domain-Replica,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Domain-Replica,${SCHEMADN} cn: Domain-Replica name: Domain-Replica objectClass: top @@ -1867,7 +1867,7 @@ attributeID: 1.2.840.113556.1.4.158 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Personal-Title,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Personal-Title,${SCHEMADN} cn: Personal-Title name: Personal-Title objectClass: top @@ -1882,7 +1882,7 @@ attributeID: 1.2.840.113556.1.2.615 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Other-Mailbox,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Other-Mailbox,${SCHEMADN} cn: Other-Mailbox name: Other-Mailbox objectClass: top @@ -1896,7 +1896,7 @@ attributeID: 1.2.840.113556.1.4.651 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=E-mail-Addresses,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=E-mail-Addresses,${SCHEMADN} cn: E-mail-Addresses name: E-mail-Addresses objectClass: top @@ -1911,7 +1911,7 @@ attributeID: 0.9.2342.19200300.100.1.3 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Other-Settings,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Other-Settings,${SCHEMADN} cn: ms-DS-Other-Settings name: ms-DS-Other-Settings objectClass: top @@ -1926,7 +1926,7 @@ attributeID: 1.2.840.113556.1.4.1621 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Machine-Role,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Machine-Role,${SCHEMADN} cn: Machine-Role name: Machine-Role objectClass: top @@ -1941,7 +1941,7 @@ attributeID: 1.2.840.113556.1.4.71 attributeSyntax: 2.5.5.9 oMSyntax: 10 -dn: CN=ms-DS-Az-Domain-Timeout,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Domain-Timeout,${SCHEMADN} cn: ms-DS-Az-Domain-Timeout name: ms-DS-Az-Domain-Timeout objectClass: top @@ -1956,7 +1956,7 @@ attributeID: 1.2.840.113556.1.4.1795 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=System-Auxiliary-Class,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=System-Auxiliary-Class,${SCHEMADN} cn: System-Auxiliary-Class name: System-Auxiliary-Class objectClass: top @@ -1971,7 +1971,7 @@ attributeID: 1.2.840.113556.1.4.198 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=Is-Defunct,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Is-Defunct,${SCHEMADN} cn: Is-Defunct name: Is-Defunct objectClass: top @@ -1986,7 +1986,7 @@ attributeID: 1.2.840.113556.1.4.661 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=Primary-Group-ID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Primary-Group-ID,${SCHEMADN} cn: Primary-Group-ID name: Primary-Group-ID objectClass: top @@ -2001,7 +2001,7 @@ attributeID: 1.2.840.113556.1.4.98 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Lm-Pwd-History,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Lm-Pwd-History,${SCHEMADN} cn: Lm-Pwd-History name: Lm-Pwd-History objectClass: top @@ -2016,7 +2016,7 @@ attributeID: 1.2.840.113556.1.4.160 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Group-Membership-SAM,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Group-Membership-SAM,${SCHEMADN} cn: Group-Membership-SAM name: Group-Membership-SAM objectClass: top @@ -2031,7 +2031,7 @@ attributeID: 1.2.840.113556.1.4.166 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Trust-Partner,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Partner,${SCHEMADN} cn: Trust-Partner name: Trust-Partner objectClass: top @@ -2046,7 +2046,7 @@ attributeID: 1.2.840.113556.1.4.133 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Instance-Type,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Instance-Type,${SCHEMADN} cn: Instance-Type name: Instance-Type objectClass: top @@ -2061,7 +2061,7 @@ attributeID: 1.2.840.113556.1.2.1 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Treat-As-Leaf,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Treat-As-Leaf,${SCHEMADN} cn: Treat-As-Leaf name: Treat-As-Leaf objectClass: top @@ -2076,7 +2076,7 @@ attributeID: 1.2.840.113556.1.4.806 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=Admin-Property-Pages,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Admin-Property-Pages,${SCHEMADN} cn: Admin-Property-Pages name: Admin-Property-Pages objectClass: top @@ -2091,7 +2091,7 @@ attributeID: 1.2.840.113556.1.4.562 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Az-Scope-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Scope-Name,${SCHEMADN} cn: ms-DS-Az-Scope-Name name: ms-DS-Az-Scope-Name objectClass: top @@ -2106,7 +2106,7 @@ attributeID: 1.2.840.113556.1.4.1799 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=See-Also,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=See-Also,${SCHEMADN} cn: See-Also name: See-Also objectClass: top @@ -2122,7 +2122,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Retired-Repl-NC-Signatures,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Retired-Repl-NC-Signatures,${SCHEMADN} cn: ms-DS-Retired-Repl-NC-Signatures name: ms-DS-Retired-Repl-NC-Signatures objectClass: top @@ -2137,7 +2137,7 @@ attributeID: 1.2.840.113556.1.4.1826 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Has-Master-NCs,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Has-Master-NCs,${SCHEMADN} cn: Has-Master-NCs name: Has-Master-NCs objectClass: top @@ -2154,7 +2154,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Modified-Count-At-Last-Prom,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Modified-Count-At-Last-Prom,${SCHEMADN} cn: Modified-Count-At-Last-Prom name: Modified-Count-At-Last-Prom objectClass: top @@ -2169,7 +2169,7 @@ attributeID: 1.2.840.113556.1.4.81 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Min-Pwd-Age,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Min-Pwd-Age,${SCHEMADN} cn: Min-Pwd-Age name: Min-Pwd-Age objectClass: top @@ -2184,7 +2184,7 @@ attributeID: 1.2.840.113556.1.4.78 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Force-Logoff,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Force-Logoff,${SCHEMADN} cn: Force-Logoff name: Force-Logoff objectClass: top @@ -2199,7 +2199,7 @@ attributeID: 1.2.840.113556.1.4.39 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Move-Tree-State,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Move-Tree-State,${SCHEMADN} cn: Move-Tree-State name: Move-Tree-State objectClass: top @@ -2214,7 +2214,7 @@ attributeID: 1.2.840.113556.1.4.1305 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-Allowed-To-Delegate-To,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Allowed-To-Delegate-To,${SCHEMADN} cn: ms-DS-Allowed-To-Delegate-To name: ms-DS-Allowed-To-Delegate-To objectClass: top @@ -2229,7 +2229,7 @@ attributeID: 1.2.840.113556.1.4.1787 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=DNS-Host-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DNS-Host-Name,${SCHEMADN} cn: DNS-Host-Name name: DNS-Host-Name objectClass: top @@ -2244,7 +2244,7 @@ attributeID: 1.2.840.113556.1.4.619 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Az-Minor-Version,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Minor-Version,${SCHEMADN} cn: ms-DS-Az-Minor-Version name: ms-DS-Az-Minor-Version objectClass: top @@ -2259,7 +2259,7 @@ attributeID: 1.2.840.113556.1.4.1825 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=System-Only,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=System-Only,${SCHEMADN} cn: System-Only name: System-Only objectClass: top @@ -2274,7 +2274,7 @@ attributeID: 1.2.840.113556.1.4.170 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=ms-DS-IntId,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-IntId,${SCHEMADN} cn: ms-DS-IntId name: ms-DS-IntId objectClass: top @@ -2289,7 +2289,7 @@ attributeID: 1.2.840.113556.1.4.1716 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Bad-Password-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Bad-Password-Time,${SCHEMADN} cn: Bad-Password-Time name: Bad-Password-Time objectClass: top @@ -2304,7 +2304,7 @@ attributeID: 1.2.840.113556.1.4.49 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Primary-Group-Token,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Primary-Group-Token,${SCHEMADN} cn: Primary-Group-Token name: Primary-Group-Token objectClass: top @@ -2319,7 +2319,7 @@ attributeID: 1.2.840.113556.1.4.1412 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=USN-Intersite,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=USN-Intersite,${SCHEMADN} cn: USN-Intersite name: USN-Intersite objectClass: top @@ -2334,7 +2334,7 @@ attributeID: 1.2.840.113556.1.2.469 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=FRS-Member-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=FRS-Member-Reference-BL,${SCHEMADN} cn: FRS-Member-Reference-BL name: FRS-Member-Reference-BL objectClass: top @@ -2351,7 +2351,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-SD-Reference-Domain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-SD-Reference-Domain,${SCHEMADN} cn: ms-DS-SD-Reference-Domain name: ms-DS-SD-Reference-Domain objectClass: top @@ -2368,7 +2368,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Last-Backup-Restoration-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Last-Backup-Restoration-Time,${SCHEMADN} cn: Last-Backup-Restoration-Time name: Last-Backup-Restoration-Time objectClass: top @@ -2383,7 +2383,7 @@ attributeID: 1.2.840.113556.1.4.519 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Tree-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Tree-Name,${SCHEMADN} cn: Tree-Name name: Tree-Name objectClass: top @@ -2398,7 +2398,7 @@ attributeID: 1.2.840.113556.1.4.660 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=OEM-Information,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=OEM-Information,${SCHEMADN} cn: OEM-Information name: OEM-Information objectClass: top @@ -2413,7 +2413,7 @@ attributeID: 1.2.840.113556.1.4.151 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Given-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Given-Name,${SCHEMADN} cn: Given-Name name: Given-Name objectClass: top @@ -2428,7 +2428,7 @@ attributeID: 2.5.4.42 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=SPN-Mappings,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SPN-Mappings,${SCHEMADN} cn: SPN-Mappings name: SPN-Mappings objectClass: top @@ -2443,7 +2443,7 @@ attributeID: 1.2.840.113556.1.4.1347 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Operating-System-Version,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Operating-System-Version,${SCHEMADN} cn: Operating-System-Version name: Operating-System-Version objectClass: top @@ -2458,7 +2458,7 @@ attributeID: 1.2.840.113556.1.4.364 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Notification-List,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Notification-List,${SCHEMADN} cn: Notification-List name: Notification-List objectClass: top @@ -2474,7 +2474,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Token-Groups,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Token-Groups,${SCHEMADN} cn: Token-Groups name: Token-Groups objectClass: top @@ -2489,7 +2489,7 @@ attributeID: 1.2.840.113556.1.4.1301 attributeSyntax: 2.5.5.17 oMSyntax: 4 -dn: CN=carLicense,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=carLicense,${SCHEMADN} cn: carLicense name: carLicense objectClass: top @@ -2504,7 +2504,7 @@ attributeID: 2.16.840.1.113730.3.1.1 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Preferred-OU,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Preferred-OU,${SCHEMADN} cn: Preferred-OU name: Preferred-OU objectClass: top @@ -2520,7 +2520,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=MS-DS-Creator-SID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DS-Creator-SID,${SCHEMADN} cn: MS-DS-Creator-SID name: MS-DS-Creator-SID objectClass: top @@ -2535,7 +2535,7 @@ attributeID: 1.2.840.113556.1.4.1410 attributeSyntax: 2.5.5.17 oMSyntax: 4 -dn: CN=ms-DS-Non-Members,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Non-Members,${SCHEMADN} cn: ms-DS-Non-Members name: ms-DS-Non-Members objectClass: top @@ -2552,7 +2552,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Tasks-For-Az-Role-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Tasks-For-Az-Role-BL,${SCHEMADN} cn: ms-DS-Tasks-For-Az-Role-BL name: ms-DS-Tasks-For-Az-Role-BL objectClass: top @@ -2569,7 +2569,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Extension-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Extension-Name,${SCHEMADN} cn: Extension-Name name: Extension-Name objectClass: top @@ -2584,7 +2584,7 @@ attributeID: 1.2.840.113556.1.2.227 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,${SCHEMADN} cn: ms-DS-Replication-Notify-First-DSA-Delay name: ms-DS-Replication-Notify-First-DSA-Delay objectClass: top @@ -2599,7 +2599,7 @@ attributeID: 1.2.840.113556.1.4.1663 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Max-Pwd-Age,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Max-Pwd-Age,${SCHEMADN} cn: Max-Pwd-Age name: Max-Pwd-Age objectClass: top @@ -2614,7 +2614,7 @@ attributeID: 1.2.840.113556.1.4.74 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Phone-Ip-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Ip-Other,${SCHEMADN} cn: Phone-Ip-Other name: Phone-Ip-Other objectClass: top @@ -2629,7 +2629,7 @@ attributeID: 1.2.840.113556.1.4.722 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=secretary,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=secretary,${SCHEMADN} cn: secretary name: secretary objectClass: top @@ -2645,7 +2645,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=User-Parameters,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Parameters,${SCHEMADN} cn: User-Parameters name: User-Parameters objectClass: top @@ -2660,7 +2660,7 @@ attributeID: 1.2.840.113556.1.4.138 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Trust-Posix-Offset,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Posix-Offset,${SCHEMADN} cn: Trust-Posix-Offset name: Trust-Posix-Offset objectClass: top @@ -2675,7 +2675,7 @@ attributeID: 1.2.840.113556.1.4.134 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Bridgehead-Server-List-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Bridgehead-Server-List-BL,${SCHEMADN} cn: Bridgehead-Server-List-BL name: Bridgehead-Server-List-BL objectClass: top @@ -2692,7 +2692,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Az-Application-Data,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Application-Data,${SCHEMADN} cn: ms-DS-Az-Application-Data name: ms-DS-Az-Application-Data objectClass: top @@ -2707,7 +2707,7 @@ attributeID: 1.2.840.113556.1.4.1819 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Pek-Key-Change-Interval,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Pek-Key-Change-Interval,${SCHEMADN} cn: Pek-Key-Change-Interval name: Pek-Key-Change-Interval objectClass: top @@ -2722,7 +2722,7 @@ attributeID: 1.2.840.113556.1.4.866 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Country-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Country-Name,${SCHEMADN} cn: Country-Name name: Country-Name objectClass: top @@ -2737,7 +2737,7 @@ attributeID: 2.5.4.6 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Destination-Indicator,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Destination-Indicator,${SCHEMADN} cn: Destination-Indicator name: Destination-Indicator objectClass: top @@ -2752,7 +2752,7 @@ attributeID: 2.5.4.27 attributeSyntax: 2.5.5.5 oMSyntax: 19 -dn: CN=Country-Code,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Country-Code,${SCHEMADN} cn: Country-Code name: Country-Code objectClass: top @@ -2767,7 +2767,7 @@ attributeID: 1.2.840.113556.1.4.25 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Phone-Mobile-Primary,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Mobile-Primary,${SCHEMADN} cn: Phone-Mobile-Primary name: Phone-Mobile-Primary objectClass: top @@ -2782,7 +2782,7 @@ attributeID: 0.9.2342.19200300.100.1.41 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=RID-Set-References,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=RID-Set-References,${SCHEMADN} cn: RID-Set-References name: RID-Set-References objectClass: top @@ -2798,7 +2798,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Schema-ID-GUID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Schema-ID-GUID,${SCHEMADN} cn: Schema-ID-GUID name: Schema-ID-GUID objectClass: top @@ -2813,7 +2813,7 @@ attributeID: 1.2.840.113556.1.4.148 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Auxiliary-Class,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Auxiliary-Class,${SCHEMADN} cn: Auxiliary-Class name: Auxiliary-Class objectClass: top @@ -2828,7 +2828,7 @@ attributeID: 1.2.840.113556.1.2.351 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=uid,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=uid,${SCHEMADN} cn: uid name: uid objectClass: top @@ -2843,7 +2843,7 @@ attributeID: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=departmentNumber,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=departmentNumber,${SCHEMADN} cn: departmentNumber name: departmentNumber objectClass: top @@ -2858,7 +2858,7 @@ attributeID: 2.16.840.1.113730.3.1.2 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Additional-Trusted-Service-Names,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Additional-Trusted-Service-Names,${SCHEMADN} cn: Additional-Trusted-Service-Names name: Additional-Trusted-Service-Names objectClass: top @@ -2873,7 +2873,7 @@ attributeID: 1.2.840.113556.1.4.889 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=WWW-Home-Page,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=WWW-Home-Page,${SCHEMADN} cn: WWW-Home-Page name: WWW-Home-Page objectClass: top @@ -2888,7 +2888,7 @@ attributeID: 1.2.840.113556.1.2.464 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=USN-Source,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=USN-Source,${SCHEMADN} cn: USN-Source name: USN-Source objectClass: top @@ -2903,7 +2903,7 @@ attributeID: 1.2.840.113556.1.4.896 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=MS-DS-Consistency-Guid,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DS-Consistency-Guid,${SCHEMADN} cn: MS-DS-Consistency-Guid name: MS-DS-Consistency-Guid objectClass: top @@ -2918,7 +2918,7 @@ attributeID: 1.2.840.113556.1.4.1360 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Frs-Computer-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Frs-Computer-Reference-BL,${SCHEMADN} cn: Frs-Computer-Reference-BL name: Frs-Computer-Reference-BL objectClass: top @@ -2935,7 +2935,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Allowed-Attributes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Allowed-Attributes,${SCHEMADN} cn: Allowed-Attributes name: Allowed-Attributes objectClass: top @@ -2950,7 +2950,7 @@ attributeID: 1.2.840.113556.1.4.913 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=ms-DS-Az-Application-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Application-Name,${SCHEMADN} cn: ms-DS-Az-Application-Name name: ms-DS-Az-Application-Name objectClass: top @@ -2965,7 +2965,7 @@ attributeID: 1.2.840.113556.1.4.1798 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=UPN-Suffixes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=UPN-Suffixes,${SCHEMADN} cn: UPN-Suffixes name: UPN-Suffixes objectClass: top @@ -2980,7 +2980,7 @@ attributeID: 1.2.840.113556.1.4.890 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=MS-DS-Per-User-Trust-Quota,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DS-Per-User-Trust-Quota,${SCHEMADN} cn: MS-DS-Per-User-Trust-Quota name: MS-DS-Per-User-Trust-Quota objectClass: top @@ -2995,7 +2995,7 @@ attributeID: 1.2.840.113556.1.4.1788 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=MS-DS-Machine-Account-Quota,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DS-Machine-Account-Quota,${SCHEMADN} cn: MS-DS-Machine-Account-Quota name: MS-DS-Machine-Account-Quota objectClass: top @@ -3010,7 +3010,7 @@ attributeID: 1.2.840.113556.1.4.1411 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Server-Role,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Server-Role,${SCHEMADN} cn: Server-Role name: Server-Role objectClass: top @@ -3025,7 +3025,7 @@ attributeID: 1.2.840.113556.1.4.157 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Phone-Home-Primary,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Home-Primary,${SCHEMADN} cn: Phone-Home-Primary name: Phone-Home-Primary objectClass: top @@ -3040,7 +3040,7 @@ attributeID: 0.9.2342.19200300.100.1.20 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Operating-System-Hotfix,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Operating-System-Hotfix,${SCHEMADN} cn: Operating-System-Hotfix name: Operating-System-Hotfix objectClass: top @@ -3055,7 +3055,7 @@ attributeID: 1.2.840.113556.1.4.415 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Additional-Dns-Host-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Additional-Dns-Host-Name,${SCHEMADN} cn: ms-DS-Additional-Dns-Host-Name name: ms-DS-Additional-Dns-Host-Name objectClass: top @@ -3070,7 +3070,7 @@ attributeID: 1.2.840.113556.1.4.1717 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Az-Script-Timeout,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Script-Timeout,${SCHEMADN} cn: ms-DS-Az-Script-Timeout name: ms-DS-Az-Script-Timeout objectClass: top @@ -3085,7 +3085,7 @@ attributeID: 1.2.840.113556.1.4.1797 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Must-Contain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Must-Contain,${SCHEMADN} cn: Must-Contain name: Must-Contain objectClass: top @@ -3100,7 +3100,7 @@ attributeID: 1.2.840.113556.1.2.24 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=X509-Cert,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=X509-Cert,${SCHEMADN} cn: X509-Cert name: X509-Cert objectClass: top @@ -3115,7 +3115,7 @@ attributeID: 2.5.4.36 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=msNPCallingStationID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msNPCallingStationID,${SCHEMADN} cn: msNPCallingStationID name: msNPCallingStationID objectClass: top @@ -3130,7 +3130,7 @@ attributeID: 1.2.840.113556.1.4.1124 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: CN=ms-DS-User-Account-Control-Computed,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-User-Account-Control-Computed,${SCHEMADN} cn: ms-DS-User-Account-Control-Computed name: ms-DS-User-Account-Control-Computed objectClass: top @@ -3145,7 +3145,7 @@ attributeID: 1.2.840.113556.1.4.1460 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Home-Directory,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Home-Directory,${SCHEMADN} cn: Home-Directory name: Home-Directory objectClass: top @@ -3160,7 +3160,7 @@ attributeID: 1.2.840.113556.1.4.44 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Az-LDAP-Query,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-LDAP-Query,${SCHEMADN} cn: ms-DS-Az-LDAP-Query name: ms-DS-Az-LDAP-Query objectClass: top @@ -3175,7 +3175,7 @@ attributeID: 1.2.840.113556.1.4.1792 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Partial-Attribute-Deletion-List,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Partial-Attribute-Deletion-List,${SCHEMADN} cn: Partial-Attribute-Deletion-List name: Partial-Attribute-Deletion-List objectClass: top @@ -3190,7 +3190,7 @@ attributeID: 1.2.840.113556.1.4.663 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Is-Critical-System-Object,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Is-Critical-System-Object,${SCHEMADN} cn: Is-Critical-System-Object name: Is-Critical-System-Object objectClass: top @@ -3205,7 +3205,7 @@ attributeID: 1.2.840.113556.1.4.868 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=GP-Link,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=GP-Link,${SCHEMADN} cn: GP-Link name: GP-Link objectClass: top @@ -3220,7 +3220,7 @@ attributeID: 1.2.840.113556.1.4.891 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Scope-Flags,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Scope-Flags,${SCHEMADN} cn: Scope-Flags name: Scope-Flags objectClass: top @@ -3235,7 +3235,7 @@ attributeID: 1.2.840.113556.1.4.1354 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Lockout-Duration,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Lockout-Duration,${SCHEMADN} cn: Lockout-Duration name: Lockout-Duration objectClass: top @@ -3250,7 +3250,7 @@ attributeID: 1.2.840.113556.1.4.60 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=ms-COM-UserPartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-COM-UserPartitionSetLink,${SCHEMADN} cn: ms-COM-UserPartitionSetLink name: ms-COM-UserPartitionSetLink objectClass: top @@ -3267,7 +3267,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Logo,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Logo,${SCHEMADN} cn: Logo name: Logo objectClass: top @@ -3282,7 +3282,7 @@ attributeID: 2.16.840.1.113730.3.1.36 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Picture,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Picture,${SCHEMADN} cn: Picture name: Picture objectClass: top @@ -3297,7 +3297,7 @@ attributeID: 2.16.840.1.113730.3.1.35 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Location,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Location,${SCHEMADN} cn: Location name: Location objectClass: top @@ -3312,7 +3312,7 @@ attributeID: 1.2.840.113556.1.4.222 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=User-Workstations,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Workstations,${SCHEMADN} cn: User-Workstations name: User-Workstations objectClass: top @@ -3327,7 +3327,7 @@ attributeID: 1.2.840.113556.1.4.86 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Logon-Workstation,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Logon-Workstation,${SCHEMADN} cn: Logon-Workstation name: Logon-Workstation objectClass: top @@ -3342,7 +3342,7 @@ attributeID: 1.2.840.113556.1.4.65 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Last-Logon-Timestamp,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Last-Logon-Timestamp,${SCHEMADN} cn: Last-Logon-Timestamp name: Last-Logon-Timestamp objectClass: top @@ -3357,7 +3357,7 @@ attributeID: 1.2.840.113556.1.4.1696 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Prior-Value,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Prior-Value,${SCHEMADN} cn: Prior-Value name: Prior-Value objectClass: top @@ -3372,7 +3372,7 @@ attributeID: 1.2.840.113556.1.4.100 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Last-Set-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Last-Set-Time,${SCHEMADN} cn: Last-Set-Time name: Last-Set-Time objectClass: top @@ -3387,7 +3387,7 @@ attributeID: 1.2.840.113556.1.4.53 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Object-Guid,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Object-Guid,${SCHEMADN} cn: Object-Guid name: Object-Guid objectClass: top @@ -3402,7 +3402,7 @@ attributeID: 1.2.840.113556.1.4.2 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-Tasks-For-Az-Task-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Tasks-For-Az-Task-BL,${SCHEMADN} cn: ms-DS-Tasks-For-Az-Task-BL name: ms-DS-Tasks-For-Az-Task-BL objectClass: top @@ -3419,7 +3419,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Managed-By,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Managed-By,${SCHEMADN} cn: Managed-By name: Managed-By objectClass: top @@ -3436,7 +3436,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Pwd-Properties,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Pwd-Properties,${SCHEMADN} cn: Pwd-Properties name: Pwd-Properties objectClass: top @@ -3451,7 +3451,7 @@ attributeID: 1.2.840.113556.1.4.93 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Builtin-Creation-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Builtin-Creation-Time,${SCHEMADN} cn: Builtin-Creation-Time name: Builtin-Creation-Time objectClass: top @@ -3466,7 +3466,7 @@ attributeID: 1.2.840.113556.1.4.13 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Post-Office-Box,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Post-Office-Box,${SCHEMADN} cn: Post-Office-Box name: Post-Office-Box objectClass: top @@ -3481,7 +3481,7 @@ attributeID: 2.5.4.18 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Company,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Company,${SCHEMADN} cn: Company name: Company objectClass: top @@ -3496,7 +3496,7 @@ attributeID: 1.2.840.113556.1.2.146 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Catalogs,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Catalogs,${SCHEMADN} cn: Catalogs name: Catalogs objectClass: top @@ -3511,7 +3511,7 @@ attributeID: 1.2.840.113556.1.4.675 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Default-Object-Category,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Default-Object-Category,${SCHEMADN} cn: Default-Object-Category name: Default-Object-Category objectClass: top @@ -3527,7 +3527,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=msRADIUSFramedRoute,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msRADIUSFramedRoute,${SCHEMADN} cn: msRADIUSFramedRoute name: msRADIUSFramedRoute objectClass: top @@ -3542,7 +3542,7 @@ attributeID: 1.2.840.113556.1.4.1158 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: CN=Prior-Set-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Prior-Set-Time,${SCHEMADN} cn: Prior-Set-Time name: Prior-Set-Time objectClass: top @@ -3557,7 +3557,7 @@ attributeID: 1.2.840.113556.1.4.99 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=User-Cert,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Cert,${SCHEMADN} cn: User-Cert name: User-Cert objectClass: top @@ -3572,7 +3572,7 @@ attributeID: 1.2.840.113556.1.4.645 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Non-Security-Member,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Non-Security-Member,${SCHEMADN} cn: Non-Security-Member name: Non-Security-Member objectClass: top @@ -3589,7 +3589,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Member,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Member,${SCHEMADN} cn: Member name: Member objectClass: top @@ -3606,7 +3606,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Group-Attributes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Group-Attributes,${SCHEMADN} cn: Group-Attributes name: Group-Attributes objectClass: top @@ -3621,7 +3621,7 @@ attributeID: 1.2.840.113556.1.4.152 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=System-Flags,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=System-Flags,${SCHEMADN} cn: System-Flags name: System-Flags objectClass: top @@ -3636,7 +3636,7 @@ attributeID: 1.2.840.113556.1.4.375 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Proxied-Object-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Proxied-Object-Name,${SCHEMADN} cn: Proxied-Object-Name name: Proxied-Object-Name objectClass: top @@ -3652,7 +3652,7 @@ attributeSyntax: 2.5.5.7 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=ms-DS-Repl-Value-Meta-Data,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Repl-Value-Meta-Data,${SCHEMADN} cn: ms-DS-Repl-Value-Meta-Data name: ms-DS-Repl-Value-Meta-Data objectClass: top @@ -3667,7 +3667,7 @@ attributeID: 1.2.840.113556.1.4.1708 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Allowed-Child-Classes-Effective,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Allowed-Child-Classes-Effective,${SCHEMADN} cn: Allowed-Child-Classes-Effective name: Allowed-Child-Classes-Effective objectClass: top @@ -3682,7 +3682,7 @@ attributeID: 1.2.840.113556.1.4.912 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=ms-DS-Az-Generate-Audits,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Generate-Audits,${SCHEMADN} cn: ms-DS-Az-Generate-Audits name: ms-DS-Az-Generate-Audits objectClass: top @@ -3697,7 +3697,7 @@ attributeID: 1.2.840.113556.1.4.1805 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=ms-DS-Az-Application-Version,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Application-Version,${SCHEMADN} cn: ms-DS-Az-Application-Version name: ms-DS-Az-Application-Version objectClass: top @@ -3712,7 +3712,7 @@ attributeID: 1.2.840.113556.1.4.1817 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Icon-Path,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Icon-Path,${SCHEMADN} cn: Icon-Path name: Icon-Path objectClass: top @@ -3727,7 +3727,7 @@ attributeID: 1.2.840.113556.1.4.219 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Street-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Street-Address,${SCHEMADN} cn: Street-Address name: Street-Address objectClass: top @@ -3742,7 +3742,7 @@ attributeID: 2.5.4.9 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-ExecuteScriptPassword,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-ExecuteScriptPassword,${SCHEMADN} cn: ms-DS-ExecuteScriptPassword name: ms-DS-ExecuteScriptPassword objectClass: top @@ -3757,7 +3757,7 @@ attributeID: 1.2.840.113556.1.4.1783 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-Logon-Time-Sync-Interval,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Logon-Time-Sync-Interval,${SCHEMADN} cn: ms-DS-Logon-Time-Sync-Interval name: ms-DS-Logon-Time-Sync-Interval objectClass: top @@ -3772,7 +3772,7 @@ attributeID: 1.2.840.113556.1.4.1784 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Garbage-Coll-Period,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Garbage-Coll-Period,${SCHEMADN} cn: Garbage-Coll-Period name: Garbage-Coll-Period objectClass: top @@ -3787,7 +3787,7 @@ attributeID: 1.2.840.113556.1.2.301 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=MSMQ-Sign-Certificates-Mig,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Sign-Certificates-Mig,${SCHEMADN} cn: MSMQ-Sign-Certificates-Mig name: MSMQ-Sign-Certificates-Mig objectClass: top @@ -3802,7 +3802,7 @@ attributeID: 1.2.840.113556.1.4.967 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-Cached-Membership-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Cached-Membership-Time-Stamp,${SCHEMADN} cn: ms-DS-Cached-Membership-Time-Stamp name: ms-DS-Cached-Membership-Time-Stamp objectClass: top @@ -3817,7 +3817,7 @@ attributeID: 1.2.840.113556.1.4.1442 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Logon-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Logon-Count,${SCHEMADN} cn: Logon-Count name: Logon-Count objectClass: top @@ -3832,7 +3832,7 @@ attributeID: 1.2.840.113556.1.4.169 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Locale-ID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Locale-ID,${SCHEMADN} cn: Locale-ID name: Locale-ID objectClass: top @@ -3847,7 +3847,7 @@ attributeID: 1.2.840.113556.1.4.58 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Bad-Pwd-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Bad-Pwd-Count,${SCHEMADN} cn: Bad-Pwd-Count name: Bad-Pwd-Count objectClass: top @@ -3862,7 +3862,7 @@ attributeID: 1.2.840.113556.1.4.12 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Trust-Auth-Incoming,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Auth-Incoming,${SCHEMADN} cn: Trust-Auth-Incoming name: Trust-Auth-Incoming objectClass: top @@ -3877,7 +3877,7 @@ attributeID: 1.2.840.113556.1.4.129 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=SubSchemaSubEntry,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SubSchemaSubEntry,${SCHEMADN} cn: SubSchemaSubEntry name: SubSchemaSubEntry objectClass: top @@ -3893,7 +3893,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Structural-Object-Class,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Structural-Object-Class,${SCHEMADN} cn: Structural-Object-Class name: Structural-Object-Class objectClass: top @@ -3908,7 +3908,7 @@ attributeID: 2.5.21.9 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=Is-Deleted,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Is-Deleted,${SCHEMADN} cn: Is-Deleted name: Is-Deleted objectClass: top @@ -3923,7 +3923,7 @@ attributeID: 1.2.840.113556.1.2.48 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=Extra-Columns,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Extra-Columns,${SCHEMADN} cn: Extra-Columns name: Extra-Columns objectClass: top @@ -3938,7 +3938,7 @@ attributeID: 1.2.840.113556.1.4.1687 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Admin-Multiselect-Property-Pages,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Admin-Multiselect-Property-Pages,${SCHEMADN} cn: Admin-Multiselect-Property-Pages name: Admin-Multiselect-Property-Pages objectClass: top @@ -3953,7 +3953,7 @@ attributeID: 1.2.840.113556.1.4.1690 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Options,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Options,${SCHEMADN} cn: Options name: Options objectClass: top @@ -3968,7 +3968,7 @@ attributeID: 1.2.840.113556.1.4.307 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Lock-Out-Observation-Window,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Lock-Out-Observation-Window,${SCHEMADN} cn: Lock-Out-Observation-Window name: Lock-Out-Observation-Window objectClass: top @@ -3983,7 +3983,7 @@ attributeID: 1.2.840.113556.1.4.61 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Default-Local-Policy-Object,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Default-Local-Policy-Object,${SCHEMADN} cn: Default-Local-Policy-Object name: Default-Local-Policy-Object objectClass: top @@ -3999,7 +3999,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Creation-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Creation-Time,${SCHEMADN} cn: Creation-Time name: Creation-Time objectClass: top @@ -4014,7 +4014,7 @@ attributeID: 1.2.840.113556.1.4.26 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Registered-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Registered-Address,${SCHEMADN} cn: Registered-Address name: Registered-Address objectClass: top @@ -4028,7 +4028,7 @@ attributeID: 2.5.4.26 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Postal-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Postal-Address,${SCHEMADN} cn: Postal-Address name: Postal-Address objectClass: top @@ -4043,7 +4043,7 @@ attributeID: 2.5.4.16 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Initials,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Initials,${SCHEMADN} cn: Initials name: Initials objectClass: top @@ -4058,7 +4058,7 @@ attributeID: 2.5.4.43 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Netboot-SIF-File,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Netboot-SIF-File,${SCHEMADN} cn: Netboot-SIF-File name: Netboot-SIF-File objectClass: top @@ -4073,7 +4073,7 @@ attributeID: 1.2.840.113556.1.4.1240 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Additional-Sam-Account-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Additional-Sam-Account-Name,${SCHEMADN} cn: ms-DS-Additional-Sam-Account-Name name: ms-DS-Additional-Sam-Account-Name objectClass: top @@ -4088,7 +4088,7 @@ attributeID: 1.2.840.113556.1.4.1718 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=System-Poss-Superiors,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=System-Poss-Superiors,${SCHEMADN} cn: System-Poss-Superiors name: System-Poss-Superiors objectClass: top @@ -4103,7 +4103,7 @@ attributeID: 1.2.840.113556.1.4.195 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=photo,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=photo,${SCHEMADN} cn: photo name: photo objectClass: top @@ -4118,7 +4118,7 @@ attributeID: 0.9.2342.19200300.100.1.7 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Employee-Number,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Employee-Number,${SCHEMADN} cn: Employee-Number name: Employee-Number objectClass: top @@ -4133,7 +4133,7 @@ attributeID: 1.2.840.113556.1.2.610 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Lockout-Time,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Lockout-Time,${SCHEMADN} cn: Lockout-Time name: Lockout-Time objectClass: top @@ -4148,7 +4148,7 @@ attributeID: 1.2.840.113556.1.4.662 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Dynamic-LDAP-Server,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Dynamic-LDAP-Server,${SCHEMADN} cn: Dynamic-LDAP-Server name: Dynamic-LDAP-Server objectClass: top @@ -4164,7 +4164,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Extended-Attribute-Info,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Extended-Attribute-Info,${SCHEMADN} cn: Extended-Attribute-Info name: Extended-Attribute-Info objectClass: top @@ -4179,7 +4179,7 @@ attributeID: 1.2.840.113556.1.4.909 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-Exch-Assistant-Name,${SCHEMADN} cn: ms-Exch-Assistant-Name name: ms-Exch-Assistant-Name objectClass: top @@ -4192,7 +4192,7 @@ attributeID: 1.2.840.113556.1.2.444 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Non-Members-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Non-Members-BL,${SCHEMADN} cn: ms-DS-Non-Members-BL name: ms-DS-Non-Members-BL objectClass: top @@ -4209,7 +4209,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Admin-Display-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Admin-Display-Name,${SCHEMADN} cn: Admin-Display-Name name: Admin-Display-Name objectClass: top @@ -4224,7 +4224,7 @@ attributeID: 1.2.840.113556.1.2.194 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Context-Menu,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Context-Menu,${SCHEMADN} cn: Context-Menu name: Context-Menu objectClass: top @@ -4239,7 +4239,7 @@ attributeID: 1.2.840.113556.1.4.499 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=attributeCertificateAttribute,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=attributeCertificateAttribute,${SCHEMADN} cn: attributeCertificateAttribute name: attributeCertificateAttribute objectClass: top @@ -4254,7 +4254,7 @@ attributeID: 2.5.4.58 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Surname,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Surname,${SCHEMADN} cn: Surname name: Surname objectClass: top @@ -4269,7 +4269,7 @@ attributeID: 2.5.4.4 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=SAM-Account-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SAM-Account-Name,${SCHEMADN} cn: SAM-Account-Name name: SAM-Account-Name objectClass: top @@ -4284,7 +4284,7 @@ attributeID: 1.2.840.113556.1.4.221 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Governs-ID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Governs-ID,${SCHEMADN} cn: Governs-ID name: Governs-ID objectClass: top @@ -4299,7 +4299,7 @@ attributeID: 1.2.840.113556.1.2.22 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=jpegPhoto,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=jpegPhoto,${SCHEMADN} cn: jpegPhoto name: jpegPhoto objectClass: top @@ -4314,7 +4314,7 @@ attributeID: 0.9.2342.19200300.100.1.60 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=MSMQ-Sign-Certificates,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Sign-Certificates,${SCHEMADN} cn: MSMQ-Sign-Certificates name: MSMQ-Sign-Certificates objectClass: top @@ -4329,7 +4329,7 @@ attributeID: 1.2.840.113556.1.4.947 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Initial-Auth-Incoming,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Initial-Auth-Incoming,${SCHEMADN} cn: Initial-Auth-Incoming name: Initial-Auth-Incoming objectClass: top @@ -4344,7 +4344,7 @@ attributeID: 1.2.840.113556.1.4.539 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Domain-Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Domain-Cross-Ref,${SCHEMADN} cn: Domain-Cross-Ref name: Domain-Cross-Ref objectClass: top @@ -4360,7 +4360,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Text-Encoded-OR-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Text-Encoded-OR-Address,${SCHEMADN} cn: Text-Encoded-OR-Address name: Text-Encoded-OR-Address objectClass: top @@ -4374,7 +4374,7 @@ attributeID: 0.9.2342.19200300.100.1.2 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=USN-DSA-Last-Obj-Removed,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=USN-DSA-Last-Obj-Removed,${SCHEMADN} cn: USN-DSA-Last-Obj-Removed name: USN-DSA-Last-Obj-Removed objectClass: top @@ -4389,7 +4389,7 @@ attributeID: 1.2.840.113556.1.2.267 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=ms-DS-Operations-For-Az-Role-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Operations-For-Az-Role-BL,${SCHEMADN} cn: ms-DS-Operations-For-Az-Role-BL name: ms-DS-Operations-For-Az-Role-BL objectClass: top @@ -4406,7 +4406,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=MS-DS-Consistency-Child-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DS-Consistency-Child-Count,${SCHEMADN} cn: MS-DS-Consistency-Child-Count name: MS-DS-Consistency-Child-Count objectClass: top @@ -4421,7 +4421,7 @@ attributeID: 1.2.840.113556.1.4.1361 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=DSA-Signature,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DSA-Signature,${SCHEMADN} cn: DSA-Signature name: DSA-Signature objectClass: top @@ -4436,7 +4436,7 @@ attributeID: 1.2.840.113556.1.2.74 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Allowed-Child-Classes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Allowed-Child-Classes,${SCHEMADN} cn: Allowed-Child-Classes name: Allowed-Child-Classes objectClass: top @@ -4451,7 +4451,7 @@ attributeID: 1.2.840.113556.1.4.911 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Allowed-Attributes-Effective,${SCHEMADN} cn: Allowed-Attributes-Effective name: Allowed-Attributes-Effective objectClass: top @@ -4466,7 +4466,7 @@ attributeID: 1.2.840.113556.1.4.914 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=NT-Mixed-Domain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=NT-Mixed-Domain,${SCHEMADN} cn: NT-Mixed-Domain name: NT-Mixed-Domain objectClass: top @@ -4481,7 +4481,7 @@ attributeID: 1.2.840.113556.1.4.357 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=ms-DS-Has-Instantiated-NCs,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Has-Instantiated-NCs,${SCHEMADN} cn: ms-DS-Has-Instantiated-NCs name: ms-DS-Has-Instantiated-NCs objectClass: top @@ -4498,7 +4498,7 @@ attributeSyntax: 2.5.5.7 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=Min-Pwd-Length,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Min-Pwd-Length,${SCHEMADN} cn: Min-Pwd-Length name: Min-Pwd-Length objectClass: top @@ -4513,7 +4513,7 @@ attributeID: 1.2.840.113556.1.4.79 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Domain-Policy-Object,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Domain-Policy-Object,${SCHEMADN} cn: Domain-Policy-Object name: Domain-Policy-Object objectClass: top @@ -4529,7 +4529,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Physical-Delivery-Office-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Physical-Delivery-Office-Name,${SCHEMADN} cn: Physical-Delivery-Office-Name name: Physical-Delivery-Office-Name objectClass: top @@ -4544,7 +4544,7 @@ attributeID: 2.5.4.19 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Volume-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Volume-Count,${SCHEMADN} cn: Volume-Count name: Volume-Count objectClass: top @@ -4559,7 +4559,7 @@ attributeID: 1.2.840.113556.1.4.507 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=msRADIUSServiceType,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msRADIUSServiceType,${SCHEMADN} cn: msRADIUSServiceType name: msRADIUSServiceType objectClass: top @@ -4574,7 +4574,7 @@ attributeID: 1.2.840.113556.1.4.1171 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Last-Logon,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Last-Logon,${SCHEMADN} cn: Last-Logon name: Last-Logon objectClass: top @@ -4589,7 +4589,7 @@ attributeID: 1.2.840.113556.1.4.52 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Groups-to-Ignore,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Groups-to-Ignore,${SCHEMADN} cn: Groups-to-Ignore name: Groups-to-Ignore objectClass: top @@ -4604,7 +4604,7 @@ attributeID: 1.2.840.113556.1.4.344 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Schema-Info,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Schema-Info,${SCHEMADN} cn: Schema-Info name: Schema-Info objectClass: top @@ -4619,7 +4619,7 @@ attributeID: 1.2.840.113556.1.4.1358 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Domain-Component,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Domain-Component,${SCHEMADN} cn: Domain-Component name: Domain-Component objectClass: top @@ -4634,7 +4634,7 @@ attributeID: 0.9.2342.19200300.100.1.25 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Object-Category,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Object-Category,${SCHEMADN} cn: Object-Category name: Object-Category objectClass: top @@ -4650,7 +4650,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Modify-Time-Stamp,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Modify-Time-Stamp,${SCHEMADN} cn: Modify-Time-Stamp name: Modify-Time-Stamp objectClass: top @@ -4665,7 +4665,7 @@ attributeID: 2.5.18.2 attributeSyntax: 2.5.5.11 oMSyntax: 24 -dn: CN=Display-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Display-Name,${SCHEMADN} cn: Display-Name name: Display-Name objectClass: top @@ -4680,7 +4680,7 @@ attributeID: 1.2.840.113556.1.2.13 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Admin-Description,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Admin-Description,${SCHEMADN} cn: Admin-Description name: Admin-Description objectClass: top @@ -4695,7 +4695,7 @@ attributeID: 1.2.840.113556.1.2.226 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-DnsRootAlias,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-DnsRootAlias,${SCHEMADN} cn: ms-DS-DnsRootAlias name: ms-DS-DnsRootAlias objectClass: top @@ -4710,7 +4710,7 @@ attributeID: 1.2.840.113556.1.4.1719 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Creation-Wizard,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Creation-Wizard,${SCHEMADN} cn: Creation-Wizard name: Creation-Wizard objectClass: top @@ -4725,7 +4725,7 @@ attributeID: 1.2.840.113556.1.4.498 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Has-Partial-Replica-NCs,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Has-Partial-Replica-NCs,${SCHEMADN} cn: Has-Partial-Replica-NCs name: Has-Partial-Replica-NCs objectClass: top @@ -4742,7 +4742,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Control-Access-Rights,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Control-Access-Rights,${SCHEMADN} cn: Control-Access-Rights name: Control-Access-Rights objectClass: top @@ -4757,7 +4757,7 @@ attributeID: 1.2.840.113556.1.4.200 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=UAS-Compat,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=UAS-Compat,${SCHEMADN} cn: UAS-Compat name: UAS-Compat objectClass: top @@ -4772,7 +4772,7 @@ attributeID: 1.2.840.113556.1.4.155 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Object-Sid,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Object-Sid,${SCHEMADN} cn: Object-Sid name: Object-Sid objectClass: top @@ -4787,7 +4787,7 @@ attributeID: 1.2.840.113556.1.4.146 attributeSyntax: 2.5.5.17 oMSyntax: 4 -dn: CN=Title,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Title,${SCHEMADN} cn: Title name: Title objectClass: top @@ -4802,7 +4802,7 @@ attributeID: 2.5.4.12 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Phone-Pager-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Pager-Other,${SCHEMADN} cn: Phone-Pager-Other name: Phone-Pager-Other objectClass: top @@ -4817,7 +4817,7 @@ attributeID: 1.2.840.113556.1.2.118 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Division,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Division,${SCHEMADN} cn: Division name: Division objectClass: top @@ -4832,7 +4832,7 @@ attributeID: 1.2.840.113556.1.4.261 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=SAM-Account-Type,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SAM-Account-Type,${SCHEMADN} cn: SAM-Account-Type name: SAM-Account-Type objectClass: top @@ -4847,7 +4847,7 @@ attributeID: 1.2.840.113556.1.4.302 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Object-Class-Category,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Object-Class-Category,${SCHEMADN} cn: Object-Class-Category name: Object-Class-Category objectClass: top @@ -4862,7 +4862,7 @@ attributeID: 1.2.840.113556.1.2.370 attributeSyntax: 2.5.5.9 oMSyntax: 10 -dn: CN=Default-Hiding-Value,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Default-Hiding-Value,${SCHEMADN} cn: Default-Hiding-Value name: Default-Hiding-Value objectClass: top @@ -4877,7 +4877,7 @@ attributeID: 1.2.840.113556.1.4.518 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=msNPAllowDialin,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msNPAllowDialin,${SCHEMADN} cn: msNPAllowDialin name: msNPAllowDialin objectClass: top @@ -4892,7 +4892,7 @@ attributeID: 1.2.840.113556.1.4.1119 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=Code-Page,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Code-Page,${SCHEMADN} cn: Code-Page name: Code-Page objectClass: top @@ -4907,7 +4907,7 @@ attributeID: 1.2.840.113556.1.4.16 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Admin-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Admin-Count,${SCHEMADN} cn: Admin-Count name: Admin-Count objectClass: top @@ -4922,7 +4922,7 @@ attributeID: 1.2.840.113556.1.4.150 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Schema-Update,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Schema-Update,${SCHEMADN} cn: Schema-Update name: Schema-Update objectClass: top @@ -4937,7 +4937,7 @@ attributeID: 1.2.840.113556.1.4.481 attributeSyntax: 2.5.5.11 oMSyntax: 24 -dn: CN=Trust-Direction,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Direction,${SCHEMADN} cn: Trust-Direction name: Trust-Direction objectClass: top @@ -4952,7 +4952,7 @@ attributeID: 1.2.840.113556.1.4.132 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Enabled,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Enabled,${SCHEMADN} cn: Enabled name: Enabled objectClass: top @@ -4967,7 +4967,7 @@ attributeID: 1.2.840.113556.1.2.557 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=Locality-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Locality-Name,${SCHEMADN} cn: Locality-Name name: Locality-Name objectClass: top @@ -4982,7 +4982,7 @@ attributeID: 2.5.4.7 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=EFSPolicy,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=EFSPolicy,${SCHEMADN} cn: EFSPolicy name: EFSPolicy objectClass: top @@ -4997,7 +4997,7 @@ attributeID: 1.2.840.113556.1.4.268 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Builtin-Modified-Count,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Builtin-Modified-Count,${SCHEMADN} cn: Builtin-Modified-Count name: Builtin-Modified-Count objectClass: top @@ -5012,7 +5012,7 @@ attributeID: 1.2.840.113556.1.4.14 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Phone-Office-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Office-Other,${SCHEMADN} cn: Phone-Office-Other name: Phone-Office-Other objectClass: top @@ -5027,7 +5027,7 @@ attributeID: 1.2.840.113556.1.2.18 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Phone-ISDN-Primary,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-ISDN-Primary,${SCHEMADN} cn: Phone-ISDN-Primary name: Phone-ISDN-Primary objectClass: top @@ -5042,7 +5042,7 @@ attributeID: 1.2.840.113556.1.4.649 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Employee-ID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Employee-ID,${SCHEMADN} cn: Employee-ID name: Employee-ID objectClass: top @@ -5057,7 +5057,7 @@ attributeID: 1.2.840.113556.1.4.35 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Tombstone-Lifetime,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Tombstone-Lifetime,${SCHEMADN} cn: Tombstone-Lifetime name: Tombstone-Lifetime objectClass: top @@ -5072,7 +5072,7 @@ attributeID: 1.2.840.113556.1.2.54 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Operating-System-Service-Pack,${SCHEMADN} cn: Operating-System-Service-Pack name: Operating-System-Service-Pack objectClass: top @@ -5087,7 +5087,7 @@ attributeID: 1.2.840.113556.1.4.365 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Netboot-Initialization,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Netboot-Initialization,${SCHEMADN} cn: Netboot-Initialization name: Netboot-Initialization objectClass: top @@ -5102,7 +5102,7 @@ attributeID: 1.2.840.113556.1.4.358 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=User-Principal-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Principal-Name,${SCHEMADN} cn: User-Principal-Name name: User-Principal-Name objectClass: top @@ -5117,7 +5117,7 @@ attributeID: 1.2.840.113556.1.4.656 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Service-Principal-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Service-Principal-Name,${SCHEMADN} cn: Service-Principal-Name name: Service-Principal-Name objectClass: top @@ -5132,7 +5132,7 @@ attributeID: 1.2.840.113556.1.4.771 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Other-Login-Workstations,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Other-Login-Workstations,${SCHEMADN} cn: Other-Login-Workstations name: Other-Login-Workstations objectClass: top @@ -5147,7 +5147,7 @@ attributeID: 1.2.840.113556.1.4.91 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-IIS-FTP-Dir,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-IIS-FTP-Dir,${SCHEMADN} cn: ms-IIS-FTP-Dir name: ms-IIS-FTP-Dir objectClass: top @@ -5162,7 +5162,7 @@ attributeID: 1.2.840.113556.1.4.1786 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Site-Affinity,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Site-Affinity,${SCHEMADN} cn: ms-DS-Site-Affinity name: ms-DS-Site-Affinity objectClass: top @@ -5177,7 +5177,7 @@ attributeID: 1.2.840.113556.1.4.1443 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Max-Storage,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Max-Storage,${SCHEMADN} cn: Max-Storage name: Max-Storage objectClass: top @@ -5192,7 +5192,7 @@ attributeID: 1.2.840.113556.1.4.76 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=NT-Security-Descriptor,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=NT-Security-Descriptor,${SCHEMADN} cn: NT-Security-Descriptor name: NT-Security-Descriptor objectClass: top @@ -5207,7 +5207,7 @@ attributeID: 1.2.840.113556.1.2.281 attributeSyntax: 2.5.5.15 oMSyntax: 66 -dn: CN=Site-Object-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Site-Object-BL,${SCHEMADN} cn: Site-Object-BL name: Site-Object-BL objectClass: top @@ -5224,7 +5224,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Query-Policy-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Query-Policy-BL,${SCHEMADN} cn: Query-Policy-BL name: Query-Policy-BL objectClass: top @@ -5241,7 +5241,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Partial-Attribute-Set,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Partial-Attribute-Set,${SCHEMADN} cn: Partial-Attribute-Set name: Partial-Attribute-Set objectClass: top @@ -5256,7 +5256,7 @@ attributeID: 1.2.840.113556.1.4.640 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Obj-Dist-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Obj-Dist-Name,${SCHEMADN} cn: Obj-Dist-Name name: Obj-Dist-Name objectClass: top @@ -5272,7 +5272,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Description,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Description,${SCHEMADN} cn: Description name: Description objectClass: top @@ -5287,7 +5287,7 @@ attributeID: 2.5.4.13 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Az-Class-ID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Class-ID,${SCHEMADN} cn: ms-DS-Az-Class-ID name: ms-DS-Az-Class-ID objectClass: top @@ -5302,7 +5302,7 @@ attributeID: 1.2.840.113556.1.4.1816 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=RID-Available-Pool,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=RID-Available-Pool,${SCHEMADN} cn: RID-Available-Pool name: RID-Available-Pool objectClass: top @@ -5317,7 +5317,7 @@ attributeID: 1.2.840.113556.1.4.370 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Shell-Property-Pages,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Shell-Property-Pages,${SCHEMADN} cn: Shell-Property-Pages name: Shell-Property-Pages objectClass: top @@ -5332,7 +5332,7 @@ attributeID: 1.2.840.113556.1.4.563 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-SPN-Suffixes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-SPN-Suffixes,${SCHEMADN} cn: ms-DS-SPN-Suffixes name: ms-DS-SPN-Suffixes objectClass: top @@ -5347,7 +5347,7 @@ attributeID: 1.2.840.113556.1.4.1715 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Private-Key,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Private-Key,${SCHEMADN} cn: Private-Key name: Private-Key objectClass: top @@ -5362,7 +5362,7 @@ attributeID: 1.2.840.113556.1.4.101 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Facsimile-Telephone-Number,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Facsimile-Telephone-Number,${SCHEMADN} cn: Facsimile-Telephone-Number name: Facsimile-Telephone-Number objectClass: top @@ -5377,7 +5377,7 @@ attributeID: 2.5.4.23 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=MSMQ-Nt4-Stub,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Nt4-Stub,${SCHEMADN} cn: MSMQ-Nt4-Stub name: MSMQ-Nt4-Stub objectClass: top @@ -5392,7 +5392,7 @@ attributeID: 1.2.840.113556.1.4.960 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Schema-Flags-Ex,${SCHEMADN} cn: Schema-Flags-Ex name: Schema-Flags-Ex objectClass: top @@ -5407,7 +5407,7 @@ attributeID: 1.2.840.113556.1.4.120 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=ms-IIS-FTP-Root,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-IIS-FTP-Root,${SCHEMADN} cn: ms-IIS-FTP-Root name: ms-IIS-FTP-Root objectClass: top @@ -5422,7 +5422,7 @@ attributeID: 1.2.840.113556.1.4.1785 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Group-Priority,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Group-Priority,${SCHEMADN} cn: Group-Priority name: Group-Priority objectClass: top @@ -5437,7 +5437,7 @@ attributeID: 1.2.840.113556.1.4.345 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Bridgehead-Transport-List,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Bridgehead-Transport-List,${SCHEMADN} cn: Bridgehead-Transport-List name: Bridgehead-Transport-List objectClass: top @@ -5454,7 +5454,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Extended-Class-Info,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Extended-Class-Info,${SCHEMADN} cn: Extended-Class-Info name: Extended-Class-Info objectClass: top @@ -5469,7 +5469,7 @@ attributeID: 1.2.840.113556.1.4.908 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Flat-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Flat-Name,${SCHEMADN} cn: Flat-Name name: Flat-Name objectClass: top @@ -5484,7 +5484,7 @@ attributeID: 1.2.840.113556.1.4.511 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Wbem-Path,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Wbem-Path,${SCHEMADN} cn: Wbem-Path name: Wbem-Path objectClass: top @@ -5499,7 +5499,7 @@ attributeID: 1.2.840.113556.1.4.301 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,${SCHEMADN} cn: ms-DS-NC-Repl-Outbound-Neighbors name: ms-DS-NC-Repl-Outbound-Neighbors objectClass: top @@ -5514,7 +5514,7 @@ attributeID: 1.2.840.113556.1.4.1706 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Operations-For-Az-Task-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Operations-For-Az-Task-BL,${SCHEMADN} cn: ms-DS-Operations-For-Az-Task-BL name: ms-DS-Operations-For-Az-Task-BL objectClass: top @@ -5531,7 +5531,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Show-In-Advanced-View-Only,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Show-In-Advanced-View-Only,${SCHEMADN} cn: Show-In-Advanced-View-Only name: Show-In-Advanced-View-Only objectClass: top @@ -5546,7 +5546,7 @@ attributeID: 1.2.840.113556.1.2.169 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=ms-DS-Behavior-Version,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Behavior-Version,${SCHEMADN} cn: ms-DS-Behavior-Version name: ms-DS-Behavior-Version objectClass: top @@ -5561,7 +5561,7 @@ attributeID: 1.2.840.113556.1.4.1459 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=ms-DS-Has-Master-NCs,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Has-Master-NCs,${SCHEMADN} cn: ms-DS-Has-Master-NCs name: ms-DS-Has-Master-NCs objectClass: top @@ -5578,7 +5578,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Pwd-History-Length,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Pwd-History-Length,${SCHEMADN} cn: Pwd-History-Length name: Pwd-History-Length objectClass: top @@ -5593,7 +5593,7 @@ attributeID: 1.2.840.113556.1.4.95 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Pek-List,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Pek-List,${SCHEMADN} cn: Pek-List name: Pek-List objectClass: top @@ -5608,7 +5608,7 @@ attributeID: 1.2.840.113556.1.4.865 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Postal-Code,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Postal-Code,${SCHEMADN} cn: Postal-Code name: Postal-Code objectClass: top @@ -5623,7 +5623,7 @@ attributeID: 2.5.4.17 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Netboot-Mirror-Data-File,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Netboot-Mirror-Data-File,${SCHEMADN} cn: Netboot-Mirror-Data-File name: Netboot-Mirror-Data-File objectClass: top @@ -5638,7 +5638,7 @@ attributeID: 1.2.840.113556.1.4.1241 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Default-Class-Store,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Default-Class-Store,${SCHEMADN} cn: Default-Class-Store name: Default-Class-Store objectClass: top @@ -5654,7 +5654,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=MSMQ-Site-ID,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Site-ID,${SCHEMADN} cn: MSMQ-Site-ID name: MSMQ-Site-ID objectClass: top @@ -5669,7 +5669,7 @@ attributeID: 1.2.840.113556.1.4.953 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Show-In-Address-Book,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Show-In-Address-Book,${SCHEMADN} cn: Show-In-Address-Book name: Show-In-Address-Book objectClass: top @@ -5685,7 +5685,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=When-Created,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=When-Created,${SCHEMADN} cn: When-Created name: When-Created objectClass: top @@ -5700,7 +5700,7 @@ attributeID: 1.2.840.113556.1.2.2 attributeSyntax: 2.5.5.11 oMSyntax: 24 -dn: CN=DS-Core-Propagation-Data,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DS-Core-Propagation-Data,${SCHEMADN} cn: DS-Core-Propagation-Data name: DS-Core-Propagation-Data objectClass: top @@ -5715,7 +5715,7 @@ attributeID: 1.2.840.113556.1.4.1357 attributeSyntax: 2.5.5.11 oMSyntax: 24 -dn: CN=Display-Name-Printable,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Display-Name-Printable,${SCHEMADN} cn: Display-Name-Printable name: Display-Name-Printable objectClass: top @@ -5730,7 +5730,7 @@ attributeID: 1.2.840.113556.1.2.353 attributeSyntax: 2.5.5.5 oMSyntax: 19 -dn: CN=State-Or-Province-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=State-Or-Province-Name,${SCHEMADN} cn: State-Or-Province-Name name: State-Or-Province-Name objectClass: top @@ -5745,7 +5745,7 @@ attributeID: 2.5.4.8 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Server-Reference,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Server-Reference,${SCHEMADN} cn: Server-Reference name: Server-Reference objectClass: top @@ -5762,7 +5762,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Has-Domain-NCs,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Has-Domain-NCs,${SCHEMADN} cn: ms-DS-Has-Domain-NCs name: ms-DS-Has-Domain-NCs objectClass: top @@ -5779,7 +5779,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Invocation-Id,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Invocation-Id,${SCHEMADN} cn: Invocation-Id name: Invocation-Id objectClass: top @@ -5794,7 +5794,7 @@ attributeID: 1.2.840.113556.1.2.115 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Replica-Source,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Replica-Source,${SCHEMADN} cn: Replica-Source name: Replica-Source objectClass: top @@ -5809,7 +5809,7 @@ attributeID: 1.2.840.113556.1.4.109 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Phone-Ip-Primary,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Ip-Primary,${SCHEMADN} cn: Phone-Ip-Primary name: Phone-Ip-Primary objectClass: top @@ -5824,7 +5824,7 @@ attributeID: 1.2.840.113556.1.4.721 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Phone-Home-Other,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Phone-Home-Other,${SCHEMADN} cn: Phone-Home-Other name: Phone-Home-Other objectClass: top @@ -5839,7 +5839,7 @@ attributeID: 1.2.840.113556.1.2.277 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Organization-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Organization-Name,${SCHEMADN} cn: Organization-Name name: Organization-Name objectClass: top @@ -5854,7 +5854,7 @@ attributeID: 2.5.4.10 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Operating-System,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Operating-System,${SCHEMADN} cn: Operating-System name: Operating-System objectClass: top @@ -5869,7 +5869,7 @@ attributeID: 1.2.840.113556.1.4.363 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Object-Reference,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Object-Reference,${SCHEMADN} cn: ms-DS-Object-Reference name: ms-DS-Object-Reference objectClass: top @@ -5885,7 +5885,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=MSMQ-Interval1,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Interval1,${SCHEMADN} cn: MSMQ-Interval1 name: MSMQ-Interval1 objectClass: top @@ -5900,7 +5900,7 @@ attributeID: 1.2.840.113556.1.4.1308 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Rid,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Rid,${SCHEMADN} cn: Rid name: Rid objectClass: top @@ -5915,7 +5915,7 @@ attributeID: 1.2.840.113556.1.4.153 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Profile-Path,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Profile-Path,${SCHEMADN} cn: Profile-Path name: Profile-Path objectClass: top @@ -5930,7 +5930,7 @@ attributeID: 1.2.840.113556.1.4.139 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=msRADIUSCallbackNumber,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msRADIUSCallbackNumber,${SCHEMADN} cn: msRADIUSCallbackNumber name: msRADIUSCallbackNumber objectClass: top @@ -5945,7 +5945,7 @@ attributeID: 1.2.840.113556.1.4.1145 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: CN=ACS-Policy-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ACS-Policy-Name,${SCHEMADN} cn: ACS-Policy-Name name: ACS-Policy-Name objectClass: top @@ -5960,7 +5960,7 @@ attributeID: 1.2.840.113556.1.4.772 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Comment,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Comment,${SCHEMADN} cn: Comment name: Comment objectClass: top @@ -5975,7 +5975,7 @@ attributeID: 1.2.840.113556.1.2.81 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-DS-Object-Reference-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Object-Reference-BL,${SCHEMADN} cn: ms-DS-Object-Reference-BL name: ms-DS-Object-Reference-BL objectClass: top @@ -5992,7 +5992,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=When-Changed,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=When-Changed,${SCHEMADN} cn: When-Changed name: When-Changed objectClass: top @@ -6007,7 +6007,7 @@ attributeID: 1.2.840.113556.1.2.3 attributeSyntax: 2.5.5.11 oMSyntax: 24 -dn: CN=USN-Last-Obj-Rem,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=USN-Last-Obj-Rem,${SCHEMADN} cn: USN-Last-Obj-Rem name: USN-Last-Obj-Rem objectClass: top @@ -6022,7 +6022,7 @@ attributeID: 1.2.840.113556.1.2.121 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Reps-To,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Reps-To,${SCHEMADN} cn: Reps-To name: Reps-To objectClass: top @@ -6038,7 +6038,7 @@ attributeSyntax: 2.5.5.10 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBBg== -dn: CN=Repl-UpToDate-Vector,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Repl-UpToDate-Vector,${SCHEMADN} cn: Repl-UpToDate-Vector name: Repl-UpToDate-Vector objectClass: top @@ -6053,7 +6053,7 @@ attributeID: 1.2.840.113556.1.4.4 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=netboot-SCP-BL,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=netboot-SCP-BL,${SCHEMADN} cn: netboot-SCP-BL name: netboot-SCP-BL objectClass: top @@ -6070,7 +6070,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Mastered-By,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Mastered-By,${SCHEMADN} cn: ms-DS-Mastered-By name: ms-DS-Mastered-By objectClass: top @@ -6087,7 +6087,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-COM-PartitionSetLink,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-COM-PartitionSetLink,${SCHEMADN} cn: ms-COM-PartitionSetLink name: ms-COM-PartitionSetLink objectClass: top @@ -6104,7 +6104,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Common-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Common-Name,${SCHEMADN} cn: Common-Name name: Common-Name objectClass: top @@ -6119,7 +6119,7 @@ attributeID: 2.5.4.3 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=MS-DS-All-Users-Trust-Quota,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DS-All-Users-Trust-Quota,${SCHEMADN} cn: MS-DS-All-Users-Trust-Quota name: MS-DS-All-Users-Trust-Quota objectClass: top @@ -6134,7 +6134,7 @@ attributeID: 1.2.840.113556.1.4.1789 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Default-Group,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Default-Group,${SCHEMADN} cn: Default-Group name: Default-Group objectClass: top @@ -6150,7 +6150,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=User-Comment,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User-Comment,${SCHEMADN} cn: User-Comment name: User-Comment objectClass: top @@ -6165,7 +6165,7 @@ attributeID: 1.2.840.113556.1.4.156 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Local-Policy-Flags,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Local-Policy-Flags,${SCHEMADN} cn: Local-Policy-Flags name: Local-Policy-Flags objectClass: top @@ -6180,7 +6180,7 @@ attributeID: 1.2.840.113556.1.4.56 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=MSMQ-Interval2,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Interval2,${SCHEMADN} cn: MSMQ-Interval2 name: MSMQ-Interval2 objectClass: top @@ -6195,7 +6195,7 @@ attributeID: 1.2.840.113556.1.4.1309 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=SID-History,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SID-History,${SCHEMADN} cn: SID-History name: SID-History objectClass: top @@ -6210,7 +6210,7 @@ attributeID: 1.2.840.113556.1.4.609 attributeSyntax: 2.5.5.17 oMSyntax: 4 -dn: CN=ms-ds-Schema-Extensions,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-ds-Schema-Extensions,${SCHEMADN} cn: ms-ds-Schema-Extensions name: ms-ds-Schema-Extensions objectClass: top @@ -6225,7 +6225,7 @@ attributeID: 1.2.840.113556.1.4.1440 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Unicode-Pwd,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Unicode-Pwd,${SCHEMADN} cn: Unicode-Pwd name: Unicode-Pwd objectClass: top @@ -6240,7 +6240,7 @@ attributeID: 1.2.840.113556.1.4.90 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=msRASSavedFramedIPAddress,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=msRASSavedFramedIPAddress,${SCHEMADN} cn: msRASSavedFramedIPAddress name: msRASSavedFramedIPAddress objectClass: top @@ -6255,7 +6255,7 @@ attributeID: 1.2.840.113556.1.4.1190 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=MS-DRM-Identity-Certificate,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MS-DRM-Identity-Certificate,${SCHEMADN} cn: MS-DRM-Identity-Certificate name: MS-DRM-Identity-Certificate objectClass: top @@ -6269,7 +6269,7 @@ attributeID: 1.2.840.113556.1.4.1843 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Last-Logoff,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Last-Logoff,${SCHEMADN} cn: Last-Logoff name: Last-Logoff objectClass: top @@ -6284,7 +6284,7 @@ attributeID: 1.2.840.113556.1.4.51 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=DMD-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DMD-Name,${SCHEMADN} cn: DMD-Name name: DMD-Name objectClass: top @@ -6299,7 +6299,7 @@ attributeID: 1.2.840.113556.1.2.598 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=ms-Exch-LabeledURI,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-Exch-LabeledURI,${SCHEMADN} cn: ms-Exch-LabeledURI name: ms-Exch-LabeledURI objectClass: top @@ -6312,7 +6312,7 @@ attributeID: 1.2.840.113556.1.2.593 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Reports,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Reports,${SCHEMADN} cn: Reports name: Reports objectClass: top @@ -6329,7 +6329,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Repl-Property-Meta-Data,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Repl-Property-Meta-Data,${SCHEMADN} cn: Repl-Property-Meta-Data name: Repl-Property-Meta-Data objectClass: top @@ -6344,7 +6344,7 @@ attributeID: 1.2.840.113556.1.4.3 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=From-Entry,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=From-Entry,${SCHEMADN} cn: From-Entry name: From-Entry objectClass: top @@ -6359,7 +6359,7 @@ attributeID: 1.2.840.113556.1.4.910 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=Trust-Parent,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trust-Parent,${SCHEMADN} cn: Trust-Parent name: Trust-Parent objectClass: top @@ -6375,7 +6375,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=RID-Manager-Reference,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=RID-Manager-Reference,${SCHEMADN} cn: RID-Manager-Reference name: RID-Manager-Reference objectClass: top @@ -6391,7 +6391,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Lockout-Threshold,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Lockout-Threshold,${SCHEMADN} cn: Lockout-Threshold name: Lockout-Threshold objectClass: top @@ -6406,7 +6406,7 @@ attributeID: 1.2.840.113556.1.4.73 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Desktop-Profile,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Desktop-Profile,${SCHEMADN} cn: Desktop-Profile name: Desktop-Profile objectClass: top @@ -6421,7 +6421,7 @@ attributeID: 1.2.840.113556.1.4.346 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Text-Country,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Text-Country,${SCHEMADN} cn: Text-Country name: Text-Country objectClass: top @@ -6436,7 +6436,7 @@ attributeID: 1.2.840.113556.1.2.131 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Teletex-Terminal-Identifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Teletex-Terminal-Identifier,${SCHEMADN} cn: Teletex-Terminal-Identifier name: Teletex-Terminal-Identifier objectClass: top @@ -6451,7 +6451,7 @@ attributeID: 2.5.4.22 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Telex-Primary,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Telex-Primary,${SCHEMADN} cn: Telex-Primary name: Telex-Primary objectClass: top @@ -6466,7 +6466,7 @@ attributeID: 1.2.840.113556.1.4.648 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Manager,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Manager,${SCHEMADN} cn: Manager name: Manager objectClass: top @@ -6483,7 +6483,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Physical-Location-Object,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Physical-Location-Object,${SCHEMADN} cn: Physical-Location-Object name: Physical-Location-Object objectClass: top @@ -6499,7 +6499,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Az-Major-Version,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Major-Version,${SCHEMADN} cn: ms-DS-Az-Major-Version name: ms-DS-Az-Major-Version objectClass: top @@ -6514,7 +6514,7 @@ attributeID: 1.2.840.113556.1.4.1824 attributeSyntax: 2.5.5.9 oMSyntax: 2 -dn: CN=Sub-Class-Of,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Sub-Class-Of,${SCHEMADN} cn: Sub-Class-Of name: Sub-Class-Of objectClass: top @@ -6529,7 +6529,7 @@ attributeID: 1.2.840.113556.1.2.21 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=System-Must-Contain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=System-Must-Contain,${SCHEMADN} cn: System-Must-Contain name: System-Must-Contain objectClass: top @@ -6544,7 +6544,7 @@ attributeID: 1.2.840.113556.1.4.197 attributeSyntax: 2.5.5.2 oMSyntax: 6 -dn: CN=roomNumber,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=roomNumber,${SCHEMADN} cn: roomNumber name: roomNumber objectClass: top @@ -6559,7 +6559,7 @@ attributeID: 0.9.2342.19200300.100.1.6 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Employee-Type,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Employee-Type,${SCHEMADN} cn: Employee-Type name: Employee-Type objectClass: top @@ -6574,7 +6574,7 @@ attributeID: 1.2.840.113556.1.2.613 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Current-Value,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Current-Value,${SCHEMADN} cn: Current-Value name: Current-Value objectClass: top @@ -6589,7 +6589,7 @@ attributeID: 1.2.840.113556.1.4.27 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=DIT-Content-Rules,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DIT-Content-Rules,${SCHEMADN} cn: DIT-Content-Rules name: DIT-Content-Rules objectClass: top @@ -6604,7 +6604,7 @@ attributeID: 2.5.21.2 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=USN-Created,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=USN-Created,${SCHEMADN} cn: USN-Created name: USN-Created objectClass: top @@ -6619,7 +6619,7 @@ attributeID: 1.2.840.113556.1.2.19 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Sub-Refs,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Sub-Refs,${SCHEMADN} cn: Sub-Refs name: Sub-Refs objectClass: top @@ -6635,7 +6635,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Proxy-Addresses,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Proxy-Addresses,${SCHEMADN} cn: Proxy-Addresses name: Proxy-Addresses objectClass: top @@ -6650,7 +6650,7 @@ attributeID: 1.2.840.113556.1.2.210 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Superior-DNS-Root,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Superior-DNS-Root,${SCHEMADN} cn: Superior-DNS-Root name: Superior-DNS-Root objectClass: top @@ -6665,7 +6665,7 @@ attributeID: 1.2.840.113556.1.4.532 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Root-Trust,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Root-Trust,${SCHEMADN} cn: Root-Trust name: Root-Trust objectClass: top @@ -6681,7 +6681,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=Shell-Context-Menu,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Shell-Context-Menu,${SCHEMADN} cn: Shell-Context-Menu name: Shell-Context-Menu objectClass: top @@ -6696,7 +6696,7 @@ attributeID: 1.2.840.113556.1.4.615 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Class-Display-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Class-Display-Name,${SCHEMADN} cn: Class-Display-Name name: Class-Display-Name objectClass: top @@ -6711,7 +6711,7 @@ attributeID: 1.2.840.113556.1.4.610 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=CA-Certificate,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=CA-Certificate,${SCHEMADN} cn: CA-Certificate name: CA-Certificate objectClass: top @@ -6726,7 +6726,7 @@ attributeID: 2.5.4.37 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=MHS-OR-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MHS-OR-Address,${SCHEMADN} cn: MHS-OR-Address name: MHS-OR-Address objectClass: top @@ -6741,7 +6741,7 @@ attributeID: 1.2.840.113556.1.4.650 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Nt-Pwd-History,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Nt-Pwd-History,${SCHEMADN} cn: Nt-Pwd-History name: Nt-Pwd-History objectClass: top @@ -6756,7 +6756,7 @@ attributeID: 1.2.840.113556.1.4.94 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=SMTP-Mail-Address,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SMTP-Mail-Address,${SCHEMADN} cn: SMTP-Mail-Address name: SMTP-Mail-Address objectClass: top @@ -6771,7 +6771,7 @@ attributeID: 1.2.840.113556.1.4.786 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Foreign-Identifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Foreign-Identifier,${SCHEMADN} cn: Foreign-Identifier name: Foreign-Identifier objectClass: top @@ -6786,7 +6786,7 @@ attributeID: 1.2.840.113556.1.4.356 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=USN-Changed,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=USN-Changed,${SCHEMADN} cn: USN-Changed name: USN-Changed objectClass: top @@ -6801,7 +6801,7 @@ attributeID: 1.2.840.113556.1.2.120 attributeSyntax: 2.5.5.16 oMSyntax: 65 -dn: CN=Reps-From,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Reps-From,${SCHEMADN} cn: Reps-From name: Reps-From objectClass: top @@ -6817,7 +6817,7 @@ attributeSyntax: 2.5.5.10 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBBg== -dn: CN=Other-Well-Known-Objects,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Other-Well-Known-Objects,${SCHEMADN} cn: Other-Well-Known-Objects name: Other-Well-Known-Objects objectClass: top @@ -6833,7 +6833,7 @@ attributeSyntax: 2.5.5.7 oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBCw== -dn: CN=ms-DS-NC-Repl-Cursors,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-NC-Repl-Cursors,${SCHEMADN} cn: ms-DS-NC-Repl-Cursors name: ms-DS-NC-Repl-Cursors objectClass: top @@ -6848,7 +6848,7 @@ attributeID: 1.2.840.113556.1.4.1704 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Managed-Objects,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Managed-Objects,${SCHEMADN} cn: Managed-Objects name: Managed-Objects objectClass: top @@ -6865,7 +6865,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=ms-DS-Allowed-DNS-Suffixes,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Allowed-DNS-Suffixes,${SCHEMADN} cn: ms-DS-Allowed-DNS-Suffixes name: ms-DS-Allowed-DNS-Suffixes objectClass: top @@ -6880,7 +6880,7 @@ attributeID: 1.2.840.113556.1.4.1710 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=NC-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=NC-Name,${SCHEMADN} cn: NC-Name name: NC-Name objectClass: top @@ -6896,7 +6896,7 @@ attributeSyntax: 2.5.5.1 oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK -dn: CN=NETBIOS-Name,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=NETBIOS-Name,${SCHEMADN} cn: NETBIOS-Name name: NETBIOS-Name objectClass: top @@ -6911,7 +6911,7 @@ attributeID: 1.2.840.113556.1.4.87 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Query-Filter,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Query-Filter,${SCHEMADN} cn: Query-Filter name: Query-Filter objectClass: top @@ -6926,7 +6926,7 @@ attributeID: 1.2.840.113556.1.4.1355 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=Preferred-Delivery-Method,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Preferred-Delivery-Method,${SCHEMADN} cn: Preferred-Delivery-Method name: Preferred-Delivery-Method objectClass: top @@ -6941,7 +6941,7 @@ attributeID: 2.5.4.28 attributeSyntax: 2.5.5.9 oMSyntax: 10 -dn: CN=MSMQ-Site-Foreign,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Site-Foreign,${SCHEMADN} cn: MSMQ-Site-Foreign name: MSMQ-Site-Foreign objectClass: top @@ -6956,7 +6956,7 @@ attributeID: 1.2.840.113556.1.4.961 attributeSyntax: 2.5.5.8 oMSyntax: 1 -dn: CN=audio,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=audio,${SCHEMADN} cn: audio name: audio objectClass: top @@ -6971,7 +6971,7 @@ attributeID: 0.9.2342.19200300.100.1.55 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Script-Path,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Script-Path,${SCHEMADN} cn: Script-Path name: Script-Path objectClass: top @@ -6986,7 +6986,7 @@ attributeID: 1.2.840.113556.1.4.62 attributeSyntax: 2.5.5.12 oMSyntax: 64 -dn: CN=MSMQ-Digests,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=MSMQ-Digests,${SCHEMADN} cn: MSMQ-Digests name: MSMQ-Digests objectClass: top @@ -7001,7 +7001,7 @@ attributeID: 1.2.840.113556.1.4.948 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=ms-DS-Cached-Membership,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Cached-Membership,${SCHEMADN} cn: ms-DS-Cached-Membership name: ms-DS-Cached-Membership objectClass: top @@ -7016,7 +7016,7 @@ attributeID: 1.2.840.113556.1.4.1441 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Logon-Hours,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Logon-Hours,${SCHEMADN} cn: Logon-Hours name: Logon-Hours objectClass: top @@ -7031,7 +7031,7 @@ attributeID: 1.2.840.113556.1.4.64 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: CN=Top,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Top,${SCHEMADN} cn: Top name: Top objectClass: top @@ -7133,15 +7133,15 @@ systemMayContain: adminDisplayName systemMayContain: adminDescription objectClassCategory: 2 subClassOf: top -defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Top,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967ab7-0de6-11d0-a285-00aa003049e2 -dn: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Domain-DNS,${SCHEMADN} cn: Domain-DNS name: Domain-DNS objectClass: top @@ -7156,12 +7156,12 @@ systemMayContain: msDS-AllowedDNSSuffixes systemMayContain: managedBy objectClassCategory: 1 subClassOf: domain -defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: lostAndFound possibleInferiors: builtinDomain @@ -7176,7 +7176,7 @@ possibleInferiors: country possibleInferiors: organizationalUnit schemaIDGUID: 19195a5b-6da0-11d0-afd3-00c04fd930c9 -dn: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Application,${SCHEMADN} cn: ms-DS-Az-Application name: ms-DS-Az-Application objectClass: top @@ -7193,18 +7193,18 @@ systemMayContain: msDS-AzApplicationName systemMayContain: description objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=ms-DS-Az-Application,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: container possibleInferiors: msDS-AzScope schemaIDGUID: ddf8de9b-cba5-4e12-842e-28d8b66f75ec -dn: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Builtin-Domain,${SCHEMADN} cn: Builtin-Domain name: Builtin-Domain objectClass: top @@ -7216,18 +7216,18 @@ governsID: 1.2.840.113556.1.5.4 rDNAttID: cn objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: computer possibleInferiors: user schemaIDGUID: bf967a81-0de6-11d0-a285-00aa003049e2 -dn: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Infrastructure-Update,${SCHEMADN} cn: Infrastructure-Update name: Infrastructure-Update objectClass: top @@ -7240,15 +7240,15 @@ rDNAttID: cn systemMayContain: dNReferenceUpdate objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Infrastructure-Update,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;GA;;;SY) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: 2df90d89-009f-11d2-aa4c-00c04fd7d83a -dn: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Configuration,${SCHEMADN} cn: Configuration name: Configuration objectClass: top @@ -7262,18 +7262,18 @@ systemMayContain: gPOptions systemMayContain: gPLink objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Configuration,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: lostAndFound possibleInferiors: sitesContainer possibleInferiors: container schemaIDGUID: bf967a87-0de6-11d0-a285-00aa003049e2 -dn: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Cross-Ref,${SCHEMADN} cn: Cross-Ref name: Cross-Ref objectClass: top @@ -7299,15 +7299,15 @@ systemMayContain: msDS-DnsRootAlias systemMayContain: msDS-Behavior-Version objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Cross-Ref,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967a8d-0de6-11d0-a285-00aa003049e2 -dn: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=RID-Manager,${SCHEMADN} cn: RID-Manager name: RID-Manager objectClass: top @@ -7319,15 +7319,15 @@ rDNAttID: cn systemMustContain: rIDAvailablePool objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=RID-Manager,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: 6617188d-8f3c-11d0-afda-00c04fd930c9 -dn: CN=Display-Specifier,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Display-Specifier,${SCHEMADN} cn: Display-Specifier name: Display-Specifier objectClass: top @@ -7354,15 +7354,15 @@ systemMayContain: adminMultiselectPropertyPages systemMayContain: adminContextMenu objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Display-Specifier,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: e0fa1e8a-9b45-11d0-afdd-00c04fd930c9 -dn: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Scope,${SCHEMADN} cn: ms-DS-Az-Scope name: ms-DS-Az-Scope objectClass: top @@ -7376,17 +7376,17 @@ systemMayContain: msDS-AzApplicationData systemMayContain: description objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=ms-DS-Az-Scope,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: container schemaIDGUID: 4feae054-ce55-47bb-860e-5b12063a51de -dn: CN=Locality,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Locality,${SCHEMADN} cn: Locality name: Locality objectClass: top @@ -7406,17 +7406,17 @@ systemMayContain: seeAlso systemMayContain: searchGuide objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Locality,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: organization possibleInferiors: locality schemaIDGUID: bf967aa0-0de6-11d0-a285-00aa003049e2 -dn: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Cross-Ref-Container,${SCHEMADN} cn: Cross-Ref-Container name: Cross-Ref-Container objectClass: top @@ -7432,16 +7432,16 @@ systemMayContain: msDS-ExecuteScriptPassword systemMayContain: msDS-Behavior-Version objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Cross-Ref-Container,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;GA;;;SY) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: crossRef schemaIDGUID: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 -dn: CN=Subnet-Container,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Subnet-Container,${SCHEMADN} cn: Subnet-Container name: Subnet-Container objectClass: top @@ -7452,16 +7452,16 @@ governsID: 1.2.840.113556.1.5.95 rDNAttID: cn objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Subnet-Container,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: subnet schemaIDGUID: b7b13125-b82e-11d0-afee-0000f80367c1 -dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=NTDS-DSA,${SCHEMADN} cn: NTDS-DSA name: NTDS-DSA objectClass: top @@ -7491,15 +7491,15 @@ systemMayContain: fRSRootPath systemMayContain: dMDLocation objectClassCategory: 1 subClassOf: applicationSettings -defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=NTDS-DSA,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: f0f8ffab-1191-11d0-a060-00aa006c33ed -dn: CN=Sam-Domain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Sam-Domain,${SCHEMADN} cn: Sam-Domain name: Sam-Domain objectClass: top @@ -7548,15 +7548,15 @@ systemMayContain: builtinCreationTime systemMayContain: auditingPolicy objectClassCategory: 3 subClassOf: top -defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Sam-Domain,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967a90-0de6-11d0-a285-00aa003049e2 -dn: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Sam-Domain-Base,${SCHEMADN} cn: Sam-Domain-Base name: Sam-Domain-Base objectClass: top @@ -7587,14 +7587,14 @@ systemMayContain: domainReplica systemMayContain: creationTime objectClassCategory: 3 subClassOf: top -defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Sam-Domain-Base,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967a91-0de6-11d0-a285-00aa003049e2 -dn: CN=Country,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Country,${SCHEMADN} cn: Country name: Country objectClass: top @@ -7609,18 +7609,18 @@ systemMayContain: co systemMayContain: searchGuide objectClassCategory: 0 subClassOf: top -defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Country,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: organization possibleInferiors: locality possibleInferiors: organizationalUnit schemaIDGUID: bf967a8c-0de6-11d0-a285-00aa003049e2 -dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Organizational-Unit,${SCHEMADN} cn: Organizational-Unit name: Organizational-Unit objectClass: top @@ -7666,12 +7666,12 @@ systemMayContain: c systemMayContain: businessCategory objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Organizational-Unit,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: computer possibleInferiors: user @@ -7683,7 +7683,7 @@ possibleInferiors: organizationalUnit possibleInferiors: organizationalPerson schemaIDGUID: bf967aa5-0de6-11d0-a285-00aa003049e2 -dn: CN=Lost-And-Found,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Lost-And-Found,${SCHEMADN} cn: Lost-And-Found name: Lost-And-Found objectClass: top @@ -7697,12 +7697,12 @@ rDNAttID: cn systemMayContain: moveTreeState objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Lost-And-Found,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: msDS-AzApplication possibleInferiors: lostAndFound @@ -7734,7 +7734,7 @@ possibleInferiors: organizationalPerson possibleInferiors: server schemaIDGUID: 52ab8671-5709-11d1-a9c6-0000f80367c1 -dn: CN=Organizational-Person,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Organizational-Person,${SCHEMADN} cn: Organizational-Person name: Organizational-Person objectClass: top @@ -7802,15 +7802,15 @@ systemMayContain: assistant systemMayContain: streetAddress objectClassCategory: 0 subClassOf: person -defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Person,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967aa4-0de6-11d0-a285-00aa003049e2 -dn: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=NTDS-Service,${SCHEMADN} cn: NTDS-Service name: NTDS-Service objectClass: top @@ -7827,16 +7827,16 @@ systemMayContain: garbageCollPeriod systemMayContain: dSHeuristics objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=NTDS-Service,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: container schemaIDGUID: 19195a5f-6da0-11d0-afd3-00c04fd930c9 -dn: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Servers-Container,${SCHEMADN} cn: Servers-Container name: Servers-Container objectClass: top @@ -7847,16 +7847,16 @@ governsID: 1.2.840.113556.1.5.7000.48 rDNAttID: cn objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Servers-Container,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: server schemaIDGUID: f780acc0-56f0-11d1-a9c6-0000f80367c1 -dn: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Computer,${SCHEMADN} cn: Computer name: Computer objectClass: top @@ -7894,15 +7894,15 @@ systemMayContain: cn systemMayContain: catalogs objectClassCategory: 1 subClassOf: user -defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Computer,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2 -dn: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Person,${SCHEMADN} cn: Person name: Person objectClass: top @@ -7921,15 +7921,15 @@ systemMayContain: serialNumber systemMayContain: seeAlso objectClassCategory: 0 subClassOf: top -defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Person,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967aa7-0de6-11d0-a285-00aa003049e2 -dn: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Container,${SCHEMADN} cn: Container name: Container objectClass: top @@ -7954,12 +7954,12 @@ systemMayContain: schemaVersion systemMayContain: defaultClassStore objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Container,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: trustedDomain possibleInferiors: computer @@ -7974,7 +7974,7 @@ possibleInferiors: secret possibleInferiors: organizationalPerson schemaIDGUID: bf967a8b-0de6-11d0-a285-00aa003049e2 -dn: CN=Site,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Site,${SCHEMADN} cn: Site name: Site objectClass: top @@ -7995,16 +7995,16 @@ systemMayContain: gPOptions systemMayContain: gPLink objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Site,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: serversContainer schemaIDGUID: bf967ab3-0de6-11d0-a285-00aa003049e2 -dn: CN=Organization,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Organization,${SCHEMADN} cn: Organization name: Organization objectClass: top @@ -8038,12 +8038,12 @@ systemMayContain: destinationIndicator systemMayContain: businessCategory objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Organization,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: computer possibleInferiors: user possibleInferiors: container @@ -8054,7 +8054,7 @@ possibleInferiors: organizationalUnit possibleInferiors: organizationalPerson schemaIDGUID: bf967aa3-0de6-11d0-a285-00aa003049e2 -dn: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=ms-DS-Az-Admin-Manager,${SCHEMADN} cn: ms-DS-Az-Admin-Manager name: ms-DS-Az-Admin-Manager objectClass: top @@ -8075,18 +8075,18 @@ systemMayContain: msDS-AzDomainTimeout systemMayContain: description objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: group possibleInferiors: msDS-AzApplication possibleInferiors: container schemaIDGUID: cfee1051-5f28-4bae-a863-5d0cc18a8ed1 -dn: CN=Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Security-Principal,${SCHEMADN} cn: Security-Principal name: Security-Principal objectClass: top @@ -8110,14 +8110,14 @@ systemMayContain: altSecurityIdentities systemMayContain: accountNameHistory objectClassCategory: 3 subClassOf: top -defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Security-Principal,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967ab0-0de6-11d0-a285-00aa003049e2 -dn: CN=Application-Settings,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Application-Settings,${SCHEMADN} cn: Application-Settings name: Application-Settings objectClass: top @@ -8131,14 +8131,14 @@ systemMayContain: msDS-Settings systemMayContain: applicationName objectClassCategory: 2 subClassOf: top -defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Application-Settings,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: f780acc1-56f0-11d1-a9c6-0000f80367c1 -dn: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Class-Schema,${SCHEMADN} cn: Class-Schema name: Class-Schema objectClass: top @@ -8173,15 +8173,15 @@ systemMayContain: classDisplayName systemMayContain: auxiliaryClass objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Class-Schema,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 134217744 systemOnly: FALSE defaultSecurityDescriptor: D:S: -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967a83-0de6-11d0-a285-00aa003049e2 -dn: CN=User,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=User,${SCHEMADN} cn: User name: User objectClass: top @@ -8290,15 +8290,15 @@ systemMayContain: aCSPolicyName systemMayContain: accountExpires objectClassCategory: 1 subClassOf: organizationalPerson -defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Person,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967aba-0de6-11d0-a285-00aa003049e2 -dn: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=DMD,${SCHEMADN} cn: DMD name: DMD objectClass: top @@ -8316,17 +8316,17 @@ systemMayContain: msDS-IntId systemMayContain: dmdName objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=DMD,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: lostAndFound possibleInferiors: classSchema schemaIDGUID: bf967a8f-0de6-11d0-a285-00aa003049e2 -dn: CN=Leaf,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Leaf,${SCHEMADN} cn: Leaf name: Leaf objectClass: top @@ -8336,15 +8336,15 @@ governsID: 1.2.840.113556.1.5.20 rDNAttID: cn objectClassCategory: 2 subClassOf: top -defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Leaf,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967a9e-0de6-11d0-a285-00aa003049e2 -dn: CN=Secret,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Secret,${SCHEMADN} cn: Secret name: Secret objectClass: top @@ -8359,15 +8359,15 @@ systemMayContain: lastSetTime systemMayContain: currentValue objectClassCategory: 1 subClassOf: leaf -defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Secret,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967aae-0de6-11d0-a285-00aa003049e2 -dn: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Sites-Container,${SCHEMADN} cn: Sites-Container name: Sites-Container objectClass: top @@ -8378,17 +8378,17 @@ governsID: 1.2.840.113556.1.5.107 rDNAttID: cn objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Sites-Container,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: subnetContainer possibleInferiors: site schemaIDGUID: 7a4117da-cd67-11d0-afff-0000f80367c1 -dn: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Server,${SCHEMADN} cn: Server name: Server objectClass: top @@ -8405,16 +8405,16 @@ systemMayContain: dNSHostName systemMayContain: bridgeheadTransportList objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Server,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: container schemaIDGUID: bf967a92-0de6-11d0-a285-00aa003049e2 -dn: CN=SubSchema,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=SubSchema,${SCHEMADN} cn: SubSchema name: SubSchema objectClass: top @@ -8431,15 +8431,15 @@ systemMayContain: dITContentRules systemMayContain: attributeTypes objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=SubSchema,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 134217744 systemOnly: TRUE defaultSecurityDescriptor: D:S: -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: 5a8b3261-c38d-11d1-bbc9-0080c76670c0 -dn: CN=Trusted-Domain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Trusted-Domain,${SCHEMADN} cn: Trusted-Domain name: Trusted-Domain objectClass: top @@ -8466,15 +8466,15 @@ systemMayContain: domainCrossRef systemMayContain: additionalTrustedServiceNames objectClassCategory: 1 subClassOf: leaf -defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Trusted-Domain,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967ab8-0de6-11d0-a285-00aa003049e2 -dn: CN=Domain,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Domain,${SCHEMADN} cn: Domain name: Domain objectClass: top @@ -8487,15 +8487,15 @@ rDNAttID: dc systemMustContain: dc objectClassCategory: 2 subClassOf: top -defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: domainDNS schemaIDGUID: 19195a5a-6da0-11d0-afd3-00c04fd930c9 -dn: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Foreign-Security-Principal,${SCHEMADN} cn: Foreign-Security-Principal name: Foreign-Security-Principal objectClass: top @@ -8508,15 +8508,15 @@ systemMustContain: objectSid systemMayContain: foreignIdentifier objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Foreign-Security-Principal,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: 89e31c12-8530-11d0-afda-00c04fd930c9 -dn: CN=Subnet,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Subnet,${SCHEMADN} cn: Subnet name: Subnet objectClass: top @@ -8530,16 +8530,16 @@ systemMayContain: physicalLocationObject systemMayContain: location objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Subnet,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} possibleInferiors: container schemaIDGUID: b7b13124-b82e-11d0-afee-0000f80367c1 -dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Mail-Recipient,${SCHEMADN} cn: Mail-Recipient name: Mail-Recipient objectClass: top @@ -8564,15 +8564,15 @@ systemMayContain: garbageCollPeriod systemMayContain: info objectClassCategory: 3 subClassOf: top -defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Mail-Recipient,${SCHEMADN} defaultHidingValue: TRUE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967aa1-0de6-11d0-a285-00aa003049e2 -dn: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Group,${SCHEMADN} cn: Group name: Group objectClass: top @@ -8606,21 +8606,21 @@ systemMayContain: controlAccessRights systemMayContain: adminCount objectClassCategory: 1 subClassOf: top -defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} +defaultObjectCategory: CN=Group,${SCHEMADN} defaultHidingValue: FALSE systemFlags: 16 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) -objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=Class-Schema,${SCHEMADN} schemaIDGUID: bf967a9c-0de6-11d0-a285-00aa003049e2 -dn: CN=Aggregate,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=Aggregate,${SCHEMADN} objectClass: top objectClass: subSchema cn: Aggregate instanceType: 4 name: Aggregate -objectCategory: CN=SubSchema,CN=Schema,CN=Configuration,${BASEDN} +objectCategory: CN=SubSchema,${SCHEMADN} objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) objectClasses: ( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY ( msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzApplicationVersion $ msDS-AzClassId $ msDS-AzApplicationName $ description ) ) diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 383ebb0edb..d0519ddde0 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -9,7 +9,7 @@ # -dn: cn=ntpwdHash,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=ntpwdHash,${SCHEMADN} cn: ntpwdHash name: NTPWDHash objectClass: top @@ -24,7 +24,7 @@ attributeID: 1.3.6.1.4.1.7165.4.1.1 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: cn=lmpwdHash,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=lmpwdHash,${SCHEMADN} cn: lmpwdHash name: lmpwdHash objectClass: top @@ -39,7 +39,7 @@ attributeID: 1.3.6.1.4.1.7165.4.1.2 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: cn=sambaNtPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=sambaNtPwdHistory,${SCHEMADN} cn: sambaNtPwdHistory name: sambaNtPwdHistory objectClass: top @@ -54,7 +54,7 @@ attributeID: 1.3.6.1.4.1.7165.4.1.3 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: cn=sambaLmPwdHistory,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=sambaLmPwdHistory,${SCHEMADN} cn: sambaLmPwdHistory name: sambaLmPwdHistory objectClass: top @@ -69,7 +69,7 @@ attributeID: 1.3.6.1.4.1.7165.4.1.4 attributeSyntax: 2.5.5.10 oMSyntax: 4 -dn: cn=sambaPassword,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=sambaPassword,${SCHEMADN} cn: sambaPassword name: sambaPassword objectClass: top @@ -84,7 +84,7 @@ attributeID: 1.3.6.1.4.1.7165.4.1.5 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: cn=dnsDomain,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=dnsDomain,${SCHEMADN} cn: dnsDomain name: dnsDomain objectClass: top @@ -99,7 +99,7 @@ attributeID: 1.3.6.1.4.1.7165.4.1.6 attributeSyntax: 2.5.5.4 oMSyntax: 20 -dn: cn=privilege,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=privilege,${SCHEMADN} cn: privilege name: privilege objectClass: top @@ -115,7 +115,7 @@ attributeSyntax: 2.5.5.4 oMSyntax: 20 -dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN} +dn: CN=unixName,${SCHEMADN} cn: unixName name: unixName objectClass: top @@ -130,7 +130,7 @@ attributeID: 1.3.6.1.4.1.7165.4.1.9 attributeSyntax: 2.5.5.4 oMSyntax: 20 -dn: cn=krb5Key,CN=Schema,CN=Configuration,${BASEDN} +dn: cn=krb5Key,${SCHEMADN} cn: krb5Key name: krb5Key objectClass: top -- cgit From 2c266fb217f7eccb45cebc95857ed968445c5742 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 16:19:00 +0000 Subject: r20554: - use ${ROOTDN} for the rootDomainNamingContext - the ${CONFIGDN} is a child of the ${ROOTDN} metze (This used to be commit ebbd8a83c982efdc58e53798d1fd191f08731005) --- source4/setup/provision_init.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 92fc17822f..5f57651f16 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -47,7 +47,7 @@ dn: cn=ROOTDSE subschemaSubentry: CN=Aggregate,${SCHEMADN} dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} defaultNamingContext: ${BASEDN} -rootDomainNamingContext: ${BASEDN} +rootDomainNamingContext: ${ROOTDN} configurationNamingContext: ${CONFIGDN} schemaNamingContext: ${SCHEMADN} supportedLDAPVersion: 3 -- cgit From 8f0a0ebcb380acf57d418a6598c75e42b0bf24dc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 17:40:43 +0000 Subject: r20557: use ${DOMAINDN} instead of ${BASEDN} metze (This used to be commit 2a6e6a2695b256411c91768c7bee748228e40e6f) --- source4/setup/provision.ldif | 16 ++--- source4/setup/provision_basedn.ldif | 2 +- source4/setup/provision_basedn_modify.ldif | 4 +- source4/setup/provision_computers_add.ldif | 2 +- source4/setup/provision_computers_modify.ldif | 2 +- source4/setup/provision_configuration.ldif | 4 +- source4/setup/provision_init.ldif | 2 +- source4/setup/provision_partitions.ldif | 4 +- source4/setup/provision_users.ldif | 92 +++++++++++++-------------- source4/setup/provision_users_add.ldif | 2 +- source4/setup/provision_users_modify.ldif | 2 +- 11 files changed, 66 insertions(+), 66 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 652770c813..71a4f44ba7 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,4 +1,4 @@ -dn: CN=Domain Controllers,${BASEDN} +dn: CN=Domain Controllers,${DOMAINDN} objectClass: top objectClass: container cn: Domain Controllers @@ -9,7 +9,7 @@ systemFlags: 2348810240 objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=ForeignSecurityPrincipals,${BASEDN} +dn: CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: container cn: ForeignSecurityPrincipals @@ -20,7 +20,7 @@ systemFlags: 2348810240 objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=System,${BASEDN} +dn: CN=System,${DOMAINDN} objectClass: top objectClass: container cn: System @@ -31,7 +31,7 @@ systemFlags: 2348810240 objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=RID Manager$,CN=System,${BASEDN} +dn: CN=RID Manager$,CN=System,${DOMAINDN} objectclass: top objectclass: rIDManager cn: RID Manager$ @@ -43,7 +43,7 @@ isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} rIDAvailablePool: 4611686014132423217 -dn: CN=DomainUpdates,CN=System,${BASEDN} +dn: CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: DomainUpdates @@ -51,7 +51,7 @@ instanceType: 4 showInAdvancedViewOnly: TRUE objectCategory: CN=Container,${SCHEMADN} -dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN} +dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: Windows2003Update @@ -60,7 +60,7 @@ showInAdvancedViewOnly: TRUE objectCategory: CN=Container,${SCHEMADN} revision: 8 -dn: CN=Infrastructure,${BASEDN} +dn: CN=Infrastructure,${DOMAINDN} objectclass: top objectclass: infrastructureUpdate cn: Infrastructure @@ -71,7 +71,7 @@ objectCategory: CN=Infrastructure-Update,${SCHEMADN} isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -dn: CN=Builtin,${BASEDN} +dn: CN=Builtin,${DOMAINDN} objectClass: top objectClass: builtinDomain cn: Builtin diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index e8cf8005f3..234c1f9e8f 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -1,7 +1,7 @@ ################################ ## Domain Naming Context ################################ -dn: ${BASEDN} +dn: ${DOMAINDN} objectClass: top objectClass: domain objectClass: domainDNS diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 189c3161d9..c0595a9be5 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -1,7 +1,7 @@ ############################### # Domain Naming Context ############################### -dn: ${BASEDN} +dn: ${DOMAINDN} changetype: modify replace: dnsDomain dnsDomain: ${DNSDOMAIN} @@ -58,7 +58,7 @@ replace: msDS-Behavior-Version msDS-Behavior-Version: 0 - replace: ridManagerReference -ridManagerReference: CN=RID Manager$,CN=System,${BASEDN} +ridManagerReference: CN=RID Manager$,CN=System,${DOMAINDN} - replace: uASCompat uASCompat: 1 diff --git a/source4/setup/provision_computers_add.ldif b/source4/setup/provision_computers_add.ldif index c89742fe3f..6db3f41524 100644 --- a/source4/setup/provision_computers_add.ldif +++ b/source4/setup/provision_computers_add.ldif @@ -1,3 +1,3 @@ -dn: CN=Computers,${BASEDN} +dn: CN=Computers,${DOMAINDN} objectClass: top objectClass: container diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif index aab32e8665..9f0c1884ea 100644 --- a/source4/setup/provision_computers_modify.ldif +++ b/source4/setup/provision_computers_modify.ldif @@ -1,4 +1,4 @@ -dn: CN=Computers,${BASEDN} +dn: CN=Computers,${DOMAINDN} changetype: modify replace: description description: Default container for upgraded computer accounts diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index b6eaa30529..902d717fb6 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -53,7 +53,7 @@ instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 3 objectCategory: CN=Cross-Ref,${SCHEMADN} -nCName: ${BASEDN} +nCName: ${DOMAINDN} nETBIOSName: ${DOMAIN} dnsRoot: ${DNSDOMAIN} @@ -93,7 +93,7 @@ showInAdvancedViewOnly: TRUE systemFlags: 1375731712 objectCategory: CN=Server,${SCHEMADN} dNSHostName: ${DNSNAME} -serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} +serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 5f57651f16..bea45ce4ee 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -46,7 +46,7 @@ passwordAttribute: krb5key dn: cn=ROOTDSE subschemaSubentry: CN=Aggregate,${SCHEMADN} dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -defaultNamingContext: ${BASEDN} +defaultNamingContext: ${DOMAINDN} rootDomainNamingContext: ${ROOTDN} configurationNamingContext: ${CONFIGDN} schemaNamingContext: ${SCHEMADN} diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index 9acc140683..b713e4e31d 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -1,13 +1,13 @@ dn: @PARTITION partition: ${SCHEMADN}:schema.ldb partition: ${CONFIGDN}:configuration.ldb -partition: ${BASEDN}:${LDAPBACKEND} +partition: ${DOMAINDN}:${LDAPBACKEND} replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST modules:${SCHEMADN}:objectguid modules:${CONFIGDN}:objectguid -modules:${BASEDN}:${LDAPMODULES} +modules:${DOMAINDN}:${LDAPMODULES} #Add modules to the list to activate them by default #beware often order is important diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index f5a445b4b5..d00570b121 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -1,12 +1,12 @@ -dn: CN=Administrator,CN=Users,${BASEDN} +dn: CN=Administrator,CN=Users,${DOMAINDN} objectClass: user cn: Administrator description: Built-in account for administering the computer/domain -memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN} -memberOf: CN=Domain Admins,CN=Users,${BASEDN} -memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} -memberOf: CN=Schema Admins,CN=Users,${BASEDN} -memberOf: CN=Administrators,CN=Builtin,${BASEDN} +memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} +memberOf: CN=Domain Admins,CN=Users,${DOMAINDN} +memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN} +memberOf: CN=Schema Admins,CN=Users,${DOMAINDN} +memberOf: CN=Administrators,CN=Builtin,${DOMAINDN} userAccountControl: 66048 objectSid: ${DOMAINSID}-500 adminCount: 1 @@ -15,25 +15,25 @@ sAMAccountName: Administrator isCriticalSystemObject: TRUE sambaPassword: ${ADMINPASS} -dn: CN=Guest,CN=Users,${BASEDN} +dn: CN=Guest,CN=Users,${DOMAINDN} objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain -memberOf: CN=Guests,CN=Builtin,${BASEDN} +memberOf: CN=Guests,CN=Builtin,${DOMAINDN} userAccountControl: 66082 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 sAMAccountName: Guest isCriticalSystemObject: TRUE -dn: CN=Administrators,CN=Builtin,${BASEDN} +dn: CN=Administrators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Administrators description: Administrators have complete and unrestricted access to the computer/domain -member: CN=Domain Admins,CN=Users,${BASEDN} -member: CN=Enterprise Admins,CN=Users,${BASEDN} -member: CN=Administrator,CN=Users,${BASEDN} +member: CN=Domain Admins,CN=Users,${DOMAINDN} +member: CN=Enterprise Admins,CN=Users,${DOMAINDN} +member: CN=Administrator,CN=Users,${DOMAINDN} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators @@ -68,7 +68,7 @@ privilege: SeNetworkLogonRight privilege: SeRemoteInteractiveLogonRight -dn: CN=${NETBIOSNAME},CN=Domain Controllers,${BASEDN} +dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} objectClass: computer cn: ${NETBIOSNAME} userAccountControl: 532480 @@ -90,12 +90,12 @@ servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} ${HOSTGUID_ADD} -dn: CN=Users,CN=Builtin,${BASEDN} +dn: CN=Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Users description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications -member: CN=Domain Users,CN=Users,${BASEDN} +member: CN=Domain Users,CN=Users,${DOMAINDN} objectSid: S-1-5-32-545 sAMAccountName: Users sAMAccountType: 536870912 @@ -104,13 +104,13 @@ groupType: 2147483653 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Guests,CN=Builtin,${BASEDN} +dn: CN=Guests,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Guests description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted -member: CN=Domain Guests,CN=Users,${BASEDN} -member: CN=Guest,CN=Users,${BASEDN} +member: CN=Domain Guests,CN=Users,${DOMAINDN} +member: CN=Guest,CN=Users,${DOMAINDN} objectSid: S-1-5-32-546 sAMAccountName: Guests sAMAccountType: 536870912 @@ -119,7 +119,7 @@ groupType: 2147483653 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Print Operators,CN=Builtin,${BASEDN} +dn: CN=Print Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Print Operators @@ -136,7 +136,7 @@ privilege: SeLoadDriverPrivilege privilege: SeShutdownPrivilege privilege: SeInteractiveLogonRight -dn: CN=Backup Operators,CN=Builtin,${BASEDN} +dn: CN=Backup Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Backup Operators @@ -154,7 +154,7 @@ privilege: SeRestorePrivilege privilege: SeShutdownPrivilege privilege: SeInteractiveLogonRight -dn: CN=Replicator,CN=Builtin,${BASEDN} +dn: CN=Replicator,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Replicator @@ -168,7 +168,7 @@ groupType: 2147483653 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN} +dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Remote Desktop Users @@ -181,7 +181,7 @@ groupType: 2147483653 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN} +dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Network Configuration Operators @@ -194,7 +194,7 @@ groupType: 2147483653 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN} +dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Performance Monitor Users @@ -207,7 +207,7 @@ groupType: 2147483653 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Performance Log Users,CN=Builtin,${BASEDN} +dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Performance Log Users @@ -220,7 +220,7 @@ groupType: 2147483653 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=krbtgt,CN=Users,${BASEDN} +dn: CN=krbtgt,CN=Users,${DOMAINDN} objectClass: top objectClass: person objectClass: organizationalPerson @@ -238,7 +238,7 @@ servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE sambaPassword: ${KRBTGTPASS} -dn: CN=Domain Computers,CN=Users,${BASEDN} +dn: CN=Domain Computers,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Domain Computers @@ -248,7 +248,7 @@ sAMAccountName: Domain Computers objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Domain Controllers,CN=Users,${BASEDN} +dn: CN=Domain Controllers,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Domain Controllers @@ -258,30 +258,30 @@ adminCount: 1 sAMAccountName: Domain Controllers isCriticalSystemObject: TRUE -dn: CN=Schema Admins,CN=Users,${BASEDN} +dn: CN=Schema Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Schema Admins description: Designated administrators of the schema -member: CN=Administrator,CN=Users,${BASEDN} +member: CN=Administrator,CN=Users,${DOMAINDN} objectSid: ${DOMAINSID}-518 adminCount: 1 sAMAccountName: Schema Admins isCriticalSystemObject: TRUE -dn: CN=Enterprise Admins,CN=Users,${BASEDN} +dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Enterprise Admins description: Designated administrators of the enterprise -member: CN=Administrator,CN=Users,${BASEDN} -memberOf: CN=Administrators,CN=Builtin,${BASEDN} +member: CN=Administrator,CN=Users,${DOMAINDN} +memberOf: CN=Administrators,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins isCriticalSystemObject: TRUE -dn: CN=Cert Publishers,CN=Users,${BASEDN} +dn: CN=Cert Publishers,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Cert Publishers @@ -293,50 +293,50 @@ sAMAccountName: Cert Publishers objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Domain Admins,CN=Users,${BASEDN} +dn: CN=Domain Admins,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Domain Admins description: Designated administrators of the domain -member: CN=Administrator,CN=Users,${BASEDN} -memberOf: CN=Administrators,CN=Builtin,${BASEDN} +member: CN=Administrator,CN=Users,${DOMAINDN} +memberOf: CN=Administrators,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins isCriticalSystemObject: TRUE -dn: CN=Domain Users,CN=Users,${BASEDN} +dn: CN=Domain Users,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Domain Users description: All domain users -memberOf: CN=Users,CN=Builtin,${BASEDN} +memberOf: CN=Users,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users isCriticalSystemObject: TRUE -dn: CN=Domain Guests,CN=Users,${BASEDN} +dn: CN=Domain Guests,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Domain Guests description: All domain guests -memberOf: CN=Guests,CN=Builtin,${BASEDN} +memberOf: CN=Guests,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests isCriticalSystemObject: TRUE -dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN} +dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: Group Policy Creator Owners description: Members in this group can modify group policy for the domain -member: CN=Administrator,CN=Users,${BASEDN} +member: CN=Administrator,CN=Users,${DOMAINDN} objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=RAS and IAS Servers,CN=Users,${BASEDN} +dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} objectClass: top objectClass: group cn: RAS and IAS Servers @@ -349,7 +349,7 @@ groupType: 2147483652 objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN=Server Operators,CN=Builtin,${BASEDN} +dn: CN=Server Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Server Operators @@ -370,7 +370,7 @@ privilege: SeRestorePrivilege privilege: SeShutdownPrivilege privilege: SeInteractiveLogonRight -dn: CN=Account Operators,CN=Builtin,${BASEDN} +dn: CN=Account Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group cn: Account Operators diff --git a/source4/setup/provision_users_add.ldif b/source4/setup/provision_users_add.ldif index 56a2623cfc..db075d9c80 100644 --- a/source4/setup/provision_users_add.ldif +++ b/source4/setup/provision_users_add.ldif @@ -1,3 +1,3 @@ -dn: CN=Users,${BASEDN} +dn: CN=Users,${DOMAINDN} objectClass: top objectClass: container diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif index 5766d672f7..04ff57368e 100644 --- a/source4/setup/provision_users_modify.ldif +++ b/source4/setup/provision_users_modify.ldif @@ -1,4 +1,4 @@ -dn: CN=Users,${BASEDN} +dn: CN=Users,${DOMAINDN} changetype: modify replace: description description: Default container for upgraded user accounts -- cgit From 8a2636af4ac675ca427d5e1999672141a560e3c2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 20:10:38 +0000 Subject: r20560: make it possible to configure the backend and modules for all partitions and make it not use LDAP in the variable names because it isn't specific to the ldap backend case. metze (This used to be commit 3e337ec2764038e4ff05c3e926220abaa5583702) --- source4/setup/provision | 18 ++++++++++++------ source4/setup/provision_partitions.ldif | 12 ++++++------ 2 files changed, 18 insertions(+), 12 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 8f1d422f51..dcc92b924f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -113,18 +113,24 @@ for (r in options) { var key = strupper(join("", split("-", r))); subobj[key] = options[r]; } + +var blank = (options["blank"] != undefined); +var ldapbase = (options["ldap-base"] != undefined); +var ldapbackend = (options["ldap-backend"] != undefined); +var ldapmodule = (options["ldap-module"] != undefined); + if (options["aci"] != undefined) { println("set ACI: " + subobj["ACI"]); } -if (options["ldap-backend"] != undefined) { - subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches"; +if (ldapbackend) { + if (!ldapmodule) { + subobj["LDAPMODULE"] = "objectUUID"; + } + subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"]; + subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; } -var blank = (options["blank"] != undefined); -var ldapbase = (options["ldap-base"] != undefined); -var ldapbackend = (options["ldap-backend"] != undefined); - if (!provision_validate(subobj, message)) { return -1; } diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index b713e4e31d..3988c16610 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -1,13 +1,13 @@ dn: @PARTITION -partition: ${SCHEMADN}:schema.ldb -partition: ${CONFIGDN}:configuration.ldb -partition: ${DOMAINDN}:${LDAPBACKEND} +partition: ${SCHEMADN}:${SCHEMADN_LDB} +partition: ${CONFIGDN}:${CONFIGDN_LDB} +partition: ${DOMAINDN}:${DOMAINDN_LDB} replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST -modules:${SCHEMADN}:objectguid -modules:${CONFIGDN}:objectguid -modules:${DOMAINDN}:${LDAPMODULES} +modules:${SCHEMADN}:${SCHEMADN_MOD} +modules:${CONFIGDN}:${CONFIGDN_MOD} +modules:${DOMAINDN}:${DOMAINDN_MOD} #Add modules to the list to activate them by default #beware often order is important -- cgit From 7d461ed48197af138e3959a17757936df9c9ce56 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 20:31:24 +0000 Subject: r20565: configure the list of global ldb modules also in js code metze (This used to be commit cbebe559a2563a3ab9dd2e002c79676a803b71a4) --- source4/setup/provision_partitions.ldif | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index 3988c16610..3800918bc1 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -9,13 +9,5 @@ modules:${SCHEMADN}:${SCHEMADN_MOD} modules:${CONFIGDN}:${CONFIGDN_MOD} modules:${DOMAINDN}:${DOMAINDN_MOD} -#Add modules to the list to activate them by default -#beware often order is important -# -# Some Known ordering constraints: -# - rootdse must be first, as it makes redirects from "" -> cn=rootdse -# - samldb must be before password_hash, because password_hash checks that the objectclass is of type person (filled in by samldb) -# - partition must be last - dn: @MODULES -@LIST: rootdse,kludge_acl,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectclass,rdn_name,partition +@LIST: ${MODULES_LIST} -- cgit From d0e221c4e097b53184ad4a877a1d062eaa10390c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Jan 2007 20:58:21 +0000 Subject: r20568: split out the rootdse ldif and set the isSyncronized = TRUE when we done metze (This used to be commit 5875ce1ac6ff694d07787ff0cf81b3429580311b) --- source4/setup/provision_init.ldif | 20 -------------------- source4/setup/provision_rootdse_add.ldif | 18 ++++++++++++++++++ source4/setup/provision_rootdse_modify.ldif | 5 +++++ 3 files changed, 23 insertions(+), 20 deletions(-) create mode 100644 source4/setup/provision_rootdse_add.ldif create mode 100644 source4/setup/provision_rootdse_modify.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index bea45ce4ee..1e2f660789 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -41,23 +41,3 @@ passwordAttribute: sambaNTPwdHistory passwordAttribute: lmPwdHash passwordAttribute: sambaLMPwdHistory passwordAttribute: krb5key - -# the rootDSE module looks in this record for its base data -dn: cn=ROOTDSE -subschemaSubentry: CN=Aggregate,${SCHEMADN} -dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -defaultNamingContext: ${DOMAINDN} -rootDomainNamingContext: ${ROOTDN} -configurationNamingContext: ${CONFIGDN} -schemaNamingContext: ${SCHEMADN} -supportedLDAPVersion: 3 -dnsHostName: ${DNSNAME} -ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} -serverName: CN=${NETBIOSNAME},CN=Servers,${DEFAULTSITE},CN=Sites,${CONFIGDN} -domainFunctionality: 0 -forestFunctionality: 0 -domainControllerFunctionality: 2 -isSynchronized: TRUE -vendorName: Samba Team (http://samba.org) -vendorVersion: ${VERSION} - diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif new file mode 100644 index 0000000000..53fdf3c761 --- /dev/null +++ b/source4/setup/provision_rootdse_add.ldif @@ -0,0 +1,18 @@ +# the rootDSE module looks in this record for its base data +dn: cn=ROOTDSE +subschemaSubentry: CN=Aggregate,${SCHEMADN} +dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +defaultNamingContext: ${DOMAINDN} +rootDomainNamingContext: ${ROOTDN} +configurationNamingContext: ${CONFIGDN} +schemaNamingContext: ${SCHEMADN} +supportedLDAPVersion: 3 +dnsHostName: ${DNSNAME} +ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} +serverName: CN=${NETBIOSNAME},CN=Servers,${DEFAULTSITE},CN=Sites,${CONFIGDN} +domainFunctionality: 0 +forestFunctionality: 0 +domainControllerFunctionality: 2 +isSynchronized: FALSE +vendorName: Samba Team (http://samba.org) +vendorVersion: ${VERSION} diff --git a/source4/setup/provision_rootdse_modify.ldif b/source4/setup/provision_rootdse_modify.ldif new file mode 100644 index 0000000000..5ccda79b7a --- /dev/null +++ b/source4/setup/provision_rootdse_modify.ldif @@ -0,0 +1,5 @@ +# mark the database as syncronized +dn: cn=ROOTDSE +changetype: modify +replace: isSynchronized +isSynchronized: TRUE -- cgit From 13881fa128d1e48b947512159271aae3f51b3572 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 6 Jan 2007 01:09:16 +0000 Subject: r20577: - allocate an OID range for samba4 LDB/LDAP Controls - allocate an OID for LDB Control that hold meta data when applying replicated objects metze (This used to be commit 2660c5ab211f353324452694b4bd5fd8bd17745b) --- source4/setup/schema_samba4.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index d0519ddde0..547ff3cb76 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -4,6 +4,7 @@ ## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema ## 1.3.6.1.4.1.7165.4.1.x - attributetypes ## 1.3.6.1.4.1.7165.4.2.x - objectclasses +## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track # # @@ -145,6 +146,7 @@ attributeID: 1.3.6.1.4.1.5322.10.1.10 attributeSyntax: 2.5.5.10 oMSyntax: 4 +#Allocated: DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 -- cgit From 15d9b63caff5e92d9489b0b083715f98faecb2a5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 6 Jan 2007 10:14:15 +0000 Subject: r20586: - allocate an OID range for LDB/LDAP extended operations - allocate an OID for DSDB_EXTENDED_REPLICATED_OBJECTS_OID which will replace the DSDB_CONTROL_REPLICATED_OBJECT_OID soon metze (This used to be commit 6397f014482172573facd3d87d1f9eec1b320ac5) --- source4/setup/schema_samba4.ldif | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 547ff3cb76..217680b369 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -5,6 +5,7 @@ ## 1.3.6.1.4.1.7165.4.1.x - attributetypes ## 1.3.6.1.4.1.7165.4.2.x - objectclasses ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls +## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track # # @@ -148,6 +149,8 @@ oMSyntax: 4 #Allocated: DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1 +#Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 + #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 #Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2 -- cgit From 05533e23f97dd7f4e99db27afd94e9a0dee33bb3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 11 Jan 2007 09:35:26 +0000 Subject: r20678: add index for objectGUID metze (This used to be commit e967b370173e1ae86632132851ab33d92c221291) --- source4/setup/provision_index.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_index.ldif b/source4/setup/provision_index.ldif index 2dd2e7d60f..7c055f53aa 100644 --- a/source4/setup/provision_index.ldif +++ b/source4/setup/provision_index.ldif @@ -13,4 +13,4 @@ dn: @INDEXLIST @IDXATTR: subClassOf @IDXATTR: dnsRoot @IDXATTR: nETBIOSName - +@IDXATTR: objectGUID -- cgit From 82b4069171fdc5a6b8058161546786aec52913ca Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 13 Jan 2007 11:24:39 +0000 Subject: r20728: the DSDB_CONTROL_REPLICATED_OBJECT_OID control isn't used anymore because we now use DSDB_EXTENDED_REPLICATED_OBJECTS_OID extended operation metze (This used to be commit 4380cc9ed6ac2e6c133b5a36f922b341474a8e7e) --- source4/setup/schema_samba4.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 217680b369..cf991414ba 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -147,7 +147,7 @@ attributeID: 1.3.6.1.4.1.5322.10.1.10 attributeSyntax: 2.5.5.10 oMSyntax: 4 -#Allocated: DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1 +#Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 -- cgit From 03d2647bd002aff10e463ad45e26bce8148e1b49 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 15 Jan 2007 13:54:21 +0000 Subject: r20805: don't use hardcoded values for secrects.keytab and sam.ldb metze (This used to be commit c78e345feaef607b9297372aacb00ec068127785) --- source4/setup/secrets.ldif | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 6254ef3b0c..1617cfb9bf 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -36,7 +36,7 @@ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} -privateKeytab: secrets.keytab +privateKeytab: ${SECRETS_KEYTAB} # A hook from our credentials system into HDB, as we must be on a KDC, # we can look directly into the database. @@ -51,5 +51,5 @@ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:sam.ldb: +krb5Keytab: HDB:ldb:${SAM_LDB}: #The trailing : here is a HACK, but it matches the Heimdal format. -- cgit From 21206f36c6f59fe5f31ecf531013ae8fee60ea63 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 16 Jan 2007 10:57:55 +0000 Subject: r20826: make the dsdb_control_current_partition struct public and allocate an oid for the control metze (This used to be commit 684eee52e8812f6d104d8706ab059643ff4faa46) --- source4/setup/schema_samba4.ldif | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index cf991414ba..841604318a 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -149,6 +149,8 @@ oMSyntax: 4 #Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1 +#Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2 + #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 -- cgit From 5e2f0275e87948d4be79cd935ce3cad6df130893 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 17 Jan 2007 18:41:16 +0000 Subject: r20859: fix typo metze (This used to be commit ba6ee1a098381683223d7efaafb04582a47ea871) --- source4/setup/provision | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index dcc92b924f..0c3aea5f72 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -125,7 +125,7 @@ if (options["aci"] != undefined) { if (ldapbackend) { if (!ldapmodule) { - subobj["LDAPMODULE"] = "objectUUID"; + subobj["LDAPMODULE"] = "entryUUID"; } subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"]; subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; -- cgit From 9de1b173b48ef0d4d6d8b3e010d291edcbac47ed Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 Jan 2007 18:56:44 +0000 Subject: r20956: cn and instanceType are autogenerated values, later we need to remove them from all ldif files, but for now only the ones used by the NET-API-BECOME-DC test metze (This used to be commit 7510b9ca4a79c12c31abcf4a64b5eaba2f6c2fe9) --- source4/setup/provision_templates.ldif | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 467ba2922a..6e264be9d6 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -1,9 +1,7 @@ dn: CN=Templates objectClass: top objectClass: container -cn: Templates description: Container for SAM account templates -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 objectCategory: CN=Container,${SCHEMADN} @@ -20,8 +18,6 @@ objectClass: person objectClass: organizationalPerson objectClass: Template objectClass: userTemplate -cn: TemplateUser -instanceType: 4 userAccountControl: 514 badPwdCount: 0 codePage: 0 @@ -42,8 +38,6 @@ objectClass: person objectClass: organizationalPerson objectClass: Template objectClass: userTemplate -cn: TemplateComputer -instanceType: 4 userAccountControl: 4098 badPwdCount: 0 codePage: 0 @@ -62,8 +56,6 @@ dn: CN=TemplateTrustingDomain,CN=Templates objectClass: top objectClass: Template objectClass: userTemplate -cn: TemplateTrustingDomain -instanceType: 4 userAccountControl: 2080 badPwdCount: 0 codePage: 0 @@ -80,8 +72,6 @@ dn: CN=TemplateGroup,CN=Templates objectClass: top objectClass: Template objectClass: groupTemplate -cn: TemplateGroup -instanceType: 4 groupType: -2147483646 sAMAccountType: 268435456 objectCategory: CN=Group,${SCHEMADN} @@ -101,8 +91,6 @@ dn: CN=TemplateForeignSecurityPrincipal,CN=Templates objectClass: top objectClass: Template objectClass: foreignSecurityPrincipalTemplate -cn: TemplateForeignSecurityPrincipal -instanceType: 4 showInAdvancedViewOnly: TRUE objectCategory: CN=Foreign-Security-Principal,${SCHEMADN} @@ -111,14 +99,10 @@ objectClass: top objectClass: leaf objectClass: Template objectClass: secretTemplate -cn: TemplateSecret -instanceType: 4 dn: CN=TemplateTrustedDomain,CN=Templates objectClass: top objectClass: leaf objectClass: Template objectClass: trustedDomainTemplate -cn: TemplateTrustedDomain -instanceType: 4 -- cgit From 744dddd75be73e4e883241b808b37a12a7a39ac1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 4 Feb 2007 07:17:03 +0000 Subject: r21135: Instead of having hooks to update keytabs as an explicit thing, update them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54) --- source4/setup/secrets.ldif | 15 --------------- source4/setup/secrets_init.ldif | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 source4/setup/secrets_init.ldif (limited to 'source4/setup') diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 1617cfb9bf..ef5cb695d0 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -1,18 +1,3 @@ -dn: @INDEXLIST -@IDXATTR: cn -@IDXATTR: flatname -@IDXATTR: realm - -dn: @ATTRIBUTES -realm: CASE_INSENSITIVE -flatname: CASE_INSENSITIVE -sAMAccountName: CASE_INSENSITIVE - -#Add modules to the list to activate them by default -#beware often order is important -dn: @MODULES -@LIST: operational - dn: CN=LSA Secrets objectClass: top objectClass: container diff --git a/source4/setup/secrets_init.ldif b/source4/setup/secrets_init.ldif new file mode 100644 index 0000000000..9eda47e463 --- /dev/null +++ b/source4/setup/secrets_init.ldif @@ -0,0 +1,15 @@ +dn: @INDEXLIST +@IDXATTR: cn +@IDXATTR: flatname +@IDXATTR: realm + +dn: @ATTRIBUTES +realm: CASE_INSENSITIVE +flatname: CASE_INSENSITIVE +sAMAccountName: CASE_INSENSITIVE + +#Add modules to the list to activate them by default +#beware often order is important +dn: @MODULES +@LIST: update_keytab,operational,objectguid + -- cgit From 43014e70c3eae8a333620111210c667e8eaf618f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 12 Feb 2007 12:13:00 +0000 Subject: r21298: protect windows password attributes too metze (This used to be commit 5c779b3767b47c140fc658fb9aed0ebfd5d956f0) --- source4/setup/provision_init.ldif | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 1e2f660789..12d71f9080 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -41,3 +41,14 @@ passwordAttribute: sambaNTPwdHistory passwordAttribute: lmPwdHash passwordAttribute: sambaLMPwdHistory passwordAttribute: krb5key +passwordAttribute: dBCSPwd +passwordAttribute: unicodePwd +passwordAttribute: ntPwdHistory +passwordAttribute: lmPwdHistory +passwordAttribute: supplementalCredentials +passwordAttribute: priorValue +passwordAttribute: currentValue +passwordAttribute: trustAuthOutgoing +passwordAttribute: trustAuthIncoming +passwordAttribute: initialAuthOutgoing +passwordAttribute: initialAuthIncoming -- cgit From 7ca399c0755e186508a4ed9796cbbbe6f50181e9 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 14 Feb 2007 21:55:29 +0000 Subject: r21351: Change ldb ejs bindings return codes. We were returning just true/false and discarding error number and string. This checking probably breaks swat, will fix it in next round as swat is what made me look into this as I had no way to get back error messages to show to the users. Simo. (This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261) --- source4/setup/setpassword | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/setpassword b/source4/setup/setpassword index c3357a3cdd..618e304077 100644 --- a/source4/setup/setpassword +++ b/source4/setup/setpassword @@ -78,21 +78,22 @@ if (options['newpassword'] == undefined) { var attrs = new Array("defaultNamingContext"); var attrs2 = new Array("cn"); res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs); -assert(res.length == 1 && res[0].defaultNamingContext != undefined); -var domain_dn = res[0].defaultNamingContext; +assert(res.error == 0); +assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined); +var domain_dn = res.msgs[0].defaultNamingContext; assert(domain_dn != undefined); if (options['filter'] != undefined) { var res = ldb.search(options['filter'], domain_dn, ldb.SCOPE_SUBTREE, attrs2); - if (res.length != 1) { + if (res.error != 0 || res.msgs.length != 1) { message("Failed to find record for filter %s\n", options['filter']); exit(1); } } else { var res = ldb.search(sprintf("samAccountName=%s", options['username']), domain_dn, ldb.SCOPE_SUBTREE, attrs2); - if (res.length != 1) { + if (res.error != 0 || res.msgs.length != 1) { message("Failed to find record for user %s\n", options['username']); exit(1); } @@ -106,9 +107,9 @@ sambaPassword: %s ", res[0].dn, options['newpassword']); var ok = ldb.modify(mod); -if (!ok) { +if (ok.error != 0) { message("set password for %s failed - %s\n", - res[0].dn, ldb.errstring()); + res[0].dn, ok.errstr); ldb.transaction_cancel(); exit(1); } else { -- cgit From 760f438553d26488c529ef8c13aa7035b6f11dca Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 18 Feb 2007 22:15:50 +0000 Subject: r21435: ntPwdHash,lmPwdHash,sambaNTPwdHistory,sambaLMPwdHistory and krb5Key are not used anymore metze (This used to be commit 9e91bd64492c45ee333f5e797d4d492378600356) --- source4/setup/schema_samba4.ldif | 161 +++++++++++++++++++++------------------ 1 file changed, 88 insertions(+), 73 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 841604318a..f35346f716 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -11,65 +11,77 @@ # -dn: cn=ntpwdHash,${SCHEMADN} -cn: ntpwdHash -name: NTPWDHash -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: ntpwdhash -isSingleValued: TRUE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592 -adminDisplayName: NT-PWD-Hash -attributeID: 1.3.6.1.4.1.7165.4.1.1 -attributeSyntax: 2.5.5.10 -oMSyntax: 4 - -dn: cn=lmpwdHash,${SCHEMADN} -cn: lmpwdHash -name: lmpwdHash -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: lmpwdhash -isSingleValued: TRUE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253 -adminDisplayName: LM-PWD-Hash -attributeID: 1.3.6.1.4.1.7165.4.1.2 -attributeSyntax: 2.5.5.10 -oMSyntax: 4 - -dn: cn=sambaNtPwdHistory,${SCHEMADN} -cn: sambaNtPwdHistory -name: sambaNtPwdHistory -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: sambaNtPwdHistory -isSingleValued: TRUE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B -adminDisplayName: SAMBA-NT-PWD-History -attributeID: 1.3.6.1.4.1.7165.4.1.3 -attributeSyntax: 2.5.5.10 -oMSyntax: 4 - -dn: cn=sambaLmPwdHistory,${SCHEMADN} -cn: sambaLmPwdHistory -name: sambaLmPwdHistory -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: sambaLmPwdHistory -isSingleValued: FALSE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 -adminDisplayName: SAMBA-LM-PWDHistory -attributeID: 1.3.6.1.4.1.7165.4.1.4 -attributeSyntax: 2.5.5.10 -oMSyntax: 4 +# +# Not used anymore +# +#dn: cn=ntpwdHash,${SCHEMADN} +#cn: ntpwdHash +#name: NTPWDHash +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: ntpwdhash +#isSingleValued: TRUE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592 +#adminDisplayName: NT-PWD-Hash +#attributeID: 1.3.6.1.4.1.7165.4.1.1 +#attributeSyntax: 2.5.5.10 +#oMSyntax: 4 + +# +# Not used anymore +# +#dn: cn=lmpwdHash,${SCHEMADN} +#cn: lmpwdHash +#name: lmpwdHash +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: lmpwdhash +#isSingleValued: TRUE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253 +#adminDisplayName: LM-PWD-Hash +#attributeID: 1.3.6.1.4.1.7165.4.1.2 +#attributeSyntax: 2.5.5.10 +#oMSyntax: 4 + +# +# Not used anymore +# +#dn: cn=sambaNtPwdHistory,${SCHEMADN} +#cn: sambaNtPwdHistory +#name: sambaNtPwdHistory +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: sambaNtPwdHistory +#isSingleValued: TRUE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B +#adminDisplayName: SAMBA-NT-PWD-History +#attributeID: 1.3.6.1.4.1.7165.4.1.3 +#attributeSyntax: 2.5.5.10 +#oMSyntax: 4 + +# +# Not used anymore +# +#dn: cn=sambaLmPwdHistory,${SCHEMADN} +#cn: sambaLmPwdHistory +#name: sambaLmPwdHistory +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: sambaLmPwdHistory +#isSingleValued: FALSE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +#adminDisplayName: SAMBA-LM-PWDHistory +#attributeID: 1.3.6.1.4.1.7165.4.1.4 +#attributeSyntax: 2.5.5.10 +#oMSyntax: 4 dn: cn=sambaPassword,${SCHEMADN} cn: sambaPassword @@ -132,20 +144,23 @@ attributeID: 1.3.6.1.4.1.7165.4.1.9 attributeSyntax: 2.5.5.4 oMSyntax: 20 -dn: cn=krb5Key,${SCHEMADN} -cn: krb5Key -name: krb5Key -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: krb5Key -isSingleValued: FALSE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 -adminDisplayName: krb5-Key -attributeID: 1.3.6.1.4.1.5322.10.1.10 -attributeSyntax: 2.5.5.10 -oMSyntax: 4 +# +# Not used anymore +# +#dn: cn=krb5Key,${SCHEMADN} +#cn: krb5Key +#name: krb5Key +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: krb5Key +#isSingleValued: FALSE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4 +#adminDisplayName: krb5-Key +#attributeID: 1.3.6.1.4.1.5322.10.1.10 +#attributeSyntax: 2.5.5.10 +#oMSyntax: 4 #Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1 -- cgit From c2003743256bc0312c5360821d501591039dafcd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Feb 2007 12:02:59 +0000 Subject: r21583: add missing CN= metze (This used to be commit 199416a4d3d7e0f4c416c66cb92e49fc9a83a556) --- source4/setup/provision_rootdse_add.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif index 53fdf3c761..63abf64e89 100644 --- a/source4/setup/provision_rootdse_add.ldif +++ b/source4/setup/provision_rootdse_add.ldif @@ -9,7 +9,7 @@ schemaNamingContext: ${SCHEMADN} supportedLDAPVersion: 3 dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} -serverName: CN=${NETBIOSNAME},CN=Servers,${DEFAULTSITE},CN=Sites,${CONFIGDN} +serverName: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 -- cgit From 99fb785ea1dcf8ccc7bcbceed350178884e824b1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 3 Mar 2007 02:06:54 +0000 Subject: r21673: Fix Samba 3 data read tests. I can't figure out why the upgrade one is broken, so that one is still disabled. (This used to be commit ef794f03d50022a77303c77045a04d9407d07cbc) --- source4/setup/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade index f2d1a870cc..f05e22f2e0 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -95,7 +95,7 @@ if (options.realm != undefined) { subobj.REALM = options.realm; } -provision(subobj, message, options.blank, paths, system_session, creds); +provision(subobj, message, options.blank, paths, system_session, creds, undefined); var ret = upgrade(subobj,samba3,message,paths, system_session, creds); if (ret > 0) { -- cgit From 3d4c4c5fa3596646e98fa50f8f735ffc1cbe8240 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 23 Apr 2007 07:33:15 +0000 Subject: r22478: Update the LDAP backend code to handle initialisation of multiple partitions onto the target LDAP server. Make the LDAP provision run before smbd starts, then stop the LDAP server. This ensures this occurs synchronously, We then restart it for the 'real run' (with slapd's stdin being the FIFO). This required fixing a few things in the provision scripts, with more containers being created via a add/modify pair. Andrew Bartlett (This used to be commit 860dfa4ea1ab2b62d4d4fe0644e0a9b882fdafa1) --- source4/setup/display_specifiers.ldif | 7 +- source4/setup/provision | 6 + source4/setup/provision_configuration.ldif | 26 - source4/setup/provision_configuration_basedn.ldif | 9 + .../provision_configuration_basedn_modify.ldif | 22 + source4/setup/provision_schema_basedn.ldif | 9 + source4/setup/provision_schema_basedn_modify.ldif | 25 + source4/setup/schema-map-fedora-ds-1.0 | 2 + source4/setup/schema-map-openldap-2.3 | 5 +- source4/setup/schema.ldif | 10875 +++++++++++-------- source4/setup/schema_samba4.ldif | 10 +- 11 files changed, 6417 insertions(+), 4579 deletions(-) create mode 100644 source4/setup/provision_configuration_basedn.ldif create mode 100644 source4/setup/provision_configuration_basedn_modify.ldif create mode 100644 source4/setup/provision_schema_basedn.ldif create mode 100644 source4/setup/provision_schema_basedn_modify.ldif (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index ad691b1ad2..b76955a0cb 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -1,3 +1,9 @@ +dn: CN=DisplaySpecifiers,${CONFIGDN} +objectClass: top +objectClass: container +showInAdvancedViewOnly: TRUE +instanceType: 4 + dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container @@ -5,7 +11,6 @@ cn: 409 name: 409 instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,${SCHEMADN} dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top diff --git a/source4/setup/provision b/source4/setup/provision index 0c3aea5f72..b6b271045c 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -123,12 +123,18 @@ if (options["aci"] != undefined) { println("set ACI: " + subobj["ACI"]); } +println("set DOMAIN SID: " + subobj["DOMAINSID"]); + if (ldapbackend) { if (!ldapmodule) { subobj["LDAPMODULE"] = "entryUUID"; } subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"]; subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; + subobj["CONFIGDN_LDB"] = subobj["LDAPBACKEND"]; + subobj["CONFIGDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; + subobj["SCHEMADN_LDB"] = subobj["LDAPBACKEND"]; + subobj["SCHEMADN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; } if (!provision_validate(subobj, message)) { diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 902d717fb6..8b89f3489c 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -1,17 +1,6 @@ ############################### # Configuration Naming Context ############################### -dn: ${CONFIGDN} -objectClass: top -objectClass: configuration -cn: Configuration -instanceType: 13 -showInAdvancedViewOnly: TRUE -objectCategory: CN=Configuration,${SCHEMADN} -subRefs: ${SCHEMADN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer @@ -165,18 +154,3 @@ lDAPAdminLimits: MaxConnIdleTime=900 lDAPAdminLimits: InitRecvTimeout=120 lDAPAdminLimits: MaxConnections=5000 - -############################### -# Schema Naming Context -############################### -dn: ${SCHEMADN} -objectClass: top -objectClass: dMD -cn: Schema -instanceType: 13 -showInAdvancedViewOnly: TRUE -objectCategory: CN=DMD,${SCHEMADN} -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -objectVersion: 30 diff --git a/source4/setup/provision_configuration_basedn.ldif b/source4/setup/provision_configuration_basedn.ldif new file mode 100644 index 0000000000..df1e1b19ba --- /dev/null +++ b/source4/setup/provision_configuration_basedn.ldif @@ -0,0 +1,9 @@ +############################### +# Configuration Naming Context +############################### +dn: ${CONFIGDN} +objectClass: top +objectClass: configuration +${EXTENSIBLEOBJECT} +${ACI} +cn: Configuration diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif new file mode 100644 index 0000000000..897499b163 --- /dev/null +++ b/source4/setup/provision_configuration_basedn_modify.ldif @@ -0,0 +1,22 @@ +############################### +# Configuration Naming Context +############################### +dn: ${CONFIGDN} +changetype: modify +replace: instanceType +instanceType: 13 +- +replace: showInAdvancedViewOnly +showInAdvancedViewOnly: TRUE +- +replace: objectCategory +objectCategory: CN=Configuration,${SCHEMADN} +- +replace: subRefs +subRefs: ${SCHEMADN} +- +replace: masteredBy +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +- +replace: msDs-masteredBy +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} diff --git a/source4/setup/provision_schema_basedn.ldif b/source4/setup/provision_schema_basedn.ldif new file mode 100644 index 0000000000..7b4f599072 --- /dev/null +++ b/source4/setup/provision_schema_basedn.ldif @@ -0,0 +1,9 @@ +############################### +# Schema Naming Context +############################### +dn: ${SCHEMADN} +objectClass: top +objectClass: dMD +${EXTENSIBLEOBJECT} +${ACI} +cn: Schema diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif new file mode 100644 index 0000000000..1f188d0679 --- /dev/null +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -0,0 +1,25 @@ +############################### +# Schema Naming Context +############################### +dn: ${SCHEMADN} +changetype: modify +replace: instanceType +instanceType: 13 +- +replace: showInAdvancedViewOnly +showInAdvancedViewOnly: TRUE +- +replace: objectCategory +objectCategory: CN=DMD,${SCHEMADN} +- +replace: masteredBy +masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +- +replace: msDs-masteredBy +msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +- +replace: fSMORoleOwner +fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +- +replace: objectVersion +objectVersion: 30 diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index 3bbd34ecb4..f3387130b6 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -12,6 +12,8 @@ description cn dITContentRules top +#This shouldn't make it to the ldap server +sambaPassword #Skip ObjectClasses # #MiddleName has a conflicting OID diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index e9880f272a..21867140c5 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -16,9 +16,10 @@ description cn dITContentRules top +#This shouldn't make it to the ldap server +sambaPassword #Skip ObjectClasses -subSchema -# +#subSchema #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 743bf36f17..7fbf32536d 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -1,7050 +1,8819 @@ dn: CN=SD-Rights-Effective,${SCHEMADN} -cn: SD-Rights-Effective -name: SD-Rights-Effective objectClass: top objectClass: attributeSchema -lDAPDisplayName: sDRightsEffective -isSingleValued: TRUE -systemFlags: 134217748 -systemOnly: FALSE -schemaIDGUID: c3dbafa6-33df-11d2-98b2-0000f87a57d4 -adminDisplayName: SD-Rights-Effective attributeID: 1.2.840.113556.1.4.1304 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: SD-Rights-Effective +adminDescription: SD-Rights-Effective oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: sDRightsEffective +schemaIDGUID: c3dbafa6-33df-11d2-98b2-0000f87a57d4 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-Owner-BL,${SCHEMADN} -cn: ms-Exch-Owner-BL -name: ms-Exch-Owner-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: ownerBL +attributeID: 1.2.840.113556.1.2.104 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 45 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: bf9679f4-0de6-11d0-a285-00aa003049e2 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-Exch-Owner-BL -attributeID: 1.2.840.113556.1.2.104 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: ms-Exch-Owner-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ownerBL +schemaIDGUID: bf9679f4-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Member-Of-DL,${SCHEMADN} -cn: Is-Member-Of-DL -name: Is-Member-Of-DL objectClass: top objectClass: attributeSchema -lDAPDisplayName: memberOf +attributeID: 1.2.840.113556.1.2.102 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +mAPIID: 32776 linkID: 3 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: bf967991-0de6-11d0-a285-00aa003049e2 +showInAdvancedViewOnly: TRUE adminDisplayName: Is-Member-Of-DL -attributeID: 1.2.840.113556.1.2.102 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Is-Member-Of-DL +oMSyntax: 127 +searchFlags: 16 +lDAPDisplayName: memberOf +schemaIDGUID: bf967991-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: bc0ac240-79a9-11d0-9020-00c04fc2d4cf +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Search-Guide,${SCHEMADN} -cn: Search-Guide -name: Search-Guide objectClass: top objectClass: attributeSchema -lDAPDisplayName: searchGuide -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a2e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Search-Guide attributeID: 2.5.4.14 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +mAPIID: 33070 +showInAdvancedViewOnly: TRUE +adminDisplayName: Search-Guide +adminDescription: Search-Guide oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: searchGuide +schemaIDGUID: bf967a2e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-ReplicationEpoch,${SCHEMADN} -cn: ms-DS-ReplicationEpoch -name: ms-DS-ReplicationEpoch objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-ReplicationEpoch -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41 -adminDisplayName: ms-DS-ReplicationEpoch attributeID: 1.2.840.113556.1.4.1720 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-ReplicationEpoch +adminDescription: ms-DS-ReplicationEpoch oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-ReplicationEpoch +schemaIDGUID: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41 +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Auditing-Policy,${SCHEMADN} -cn: Auditing-Policy -name: Auditing-Policy objectClass: top objectClass: attributeSchema -lDAPDisplayName: auditingPolicy -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 6da8a4fe-0e52-11d0-a286-00aa003049e2 -adminDisplayName: Auditing-Policy attributeID: 1.2.840.113556.1.4.202 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Auditing-Policy +adminDescription: Auditing-Policy oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: auditingPolicy +schemaIDGUID: 6da8a4fe-0e52-11d0-a286-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Fax-Other,${SCHEMADN} -cn: Phone-Fax-Other -name: Phone-Fax-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherFacsimileTelephoneNumber -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0296c11d-40da-11d1-a9c0-0000f80367c1 -adminDisplayName: Phone-Fax-Other attributeID: 1.2.840.113556.1.4.646 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Fax-Other +adminDescription: Phone-Fax-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: otherFacsimileTelephoneNumber +schemaIDGUID: 0296c11d-40da-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Address,${SCHEMADN} -cn: Address -name: Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: streetAddress -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ff84-1191-11d0-a060-00aa006c33ed -adminDisplayName: Address attributeID: 1.2.840.113556.1.2.256 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 1024 +mAPIID: 14889 +showInAdvancedViewOnly: TRUE +adminDisplayName: Address +adminDescription: Address oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: streetAddress +schemaIDGUID: f0f8ff84-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Security-Identifier,${SCHEMADN} -cn: Security-Identifier -name: Security-Identifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: securityIdentifier -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a2f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Security-Identifier attributeID: 1.2.840.113556.1.4.121 attributeSyntax: 2.5.5.17 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Security-Identifier +adminDescription: Security-Identifier oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: securityIdentifier +schemaIDGUID: bf967a2f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-KeyVersionNumber,${SCHEMADN} -cn: ms-DS-KeyVersionNumber -name: ms-DS-KeyVersionNumber objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-KeyVersionNumber -isSingleValued: TRUE -systemFlags: 20 -systemOnly: TRUE -schemaIDGUID: c523e9c0-33b5-4ac8-8923-b57b927f42f6 -adminDisplayName: ms-DS-KeyVersionNumber attributeID: 1.2.840.113556.1.4.1782 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: FALSE +adminDisplayName: ms-DS-KeyVersionNumber +adminDescription: The Kerberos version number of the current key for this account. This is a constructed attribute. oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-KeyVersionNumber +schemaIDGUID: c523e9c0-33b5-4ac8-8923-b57b927f42f6 +systemOnly: TRUE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Account-Name-History,${SCHEMADN} -cn: Account-Name-History -name: Account-Name-History objectClass: top objectClass: attributeSchema -lDAPDisplayName: accountNameHistory -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 031952ec-3b72-11d2-90cc-00c04fd91ab1 -adminDisplayName: Account-Name-History attributeID: 1.2.840.113556.1.4.1307 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Account-Name-History +adminDescription: Account-Name-History oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: accountNameHistory +schemaIDGUID: 031952ec-3b72-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=preferredLanguage,${SCHEMADN} -cn: preferredLanguage -name: preferredLanguage objectClass: top objectClass: attributeSchema -lDAPDisplayName: preferredLanguage -isSingleValued: TRUE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d -adminDisplayName: preferredLanguage attributeID: 2.16.840.1.113730.3.1.39 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: FALSE +adminDisplayName: preferredLanguage +adminDescription: The preferred written or spoken language for a person. oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: preferredLanguage +schemaIDGUID: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Shared-Folder-Other,${SCHEMADN} -cn: User-Shared-Folder-Other -name: User-Shared-Folder-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: userSharedFolderOther -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1 -adminDisplayName: User-Shared-Folder-Other attributeID: 1.2.840.113556.1.4.752 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Shared-Folder-Other +adminDescription: User-Shared-Folder-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: userSharedFolderOther +schemaIDGUID: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Shared-Folder,${SCHEMADN} -cn: User-Shared-Folder -name: User-Shared-Folder objectClass: top objectClass: attributeSchema -lDAPDisplayName: userSharedFolder -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1 -adminDisplayName: User-Shared-Folder attributeID: 1.2.840.113556.1.4.751 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Shared-Folder +adminDescription: User-Shared-Folder oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: userSharedFolder +schemaIDGUID: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Digests-Mig,${SCHEMADN} -cn: MSMQ-Digests-Mig -name: MSMQ-Digests-Mig objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQDigestsMig -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1 -adminDisplayName: MSMQ-Digests-Mig attributeID: 1.2.840.113556.1.4.966 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Digests-Mig +adminDescription: MSMQ-Digests-Mig oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: mSMQDigestsMig +schemaIDGUID: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Identifier,${SCHEMADN} -cn: Domain-Identifier -name: Domain-Identifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: domainIdentifier -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 7f561278-5301-11d1-a9c5-0000f80367c1 -adminDisplayName: Domain-Identifier attributeID: 1.2.840.113556.1.4.755 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Domain-Identifier +adminDescription: Domain-Identifier oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: domainIdentifier +schemaIDGUID: 7f561278-5301-11d1-a9c5-0000f80367c1 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Legacy-Exchange-DN,${SCHEMADN} -cn: Legacy-Exchange-DN -name: Legacy-Exchange-DN objectClass: top objectClass: attributeSchema -lDAPDisplayName: legacyExchangeDN -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 28630ebc-41d5-11d1-a9c1-0000f80367c1 -adminDisplayName: Legacy-Exchange-DN attributeID: 1.2.840.113556.1.4.655 attributeSyntax: 2.5.5.4 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Legacy-Exchange-DN +adminDescription: Legacy-Exchange-DN oMSyntax: 20 +searchFlags: 13 +lDAPDisplayName: legacyExchangeDN +schemaIDGUID: 28630ebc-41d5-11d1-a9c1-0000f80367c1 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Well-Known-Objects,${SCHEMADN} -cn: Well-Known-Objects -name: Well-Known-Objects objectClass: top objectClass: attributeSchema -lDAPDisplayName: wellKnownObjects -isSingleValued: FALSE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: 05308983-7688-11d1-aded-00c04fd8d5cd -adminDisplayName: Well-Known-Objects attributeID: 1.2.840.113556.1.4.618 attributeSyntax: 2.5.5.7 -oMSyntax: 127 +isSingleValued: FALSE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Well-Known-Objects oMObjectClass:: KoZIhvcUAQEBCw== +adminDescription: Well-Known-Objects +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: wellKnownObjects +schemaIDGUID: 05308983-7688-11d1-aded-00c04fd8d5cd +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RDN,${SCHEMADN} -cn: RDN -name: RDN objectClass: top objectClass: attributeSchema -lDAPDisplayName: name -isSingleValued: TRUE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: bf967a0e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: RDN attributeID: 1.2.840.113556.1.4.1 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 255 +mAPIID: 33282 +showInAdvancedViewOnly: TRUE +adminDisplayName: RDN +adminDescription: RDN oMSyntax: 64 +searchFlags: 13 +lDAPDisplayName: name +schemaIDGUID: bf967a0e-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Non-Security-Member-BL,${SCHEMADN} -cn: Non-Security-Member-BL -name: Non-Security-Member-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: nonSecurityMemberBL +attributeID: 1.2.840.113556.1.4.531 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 51 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 52458019-ca6a-11d0-afff-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Non-Security-Member-BL -attributeID: 1.2.840.113556.1.4.531 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Non-Security-Member-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: nonSecurityMemberBL +schemaIDGUID: 52458019-ca6a-11d0-afff-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Repl-Attribute-Meta-Data,${SCHEMADN} -cn: ms-DS-Repl-Attribute-Meta-Data -name: ms-DS-Repl-Attribute-Meta-Data objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-ReplAttributeMetaData -isSingleValued: FALSE -systemFlags: 20 -systemOnly: FALSE -schemaIDGUID: d7c53242-724e-4c39-9d4c-2df8c9d66c7a -adminDisplayName: ms-DS-Repl-Attribute-Meta-Data attributeID: 1.2.840.113556.1.4.1707 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Repl-Attribute-Meta-Data +adminDescription: ms-DS-Repl-Attribute-Meta-Data oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-ReplAttributeMetaData +schemaIDGUID: d7c53242-724e-4c39-9d4c-2df8c9d66c7a +systemOnly: FALSE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DN-Reference-Update,${SCHEMADN} -cn: DN-Reference-Update -name: DN-Reference-Update objectClass: top objectClass: attributeSchema -lDAPDisplayName: dNReferenceUpdate -isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 2df90d86-009f-11d2-aa4c-00c04fd7d83a -adminDisplayName: DN-Reference-Update attributeID: 1.2.840.113556.1.4.1242 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: DN-Reference-Update oMObjectClass:: KwwCh3McAIVK +adminDescription: DN-Reference-Update +oMSyntax: 127 +searchFlags: 8 +lDAPDisplayName: dNReferenceUpdate +schemaIDGUID: 2df90d86-009f-11d2-aa4c-00c04fd7d83a +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GP-Options,${SCHEMADN} -cn: GP-Options -name: GP-Options objectClass: top objectClass: attributeSchema -lDAPDisplayName: gPOptions -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f30e3bbf-9ff0-11d1-b603-0000f80367c1 -adminDisplayName: GP-Options attributeID: 1.2.840.113556.1.4.892 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: GP-Options +adminDescription: GP-Options oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: gPOptions +schemaIDGUID: f30e3bbf-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,${SCHEMADN} -cn: MS-DS-Per-User-Trust-Tombstones-Quota -name: MS-DS-Per-User-Trust-Tombstones-Quota objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-PerUserTrustTombstonesQuota -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b -adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota attributeID: 1.2.840.113556.1.4.1790 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Per-User-Trust-Tombstones-Quota +adminDescription: Used to enforce a per-user quota for deleting Trusted-Domain objects when authorization is based on matching the user's SID to the value of MS-DS-Creator-SID on the Trusted-Domain object. oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-PerUserTrustTombstonesQuota +schemaIDGUID: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Pager-Primary,${SCHEMADN} -cn: Phone-Pager-Primary -name: Phone-Pager-Primary objectClass: top objectClass: attributeSchema -lDAPDisplayName: pager -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ffa6-1191-11d0-a060-00aa006c33ed -adminDisplayName: Phone-Pager-Primary attributeID: 0.9.2342.19200300.100.1.42 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14881 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Pager-Primary +adminDescription: Phone-Pager-Primary oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: pager +schemaIDGUID: f0f8ffa6-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Site-GUID,${SCHEMADN} -cn: Site-GUID -name: Site-GUID objectClass: top objectClass: attributeSchema -lDAPDisplayName: siteGUID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e978924-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Site-GUID attributeID: 1.2.840.113556.1.4.362 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Site-GUID +adminDescription: Site-GUID oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: siteGUID +schemaIDGUID: 3e978924-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Script-Engine-Cache-Max,${SCHEMADN} -cn: ms-DS-Az-Script-Engine-Cache-Max -name: ms-DS-Az-Script-Engine-Cache-Max objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzScriptEngineCacheMax -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8 -adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max attributeID: 1.2.840.113556.1.4.1796 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Script-Engine-Cache-Max +adminDescription: Maximum number of scripts that are cached by the application oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-AzScriptEngineCacheMax +schemaIDGUID: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Token-Groups-No-GC-Acceptable,${SCHEMADN} -cn: Token-Groups-No-GC-Acceptable -name: Token-Groups-No-GC-Acceptable objectClass: top objectClass: attributeSchema -lDAPDisplayName: tokenGroupsNoGCAcceptable -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: FALSE -schemaIDGUID: 040fc392-33df-11d2-98b2-0000f87a57d4 -adminDisplayName: Token-Groups-No-GC-Acceptable attributeID: 1.2.840.113556.1.4.1303 attributeSyntax: 2.5.5.17 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Token-Groups-No-GC-Acceptable +adminDescription: Token-Groups-No-GC-Acceptable oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: tokenGroupsNoGCAcceptable +schemaIDGUID: 040fc392-33df-11d2-98b2-0000f87a57d4 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Token-Groups-Global-And-Universal,${SCHEMADN} -cn: Token-Groups-Global-And-Universal -name: Token-Groups-Global-And-Universal objectClass: top objectClass: attributeSchema -lDAPDisplayName: tokenGroupsGlobalAndUniversal -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: FALSE -schemaIDGUID: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2 -adminDisplayName: Token-Groups-Global-And-Universal attributeID: 1.2.840.113556.1.4.1418 attributeSyntax: 2.5.5.17 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Token-Groups-Global-And-Universal +adminDescription: Token-Groups-Global-And-Universal oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: tokenGroupsGlobalAndUniversal +schemaIDGUID: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Alt-Security-Identities,${SCHEMADN} -cn: Alt-Security-Identities -name: Alt-Security-Identities objectClass: top objectClass: attributeSchema -lDAPDisplayName: altSecurityIdentities -isSingleValued: FALSE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: 00fbf30c-91fe-11d1-aebc-0000f80367c1 -adminDisplayName: Alt-Security-Identities attributeID: 1.2.840.113556.1.4.867 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Alt-Security-Identities +adminDescription: Alt-Security-Identities oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: altSecurityIdentities +schemaIDGUID: 00fbf30c-91fe-11d1-aebc-0000f80367c1 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=labeledURI,${SCHEMADN} -cn: labeledURI -name: labeledURI objectClass: top objectClass: attributeSchema -lDAPDisplayName: labeledURI -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: c569bb46-c680-44bc-a273-e6c227d71b45 -adminDisplayName: labeledURI attributeID: 1.3.6.1.4.1.250.1.57 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: labeledURI +adminDescription: A Uniform Resource Identifier followed by a label. The label is used to describe the resource to which the URI points, and is intended as a friendly name fit for human consumption. oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: labeledURI +schemaIDGUID: c569bb46-c680-44bc-a273-e6c227d71b45 +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pwd-Last-Set,${SCHEMADN} -cn: Pwd-Last-Set -name: Pwd-Last-Set objectClass: top objectClass: attributeSchema -lDAPDisplayName: pwdLastSet -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a0a-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Pwd-Last-Set attributeID: 1.2.840.113556.1.4.96 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Pwd-Last-Set +adminDescription: Pwd-Last-Set oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: pwdLastSet +schemaIDGUID: bf967a0a-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Classes,${SCHEMADN} -cn: Object-Classes -name: Object-Classes objectClass: top objectClass: attributeSchema -lDAPDisplayName: objectClasses -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Object-Classes attributeID: 2.5.21.6 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Object-Classes +adminDescription: Object-Classes oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: objectClasses +schemaIDGUID: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Attributes,${SCHEMADN} -cn: Trust-Attributes -name: Trust-Attributes objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustAttributes -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 80a67e5a-9f22-11d0-afdd-00c04fd930c9 -adminDisplayName: Trust-Attributes attributeID: 1.2.840.113556.1.4.470 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Attributes +adminDescription: Trust-Attributes oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: trustAttributes +schemaIDGUID: 80a67e5a-9f22-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Trust-Forest-Trust-Info,${SCHEMADN} -cn: ms-DS-Trust-Forest-Trust-Info -name: ms-DS-Trust-Forest-Trust-Info objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-TrustForestTrustInfo -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 29cc866e-49d3-4969-942e-1dbc0925d183 -adminDisplayName: ms-DS-Trust-Forest-Trust-Info attributeID: 1.2.840.113556.1.4.1702 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Trust-Forest-Trust-Info +adminDescription: ms-DS-Trust-Forest-Trust-Info oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: msDS-TrustForestTrustInfo +schemaIDGUID: 29cc866e-49d3-4969-942e-1dbc0925d183 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Site-Object,${SCHEMADN} -cn: Site-Object -name: Site-Object objectClass: top objectClass: attributeSchema -lDAPDisplayName: siteObject +attributeID: 1.2.840.113556.1.4.512 +attributeSyntax: 2.5.5.1 isSingleValued: TRUE linkID: 46 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e10944c-c354-11d0-aff8-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Site-Object -attributeID: 1.2.840.113556.1.4.512 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Site-Object +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: siteObject +schemaIDGUID: 3e10944c-c354-11d0-aff8-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Privilege-Holder,${SCHEMADN} -cn: Is-Privilege-Holder -name: Is-Privilege-Holder objectClass: top objectClass: attributeSchema -lDAPDisplayName: isPrivilegeHolder +attributeID: 1.2.840.113556.1.4.638 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 71 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 19405b9c-3cfa-11d1-a9c0-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Is-Privilege-Holder -attributeID: 1.2.840.113556.1.4.638 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Is-Privilege-Holder +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: isPrivilegeHolder +schemaIDGUID: 19405b9c-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Dns-Root,${SCHEMADN} -cn: Dns-Root -name: Dns-Root objectClass: top objectClass: attributeSchema -lDAPDisplayName: dnsRoot -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967959-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Dns-Root attributeID: 1.2.840.113556.1.4.28 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 255 +showInAdvancedViewOnly: TRUE +adminDisplayName: Dns-Root +adminDescription: Dns-Root oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: dnsRoot +schemaIDGUID: bf967959-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Modified-Count,${SCHEMADN} -cn: Modified-Count -name: Modified-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: modifiedCount -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: bf9679c5-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Modified-Count attributeID: 1.2.840.113556.1.4.168 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Modified-Count +adminDescription: Modified-Count oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: modifiedCount +schemaIDGUID: bf9679c5-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=International-ISDN-Number,${SCHEMADN} -cn: International-ISDN-Number -name: International-ISDN-Number objectClass: top objectClass: attributeSchema -lDAPDisplayName: internationalISDNNumber -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96798d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: International-ISDN-Number attributeID: 2.5.4.25 attributeSyntax: 2.5.5.6 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 16 +mAPIID: 32958 +showInAdvancedViewOnly: TRUE +adminDisplayName: International-ISDN-Number +adminDescription: International-ISDN-Number oMSyntax: 18 +searchFlags: 0 +lDAPDisplayName: internationalISDNNumber +schemaIDGUID: bf96798d-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Business-Category,${SCHEMADN} -cn: Business-Category -name: Business-Category objectClass: top objectClass: attributeSchema -lDAPDisplayName: businessCategory -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967931-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Business-Category attributeID: 2.5.4.15 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 32855 +showInAdvancedViewOnly: TRUE +adminDisplayName: Business-Category +adminDescription: Business-Category oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: businessCategory +schemaIDGUID: bf967931-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=houseIdentifier,${SCHEMADN} -cn: houseIdentifier -name: houseIdentifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: houseIdentifier -isSingleValued: FALSE -systemOnly: FALSE -schemaIDGUID: a45398b7-c44a-4eb6-82d3-13c10946dbfe -adminDisplayName: houseIdentifier attributeID: 2.5.4.51 attributeSyntax: 2.5.5.12 -oMSyntax: 64 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 32768 +showInAdvancedViewOnly: TRUE +adminDisplayName: houseIdentifier +adminDescription: The houseIdentifier attribute type specifies a linguistic construct used to identify a particular building, for example a house number or house name relative to a street, avenue, town or city, etc. +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: houseIdentifier +schemaIDGUID: a45398b7-c44a-4eb6-82d3-13c10946dbfe +systemOnly: FALSE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Name,${SCHEMADN} -cn: Other-Name -name: Other-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: middleName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Other-Name attributeID: 2.16.840.1.113730.3.1.34 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: Other-Name +adminDescription: Other-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: middleName +schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Repl-Topology-Stay-Of-Execution,${SCHEMADN} -cn: Repl-Topology-Stay-Of-Execution -name: Repl-Topology-Stay-Of-Execution +dn: CN=Attribute-ID,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: replTopologyStayOfExecution +attributeID: 1.2.840.113556.1.2.30 +attributeSyntax: 2.5.5.2 isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Attribute-ID +adminDescription: Attribute-ID +oMSyntax: 6 +searchFlags: 8 +lDAPDisplayName: attributeID +schemaIDGUID: bf967922-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 7bfdcb83-4807-11d1-a9c3-0000f80367c1 -adminDisplayName: Repl-Topology-Stay-Of-Execution +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Repl-Topology-Stay-Of-Execution,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.677 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Repl-Topology-Stay-Of-Execution +adminDescription: Repl-Topology-Stay-Of-Execution oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: replTopologyStayOfExecution +schemaIDGUID: 7bfdcb83-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-GUID,${SCHEMADN} -cn: Netboot-GUID -name: Netboot-GUID objectClass: top objectClass: attributeSchema -lDAPDisplayName: netbootGUID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e978921-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Netboot-GUID attributeID: 1.2.840.113556.1.4.359 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Netboot-GUID +adminDescription: Netboot-GUID oMSyntax: 4 +searchFlags: 1 +lDAPDisplayName: netbootGUID +schemaIDGUID: 3e978921-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RDN-Att-ID,${SCHEMADN} -cn: RDN-Att-ID -name: RDN-Att-ID objectClass: top objectClass: attributeSchema -lDAPDisplayName: rDNAttID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a0f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: RDN-Att-ID attributeID: 1.2.840.113556.1.2.26 attributeSyntax: 2.5.5.2 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: RDN-Att-ID +adminDescription: RDN-Att-ID oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: rDNAttID +schemaIDGUID: bf967a0f-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=May-Contain,${SCHEMADN} -cn: May-Contain -name: May-Contain objectClass: top objectClass: attributeSchema -lDAPDisplayName: mayContain -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679bf-0de6-11d0-a285-00aa003049e2 -adminDisplayName: May-Contain attributeID: 1.2.840.113556.1.2.25 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: May-Contain +adminDescription: May-Contain oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: mayContain +schemaIDGUID: bf9679bf-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Auth-Outgoing,${SCHEMADN} -cn: Trust-Auth-Outgoing -name: Trust-Auth-Outgoing objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustAuthOutgoing -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a5f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Trust-Auth-Outgoing attributeID: 1.2.840.113556.1.4.135 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 32767 +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Auth-Outgoing +adminDescription: Trust-Auth-Outgoing oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: trustAuthOutgoing +schemaIDGUID: bf967a5f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-Reference-BL,${SCHEMADN} -cn: Server-Reference-BL -name: Server-Reference-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: serverReferenceBL +attributeID: 1.2.840.113556.1.4.516 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 95 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 26d9736e-6070-11d1-a9c6-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Server-Reference-BL -attributeID: 1.2.840.113556.1.4.516 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Server-Reference-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: serverReferenceBL +schemaIDGUID: 26d9736e-6070-11d1-a9c6-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Create-Time-Stamp,${SCHEMADN} -cn: Create-Time-Stamp -name: Create-Time-Stamp objectClass: top objectClass: attributeSchema -lDAPDisplayName: createTimeStamp -isSingleValued: TRUE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 2df90d73-009f-11d2-aa4c-00c04fd7d83a -adminDisplayName: Create-Time-Stamp attributeID: 2.5.18.1 attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Create-Time-Stamp +adminDescription: Create-Time-Stamp oMSyntax: 24 +searchFlags: 0 +lDAPDisplayName: createTimeStamp +schemaIDGUID: 2df90d73-009f-11d2-aa4c-00c04fd7d83a +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Attribute-Display-Names,${SCHEMADN} -cn: Attribute-Display-Names -name: Attribute-Display-Names objectClass: top objectClass: attributeSchema -lDAPDisplayName: attributeDisplayNames -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: cb843f80-48d9-11d1-a9c3-0000f80367c1 -adminDisplayName: Attribute-Display-Names attributeID: 1.2.840.113556.1.4.748 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Attribute-Display-Names +adminDescription: Attribute-Display-Names oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: attributeDisplayNames +schemaIDGUID: cb843f80-48d9-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Context-Menu,${SCHEMADN} -cn: Admin-Context-Menu -name: Admin-Context-Menu objectClass: top objectClass: attributeSchema -lDAPDisplayName: adminContextMenu -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 553fd038-f32e-11d0-b0bc-00c04fd8dca6 -adminDisplayName: Admin-Context-Menu attributeID: 1.2.840.113556.1.4.614 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Admin-Context-Menu +adminDescription: Admin-Context-Menu oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: adminContextMenu +schemaIDGUID: 553fd038-f32e-11d0-b0bc-00c04fd8dca6 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LSA-Modified-Count,${SCHEMADN} -cn: LSA-Modified-Count -name: LSA-Modified-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: lSAModifiedCount -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679ae-0de6-11d0-a285-00aa003049e2 -adminDisplayName: LSA-Modified-Count attributeID: 1.2.840.113556.1.4.67 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: LSA-Modified-Count +adminDescription: LSA-Modified-Count oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lSAModifiedCount +schemaIDGUID: bf9679ae-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LSA-Creation-Time,${SCHEMADN} -cn: LSA-Creation-Time -name: LSA-Creation-Time objectClass: top objectClass: attributeSchema -lDAPDisplayName: lSACreationTime -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679ad-0de6-11d0-a285-00aa003049e2 -adminDisplayName: LSA-Creation-Time attributeID: 1.2.840.113556.1.4.66 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: LSA-Creation-Time +adminDescription: LSA-Creation-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lSACreationTime +schemaIDGUID: bf9679ad-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-State,${SCHEMADN} -cn: Server-State -name: Server-State objectClass: top objectClass: attributeSchema -lDAPDisplayName: serverState -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: bf967a34-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Server-State attributeID: 1.2.840.113556.1.4.154 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Server-State +adminDescription: Server-State oMSyntax: 2 - -dn: CN=Supplemental-Credentials,${SCHEMADN} -cn: Supplemental-Credentials -name: Supplemental-Credentials -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: supplementalCredentials -isSingleValued: FALSE -systemFlags: 16 +searchFlags: 0 +lDAPDisplayName: serverState +schemaIDGUID: bf967a34-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE -schemaIDGUID: bf967a3f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Supplemental-Credentials -attributeID: 1.2.840.113556.1.4.125 -attributeSyntax: 2.5.5.10 -oMSyntax: 4 +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LDAP-Display-Name,${SCHEMADN} -cn: LDAP-Display-Name -name: LDAP-Display-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: lDAPDisplayName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96799a-0de6-11d0-a285-00aa003049e2 -adminDisplayName: LDAP-Display-Name attributeID: 1.2.840.113556.1.2.460 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 256 +mAPIID: 33137 +showInAdvancedViewOnly: TRUE +adminDisplayName: LDAP-Display-Name +adminDescription: LDAP-Display-Name oMSyntax: 64 +searchFlags: 9 +lDAPDisplayName: lDAPDisplayName +schemaIDGUID: bf96799a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=msNPSavedCallingStationID,${SCHEMADN} -cn: msNPSavedCallingStationID -name: msNPSavedCallingStationID +dn: CN=Supplemental-Credentials,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: msNPSavedCallingStationID +attributeID: 1.2.840.113556.1.4.125 +attributeSyntax: 2.5.5.10 isSingleValued: FALSE -systemFlags: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Supplemental-Credentials +adminDescription: Supplemental-Credentials +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: supplementalCredentials +schemaIDGUID: bf967a3f-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -schemaIDGUID: db0c908e-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msNPSavedCallingStationID +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=msNPSavedCallingStationID,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.1130 attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: msNPSavedCallingStationID +adminDescription: msNPSavedCallingStationID oMSyntax: 22 +searchFlags: 0 +lDAPDisplayName: msNPSavedCallingStationID +schemaIDGUID: db0c908e-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Flags,${SCHEMADN} -cn: Flags -name: Flags objectClass: top objectClass: attributeSchema -lDAPDisplayName: flags -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967976-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Flags attributeID: 1.2.840.113556.1.4.38 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Flags +adminDescription: Flags oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: flags +schemaIDGUID: bf967976-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Create-Wizard-Ext,${SCHEMADN} -cn: Create-Wizard-Ext -name: Create-Wizard-Ext objectClass: top objectClass: attributeSchema -lDAPDisplayName: createWizardExt -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2b09958b-8931-11d1-aebc-0000f80367c1 -adminDisplayName: Create-Wizard-Ext attributeID: 1.2.840.113556.1.4.812 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Create-Wizard-Ext +adminDescription: Create-Wizard-Ext oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: createWizardExt +schemaIDGUID: 2b09958b-8931-11d1-aebc-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DMD-Location,${SCHEMADN} -cn: DMD-Location -name: DMD-Location objectClass: top objectClass: attributeSchema -lDAPDisplayName: dMDLocation -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: f0f8ff8b-1191-11d0-a060-00aa006c33ed -adminDisplayName: DMD-Location attributeID: 1.2.840.113556.1.2.36 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: DMD-Location oMObjectClass:: KwwCh3McAIVK +adminDescription: DMD-Location +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: dMDLocation +schemaIDGUID: f0f8ff8b-1191-11d0-a060-00aa006c33ed +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-House-Identifier,${SCHEMADN} -cn: ms-Exch-House-Identifier -name: ms-Exch-House-Identifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: msExchHouseIdentifier -isSingleValued: TRUE -schemaIDGUID: a8df7407-c5ea-11d1-bbcb-0080c76670c0 -adminDisplayName: ms-Exch-House-Identifier attributeID: 1.2.840.113556.1.2.596 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 35924 +adminDisplayName: ms-Exch-House-Identifier +adminDescription: ms-Exch-House-Identifier oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msExchHouseIdentifier +schemaIDGUID: a8df7407-c5ea-11d1-bbcb-0080c76670c0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Mobile-Other,${SCHEMADN} -cn: Phone-Mobile-Other -name: Phone-Mobile-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherMobile -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0296c11e-40da-11d1-a9c0-0000f80367c1 -adminDisplayName: Phone-Mobile-Other attributeID: 1.2.840.113556.1.4.647 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Mobile-Other +adminDescription: Phone-Mobile-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: otherMobile +schemaIDGUID: 0296c11e-40da-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Generation-Qualifier,${SCHEMADN} -cn: Generation-Qualifier -name: Generation-Qualifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: generationQualifier -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 16775804-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: Generation-Qualifier attributeID: 2.5.4.44 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 35923 +showInAdvancedViewOnly: TRUE +adminDisplayName: Generation-Qualifier +adminDescription: Generation-Qualifier oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: generationQualifier +schemaIDGUID: 16775804-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=DS-Heuristics,${SCHEMADN} -cn: DS-Heuristics -name: DS-Heuristics +dn: CN=Attribute-Syntax,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: dSHeuristics +attributeID: 1.2.840.113556.1.2.32 +attributeSyntax: 2.5.5.2 isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Attribute-Syntax +adminDescription: Attribute-Syntax +oMSyntax: 6 +searchFlags: 8 +lDAPDisplayName: attributeSyntax +schemaIDGUID: bf967925-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Attribute-Security-GUID,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.149 +attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Attribute-Security-GUID +adminDescription: Attribute-Security-GUID +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: attributeSecurityGUID +schemaIDGUID: bf967924-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -schemaIDGUID: f0f8ff86-1191-11d0-a060-00aa006c33ed -adminDisplayName: DS-Heuristics +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=DS-Heuristics,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.2.212 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: DS-Heuristics +adminDescription: DS-Heuristics oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: dSHeuristics +schemaIDGUID: f0f8ff86-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Serial-Number,${SCHEMADN} -cn: Serial-Number -name: Serial-Number objectClass: top objectClass: attributeSchema -lDAPDisplayName: serialNumber -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a32-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Serial-Number attributeID: 2.5.4.5 attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 33072 +showInAdvancedViewOnly: TRUE +adminDisplayName: Serial-Number +adminDescription: Serial-Number oMSyntax: 19 +searchFlags: 0 +lDAPDisplayName: serialNumber +schemaIDGUID: bf967a32-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Settings,${SCHEMADN} -cn: ms-DS-Settings -name: ms-DS-Settings objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Settings -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21 -adminDisplayName: ms-DS-Settings attributeID: 1.2.840.113556.1.4.1697 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeUpper: 1000000 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Settings +adminDescription: ms-DS-Settings oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-Settings +schemaIDGUID: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21 +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operator-Count,${SCHEMADN} -cn: Operator-Count -name: Operator-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: operatorCount -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679ee-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Operator-Count attributeID: 1.2.840.113556.1.4.144 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Operator-Count +adminDescription: Operator-Count oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: operatorCount +schemaIDGUID: bf9679ee-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSFramedIPAddress,${SCHEMADN} -cn: msRADIUSFramedIPAddress -name: msRADIUSFramedIPAddress objectClass: top objectClass: attributeSchema -lDAPDisplayName: msRADIUSFramedIPAddress -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c90a4-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msRADIUSFramedIPAddress attributeID: 1.2.840.113556.1.4.1153 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: msRADIUSFramedIPAddress +adminDescription: msRADIUSFramedIPAddress oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msRADIUSFramedIPAddress +schemaIDGUID: db0c90a4-c1f2-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Home-Drive,${SCHEMADN} -cn: Home-Drive -name: Home-Drive objectClass: top objectClass: attributeSchema -lDAPDisplayName: homeDrive -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967986-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Home-Drive attributeID: 1.2.840.113556.1.4.45 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Home-Drive +adminDescription: Home-Drive oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: homeDrive +schemaIDGUID: bf967986-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Attribute-Types,${SCHEMADN} -cn: Attribute-Types -name: Attribute-Types objectClass: top objectClass: attributeSchema -lDAPDisplayName: attributeTypes -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad944-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Attribute-Types attributeID: 2.5.21.5 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Attribute-Types +adminDescription: Attribute-Types oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: attributeTypes +schemaIDGUID: 9a7ad944-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Initial-Auth-Outgoing,${SCHEMADN} -cn: Initial-Auth-Outgoing -name: Initial-Auth-Outgoing objectClass: top objectClass: attributeSchema -lDAPDisplayName: initialAuthOutgoing -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 52458024-ca6a-11d0-afff-0000f80367c1 -adminDisplayName: Initial-Auth-Outgoing attributeID: 1.2.840.113556.1.4.540 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Initial-Auth-Outgoing +adminDescription: Initial-Auth-Outgoing oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: initialAuthOutgoing +schemaIDGUID: 52458024-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Class,${SCHEMADN} -cn: Object-Class -name: Object-Class objectClass: top objectClass: attributeSchema -lDAPDisplayName: objectClass -isSingleValued: FALSE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: bf9679e5-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Object-Class attributeID: 2.5.4.0 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Object-Class +adminDescription: Object-Class oMSyntax: 6 +searchFlags: 8 +lDAPDisplayName: objectClass +schemaIDGUID: bf9679e5-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Possible-Inferiors,${SCHEMADN} -cn: Possible-Inferiors -name: Possible-Inferiors objectClass: top objectClass: attributeSchema -lDAPDisplayName: possibleInferiors -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Possible-Inferiors attributeID: 1.2.840.113556.1.4.915 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Possible-Inferiors +adminDescription: Possible-Inferiors oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: possibleInferiors +schemaIDGUID: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Approx-Immed-Subordinates,${SCHEMADN} -cn: ms-DS-Approx-Immed-Subordinates -name: ms-DS-Approx-Immed-Subordinates objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Approx-Immed-Subordinates -isSingleValued: TRUE -systemFlags: 20 -systemOnly: TRUE -schemaIDGUID: e185d243-f6ce-4adb-b496-b0c005d7823c -adminDisplayName: ms-DS-Approx-Immed-Subordinates attributeID: 1.2.840.113556.1.4.1669 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Approx-Immed-Subordinates +adminDescription: ms-DS-Approx-Immed-Subordinates oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-Approx-Immed-Subordinates +schemaIDGUID: e185d243-f6ce-4adb-b496-b0c005d7823c +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,${SCHEMADN} -cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay -name: ms-DS-Replication-Notify-Subsequent-DSA-Delay objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6 -adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay attributeID: 1.2.840.113556.1.4.1664 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Replication-Notify-Subsequent-DSA-Delay +adminDescription: This attribute controls the delay between notification of each subsequent replica partner for an NC. oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay +schemaIDGUID: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Create-Dialog,${SCHEMADN} -cn: Create-Dialog -name: Create-Dialog objectClass: top objectClass: attributeSchema -lDAPDisplayName: createDialog -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2b09958a-8931-11d1-aebc-0000f80367c1 -adminDisplayName: Create-Dialog attributeID: 1.2.840.113556.1.4.810 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Create-Dialog +adminDescription: Create-Dialog oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: createDialog +schemaIDGUID: 2b09958a-8931-11d1-aebc-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Query-Policy-Object,${SCHEMADN} -cn: Query-Policy-Object -name: Query-Policy-Object objectClass: top objectClass: attributeSchema -lDAPDisplayName: queryPolicyObject +attributeID: 1.2.840.113556.1.4.607 +attributeSyntax: 2.5.5.1 isSingleValued: TRUE linkID: 68 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: e1aea403-cd5b-11d0-afff-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Query-Policy-Object -attributeID: 1.2.840.113556.1.4.607 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Query-Policy-Object +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: queryPolicyObject +schemaIDGUID: e1aea403-cd5b-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=FRS-Root-Path,${SCHEMADN} -cn: FRS-Root-Path -name: FRS-Root-Path objectClass: top objectClass: attributeSchema -lDAPDisplayName: fRSRootPath -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 1be8f174-a9ff-11d0-afe2-00c04fd930c9 -adminDisplayName: FRS-Root-Path attributeID: 1.2.840.113556.1.4.487 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 2048 +showInAdvancedViewOnly: TRUE +adminDisplayName: FRS-Root-Path +adminDescription: FRS-Root-Path oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: fRSRootPath +schemaIDGUID: 1be8f174-a9ff-11d0-afe2-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Organizational-Unit-Name,${SCHEMADN} -cn: Organizational-Unit-Name -name: Organizational-Unit-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: ou -isSingleValued: FALSE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf9679f0-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Organizational-Unit-Name attributeID: 2.5.4.11 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 33026 +showInAdvancedViewOnly: TRUE +adminDisplayName: Organizational-Unit-Name +adminDescription: Organizational-Unit-Name oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: ou +schemaIDGUID: bf9679f0-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Telex-Number,${SCHEMADN} -cn: Telex-Number -name: Telex-Number objectClass: top objectClass: attributeSchema -lDAPDisplayName: telexNumber -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a4b-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Telex-Number attributeID: 2.5.4.21 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 32 +mAPIID: 14892 +showInAdvancedViewOnly: TRUE +adminDisplayName: Telex-Number +adminDescription: Telex-Number oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: telexNumber +schemaIDGUID: bf967a4b-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Address-Home,${SCHEMADN} -cn: Address-Home -name: Address-Home objectClass: top objectClass: attributeSchema -lDAPDisplayName: homePostalAddress -isSingleValued: TRUE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 16775781-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: Address-Home attributeID: 1.2.840.113556.1.2.617 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 4096 +mAPIID: 14941 +showInAdvancedViewOnly: TRUE +adminDisplayName: Address-Home +adminDescription: Address-Home oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: homePostalAddress +schemaIDGUID: 16775781-47f3-11d1-a9c3-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Assistant,${SCHEMADN} -cn: Assistant -name: Assistant objectClass: top objectClass: attributeSchema -lDAPDisplayName: assistant -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0296c11c-40da-11d1-a9c0-0000f80367c1 -adminDisplayName: Assistant attributeID: 1.2.840.113556.1.4.652 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Assistant oMObjectClass:: KwwCh3McAIVK +adminDescription: Assistant +oMSyntax: 127 +searchFlags: 16 +lDAPDisplayName: assistant +schemaIDGUID: 0296c11c-40da-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-Machine-File-Path,${SCHEMADN} -cn: Netboot-Machine-File-Path -name: Netboot-Machine-File-Path objectClass: top objectClass: attributeSchema -lDAPDisplayName: netbootMachineFilePath -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e978923-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Netboot-Machine-File-Path attributeID: 1.2.840.113556.1.4.361 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Netboot-Machine-File-Path +adminDescription: Netboot-Machine-File-Path oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: netbootMachineFilePath +schemaIDGUID: 3e978923-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=x500uniqueIdentifier,${SCHEMADN} -cn: x500uniqueIdentifier -name: x500uniqueIdentifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: x500uniqueIdentifier -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: d07da11f-8a3d-42b6-b0aa-76c962be719a -adminDisplayName: x500uniqueIdentifier attributeID: 2.5.4.45 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: x500uniqueIdentifier +adminDescription: Used to distinguish between objects when a distinguished name has been reused. This is a different attribute type from both the "uid" and "uniqueIdentifier" types. oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: x500uniqueIdentifier +schemaIDGUID: d07da11f-8a3d-42b6-b0aa-76c962be719a +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DBCS-Pwd,${SCHEMADN} -cn: DBCS-Pwd -name: DBCS-Pwd objectClass: top objectClass: attributeSchema -lDAPDisplayName: dBCSPwd -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96799c-0de6-11d0-a285-00aa003049e2 -adminDisplayName: DBCS-Pwd attributeID: 1.2.840.113556.1.4.55 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: DBCS-Pwd +adminDescription: DBCS-Pwd oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: dBCSPwd +schemaIDGUID: bf96799c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Prefix-Map,${SCHEMADN} -cn: Prefix-Map -name: Prefix-Map objectClass: top objectClass: attributeSchema -lDAPDisplayName: prefixMap -isSingleValued: TRUE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 52458022-ca6a-11d0-afff-0000f80367c1 -adminDisplayName: Prefix-Map attributeID: 1.2.840.113556.1.4.538 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Prefix-Map +adminDescription: Prefix-Map oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: prefixMap +schemaIDGUID: 52458022-ca6a-11d0-afff-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Members-For-Az-Role-BL,${SCHEMADN} -cn: ms-DS-Members-For-Az-Role-BL -name: ms-DS-Members-For-Az-Role-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-MembersForAzRoleBL +attributeID: 1.2.840.113556.1.4.1807 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2017 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: ececcd20-a7e0-4688-9ccf-02ece5e287f5 +showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Members-For-Az-Role-BL -attributeID: 1.2.840.113556.1.4.1807 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Back-link from member application group or user to Az-Role object(s) linking to it +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-MembersForAzRoleBL +schemaIDGUID: ececcd20-a7e0-4688-9ccf-02ece5e287f5 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Known-Parent,${SCHEMADN} -cn: Last-Known-Parent -name: Last-Known-Parent objectClass: top objectClass: attributeSchema -lDAPDisplayName: lastKnownParent -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 52ab8670-5709-11d1-a9c6-0000f80367c1 -adminDisplayName: Last-Known-Parent attributeID: 1.2.840.113556.1.4.781 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Last-Known-Parent oMObjectClass:: KwwCh3McAIVK +adminDescription: Last-Known-Parent +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: lastKnownParent +schemaIDGUID: 52ab8670-5709-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=FSMO-Role-Owner,${SCHEMADN} -cn: FSMO-Role-Owner -name: FSMO-Role-Owner objectClass: top objectClass: attributeSchema -lDAPDisplayName: fSMORoleOwner -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 66171887-8f3c-11d0-afda-00c04fd930c9 -adminDisplayName: FSMO-Role-Owner attributeID: 1.2.840.113556.1.4.369 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: FSMO-Role-Owner oMObjectClass:: KwwCh3McAIVK +adminDescription: FSMO-Role-Owner +oMSyntax: 127 +searchFlags: 1 +lDAPDisplayName: fSMORoleOwner +schemaIDGUID: 66171887-8f3c-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Retired-Repl-DSA-Signatures,${SCHEMADN} -cn: Retired-Repl-DSA-Signatures -name: Retired-Repl-DSA-Signatures objectClass: top objectClass: attributeSchema -lDAPDisplayName: retiredReplDSASignatures -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1 -adminDisplayName: Retired-Repl-DSA-Signatures attributeID: 1.2.840.113556.1.4.673 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Retired-Repl-DSA-Signatures +adminDescription: Retired-Repl-DSA-Signatures oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: retiredReplDSASignatures +schemaIDGUID: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Network-Address,${SCHEMADN} -cn: Network-Address -name: Network-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: networkAddress -isSingleValued: FALSE -systemOnly: FALSE -schemaIDGUID: bf9679d9-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Network-Address attributeID: 1.2.840.113556.1.2.459 attributeSyntax: 2.5.5.4 +isSingleValued: FALSE +rangeLower: 0 +rangeUpper: 256 +mAPIID: 33136 +showInAdvancedViewOnly: TRUE +adminDisplayName: Network-Address +adminDescription: Network-Address oMSyntax: 20 +searchFlags: 0 +lDAPDisplayName: networkAddress +schemaIDGUID: bf9679d9-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-Version,${SCHEMADN} -cn: Schema-Version -name: Schema-Version objectClass: top objectClass: attributeSchema -lDAPDisplayName: schemaVersion -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a2c-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Schema-Version attributeID: 1.2.840.113556.1.2.471 attributeSyntax: 2.5.5.9 +isSingleValued: FALSE +mAPIID: 33148 +showInAdvancedViewOnly: TRUE +adminDisplayName: Schema-Version +adminDescription: Schema-Version oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: schemaVersion +schemaIDGUID: bf967a2c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Poss-Superiors,${SCHEMADN} -cn: Poss-Superiors -name: Poss-Superiors objectClass: top objectClass: attributeSchema -lDAPDisplayName: possSuperiors -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679fa-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Poss-Superiors attributeID: 1.2.840.113556.1.2.8 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Poss-Superiors +adminDescription: Poss-Superiors oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: possSuperiors +schemaIDGUID: bf9679fa-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Security-Descriptor,${SCHEMADN} -cn: Default-Security-Descriptor -name: Default-Security-Descriptor objectClass: top objectClass: attributeSchema -lDAPDisplayName: defaultSecurityDescriptor -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 807a6d30-1669-11d0-a064-00aa006c33ed -adminDisplayName: Default-Security-Descriptor attributeID: 1.2.840.113556.1.4.224 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 32767 +showInAdvancedViewOnly: TRUE +adminDisplayName: Default-Security-Descriptor +adminDescription: Default-Security-Descriptor oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: defaultSecurityDescriptor +schemaIDGUID: 807a6d30-1669-11d0-a064-00aa006c33ed +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-SMIME-Certificate,${SCHEMADN} -cn: User-SMIME-Certificate -name: User-SMIME-Certificate objectClass: top objectClass: attributeSchema -lDAPDisplayName: userSMIMECertificate -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: e16a9db2-403c-11d1-a9c0-0000f80367c1 -adminDisplayName: User-SMIME-Certificate attributeID: 2.16.840.1.113730.3.140 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeUpper: 32768 +mAPIID: 14960 +showInAdvancedViewOnly: TRUE +adminDisplayName: User-SMIME-Certificate +adminDescription: User-SMIME-Certificate oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: userSMIMECertificate +schemaIDGUID: e16a9db2-403c-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 0 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=userPKCS12,${SCHEMADN} -cn: userPKCS12 -name: userPKCS12 objectClass: top objectClass: attributeSchema -lDAPDisplayName: userPKCS12 -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 23998ab5-70f8-4007-a4c1-a84a38311f9a -adminDisplayName: userPKCS12 attributeID: 2.16.840.1.113730.3.1.216 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: userPKCS12 +adminDescription: PKCS #12 PFX PDU for exchange of personal identity information. oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: userPKCS12 +schemaIDGUID: 23998ab5-70f8-4007-a4c1-a84a38311f9a +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Account-Control,${SCHEMADN} -cn: User-Account-Control -name: User-Account-Control objectClass: top objectClass: attributeSchema -lDAPDisplayName: userAccountControl -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf967a68-0de6-11d0-a285-00aa003049e2 -adminDisplayName: User-Account-Control attributeID: 1.2.840.113556.1.4.8 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Account-Control +adminDescription: User-Account-Control oMSyntax: 2 +searchFlags: 25 +lDAPDisplayName: userAccountControl +schemaIDGUID: bf967a68-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Terminal-Server,${SCHEMADN} -cn: Terminal-Server -name: Terminal-Server objectClass: top objectClass: attributeSchema -lDAPDisplayName: terminalServer -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 6db69a1c-9422-11d1-aebd-0000f80367c1 -adminDisplayName: Terminal-Server attributeID: 1.2.840.113556.1.4.885 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeUpper: 20480 +showInAdvancedViewOnly: TRUE +adminDisplayName: Terminal-Server +adminDescription: Terminal-Server oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: terminalServer +schemaIDGUID: 6db69a1c-9422-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Account-Expires,${SCHEMADN} -cn: Account-Expires -name: Account-Expires objectClass: top objectClass: attributeSchema -lDAPDisplayName: accountExpires -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967915-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Account-Expires attributeID: 1.2.840.113556.1.4.159 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Account-Expires +adminDescription: Account-Expires oMSyntax: 65 +searchFlags: 16 +lDAPDisplayName: accountExpires +schemaIDGUID: bf967915-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Type,${SCHEMADN} -cn: Group-Type -name: Group-Type objectClass: top objectClass: attributeSchema -lDAPDisplayName: groupType -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1 -adminDisplayName: Group-Type attributeID: 1.2.840.113556.1.4.750 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Group-Type +adminDescription: Group-Type oMSyntax: 2 +searchFlags: 9 +lDAPDisplayName: groupType +schemaIDGUID: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NT-Group-Members,${SCHEMADN} -cn: NT-Group-Members -name: NT-Group-Members objectClass: top objectClass: attributeSchema -lDAPDisplayName: nTGroupMembers -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679df-0de6-11d0-a285-00aa003049e2 -adminDisplayName: NT-Group-Members attributeID: 1.2.840.113556.1.4.89 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: NT-Group-Members +adminDescription: NT-Group-Members oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: nTGroupMembers +schemaIDGUID: bf9679df-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=WWW-Page-Other,${SCHEMADN} -cn: WWW-Page-Other -name: WWW-Page-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: url -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1 -adminDisplayName: WWW-Page-Other attributeID: 1.2.840.113556.1.4.749 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +mAPIID: 33141 +showInAdvancedViewOnly: TRUE +adminDisplayName: WWW-Page-Other +adminDescription: WWW-Page-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: url +schemaIDGUID: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1 +attributeSecurityGUID: e45795b3-9455-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Revision,${SCHEMADN} -cn: Revision -name: Revision objectClass: top objectClass: attributeSchema -lDAPDisplayName: revision -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a21-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Revision attributeID: 1.2.840.113556.1.4.145 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Revision +adminDescription: Revision oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: revision +schemaIDGUID: bf967a21-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Version,${SCHEMADN} -cn: Object-Version -name: Object-Version objectClass: top objectClass: attributeSchema -lDAPDisplayName: objectVersion -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 16775848-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: Object-Version attributeID: 1.2.840.113556.1.2.76 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 33015 +showInAdvancedViewOnly: TRUE +adminDisplayName: Object-Version +adminDescription: Object-Version oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: objectVersion +schemaIDGUID: 16775848-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,${SCHEMADN} -cn: ms-DS-NC-Repl-Inbound-Neighbors -name: ms-DS-NC-Repl-Inbound-Neighbors objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-NCReplInboundNeighbors -isSingleValued: FALSE -systemFlags: 20 -systemOnly: FALSE -schemaIDGUID: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796 -adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors attributeID: 1.2.840.113556.1.4.1705 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-NC-Repl-Inbound-Neighbors +adminDescription: ms-DS-NC-Repl-Inbound-Neighbors oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-NCReplInboundNeighbors +schemaIDGUID: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796 +systemOnly: FALSE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-COM-UserLink,${SCHEMADN} -cn: ms-COM-UserLink -name: ms-COM-UserLink objectClass: top objectClass: attributeSchema -lDAPDisplayName: msCOM-UserLink +attributeID: 1.2.840.113556.1.4.1425 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 1049 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 9e6f3a4d-242c-4f37-b068-36b57f9fc852 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-COM-UserLink -attributeID: 1.2.840.113556.1.4.1425 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Link from a PartitionSet to a User. Default = adminDisplayName +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msCOM-UserLink +schemaIDGUID: 9e6f3a4d-242c-4f37-b068-36b57f9fc852 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Mastered-By,${SCHEMADN} -cn: Mastered-By -name: Mastered-By objectClass: top objectClass: attributeSchema -lDAPDisplayName: masteredBy +attributeID: 1.2.840.113556.1.4.1409 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 77 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: e48e64e0-12c9-11d3-9102-00c04fd91ab1 +showInAdvancedViewOnly: TRUE adminDisplayName: Mastered-By -attributeID: 1.2.840.113556.1.4.1409 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Mastered-By +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: masteredBy +schemaIDGUID: e48e64e0-12c9-11d3-9102-00c04fd91ab1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Canonical-Name,${SCHEMADN} -cn: Canonical-Name -name: Canonical-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: canonicalName -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad945-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Canonical-Name attributeID: 1.2.840.113556.1.4.916 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Canonical-Name +adminDescription: Canonical-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: canonicalName +schemaIDGUID: 9a7ad945-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Replica-Locations,${SCHEMADN} -cn: ms-DS-NC-Replica-Locations -name: ms-DS-NC-Replica-Locations objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-NC-Replica-Locations +attributeID: 1.2.840.113556.1.4.1661 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 1044 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 97de9615-b537-46bc-ac0f-10720f3909f3 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-DS-NC-Replica-Locations -attributeID: 1.2.840.113556.1.4.1661 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: This is a list of servers that are the replica set for the corresponding Non-Domain Naming Context. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-NC-Replica-Locations +schemaIDGUID: 97de9615-b537-46bc-ac0f-10720f3909f3 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-UpdateScript,${SCHEMADN} -cn: ms-DS-UpdateScript -name: ms-DS-UpdateScript objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-UpdateScript -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 146eb639-bb9f-4fc1-a825-e29e00c77920 -adminDisplayName: ms-DS-UpdateScript attributeID: 1.2.840.113556.1.4.1721 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-UpdateScript +adminDescription: ms-DS-UpdateScript oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-UpdateScript +schemaIDGUID: 146eb639-bb9f-4fc1-a825-e29e00c77920 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Next-Rid,${SCHEMADN} -cn: Next-Rid -name: Next-Rid objectClass: top objectClass: attributeSchema -lDAPDisplayName: nextRid -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679db-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Next-Rid attributeID: 1.2.840.113556.1.4.88 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Next-Rid +adminDescription: Next-Rid oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: nextRid +schemaIDGUID: bf9679db-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=X121-Address,${SCHEMADN} -cn: X121-Address -name: X121-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: x121Address -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a7b-0de6-11d0-a285-00aa003049e2 -adminDisplayName: X121-Address attributeID: 2.5.4.24 attributeSyntax: 2.5.5.6 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 15 +mAPIID: 33112 +showInAdvancedViewOnly: TRUE +adminDisplayName: X121-Address +adminDescription: X121-Address oMSyntax: 18 +searchFlags: 0 +lDAPDisplayName: x121Address +schemaIDGUID: bf967a7b-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Password,${SCHEMADN} -cn: User-Password -name: User-Password objectClass: top objectClass: attributeSchema -lDAPDisplayName: userPassword -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a6e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: User-Password attributeID: 2.5.4.35 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 33107 +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Password +adminDescription: User-Password oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: userPassword +schemaIDGUID: bf967a6e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Telephone-Number,${SCHEMADN} -cn: Telephone-Number -name: Telephone-Number objectClass: top objectClass: attributeSchema -lDAPDisplayName: telephoneNumber -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a49-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Telephone-Number attributeID: 2.5.4.20 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14856 +showInAdvancedViewOnly: TRUE +adminDisplayName: Telephone-Number +adminDescription: Telephone-Number oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: telephoneNumber +schemaIDGUID: bf967a49-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Department,${SCHEMADN} -cn: Department -name: Department objectClass: top objectClass: attributeSchema -lDAPDisplayName: department -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96794f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Department attributeID: 1.2.840.113556.1.2.141 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14872 +showInAdvancedViewOnly: TRUE +adminDisplayName: Department +adminDescription: Department oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: department +schemaIDGUID: bf96794f-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Policy-Replication-Flags,${SCHEMADN} -cn: Policy-Replication-Flags -name: Policy-Replication-Flags +dn: CN=Is-Member-Of-Partial-Attribute-Set,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: policyReplicationFlags +attributeID: 1.2.840.113556.1.4.639 +attributeSyntax: 2.5.5.8 isSingleValued: TRUE -systemFlags: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Is-Member-Of-Partial-Attribute-Set +adminDescription: Is-Member-Of-Partial-Attribute-Set +oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: isMemberOfPartialAttributeSet +schemaIDGUID: 19405b9d-3cfa-11d1-a9c0-0000f80367c1 systemOnly: FALSE -schemaIDGUID: 19405b96-3cfa-11d1-a9c0-0000f80367c1 -adminDisplayName: Policy-Replication-Flags +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Policy-Replication-Flags,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.633 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Policy-Replication-Flags +adminDescription: Policy-Replication-Flags oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: policyReplicationFlags +schemaIDGUID: 19405b96-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Application-Name,${SCHEMADN} -cn: Application-Name -name: Application-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: applicationName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: dd712226-10e4-11d0-a05f-00aa006c33ed -adminDisplayName: Application-Name attributeID: 1.2.840.113556.1.4.218 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: Application-Name +adminDescription: Application-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: applicationName +schemaIDGUID: dd712226-10e4-11d0-a05f-00aa006c33ed +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-May-Contain,${SCHEMADN} -cn: System-May-Contain -name: System-May-Contain objectClass: top objectClass: attributeSchema -lDAPDisplayName: systemMayContain -isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a44-0de6-11d0-a285-00aa003049e2 -adminDisplayName: System-May-Contain attributeID: 1.2.840.113556.1.4.196 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: System-May-Contain +adminDescription: System-May-Contain oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: systemMayContain +schemaIDGUID: bf967a44-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRASSavedFramedRoute,${SCHEMADN} -cn: msRASSavedFramedRoute -name: msRASSavedFramedRoute objectClass: top objectClass: attributeSchema -lDAPDisplayName: msRASSavedFramedRoute -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c90c7-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msRASSavedFramedRoute attributeID: 1.2.840.113556.1.4.1191 attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: msRASSavedFramedRoute +adminDescription: msRASSavedFramedRoute oMSyntax: 22 +searchFlags: 0 +lDAPDisplayName: msRASSavedFramedRoute +schemaIDGUID: db0c90c7-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRASSavedCallbackNumber,${SCHEMADN} -cn: msRASSavedCallbackNumber -name: msRASSavedCallbackNumber objectClass: top objectClass: attributeSchema -lDAPDisplayName: msRASSavedCallbackNumber -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c90c5-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msRASSavedCallbackNumber attributeID: 1.2.840.113556.1.4.1189 attributeSyntax: 2.5.5.5 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: msRASSavedCallbackNumber +adminDescription: msRASSavedCallbackNumber oMSyntax: 22 +searchFlags: 0 +lDAPDisplayName: msRASSavedCallbackNumber +schemaIDGUID: db0c90c5-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Type,${SCHEMADN} -cn: Trust-Type -name: Trust-Type objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustType -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a60-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Trust-Type attributeID: 1.2.840.113556.1.4.136 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Type +adminDescription: Trust-Type oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: trustType +schemaIDGUID: bf967a60-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Replica,${SCHEMADN} -cn: Domain-Replica -name: Domain-Replica objectClass: top objectClass: attributeSchema -lDAPDisplayName: domainReplica -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96795e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Domain-Replica attributeID: 1.2.840.113556.1.4.158 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 32767 +showInAdvancedViewOnly: TRUE +adminDisplayName: Domain-Replica +adminDescription: Domain-Replica oMSyntax: 64 - -dn: CN=Personal-Title,${SCHEMADN} -cn: Personal-Title -name: Personal-Title +searchFlags: 0 +lDAPDisplayName: domainReplica +schemaIDGUID: bf96795e-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Personal-Title,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: personalTitle -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 16775858-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: Personal-Title attributeID: 1.2.840.113556.1.2.615 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 35947 +showInAdvancedViewOnly: TRUE +adminDisplayName: Personal-Title +adminDescription: Personal-Title oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: personalTitle +schemaIDGUID: 16775858-47f3-11d1-a9c3-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Mailbox,${SCHEMADN} -cn: Other-Mailbox -name: Other-Mailbox objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherMailbox -isSingleValued: FALSE -systemOnly: FALSE -schemaIDGUID: 0296c123-40da-11d1-a9c0-0000f80367c1 -adminDisplayName: Other-Mailbox attributeID: 1.2.840.113556.1.4.651 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Other-Mailbox +adminDescription: Other-Mailbox oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: otherMailbox +schemaIDGUID: 0296c123-40da-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=E-mail-Addresses,${SCHEMADN} -cn: E-mail-Addresses -name: E-mail-Addresses objectClass: top objectClass: attributeSchema -lDAPDisplayName: mail -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967961-0de6-11d0-a285-00aa003049e2 -adminDisplayName: E-mail-Addresses attributeID: 0.9.2342.19200300.100.1.3 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 256 +mAPIID: 14846 +showInAdvancedViewOnly: TRUE +adminDisplayName: E-mail-Addresses +adminDescription: E-mail-Addresses oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: mail +schemaIDGUID: bf967961-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=ms-DS-Other-Settings,${SCHEMADN} -cn: ms-DS-Other-Settings -name: ms-DS-Other-Settings +dn: CN=OM-Syntax,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Other-Settings -isSingleValued: FALSE +attributeID: 1.2.840.113556.1.2.231 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 33022 +showInAdvancedViewOnly: TRUE +adminDisplayName: OM-Syntax +adminDescription: OM-Syntax +oMSyntax: 2 +searchFlags: 8 +lDAPDisplayName: oMSyntax +schemaIDGUID: bf9679ed-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Is-Defunct,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.661 +attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Is-Defunct +adminDescription: Is-Defunct +oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: isDefunct +schemaIDGUID: 28630ebe-41d5-11d1-a9c1-0000f80367c1 systemOnly: FALSE -schemaIDGUID: 79d2f34c-9d7d-42bb-838f-866b3e4400e2 -adminDisplayName: ms-DS-Other-Settings +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=ms-DS-Other-Settings,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.1621 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Other-Settings +adminDescription: ms-DS-Other-Settings oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-Other-Settings +schemaIDGUID: 79d2f34c-9d7d-42bb-838f-866b3e4400e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Machine-Role,${SCHEMADN} -cn: Machine-Role -name: Machine-Role objectClass: top objectClass: attributeSchema -lDAPDisplayName: machineRole -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679b2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Machine-Role attributeID: 1.2.840.113556.1.4.71 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Machine-Role +adminDescription: Machine-Role oMSyntax: 10 +searchFlags: 0 +lDAPDisplayName: machineRole +schemaIDGUID: bf9679b2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Domain-Timeout,${SCHEMADN} -cn: ms-DS-Az-Domain-Timeout -name: ms-DS-Az-Domain-Timeout objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzDomainTimeout -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0 -adminDisplayName: MS-DS-Az-Domain-Timeout attributeID: 1.2.840.113556.1.4.1795 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Domain-Timeout +adminDescription: Time (in ms) after a domain is detected to be un-reachable, and before the DC is tried again oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-AzDomainTimeout +schemaIDGUID: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Auxiliary-Class,${SCHEMADN} -cn: System-Auxiliary-Class -name: System-Auxiliary-Class objectClass: top objectClass: attributeSchema -lDAPDisplayName: systemAuxiliaryClass -isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a43-0de6-11d0-a285-00aa003049e2 -adminDisplayName: System-Auxiliary-Class attributeID: 1.2.840.113556.1.4.198 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: System-Auxiliary-Class +adminDescription: System-Auxiliary-Class oMSyntax: 6 - -dn: CN=Is-Defunct,${SCHEMADN} -cn: Is-Defunct -name: Is-Defunct -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: isDefunct -isSingleValued: TRUE +searchFlags: 0 +lDAPDisplayName: systemAuxiliaryClass +schemaIDGUID: bf967a43-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 28630ebe-41d5-11d1-a9c1-0000f80367c1 -adminDisplayName: Is-Defunct -attributeID: 1.2.840.113556.1.4.661 -attributeSyntax: 2.5.5.8 -oMSyntax: 1 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Primary-Group-ID,${SCHEMADN} -cn: Primary-Group-ID -name: Primary-Group-ID objectClass: top objectClass: attributeSchema -lDAPDisplayName: primaryGroupID -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf967a00-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Primary-Group-ID attributeID: 1.2.840.113556.1.4.98 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Primary-Group-ID +adminDescription: Primary-Group-ID oMSyntax: 2 +searchFlags: 17 +lDAPDisplayName: primaryGroupID +schemaIDGUID: bf967a00-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lm-Pwd-History,${SCHEMADN} -cn: Lm-Pwd-History -name: Lm-Pwd-History objectClass: top objectClass: attributeSchema -lDAPDisplayName: lmPwdHistory -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96799d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Lm-Pwd-History attributeID: 1.2.840.113556.1.4.160 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Lm-Pwd-History +adminDescription: Lm-Pwd-History oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: lmPwdHistory +schemaIDGUID: bf96799d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Membership-SAM,${SCHEMADN} -cn: Group-Membership-SAM -name: Group-Membership-SAM objectClass: top objectClass: attributeSchema -lDAPDisplayName: groupMembershipSAM -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967980-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Group-Membership-SAM attributeID: 1.2.840.113556.1.4.166 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Group-Membership-SAM +adminDescription: Group-Membership-SAM oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: groupMembershipSAM +schemaIDGUID: bf967980-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Partner,${SCHEMADN} -cn: Trust-Partner -name: Trust-Partner objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustPartner -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a5d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Trust-Partner attributeID: 1.2.840.113556.1.4.133 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 1024 +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Partner +adminDescription: Trust-Partner oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: trustPartner +schemaIDGUID: bf967a5d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Instance-Type,${SCHEMADN} -cn: Instance-Type -name: Instance-Type objectClass: top objectClass: attributeSchema -lDAPDisplayName: instanceType -isSingleValued: TRUE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: bf96798c-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Instance-Type attributeID: 1.2.840.113556.1.2.1 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 32957 +showInAdvancedViewOnly: TRUE +adminDisplayName: Instance-Type +adminDescription: Instance-Type oMSyntax: 2 +searchFlags: 8 +lDAPDisplayName: instanceType +schemaIDGUID: bf96798c-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Treat-As-Leaf,${SCHEMADN} -cn: Treat-As-Leaf -name: Treat-As-Leaf objectClass: top objectClass: attributeSchema -lDAPDisplayName: treatAsLeaf -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8fd044e3-771f-11d1-aeae-0000f80367c1 -adminDisplayName: Treat-As-Leaf attributeID: 1.2.840.113556.1.4.806 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Treat-As-Leaf +adminDescription: Treat-As-Leaf oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: treatAsLeaf +schemaIDGUID: 8fd044e3-771f-11d1-aeae-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Property-Pages,${SCHEMADN} -cn: Admin-Property-Pages -name: Admin-Property-Pages objectClass: top objectClass: attributeSchema -lDAPDisplayName: adminPropertyPages -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 52458038-ca6a-11d0-afff-0000f80367c1 -adminDisplayName: Admin-Property-Pages attributeID: 1.2.840.113556.1.4.562 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Admin-Property-Pages +adminDescription: Admin-Property-Pages oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: adminPropertyPages +schemaIDGUID: 52458038-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Scope-Name,${SCHEMADN} -cn: ms-DS-Az-Scope-Name -name: ms-DS-Az-Scope-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzScopeName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 515a6b06-2617-4173-8099-d5605df043c6 -adminDisplayName: MS-DS-Az-Scope-Name attributeID: 1.2.840.113556.1.4.1799 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 65536 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Scope-Name +adminDescription: A string that uniquely identifies a scope object oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AzScopeName +schemaIDGUID: 515a6b06-2617-4173-8099-d5605df043c6 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=See-Also,${SCHEMADN} -cn: See-Also -name: See-Also objectClass: top objectClass: attributeSchema -lDAPDisplayName: seeAlso -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a31-0de6-11d0-a285-00aa003049e2 -adminDisplayName: See-Also attributeID: 2.5.4.34 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +mAPIID: 33071 +showInAdvancedViewOnly: TRUE +adminDisplayName: See-Also oMObjectClass:: KwwCh3McAIVK +adminDescription: See-Also +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: seeAlso +schemaIDGUID: bf967a31-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=LDAP-IPDeny-List,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.844 +attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: LDAP-IPDeny-List +adminDescription: LDAP-IPDeny-List +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: lDAPIPDenyList +schemaIDGUID: 7359a353-90f7-11d1-aebc-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Retired-Repl-NC-Signatures,${SCHEMADN} -cn: ms-DS-Retired-Repl-NC-Signatures -name: ms-DS-Retired-Repl-NC-Signatures objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-RetiredReplNCSignatures -isSingleValued: TRUE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: d5b35506-19d6-4d26-9afb-11357ac99b5e -adminDisplayName: ms-DS-Retired-Repl-NC-Signatures attributeID: 1.2.840.113556.1.4.1826 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Retired-Repl-NC-Signatures +adminDescription: Information about naming contexts that are no longer held on this computer oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: msDS-RetiredReplNCSignatures +schemaIDGUID: d5b35506-19d6-4d26-9afb-11357ac99b5e +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Has-Master-NCs,${SCHEMADN} -cn: Has-Master-NCs -name: Has-Master-NCs objectClass: top objectClass: attributeSchema -lDAPDisplayName: hasMasterNCs +attributeID: 1.2.840.113556.1.2.14 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +mAPIID: 32950 linkID: 76 -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967982-0de6-11d0-a285-00aa003049e2 +showInAdvancedViewOnly: TRUE adminDisplayName: Has-Master-NCs -attributeID: 1.2.840.113556.1.2.14 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Has-Master-NCs +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: hasMasterNCs +schemaIDGUID: bf967982-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Modified-Count-At-Last-Prom,${SCHEMADN} -cn: Modified-Count-At-Last-Prom -name: Modified-Count-At-Last-Prom objectClass: top objectClass: attributeSchema -lDAPDisplayName: modifiedCountAtLastProm -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679c6-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Modified-Count-At-Last-Prom attributeID: 1.2.840.113556.1.4.81 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Modified-Count-At-Last-Prom +adminDescription: Modified-Count-At-Last-Prom oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: modifiedCountAtLastProm +schemaIDGUID: bf9679c6-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Min-Pwd-Age,${SCHEMADN} -cn: Min-Pwd-Age -name: Min-Pwd-Age objectClass: top objectClass: attributeSchema -lDAPDisplayName: minPwdAge -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679c2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Min-Pwd-Age attributeID: 1.2.840.113556.1.4.78 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Min-Pwd-Age +adminDescription: Min-Pwd-Age oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: minPwdAge +schemaIDGUID: bf9679c2-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Force-Logoff,${SCHEMADN} -cn: Force-Logoff -name: Force-Logoff objectClass: top objectClass: attributeSchema -lDAPDisplayName: forceLogoff -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967977-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Force-Logoff attributeID: 1.2.840.113556.1.4.39 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Force-Logoff +adminDescription: Force-Logoff oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: forceLogoff +schemaIDGUID: bf967977-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Move-Tree-State,${SCHEMADN} -cn: Move-Tree-State -name: Move-Tree-State objectClass: top objectClass: attributeSchema -lDAPDisplayName: moveTreeState -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1 -adminDisplayName: Move-Tree-State attributeID: 1.2.840.113556.1.4.1305 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Move-Tree-State +adminDescription: Move-Tree-State oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: moveTreeState +schemaIDGUID: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Allowed-To-Delegate-To,${SCHEMADN} -cn: ms-DS-Allowed-To-Delegate-To -name: ms-DS-Allowed-To-Delegate-To objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AllowedToDelegateTo -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 800d94d7-b7a1-42a1-b14d-7cae1423d07f -adminDisplayName: ms-DS-Allowed-To-Delegate-To attributeID: 1.2.840.113556.1.4.1787 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Allowed-To-Delegate-To +adminDescription: Allowed-To-Delegate-To contains a list of SPNs that are used for Constrained Delegation oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AllowedToDelegateTo +schemaIDGUID: 800d94d7-b7a1-42a1-b14d-7cae1423d07f +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=DNS-Host-Name,${SCHEMADN} -cn: DNS-Host-Name -name: DNS-Host-Name +dn: CN=System-Only,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: dNSHostName +attributeID: 1.2.840.113556.1.4.170 +attributeSyntax: 2.5.5.8 isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: System-Only +adminDescription: System-Only +oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: systemOnly +schemaIDGUID: bf967a46-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd -adminDisplayName: DNS-Host-Name -attributeID: 1.2.840.113556.1.4.619 -attributeSyntax: 2.5.5.12 -oMSyntax: 64 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=ms-DS-Az-Minor-Version,${SCHEMADN} -cn: ms-DS-Az-Minor-Version -name: ms-DS-Az-Minor-Version +dn: CN=ms-DS-IntId,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzMinorVersion -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: ee85ed93-b209-4788-8165-e702f51bfbf3 -adminDisplayName: MS-DS-Az-Minor-Version -attributeID: 1.2.840.113556.1.4.1825 +attributeID: 1.2.840.113556.1.4.1716 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-IntId +adminDescription: ms-DS-IntId oMSyntax: 2 +searchFlags: 8 +lDAPDisplayName: msDS-IntId +schemaIDGUID: bc60096a-1b47-4b30-8877-602c93f56532 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=System-Only,${SCHEMADN} -cn: System-Only -name: System-Only +dn: CN=DNS-Host-Name,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: systemOnly +attributeID: 1.2.840.113556.1.4.619 +attributeSyntax: 2.5.5.12 isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 2048 +showInAdvancedViewOnly: TRUE +adminDisplayName: DNS-Host-Name +adminDescription: DNS-Host-Name +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: dNSHostName +schemaIDGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd +attributeSecurityGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd +systemOnly: FALSE systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a46-0de6-11d0-a285-00aa003049e2 -adminDisplayName: System-Only -attributeID: 1.2.840.113556.1.4.170 -attributeSyntax: 2.5.5.8 -oMSyntax: 1 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=ms-DS-IntId,${SCHEMADN} -cn: ms-DS-IntId -name: ms-DS-IntId +dn: CN=ms-DS-Az-Minor-Version,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-IntId -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bc60096a-1b47-4b30-8877-602c93f56532 -adminDisplayName: ms-DS-IntId -attributeID: 1.2.840.113556.1.4.1716 +attributeID: 1.2.840.113556.1.4.1825 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Minor-Version +adminDescription: Minor version number for AzRoles oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-AzMinorVersion +schemaIDGUID: ee85ed93-b209-4788-8165-e702f51bfbf3 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bad-Password-Time,${SCHEMADN} -cn: Bad-Password-Time -name: Bad-Password-Time objectClass: top objectClass: attributeSchema -lDAPDisplayName: badPasswordTime -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: bf96792d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Bad-Password-Time attributeID: 1.2.840.113556.1.4.49 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Bad-Password-Time +adminDescription: Bad-Password-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: badPasswordTime +schemaIDGUID: bf96792d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Primary-Group-Token,${SCHEMADN} -cn: Primary-Group-Token -name: Primary-Group-Token objectClass: top objectClass: attributeSchema -lDAPDisplayName: primaryGroupToken -isSingleValued: TRUE -systemFlags: 20 -systemOnly: TRUE -schemaIDGUID: c0ed8738-7efd-4481-84d9-66d2db8be369 -adminDisplayName: Primary-Group-Token attributeID: 1.2.840.113556.1.4.1412 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Primary-Group-Token +adminDescription: Primary-Group-Token oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: primaryGroupToken +schemaIDGUID: c0ed8738-7efd-4481-84d9-66d2db8be369 +systemOnly: TRUE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Intersite,${SCHEMADN} -cn: USN-Intersite -name: USN-Intersite objectClass: top objectClass: attributeSchema -lDAPDisplayName: USNIntersite -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: a8df7498-c5ea-11d1-bbcb-0080c76670c0 -adminDisplayName: USN-Intersite attributeID: 1.2.840.113556.1.2.469 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 33146 +showInAdvancedViewOnly: TRUE +adminDisplayName: USN-Intersite +adminDescription: USN-Intersite oMSyntax: 2 +searchFlags: 1 +lDAPDisplayName: USNIntersite +schemaIDGUID: a8df7498-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=FRS-Member-Reference-BL,${SCHEMADN} -cn: FRS-Member-Reference-BL -name: FRS-Member-Reference-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: fRSMemberReferenceBL +attributeID: 1.2.840.113556.1.4.876 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 105 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 2a13257f-9373-11d1-aebc-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: FRS-Member-Reference-BL -attributeID: 1.2.840.113556.1.4.876 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: FRS-Member-Reference-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: fRSMemberReferenceBL +schemaIDGUID: 2a13257f-9373-11d1-aebc-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-SD-Reference-Domain,${SCHEMADN} -cn: ms-DS-SD-Reference-Domain -name: ms-DS-SD-Reference-Domain objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-SDReferenceDomain +attributeID: 1.2.840.113556.1.4.1711 +attributeSyntax: 2.5.5.1 isSingleValued: TRUE linkID: 2000 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 4c51e316-f628-43a5-b06b-ffb695fcb4f3 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-DS-SD-Reference-Domain -attributeID: 1.2.840.113556.1.4.1711 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: The domain to be used for default security descriptor translation for a Non-Domain Naming Context. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-SDReferenceDomain +schemaIDGUID: 4c51e316-f628-43a5-b06b-ffb695fcb4f3 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Last-Backup-Restoration-Time,${SCHEMADN} -cn: Last-Backup-Restoration-Time -name: Last-Backup-Restoration-Time +dn: CN=LDAP-Admin-Limits,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: lastBackupRestorationTime -isSingleValued: TRUE -systemFlags: 16 +attributeID: 1.2.840.113556.1.4.843 +attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: LDAP-Admin-Limits +adminDescription: LDAP-Admin-Limits +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: lDAPAdminLimits +schemaIDGUID: 7359a352-90f7-11d1-aebc-0000f80367c1 systemOnly: FALSE -schemaIDGUID: 1fbb0be8-ba63-11d0-afef-0000f80367c1 -adminDisplayName: Last-Backup-Restoration-Time +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Last-Backup-Restoration-Time,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.519 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Last-Backup-Restoration-Time +adminDescription: Last-Backup-Restoration-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lastBackupRestorationTime +schemaIDGUID: 1fbb0be8-ba63-11d0-afef-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Tree-Name,${SCHEMADN} -cn: Tree-Name -name: Tree-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: treeName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 28630ebd-41d5-11d1-a9c1-0000f80367c1 -adminDisplayName: Tree-Name attributeID: 1.2.840.113556.1.4.660 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Tree-Name +adminDescription: Tree-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: treeName +schemaIDGUID: 28630ebd-41d5-11d1-a9c1-0000f80367c1 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=OEM-Information,${SCHEMADN} -cn: OEM-Information -name: OEM-Information objectClass: top objectClass: attributeSchema -lDAPDisplayName: oEMInformation -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679ea-0de6-11d0-a285-00aa003049e2 -adminDisplayName: OEM-Information attributeID: 1.2.840.113556.1.4.151 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 32767 +showInAdvancedViewOnly: TRUE +adminDisplayName: OEM-Information +adminDescription: OEM-Information oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: oEMInformation +schemaIDGUID: bf9679ea-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Given-Name,${SCHEMADN} -cn: Given-Name -name: Given-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: givenName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ff8e-1191-11d0-a060-00aa006c33ed -adminDisplayName: Given-Name attributeID: 2.5.4.42 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14854 +showInAdvancedViewOnly: TRUE +adminDisplayName: Given-Name +adminDescription: Given-Name oMSyntax: 64 +searchFlags: 5 +lDAPDisplayName: givenName +schemaIDGUID: f0f8ff8e-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SPN-Mappings,${SCHEMADN} -cn: SPN-Mappings -name: SPN-Mappings objectClass: top objectClass: attributeSchema -lDAPDisplayName: sPNMappings -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2ab0e76c-7041-11d2-9905-0000f87a57d4 -adminDisplayName: SPN-Mappings attributeID: 1.2.840.113556.1.4.1347 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: SPN-Mappings +adminDescription: SPN-Mappings oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: sPNMappings +schemaIDGUID: 2ab0e76c-7041-11d2-9905-0000f87a57d4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operating-System-Version,${SCHEMADN} -cn: Operating-System-Version -name: Operating-System-Version objectClass: top objectClass: attributeSchema -lDAPDisplayName: operatingSystemVersion -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e978926-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Operating-System-Version attributeID: 1.2.840.113556.1.4.364 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Operating-System-Version +adminDescription: Operating-System-Version oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: operatingSystemVersion +schemaIDGUID: 3e978926-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Notification-List,${SCHEMADN} -cn: Notification-List -name: Notification-List objectClass: top objectClass: attributeSchema -lDAPDisplayName: notificationList -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 19195a56-6da0-11d0-afd3-00c04fd930c9 -adminDisplayName: Notification-List attributeID: 1.2.840.113556.1.4.303 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Notification-List oMObjectClass:: KwwCh3McAIVK +adminDescription: Notification-List +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: notificationList +schemaIDGUID: 19195a56-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Token-Groups,${SCHEMADN} -cn: Token-Groups -name: Token-Groups objectClass: top objectClass: attributeSchema -lDAPDisplayName: tokenGroups -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: FALSE -schemaIDGUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 -adminDisplayName: Token-Groups attributeID: 1.2.840.113556.1.4.1301 attributeSyntax: 2.5.5.17 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Token-Groups +adminDescription: Token-Groups oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: tokenGroups +schemaIDGUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=carLicense,${SCHEMADN} -cn: carLicense -name: carLicense objectClass: top objectClass: attributeSchema -lDAPDisplayName: carLicense -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: d4159c92-957d-4a87-8a67-8d2934e01649 -adminDisplayName: carLicense attributeID: 2.16.840.1.113730.3.1.1 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: carLicense +adminDescription: Vehicle license or registration plate. oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: carLicense +schemaIDGUID: d4159c92-957d-4a87-8a67-8d2934e01649 +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Preferred-OU,${SCHEMADN} -cn: Preferred-OU -name: Preferred-OU objectClass: top objectClass: attributeSchema -lDAPDisplayName: preferredOU -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679ff-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Preferred-OU attributeID: 1.2.840.113556.1.4.97 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Preferred-OU oMObjectClass:: KwwCh3McAIVK +adminDescription: Preferred-OU +oMSyntax: 127 +searchFlags: 16 +lDAPDisplayName: preferredOU +schemaIDGUID: bf9679ff-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Creator-SID,${SCHEMADN} -cn: MS-DS-Creator-SID -name: MS-DS-Creator-SID objectClass: top objectClass: attributeSchema -lDAPDisplayName: mS-DS-CreatorSID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: c5e60132-1480-11d3-91c1-0000f87a57d4 -adminDisplayName: MS-DS-Creator-SID attributeID: 1.2.840.113556.1.4.1410 attributeSyntax: 2.5.5.17 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Creator-SID +adminDescription: MS-DS-Creator-SID oMSyntax: 4 +searchFlags: 1 +lDAPDisplayName: mS-DS-CreatorSID +schemaIDGUID: c5e60132-1480-11d3-91c1-0000f87a57d4 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Non-Members,${SCHEMADN} -cn: ms-DS-Non-Members -name: ms-DS-Non-Members objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-NonMembers +attributeID: 1.2.840.113556.1.4.1793 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2014 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: cafcb1de-f23c-46b5-adf7-1e64957bd5db +showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Non-Members -attributeID: 1.2.840.113556.1.4.1793 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: ms-DS-Non-Members +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-NonMembers +schemaIDGUID: cafcb1de-f23c-46b5-adf7-1e64957bd5db +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Tasks-For-Az-Role-BL,${SCHEMADN} -cn: ms-DS-Tasks-For-Az-Role-BL -name: ms-DS-Tasks-For-Az-Role-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-TasksForAzRoleBL +attributeID: 1.2.840.113556.1.4.1815 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2025 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: a0dcd536-5158-42fe-8c40-c00a7ad37959 +showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Tasks-For-Az-Role-BL -attributeID: 1.2.840.113556.1.4.1815 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Back-link from Az-Task to Az-Role object(s) linking to it +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-TasksForAzRoleBL +schemaIDGUID: a0dcd536-5158-42fe-8c40-c00a7ad37959 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extension-Name,${SCHEMADN} -cn: Extension-Name -name: Extension-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: extensionName -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967972-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Extension-Name attributeID: 1.2.840.113556.1.2.227 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 255 +mAPIID: 32937 +showInAdvancedViewOnly: TRUE +adminDisplayName: Extension-Name +adminDescription: Extension-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: extensionName +schemaIDGUID: bf967972-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,${SCHEMADN} -cn: ms-DS-Replication-Notify-First-DSA-Delay -name: ms-DS-Replication-Notify-First-DSA-Delay objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba -adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay attributeID: 1.2.840.113556.1.4.1663 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Replication-Notify-First-DSA-Delay +adminDescription: This attribute controls the delay between changes to the DS, and notification of the first replica partner for an NC. oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay +schemaIDGUID: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Max-Pwd-Age,${SCHEMADN} -cn: Max-Pwd-Age -name: Max-Pwd-Age objectClass: top objectClass: attributeSchema -lDAPDisplayName: maxPwdAge -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679bb-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Max-Pwd-Age attributeID: 1.2.840.113556.1.4.74 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Max-Pwd-Age +adminDescription: Max-Pwd-Age oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: maxPwdAge +schemaIDGUID: bf9679bb-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Ip-Other,${SCHEMADN} -cn: Phone-Ip-Other -name: Phone-Ip-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherIpPhone -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 4d146e4b-48d4-11d1-a9c3-0000f80367c1 -adminDisplayName: Phone-Ip-Other attributeID: 1.2.840.113556.1.4.722 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Ip-Other +adminDescription: Phone-Ip-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: otherIpPhone +schemaIDGUID: 4d146e4b-48d4-11d1-a9c3-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=secretary,${SCHEMADN} -cn: secretary -name: secretary objectClass: top objectClass: attributeSchema -lDAPDisplayName: secretary -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 01072d9a-98ad-4a53-9744-e83e287278fb -adminDisplayName: secretary attributeID: 0.9.2342.19200300.100.1.21 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: secretary oMObjectClass:: KwwCh3McAIVK +adminDescription: Specifies the secretary of a person. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: secretary +schemaIDGUID: 01072d9a-98ad-4a53-9744-e83e287278fb +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Parameters,${SCHEMADN} -cn: User-Parameters -name: User-Parameters objectClass: top objectClass: attributeSchema -lDAPDisplayName: userParameters -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a6d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: User-Parameters attributeID: 1.2.840.113556.1.4.138 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 32767 +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Parameters +adminDescription: User-Parameters oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: userParameters +schemaIDGUID: bf967a6d-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Posix-Offset,${SCHEMADN} -cn: Trust-Posix-Offset -name: Trust-Posix-Offset objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustPosixOffset -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a5e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Trust-Posix-Offset attributeID: 1.2.840.113556.1.4.134 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Posix-Offset +adminDescription: Trust-Posix-Offset oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: trustPosixOffset +schemaIDGUID: bf967a5e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bridgehead-Server-List-BL,${SCHEMADN} -cn: Bridgehead-Server-List-BL -name: Bridgehead-Server-List-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: bridgeheadServerListBL +attributeID: 1.2.840.113556.1.4.820 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 99 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: d50c2cdb-8951-11d1-aebc-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Bridgehead-Server-List-BL -attributeID: 1.2.840.113556.1.4.820 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Bridgehead-Server-List-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: bridgeheadServerListBL +schemaIDGUID: d50c2cdb-8951-11d1-aebc-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Application-Data,${SCHEMADN} -cn: ms-DS-Az-Application-Data -name: ms-DS-Az-Application-Data objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzApplicationData -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 503fc3e8-1cc6-461a-99a3-9eee04f402a7 -adminDisplayName: MS-DS-Az-Application-Data attributeID: 1.2.840.113556.1.4.1819 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Application-Data +adminDescription: A string that is used by individual applications to store whatever information they may need to oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AzApplicationData +schemaIDGUID: 503fc3e8-1cc6-461a-99a3-9eee04f402a7 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pek-Key-Change-Interval,${SCHEMADN} -cn: Pek-Key-Change-Interval -name: Pek-Key-Change-Interval objectClass: top objectClass: attributeSchema -lDAPDisplayName: pekKeyChangeInterval -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 07383084-91df-11d1-aebc-0000f80367c1 -adminDisplayName: Pek-Key-Change-Interval attributeID: 1.2.840.113556.1.4.866 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Pek-Key-Change-Interval +adminDescription: Pek-Key-Change-Interval oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: pekKeyChangeInterval +schemaIDGUID: 07383084-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Country-Name,${SCHEMADN} -cn: Country-Name -name: Country-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: c -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf967945-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Country-Name attributeID: 2.5.4.6 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 3 +mAPIID: 32873 +showInAdvancedViewOnly: TRUE +adminDisplayName: Country-Name +adminDescription: Country-Name oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: c +schemaIDGUID: bf967945-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Destination-Indicator,${SCHEMADN} -cn: Destination-Indicator -name: Destination-Indicator objectClass: top objectClass: attributeSchema -lDAPDisplayName: destinationIndicator -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967951-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Destination-Indicator attributeID: 2.5.4.27 attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 32880 +showInAdvancedViewOnly: TRUE +adminDisplayName: Destination-Indicator +adminDescription: Destination-Indicator oMSyntax: 19 +searchFlags: 0 +lDAPDisplayName: destinationIndicator +schemaIDGUID: bf967951-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Country-Code,${SCHEMADN} -cn: Country-Code -name: Country-Code objectClass: top objectClass: attributeSchema -lDAPDisplayName: countryCode -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 5fd42471-1262-11d0-a060-00aa006c33ed -adminDisplayName: Country-Code attributeID: 1.2.840.113556.1.4.25 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 65535 +showInAdvancedViewOnly: TRUE +adminDisplayName: Country-Code +adminDescription: Country-Code oMSyntax: 2 +searchFlags: 16 +lDAPDisplayName: countryCode +schemaIDGUID: 5fd42471-1262-11d0-a060-00aa006c33ed +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Mobile-Primary,${SCHEMADN} -cn: Phone-Mobile-Primary -name: Phone-Mobile-Primary objectClass: top objectClass: attributeSchema -lDAPDisplayName: mobile -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ffa3-1191-11d0-a060-00aa006c33ed -adminDisplayName: Phone-Mobile-Primary attributeID: 0.9.2342.19200300.100.1.41 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14876 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Mobile-Primary +adminDescription: Phone-Mobile-Primary oMSyntax: 64 - -dn: CN=RID-Set-References,${SCHEMADN} -cn: RID-Set-References -name: RID-Set-References -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: rIDSetReferences -isSingleValued: FALSE +searchFlags: 0 +lDAPDisplayName: mobile +schemaIDGUID: f0f8ffa3-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1 -adminDisplayName: RID-Set-References -attributeID: 1.2.840.113556.1.4.669 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 -oMObjectClass:: KwwCh3McAIVK +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-ID-GUID,${SCHEMADN} -cn: Schema-ID-GUID -name: Schema-ID-GUID objectClass: top objectClass: attributeSchema -lDAPDisplayName: schemaIDGUID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967923-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Schema-ID-GUID attributeID: 1.2.840.113556.1.4.148 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Schema-ID-GUID +adminDescription: Schema-ID-GUID oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: schemaIDGUID +schemaIDGUID: bf967923-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Auxiliary-Class,${SCHEMADN} -cn: Auxiliary-Class -name: Auxiliary-Class +dn: CN=RID-Set-References,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: auxiliaryClass +attributeID: 1.2.840.113556.1.4.669 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: RID-Set-References +oMObjectClass:: KwwCh3McAIVK +adminDescription: RID-Set-References +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: rIDSetReferences +schemaIDGUID: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1 +systemOnly: TRUE systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96792c-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Auxiliary-Class +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Auxiliary-Class,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.2.351 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Auxiliary-Class +adminDescription: Auxiliary-Class oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: auxiliaryClass +schemaIDGUID: bf96792c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=uid,${SCHEMADN} -cn: uid -name: uid objectClass: top objectClass: attributeSchema -lDAPDisplayName: uid -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 0bb0fca0-1e89-429f-901a-1413894d9f59 -adminDisplayName: uid attributeID: 0.9.2342.19200300.100.1.1 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: uid +adminDescription: A user ID. oMSyntax: 64 +searchFlags: 8 +lDAPDisplayName: uid +schemaIDGUID: 0bb0fca0-1e89-429f-901a-1413894d9f59 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=departmentNumber,${SCHEMADN} -cn: departmentNumber -name: departmentNumber objectClass: top objectClass: attributeSchema -lDAPDisplayName: departmentNumber -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: be9ef6ee-cbc7-4f22-b27b-96967e7ee585 -adminDisplayName: departmentNumber attributeID: 2.16.840.1.113730.3.1.2 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: departmentNumber +adminDescription: Identifies a department within an organization. oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: departmentNumber +schemaIDGUID: be9ef6ee-cbc7-4f22-b27b-96967e7ee585 +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Additional-Trusted-Service-Names,${SCHEMADN} -cn: Additional-Trusted-Service-Names -name: Additional-Trusted-Service-Names objectClass: top objectClass: attributeSchema -lDAPDisplayName: additionalTrustedServiceNames -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 032160be-9824-11d1-aec0-0000f80367c1 -adminDisplayName: Additional-Trusted-Service-Names attributeID: 1.2.840.113556.1.4.889 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Additional-Trusted-Service-Names +adminDescription: Additional-Trusted-Service-Names oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: additionalTrustedServiceNames +schemaIDGUID: 032160be-9824-11d1-aec0-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=WWW-Home-Page,${SCHEMADN} -cn: WWW-Home-Page -name: WWW-Home-Page objectClass: top objectClass: attributeSchema -lDAPDisplayName: wWWHomePage -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a7a-0de6-11d0-a285-00aa003049e2 -adminDisplayName: WWW-Home-Page attributeID: 1.2.840.113556.1.2.464 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 2048 +showInAdvancedViewOnly: TRUE +adminDisplayName: WWW-Home-Page +adminDescription: WWW-Home-Page oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: wWWHomePage +schemaIDGUID: bf967a7a-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e45795b3-9455-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Source,${SCHEMADN} -cn: USN-Source -name: USN-Source objectClass: top objectClass: attributeSchema -lDAPDisplayName: uSNSource -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 167758ad-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: USN-Source attributeID: 1.2.840.113556.1.4.896 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +mAPIID: 33111 +showInAdvancedViewOnly: TRUE +adminDisplayName: USN-Source +adminDescription: USN-Source oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: uSNSource +schemaIDGUID: 167758ad-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Consistency-Guid,${SCHEMADN} -cn: MS-DS-Consistency-Guid -name: MS-DS-Consistency-Guid objectClass: top objectClass: attributeSchema -lDAPDisplayName: mS-DS-ConsistencyGuid -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 23773dc2-b63a-11d2-90e1-00c04fd91ab1 -adminDisplayName: MS-DS-Consistency-Guid attributeID: 1.2.840.113556.1.4.1360 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Consistency-Guid +adminDescription: MS-DS-Consistency-Guid oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: mS-DS-ConsistencyGuid +schemaIDGUID: 23773dc2-b63a-11d2-90e1-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Frs-Computer-Reference-BL,${SCHEMADN} -cn: Frs-Computer-Reference-BL -name: Frs-Computer-Reference-BL objectClass: top -objectClass: attributeSchema -lDAPDisplayName: frsComputerReferenceBL -isSingleValued: FALSE -linkID: 103 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 2a132579-9373-11d1-aebc-0000f80367c1 -adminDisplayName: Frs-Computer-Reference-BL +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.870 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +linkID: 103 +showInAdvancedViewOnly: TRUE +adminDisplayName: Frs-Computer-Reference-BL oMObjectClass:: KwwCh3McAIVK +adminDescription: Frs-Computer-Reference-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: frsComputerReferenceBL +schemaIDGUID: 2a132579-9373-11d1-aebc-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Attributes,${SCHEMADN} -cn: Allowed-Attributes -name: Allowed-Attributes objectClass: top objectClass: attributeSchema -lDAPDisplayName: allowedAttributes -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad940-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Allowed-Attributes attributeID: 1.2.840.113556.1.4.913 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Allowed-Attributes +adminDescription: Allowed-Attributes oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: allowedAttributes +schemaIDGUID: 9a7ad940-ca53-11d1-bbd0-0080c76670c0 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Application-Name,${SCHEMADN} -cn: ms-DS-Az-Application-Name -name: ms-DS-Az-Application-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzApplicationName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db5b0728-6208-4876-83b7-95d3e5695275 -adminDisplayName: MS-DS-Az-Application-Name attributeID: 1.2.840.113556.1.4.1798 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 512 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Application-Name +adminDescription: A string that uniquely identifies an application object oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AzApplicationName +schemaIDGUID: db5b0728-6208-4876-83b7-95d3e5695275 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=UPN-Suffixes,${SCHEMADN} -cn: UPN-Suffixes -name: UPN-Suffixes objectClass: top objectClass: attributeSchema -lDAPDisplayName: uPNSuffixes -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 032160bf-9824-11d1-aec0-0000f80367c1 -adminDisplayName: UPN-Suffixes attributeID: 1.2.840.113556.1.4.890 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: UPN-Suffixes +adminDescription: UPN-Suffixes oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: uPNSuffixes +schemaIDGUID: 032160bf-9824-11d1-aec0-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Per-User-Trust-Quota,${SCHEMADN} -cn: MS-DS-Per-User-Trust-Quota -name: MS-DS-Per-User-Trust-Quota objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-PerUserTrustQuota -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: d161adf0-ca24-4993-a3aa-8b2c981302e8 -adminDisplayName: MS-DS-Per-User-Trust-Quota attributeID: 1.2.840.113556.1.4.1788 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Per-User-Trust-Quota +adminDescription: Used to enforce a per-user quota for creating Trusted-Domain objects authorized by the control access right, "Create inbound Forest trust". This attribute limits the number of Trusted-Domain objects that can be created by a single non-admin user in the domain. oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-PerUserTrustQuota +schemaIDGUID: d161adf0-ca24-4993-a3aa-8b2c981302e8 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Machine-Account-Quota,${SCHEMADN} -cn: MS-DS-Machine-Account-Quota -name: MS-DS-Machine-Account-Quota objectClass: top objectClass: attributeSchema -lDAPDisplayName: ms-DS-MachineAccountQuota -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: d064fb68-1480-11d3-91c1-0000f87a57d4 -adminDisplayName: MS-DS-Machine-Account-Quota attributeID: 1.2.840.113556.1.4.1411 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Machine-Account-Quota +adminDescription: MS-DS-Machine-Account-Quota oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: ms-DS-MachineAccountQuota +schemaIDGUID: d064fb68-1480-11d3-91c1-0000f87a57d4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-Role,${SCHEMADN} -cn: Server-Role -name: Server-Role objectClass: top objectClass: attributeSchema -lDAPDisplayName: serverRole -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a33-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Server-Role attributeID: 1.2.840.113556.1.4.157 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Server-Role +adminDescription: Server-Role oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: serverRole +schemaIDGUID: bf967a33-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Home-Primary,${SCHEMADN} -cn: Phone-Home-Primary -name: Phone-Home-Primary objectClass: top objectClass: attributeSchema -lDAPDisplayName: homePhone -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ffa1-1191-11d0-a060-00aa006c33ed -adminDisplayName: Phone-Home-Primary attributeID: 0.9.2342.19200300.100.1.20 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14857 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Home-Primary +adminDescription: Phone-Home-Primary oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: homePhone +schemaIDGUID: f0f8ffa1-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Operating-System-Hotfix,${SCHEMADN} -cn: Operating-System-Hotfix -name: Operating-System-Hotfix +dn: CN=Range-Lower,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: operatingSystemHotfix +attributeID: 1.2.840.113556.1.2.34 +attributeSyntax: 2.5.5.9 isSingleValued: TRUE -systemFlags: 16 +mAPIID: 33043 +showInAdvancedViewOnly: TRUE +adminDisplayName: Range-Lower +adminDescription: Range-Lower +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: rangeLower +schemaIDGUID: bf967a0c-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -schemaIDGUID: bd951b3c-9c96-11d0-afdd-00c04fd930c9 -adminDisplayName: Operating-System-Hotfix +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Operating-System-Hotfix,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.415 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Operating-System-Hotfix +adminDescription: Operating-System-Hotfix oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: operatingSystemHotfix +schemaIDGUID: bd951b3c-9c96-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Additional-Dns-Host-Name,${SCHEMADN} -cn: ms-DS-Additional-Dns-Host-Name -name: ms-DS-Additional-Dns-Host-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AdditionalDnsHostName -isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7 -adminDisplayName: ms-DS-Additional-Dns-Host-Name attributeID: 1.2.840.113556.1.4.1717 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 0 +rangeUpper: 2048 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Additional-Dns-Host-Name +adminDescription: ms-DS-Additional-Dns-Host-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AdditionalDnsHostName +schemaIDGUID: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7 +attributeSecurityGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Script-Timeout,${SCHEMADN} -cn: ms-DS-Az-Script-Timeout -name: ms-DS-Az-Script-Timeout objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzScriptTimeout -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0 -adminDisplayName: MS-DS-Az-Script-Timeout attributeID: 1.2.840.113556.1.4.1797 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Script-Timeout +adminDescription: Maximum time (in ms) to wait for a script to finish auditing a specific policy oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-AzScriptTimeout +schemaIDGUID: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Must-Contain,${SCHEMADN} -cn: Must-Contain -name: Must-Contain objectClass: top objectClass: attributeSchema -lDAPDisplayName: mustContain -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679d3-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Must-Contain attributeID: 1.2.840.113556.1.2.24 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Must-Contain +adminDescription: Must-Contain oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: mustContain +schemaIDGUID: bf9679d3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=X509-Cert,${SCHEMADN} -cn: X509-Cert -name: X509-Cert objectClass: top objectClass: attributeSchema -lDAPDisplayName: userCertificate -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a7f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: X509-Cert attributeID: 2.5.4.36 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeUpper: 32768 +mAPIID: 35946 +showInAdvancedViewOnly: TRUE +adminDisplayName: X509-Cert +adminDescription: X509-Cert oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: userCertificate +schemaIDGUID: bf967a7f-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msNPCallingStationID,${SCHEMADN} -cn: msNPCallingStationID -name: msNPCallingStationID objectClass: top objectClass: attributeSchema -lDAPDisplayName: msNPCallingStationID -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c908a-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msNPCallingStationID attributeID: 1.2.840.113556.1.4.1124 attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: msNPCallingStationID +adminDescription: msNPCallingStationID oMSyntax: 22 +searchFlags: 0 +lDAPDisplayName: msNPCallingStationID +schemaIDGUID: db0c908a-c1f2-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-User-Account-Control-Computed,${SCHEMADN} -cn: ms-DS-User-Account-Control-Computed -name: ms-DS-User-Account-Control-Computed objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-User-Account-Control-Computed -isSingleValued: TRUE -systemFlags: 20 -systemOnly: FALSE -schemaIDGUID: 2cc4b836-b63f-4940-8d23-ea7acf06af56 -adminDisplayName: ms-DS-User-Account-Control-Computed attributeID: 1.2.840.113556.1.4.1460 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-User-Account-Control-Computed +adminDescription: ms-DS-User-Account-Control-Computed oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-User-Account-Control-Computed +schemaIDGUID: 2cc4b836-b63f-4940-8d23-ea7acf06af56 +attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Home-Directory,${SCHEMADN} -cn: Home-Directory -name: Home-Directory objectClass: top objectClass: attributeSchema -lDAPDisplayName: homeDirectory -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967985-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Home-Directory attributeID: 1.2.840.113556.1.4.44 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Home-Directory +adminDescription: Home-Directory oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: homeDirectory +schemaIDGUID: bf967985-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-LDAP-Query,${SCHEMADN} -cn: ms-DS-Az-LDAP-Query -name: ms-DS-Az-LDAP-Query objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzLDAPQuery -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 5e53368b-fc94-45c8-9d7d-daf31ee7112d -adminDisplayName: MS-DS-Az-LDAP-Query attributeID: 1.2.840.113556.1.4.1792 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 4096 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-LDAP-Query +adminDescription: ms-DS-Az-LDAP-Query oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AzLDAPQuery +schemaIDGUID: 5e53368b-fc94-45c8-9d7d-daf31ee7112d +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Partial-Attribute-Deletion-List,${SCHEMADN} -cn: Partial-Attribute-Deletion-List -name: Partial-Attribute-Deletion-List objectClass: top objectClass: attributeSchema -lDAPDisplayName: partialAttributeDeletionList -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: 28630ec0-41d5-11d1-a9c1-0000f80367c1 -adminDisplayName: Partial-Attribute-Deletion-List attributeID: 1.2.840.113556.1.4.663 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Partial-Attribute-Deletion-List +adminDescription: Partial-Attribute-Deletion-List oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: partialAttributeDeletionList +schemaIDGUID: 28630ec0-41d5-11d1-a9c1-0000f80367c1 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Critical-System-Object,${SCHEMADN} -cn: Is-Critical-System-Object -name: Is-Critical-System-Object objectClass: top objectClass: attributeSchema -lDAPDisplayName: isCriticalSystemObject -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 00fbf30d-91fe-11d1-aebc-0000f80367c1 -adminDisplayName: Is-Critical-System-Object attributeID: 1.2.840.113556.1.4.868 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Is-Critical-System-Object +adminDescription: Is-Critical-System-Object oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: isCriticalSystemObject +schemaIDGUID: 00fbf30d-91fe-11d1-aebc-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GP-Link,${SCHEMADN} -cn: GP-Link -name: GP-Link objectClass: top objectClass: attributeSchema -lDAPDisplayName: gPLink -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f30e3bbe-9ff0-11d1-b603-0000f80367c1 -adminDisplayName: GP-Link attributeID: 1.2.840.113556.1.4.891 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: GP-Link +adminDescription: GP-Link oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: gPLink +schemaIDGUID: f30e3bbe-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Scope-Flags,${SCHEMADN} -cn: Scope-Flags -name: Scope-Flags objectClass: top objectClass: attributeSchema -lDAPDisplayName: scopeFlags -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 16f3a4c2-7e79-11d2-9921-0000f87a57d4 -adminDisplayName: Scope-Flags attributeID: 1.2.840.113556.1.4.1354 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Scope-Flags +adminDescription: Scope-Flags oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: scopeFlags +schemaIDGUID: 16f3a4c2-7e79-11d2-9921-0000f87a57d4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lockout-Duration,${SCHEMADN} -cn: Lockout-Duration -name: Lockout-Duration objectClass: top objectClass: attributeSchema -lDAPDisplayName: lockoutDuration -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679a5-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Lockout-Duration attributeID: 1.2.840.113556.1.4.60 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Lockout-Duration +adminDescription: Lockout-Duration oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lockoutDuration +schemaIDGUID: bf9679a5-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-COM-UserPartitionSetLink,${SCHEMADN} -cn: ms-COM-UserPartitionSetLink -name: ms-COM-UserPartitionSetLink objectClass: top objectClass: attributeSchema -lDAPDisplayName: msCOM-UserPartitionSetLink +attributeID: 1.2.840.113556.1.4.1426 +attributeSyntax: 2.5.5.1 isSingleValued: TRUE linkID: 1048 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8e940c8a-e477-4367-b08d-ff2ff942dcd7 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-COM-UserPartitionSetLink -attributeID: 1.2.840.113556.1.4.1426 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Link from a User to a PartitionSet. Default = adminDisplayName +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msCOM-UserPartitionSetLink +schemaIDGUID: 8e940c8a-e477-4367-b08d-ff2ff942dcd7 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logo,${SCHEMADN} -cn: Logo -name: Logo objectClass: top objectClass: attributeSchema -lDAPDisplayName: thumbnailLogo -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679a9-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Logo attributeID: 2.16.840.1.113730.3.1.36 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 32767 +showInAdvancedViewOnly: TRUE +adminDisplayName: Logo +adminDescription: Logo oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: thumbnailLogo +schemaIDGUID: bf9679a9-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Picture,${SCHEMADN} -cn: Picture -name: Picture objectClass: top objectClass: attributeSchema -lDAPDisplayName: thumbnailPhoto -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8d3bca50-1d7e-11d0-a081-00aa006c33ed -adminDisplayName: Picture attributeID: 2.16.840.1.113730.3.1.35 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 102400 +showInAdvancedViewOnly: TRUE +adminDisplayName: Picture +adminDescription: Picture oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: thumbnailPhoto +schemaIDGUID: 8d3bca50-1d7e-11d0-a081-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Location,${SCHEMADN} -cn: Location -name: Location objectClass: top objectClass: attributeSchema -lDAPDisplayName: location -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 09dcb79f-165f-11d0-a064-00aa006c33ed -adminDisplayName: Location attributeID: 1.2.840.113556.1.4.222 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 1024 +showInAdvancedViewOnly: TRUE +adminDisplayName: Location +adminDescription: Location oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: location +schemaIDGUID: 09dcb79f-165f-11d0-a064-00aa006c33ed +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Workstations,${SCHEMADN} -cn: User-Workstations -name: User-Workstations objectClass: top objectClass: attributeSchema -lDAPDisplayName: userWorkstations -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679d7-0de6-11d0-a285-00aa003049e2 -adminDisplayName: User-Workstations attributeID: 1.2.840.113556.1.4.86 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 1024 +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Workstations +adminDescription: User-Workstations oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: userWorkstations +schemaIDGUID: bf9679d7-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logon-Workstation,${SCHEMADN} -cn: Logon-Workstation -name: Logon-Workstation objectClass: top objectClass: attributeSchema -lDAPDisplayName: logonWorkstation -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679ac-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Logon-Workstation attributeID: 1.2.840.113556.1.4.65 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Logon-Workstation +adminDescription: Logon-Workstation oMSyntax: 4 +searchFlags: 16 +lDAPDisplayName: logonWorkstation +schemaIDGUID: bf9679ac-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logon-Timestamp,${SCHEMADN} -cn: Last-Logon-Timestamp -name: Last-Logon-Timestamp objectClass: top objectClass: attributeSchema -lDAPDisplayName: lastLogonTimestamp -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: c0e20a04-0e5a-4ff3-9482-5efeaecd7060 -adminDisplayName: Last-Logon-Timestamp attributeID: 1.2.840.113556.1.4.1696 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Last-Logon-Timestamp +adminDescription: Last-Logon-Timestamp oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lastLogonTimestamp +schemaIDGUID: c0e20a04-0e5a-4ff3-9482-5efeaecd7060 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Prior-Value,${SCHEMADN} -cn: Prior-Value -name: Prior-Value objectClass: top objectClass: attributeSchema -lDAPDisplayName: priorValue -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a02-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Prior-Value attributeID: 1.2.840.113556.1.4.100 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Prior-Value +adminDescription: Prior-Value oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: priorValue +schemaIDGUID: bf967a02-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Set-Time,${SCHEMADN} -cn: Last-Set-Time -name: Last-Set-Time objectClass: top objectClass: attributeSchema -lDAPDisplayName: lastSetTime -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967998-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Last-Set-Time attributeID: 1.2.840.113556.1.4.53 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Last-Set-Time +adminDescription: Last-Set-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lastSetTime +schemaIDGUID: bf967998-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Guid,${SCHEMADN} -cn: Object-Guid -name: Object-Guid objectClass: top objectClass: attributeSchema -lDAPDisplayName: objectGUID -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf9679e7-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Object-Guid attributeID: 1.2.840.113556.1.4.2 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 16 +rangeUpper: 16 +mAPIID: 35949 +showInAdvancedViewOnly: TRUE +adminDisplayName: Object-Guid +adminDescription: Object-Guid oMSyntax: 4 +searchFlags: 9 +lDAPDisplayName: objectGUID +schemaIDGUID: bf9679e7-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Tasks-For-Az-Task-BL,${SCHEMADN} -cn: ms-DS-Tasks-For-Az-Task-BL -name: ms-DS-Tasks-For-Az-Task-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-TasksForAzTaskBL +attributeID: 1.2.840.113556.1.4.1811 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2021 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: df446e52-b5fa-4ca2-a42f-13f98a526c8f +showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Tasks-For-Az-Task-BL -attributeID: 1.2.840.113556.1.4.1811 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Back-link from Az-Task to the Az-Task object(s) linking to it +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-TasksForAzTaskBL +schemaIDGUID: df446e52-b5fa-4ca2-a42f-13f98a526c8f +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Managed-By,${SCHEMADN} -cn: Managed-By -name: Managed-By objectClass: top objectClass: attributeSchema -lDAPDisplayName: managedBy +attributeID: 1.2.840.113556.1.4.653 +attributeSyntax: 2.5.5.1 isSingleValued: TRUE +mAPIID: 32780 linkID: 72 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0296c120-40da-11d1-a9c0-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Managed-By -attributeID: 1.2.840.113556.1.4.653 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Managed-By +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: managedBy +schemaIDGUID: 0296c120-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pwd-Properties,${SCHEMADN} -cn: Pwd-Properties -name: Pwd-Properties objectClass: top objectClass: attributeSchema -lDAPDisplayName: pwdProperties -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a0b-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Pwd-Properties attributeID: 1.2.840.113556.1.4.93 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Pwd-Properties +adminDescription: Pwd-Properties oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: pwdProperties +schemaIDGUID: bf967a0b-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Builtin-Creation-Time,${SCHEMADN} -cn: Builtin-Creation-Time -name: Builtin-Creation-Time objectClass: top objectClass: attributeSchema -lDAPDisplayName: builtinCreationTime -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96792f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Builtin-Creation-Time attributeID: 1.2.840.113556.1.4.13 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Builtin-Creation-Time +adminDescription: Builtin-Creation-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: builtinCreationTime +schemaIDGUID: bf96792f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Post-Office-Box,${SCHEMADN} -cn: Post-Office-Box -name: Post-Office-Box objectClass: top objectClass: attributeSchema -lDAPDisplayName: postOfficeBox -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679fb-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Post-Office-Box attributeID: 2.5.4.18 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 40 +mAPIID: 14891 +showInAdvancedViewOnly: TRUE +adminDisplayName: Post-Office-Box +adminDescription: Post-Office-Box oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: postOfficeBox +schemaIDGUID: bf9679fb-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Company,${SCHEMADN} -cn: Company -name: Company objectClass: top objectClass: attributeSchema -lDAPDisplayName: company -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ff88-1191-11d0-a060-00aa006c33ed -adminDisplayName: Company attributeID: 1.2.840.113556.1.2.146 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14870 +showInAdvancedViewOnly: TRUE +adminDisplayName: Company +adminDescription: Company oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: company +schemaIDGUID: f0f8ff88-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Catalogs,${SCHEMADN} -cn: Catalogs -name: Catalogs objectClass: top objectClass: attributeSchema -lDAPDisplayName: catalogs -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 7bfdcb81-4807-11d1-a9c3-0000f80367c1 -adminDisplayName: Catalogs attributeID: 1.2.840.113556.1.4.675 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Catalogs +adminDescription: Catalogs oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: catalogs +schemaIDGUID: 7bfdcb81-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Object-Category,${SCHEMADN} -cn: Default-Object-Category -name: Default-Object-Category objectClass: top objectClass: attributeSchema -lDAPDisplayName: defaultObjectCategory -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 26d97367-6070-11d1-a9c6-0000f80367c1 -adminDisplayName: Default-Object-Category attributeID: 1.2.840.113556.1.4.783 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Default-Object-Category oMObjectClass:: KwwCh3McAIVK +adminDescription: Default-Object-Category +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: defaultObjectCategory +schemaIDGUID: 26d97367-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSFramedRoute,${SCHEMADN} -cn: msRADIUSFramedRoute -name: msRADIUSFramedRoute objectClass: top objectClass: attributeSchema -lDAPDisplayName: msRADIUSFramedRoute -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c90a9-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msRADIUSFramedRoute attributeID: 1.2.840.113556.1.4.1158 attributeSyntax: 2.5.5.5 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: msRADIUSFramedRoute +adminDescription: msRADIUSFramedRoute oMSyntax: 22 +searchFlags: 0 +lDAPDisplayName: msRADIUSFramedRoute +schemaIDGUID: db0c90a9-c1f2-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Prior-Set-Time,${SCHEMADN} -cn: Prior-Set-Time -name: Prior-Set-Time objectClass: top objectClass: attributeSchema -lDAPDisplayName: priorSetTime -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a01-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Prior-Set-Time attributeID: 1.2.840.113556.1.4.99 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Prior-Set-Time +adminDescription: Prior-Set-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: priorSetTime +schemaIDGUID: bf967a01-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Cert,${SCHEMADN} -cn: User-Cert -name: User-Cert objectClass: top objectClass: attributeSchema -lDAPDisplayName: userCert -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a69-0de6-11d0-a285-00aa003049e2 -adminDisplayName: User-Cert attributeID: 1.2.840.113556.1.4.645 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 32767 +mAPIID: 14882 +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Cert +adminDescription: User-Cert oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: userCert +schemaIDGUID: bf967a69-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Non-Security-Member,${SCHEMADN} -cn: Non-Security-Member -name: Non-Security-Member objectClass: top objectClass: attributeSchema -lDAPDisplayName: nonSecurityMember +attributeID: 1.2.840.113556.1.4.530 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 50 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 52458018-ca6a-11d0-afff-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Non-Security-Member -attributeID: 1.2.840.113556.1.4.530 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Non-Security-Member +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: nonSecurityMember +schemaIDGUID: 52458018-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Member,${SCHEMADN} -cn: Member -name: Member objectClass: top objectClass: attributeSchema -lDAPDisplayName: member +attributeID: 2.5.4.31 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +mAPIID: 32777 linkID: 2 -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf9679c0-0de6-11d0-a285-00aa003049e2 +showInAdvancedViewOnly: TRUE adminDisplayName: Member -attributeID: 2.5.4.31 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Member +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: member +schemaIDGUID: bf9679c0-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: bc0ac240-79a9-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Attributes,${SCHEMADN} -cn: Group-Attributes -name: Group-Attributes objectClass: top objectClass: attributeSchema -lDAPDisplayName: groupAttributes -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96797e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Group-Attributes attributeID: 1.2.840.113556.1.4.152 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Group-Attributes +adminDescription: Group-Attributes oMSyntax: 2 +searchFlags: 1 +lDAPDisplayName: groupAttributes +schemaIDGUID: bf96797e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Flags,${SCHEMADN} -cn: System-Flags -name: System-Flags objectClass: top objectClass: attributeSchema -lDAPDisplayName: systemFlags -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: e0fa1e62-9b45-11d0-afdd-00c04fd930c9 -adminDisplayName: System-Flags attributeID: 1.2.840.113556.1.4.375 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: System-Flags +adminDescription: System-Flags oMSyntax: 2 +searchFlags: 8 +lDAPDisplayName: systemFlags +schemaIDGUID: e0fa1e62-9b45-11d0-afdd-00c04fd930c9 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Proxied-Object-Name,${SCHEMADN} -cn: Proxied-Object-Name -name: Proxied-Object-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: proxiedObjectName -isSingleValued: TRUE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: e1aea402-cd5b-11d0-afff-0000f80367c1 -adminDisplayName: Proxied-Object-Name attributeID: 1.2.840.113556.1.4.1249 attributeSyntax: 2.5.5.7 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Proxied-Object-Name oMObjectClass:: KoZIhvcUAQEBCw== +adminDescription: Proxied-Object-Name +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: proxiedObjectName +schemaIDGUID: e1aea402-cd5b-11d0-afff-0000f80367c1 +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Repl-Value-Meta-Data,${SCHEMADN} -cn: ms-DS-Repl-Value-Meta-Data -name: ms-DS-Repl-Value-Meta-Data objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-ReplValueMetaData -isSingleValued: FALSE -systemFlags: 20 -systemOnly: FALSE -schemaIDGUID: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd -adminDisplayName: ms-DS-Repl-Value-Meta-Data attributeID: 1.2.840.113556.1.4.1708 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Repl-Value-Meta-Data +adminDescription: ms-DS-Repl-Value-Meta-Data oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-ReplValueMetaData +schemaIDGUID: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd +systemOnly: FALSE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Child-Classes-Effective,${SCHEMADN} -cn: Allowed-Child-Classes-Effective -name: Allowed-Child-Classes-Effective objectClass: top objectClass: attributeSchema -lDAPDisplayName: allowedChildClassesEffective -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad943-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Allowed-Child-Classes-Effective attributeID: 1.2.840.113556.1.4.912 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Allowed-Child-Classes-Effective +adminDescription: Allowed-Child-Classes-Effective oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: allowedChildClassesEffective +schemaIDGUID: 9a7ad943-ca53-11d1-bbd0-0080c76670c0 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Generate-Audits,${SCHEMADN} -cn: ms-DS-Az-Generate-Audits -name: ms-DS-Az-Generate-Audits objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzGenerateAudits -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f90abab0-186c-4418-bb85-88447c87222a -adminDisplayName: MS-DS-Az-Generate-Audits attributeID: 1.2.840.113556.1.4.1805 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Generate-Audits +adminDescription: A boolean field indicating if runtime audits need to be turned on (include audits for access checks, etc.) oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: msDS-AzGenerateAudits +schemaIDGUID: f90abab0-186c-4418-bb85-88447c87222a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Application-Version,${SCHEMADN} -cn: ms-DS-Az-Application-Version -name: ms-DS-Az-Application-Version objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzApplicationVersion -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 7184a120-3ac4-47ae-848f-fe0ab20784d4 -adminDisplayName: MS-DS-Az-Application-Version attributeID: 1.2.840.113556.1.4.1817 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Application-Version +adminDescription: A version number to indicate that the AzApplication is updated oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AzApplicationVersion +schemaIDGUID: 7184a120-3ac4-47ae-848f-fe0ab20784d4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Icon-Path,${SCHEMADN} -cn: Icon-Path -name: Icon-Path objectClass: top objectClass: attributeSchema -lDAPDisplayName: iconPath -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ff83-1191-11d0-a060-00aa006c33ed -adminDisplayName: Icon-Path attributeID: 1.2.840.113556.1.4.219 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 0 +rangeUpper: 2048 +showInAdvancedViewOnly: TRUE +adminDisplayName: Icon-Path +adminDescription: Icon-Path oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: iconPath +schemaIDGUID: f0f8ff83-1191-11d0-a060-00aa006c33ed +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Street-Address,${SCHEMADN} -cn: Street-Address -name: Street-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: street -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf967a3a-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Street-Address attributeID: 2.5.4.9 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 1024 +mAPIID: 33082 +showInAdvancedViewOnly: TRUE +adminDisplayName: Street-Address +adminDescription: Street-Address oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: street +schemaIDGUID: bf967a3a-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-ExecuteScriptPassword,${SCHEMADN} -cn: ms-DS-ExecuteScriptPassword -name: ms-DS-ExecuteScriptPassword objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-ExecuteScriptPassword -isSingleValued: TRUE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 9d054a5a-d187-46c1-9d85-42dfc44a56dd -adminDisplayName: ms-DS-ExecuteScriptPassword attributeID: 1.2.840.113556.1.4.1783 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-ExecuteScriptPassword +adminDescription: ms-DS-ExecuteScriptPassword oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: msDS-ExecuteScriptPassword +schemaIDGUID: 9d054a5a-d187-46c1-9d85-42dfc44a56dd +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Logon-Time-Sync-Interval,${SCHEMADN} -cn: ms-DS-Logon-Time-Sync-Interval -name: ms-DS-Logon-Time-Sync-Interval objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-LogonTimeSyncInterval -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: ad7940f8-e43a-4a42-83bc-d688e59ea605 -adminDisplayName: ms-DS-Logon-Time-Sync-Interval attributeID: 1.2.840.113556.1.4.1784 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Logon-Time-Sync-Interval +adminDescription: ms-DS-Logon-Time-Sync-Interval oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-LogonTimeSyncInterval +schemaIDGUID: ad7940f8-e43a-4a42-83bc-d688e59ea605 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Garbage-Coll-Period,${SCHEMADN} -cn: Garbage-Coll-Period -name: Garbage-Coll-Period objectClass: top objectClass: attributeSchema -lDAPDisplayName: garbageCollPeriod -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 5fd424a1-1262-11d0-a060-00aa006c33ed -adminDisplayName: Garbage-Coll-Period attributeID: 1.2.840.113556.1.2.301 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 32943 +showInAdvancedViewOnly: TRUE +adminDisplayName: Garbage-Coll-Period +adminDescription: Garbage-Coll-Period oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: garbageCollPeriod +schemaIDGUID: 5fd424a1-1262-11d0-a060-00aa006c33ed +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Sign-Certificates-Mig,${SCHEMADN} -cn: MSMQ-Sign-Certificates-Mig -name: MSMQ-Sign-Certificates-Mig objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQSignCertificatesMig -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1 -adminDisplayName: MSMQ-Sign-Certificates-Mig attributeID: 1.2.840.113556.1.4.967 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeUpper: 1048576 +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Sign-Certificates-Mig +adminDescription: MSMQ-Sign-Certificates-Mig oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: mSMQSignCertificatesMig +schemaIDGUID: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Cached-Membership-Time-Stamp,${SCHEMADN} -cn: ms-DS-Cached-Membership-Time-Stamp -name: ms-DS-Cached-Membership-Time-Stamp objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Cached-Membership-Time-Stamp -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1 -adminDisplayName: ms-DS-Cached-Membership-Time-Stamp attributeID: 1.2.840.113556.1.4.1442 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Cached-Membership-Time-Stamp +adminDescription: ms-DS-Cached-Membership-Time-Stamp oMSyntax: 65 +searchFlags: 1 +lDAPDisplayName: msDS-Cached-Membership-Time-Stamp +schemaIDGUID: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1 +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logon-Count,${SCHEMADN} -cn: Logon-Count -name: Logon-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: logonCount -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: bf9679aa-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Logon-Count attributeID: 1.2.840.113556.1.4.169 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Logon-Count +adminDescription: Logon-Count oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: logonCount +schemaIDGUID: bf9679aa-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Locale-ID,${SCHEMADN} -cn: Locale-ID -name: Locale-ID objectClass: top objectClass: attributeSchema -lDAPDisplayName: localeID -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679a1-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Locale-ID attributeID: 1.2.840.113556.1.4.58 attributeSyntax: 2.5.5.9 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Locale-ID +adminDescription: Locale-ID oMSyntax: 2 +searchFlags: 16 +lDAPDisplayName: localeID +schemaIDGUID: bf9679a1-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bad-Pwd-Count,${SCHEMADN} -cn: Bad-Pwd-Count -name: Bad-Pwd-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: badPwdCount -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: bf96792e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Bad-Pwd-Count attributeID: 1.2.840.113556.1.4.12 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Bad-Pwd-Count +adminDescription: Bad-Pwd-Count oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: badPwdCount +schemaIDGUID: bf96792e-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Auth-Incoming,${SCHEMADN} -cn: Trust-Auth-Incoming -name: Trust-Auth-Incoming objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustAuthIncoming -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a59-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Trust-Auth-Incoming attributeID: 1.2.840.113556.1.4.129 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 32767 +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Auth-Incoming +adminDescription: Trust-Auth-Incoming oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: trustAuthIncoming +schemaIDGUID: bf967a59-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SubSchemaSubEntry,${SCHEMADN} -cn: SubSchemaSubEntry -name: SubSchemaSubEntry objectClass: top objectClass: attributeSchema -lDAPDisplayName: subSchemaSubEntry -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: SubSchemaSubEntry attributeID: 2.5.18.10 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: SubSchemaSubEntry oMObjectClass:: KwwCh3McAIVK +adminDescription: SubSchemaSubEntry +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: subSchemaSubEntry +schemaIDGUID: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Structural-Object-Class,${SCHEMADN} -cn: Structural-Object-Class -name: Structural-Object-Class objectClass: top objectClass: attributeSchema -lDAPDisplayName: structuralObjectClass -isSingleValued: FALSE -systemFlags: 20 -systemOnly: FALSE -schemaIDGUID: 3860949f-f6a8-4b38-9950-81ecb6bc2982 -adminDisplayName: Structural-Object-Class attributeID: 2.5.21.9 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Structural-Object-Class +adminDescription: The class hierarchy without auxiliary classes oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: structuralObjectClass +schemaIDGUID: 3860949f-f6a8-4b38-9950-81ecb6bc2982 +systemOnly: FALSE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Deleted,${SCHEMADN} -cn: Is-Deleted -name: Is-Deleted objectClass: top objectClass: attributeSchema -lDAPDisplayName: isDeleted -isSingleValued: TRUE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: bf96798f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Is-Deleted attributeID: 1.2.840.113556.1.2.48 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +mAPIID: 32960 +showInAdvancedViewOnly: TRUE +adminDisplayName: Is-Deleted +adminDescription: Is-Deleted oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: isDeleted +schemaIDGUID: bf96798f-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extra-Columns,${SCHEMADN} -cn: Extra-Columns -name: Extra-Columns objectClass: top objectClass: attributeSchema -lDAPDisplayName: extraColumns -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: d24e2846-1dd9-4bcf-99d7-a6227cc86da7 -adminDisplayName: Extra-Columns attributeID: 1.2.840.113556.1.4.1687 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Extra-Columns +adminDescription: Extra-Columns oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: extraColumns +schemaIDGUID: d24e2846-1dd9-4bcf-99d7-a6227cc86da7 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Multiselect-Property-Pages,${SCHEMADN} -cn: Admin-Multiselect-Property-Pages -name: Admin-Multiselect-Property-Pages objectClass: top objectClass: attributeSchema -lDAPDisplayName: adminMultiselectPropertyPages -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba -adminDisplayName: Admin-Multiselect-Property-Pages attributeID: 1.2.840.113556.1.4.1690 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Admin-Multiselect-Property-Pages +adminDescription: Admin-Multiselect-Property-Pages oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: adminMultiselectPropertyPages +schemaIDGUID: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Options,${SCHEMADN} -cn: Options -name: Options objectClass: top objectClass: attributeSchema -lDAPDisplayName: options -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 19195a53-6da0-11d0-afd3-00c04fd930c9 -adminDisplayName: Options attributeID: 1.2.840.113556.1.4.307 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Options +adminDescription: Options oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: options +schemaIDGUID: 19195a53-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lock-Out-Observation-Window,${SCHEMADN} -cn: Lock-Out-Observation-Window -name: Lock-Out-Observation-Window objectClass: top objectClass: attributeSchema -lDAPDisplayName: lockOutObservationWindow -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679a4-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Lock-Out-Observation-Window attributeID: 1.2.840.113556.1.4.61 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Lock-Out-Observation-Window +adminDescription: Lock-Out-Observation-Window oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lockOutObservationWindow +schemaIDGUID: bf9679a4-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Local-Policy-Object,${SCHEMADN} -cn: Default-Local-Policy-Object -name: Default-Local-Policy-Object objectClass: top objectClass: attributeSchema -lDAPDisplayName: defaultLocalPolicyObject -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96799f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Default-Local-Policy-Object attributeID: 1.2.840.113556.1.4.57 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Default-Local-Policy-Object oMObjectClass:: KwwCh3McAIVK +adminDescription: Default-Local-Policy-Object +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: defaultLocalPolicyObject +schemaIDGUID: bf96799f-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Creation-Time,${SCHEMADN} -cn: Creation-Time -name: Creation-Time objectClass: top objectClass: attributeSchema -lDAPDisplayName: creationTime -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967946-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Creation-Time attributeID: 1.2.840.113556.1.4.26 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Creation-Time +adminDescription: Creation-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: creationTime +schemaIDGUID: bf967946-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Registered-Address,${SCHEMADN} -cn: Registered-Address -name: Registered-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: registeredAddress -isSingleValued: FALSE -systemOnly: FALSE -schemaIDGUID: bf967a10-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Registered-Address attributeID: 2.5.4.26 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 4096 +mAPIID: 33049 +showInAdvancedViewOnly: TRUE +adminDisplayName: Registered-Address +adminDescription: Registered-Address oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: registeredAddress +schemaIDGUID: bf967a10-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Postal-Address,${SCHEMADN} -cn: Postal-Address -name: Postal-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: postalAddress -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679fc-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Postal-Address attributeID: 2.5.4.16 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 4096 +mAPIID: 33036 +showInAdvancedViewOnly: TRUE +adminDisplayName: Postal-Address +adminDescription: Postal-Address oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: postalAddress +schemaIDGUID: bf9679fc-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Initials,${SCHEMADN} -cn: Initials -name: Initials objectClass: top objectClass: attributeSchema -lDAPDisplayName: initials -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ff90-1191-11d0-a060-00aa006c33ed -adminDisplayName: Initials attributeID: 2.5.4.43 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 6 +mAPIID: 14858 +showInAdvancedViewOnly: TRUE +adminDisplayName: Initials +adminDescription: Initials oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: initials +schemaIDGUID: f0f8ff90-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Netboot-SIF-File,${SCHEMADN} -cn: Netboot-SIF-File -name: Netboot-SIF-File +dn: CN=Is-Single-Valued,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: netbootSIFFile -isSingleValued: FALSE +attributeID: 1.2.840.113556.1.2.33 +attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +mAPIID: 32961 +showInAdvancedViewOnly: TRUE +adminDisplayName: Is-Single-Valued +adminDescription: Is-Single-Valued +oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: isSingleValued +schemaIDGUID: bf967992-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2df90d84-009f-11d2-aa4c-00c04fd7d83a -adminDisplayName: Netboot-SIF-File +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Netboot-SIF-File,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.1240 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Netboot-SIF-File +adminDescription: Netboot-SIF-File oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: netbootSIFFile +schemaIDGUID: 2df90d84-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Additional-Sam-Account-Name,${SCHEMADN} -cn: ms-DS-Additional-Sam-Account-Name -name: ms-DS-Additional-Sam-Account-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AdditionalSamAccountName -isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 975571df-a4d5-429a-9f59-cdc6581d91e6 -adminDisplayName: ms-DS-Additional-Sam-Account-Name attributeID: 1.2.840.113556.1.4.1718 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 0 +rangeUpper: 256 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Additional-Sam-Account-Name +adminDescription: ms-DS-Additional-Sam-Account-Name oMSyntax: 64 +searchFlags: 13 +lDAPDisplayName: msDS-AdditionalSamAccountName +schemaIDGUID: 975571df-a4d5-429a-9f59-cdc6581d91e6 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Poss-Superiors,${SCHEMADN} -cn: System-Poss-Superiors -name: System-Poss-Superiors objectClass: top objectClass: attributeSchema -lDAPDisplayName: systemPossSuperiors -isSingleValued: FALSE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: bf967a47-0de6-11d0-a285-00aa003049e2 -adminDisplayName: System-Poss-Superiors attributeID: 1.2.840.113556.1.4.195 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: System-Poss-Superiors +adminDescription: System-Poss-Superiors oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: systemPossSuperiors +schemaIDGUID: bf967a47-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=photo,${SCHEMADN} -cn: photo -name: photo objectClass: top objectClass: attributeSchema -lDAPDisplayName: photo -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 9c979768-ba1a-4c08-9632-c6a5c1ed649a -adminDisplayName: photo attributeID: 0.9.2342.19200300.100.1.7 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: photo +adminDescription: An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as defined in X.420. oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: photo +schemaIDGUID: 9c979768-ba1a-4c08-9632-c6a5c1ed649a +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Employee-Number,${SCHEMADN} -cn: Employee-Number -name: Employee-Number objectClass: top objectClass: attributeSchema -lDAPDisplayName: employeeNumber -isSingleValued: TRUE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: a8df73ef-c5ea-11d1-bbcb-0080c76670c0 -adminDisplayName: Employee-Number attributeID: 1.2.840.113556.1.2.610 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 512 +mAPIID: 35943 +showInAdvancedViewOnly: TRUE +adminDisplayName: Employee-Number +adminDescription: Employee-Number oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: employeeNumber +schemaIDGUID: a8df73ef-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lockout-Time,${SCHEMADN} -cn: Lockout-Time -name: Lockout-Time objectClass: top objectClass: attributeSchema -lDAPDisplayName: lockoutTime -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 28630ebf-41d5-11d1-a9c1-0000f80367c1 -adminDisplayName: Lockout-Time attributeID: 1.2.840.113556.1.4.662 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Lockout-Time +adminDescription: Lockout-Time oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lockoutTime +schemaIDGUID: 28630ebf-41d5-11d1-a9c1-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Dynamic-LDAP-Server,${SCHEMADN} -cn: Dynamic-LDAP-Server -name: Dynamic-LDAP-Server objectClass: top objectClass: attributeSchema -lDAPDisplayName: dynamicLDAPServer -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 52458021-ca6a-11d0-afff-0000f80367c1 -adminDisplayName: Dynamic-LDAP-Server attributeID: 1.2.840.113556.1.4.537 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Dynamic-LDAP-Server oMObjectClass:: KwwCh3McAIVK - -dn: CN=Extended-Attribute-Info,${SCHEMADN} -cn: Extended-Attribute-Info -name: Extended-Attribute-Info -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: extendedAttributeInfo -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad947-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Extended-Attribute-Info +adminDescription: Dynamic-LDAP-Server +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: dynamicLDAPServer +schemaIDGUID: 52458021-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Extended-Attribute-Info,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.909 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Extended-Attribute-Info +adminDescription: Extended-Attribute-Info oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: extendedAttributeInfo +schemaIDGUID: 9a7ad947-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-Assistant-Name,${SCHEMADN} -cn: ms-Exch-Assistant-Name -name: ms-Exch-Assistant-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: msExchAssistantName -isSingleValued: TRUE -schemaIDGUID: a8df7394-c5ea-11d1-bbcb-0080c76670c0 -adminDisplayName: ms-Exch-Assistant-Name attributeID: 1.2.840.113556.1.2.444 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 256 +mAPIID: 14896 +adminDisplayName: ms-Exch-Assistant-Name +adminDescription: ms-Exch-Assistant-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msExchAssistantName +schemaIDGUID: a8df7394-c5ea-11d1-bbcb-0080c76670c0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Non-Members-BL,${SCHEMADN} -cn: ms-DS-Non-Members-BL -name: ms-DS-Non-Members-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-NonMembersBL +attributeID: 1.2.840.113556.1.4.1794 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2015 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-DS-Non-Members-BL -attributeID: 1.2.840.113556.1.4.1794 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: MS-DS-Non-Members-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-NonMembersBL +schemaIDGUID: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Display-Name,${SCHEMADN} -cn: Admin-Display-Name -name: Admin-Display-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: adminDisplayName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96791a-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Admin-Display-Name attributeID: 1.2.840.113556.1.2.194 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 256 +mAPIID: 32843 +showInAdvancedViewOnly: TRUE +adminDisplayName: Admin-Display-Name +adminDescription: Admin-Display-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: adminDisplayName +schemaIDGUID: bf96791a-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Context-Menu,${SCHEMADN} -cn: Context-Menu -name: Context-Menu objectClass: top objectClass: attributeSchema -lDAPDisplayName: contextMenu -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 4d8601ee-ac85-11d0-afe3-00c04fd930c9 -adminDisplayName: Context-Menu attributeID: 1.2.840.113556.1.4.499 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Context-Menu +adminDescription: Context-Menu oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: contextMenu +schemaIDGUID: 4d8601ee-ac85-11d0-afe3-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Link-ID,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.2.50 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 32965 +showInAdvancedViewOnly: TRUE +adminDisplayName: Link-ID +adminDescription: Link-ID +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: linkID +schemaIDGUID: bf96799b-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=attributeCertificateAttribute,${SCHEMADN} -cn: attributeCertificateAttribute -name: attributeCertificateAttribute objectClass: top objectClass: attributeSchema -lDAPDisplayName: attributeCertificateAttribute -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e -adminDisplayName: attributeCertificateAttribute attributeID: 2.5.4.58 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: attributeCertificateAttribute +adminDescription: A digitally signed or certified identity and set of attributes. Used to bind authorization information to an identity. X.509 oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: attributeCertificateAttribute +schemaIDGUID: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Surname,${SCHEMADN} -cn: Surname -name: Surname objectClass: top objectClass: attributeSchema -lDAPDisplayName: sn -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a41-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Surname attributeID: 2.5.4.4 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14865 +showInAdvancedViewOnly: TRUE +adminDisplayName: Surname +adminDescription: Surname oMSyntax: 64 +searchFlags: 5 +lDAPDisplayName: sn +schemaIDGUID: bf967a41-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SAM-Account-Name,${SCHEMADN} -cn: SAM-Account-Name -name: SAM-Account-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: sAMAccountName -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: 3e0abfd0-126a-11d0-a060-00aa006c33ed -adminDisplayName: SAM-Account-Name attributeID: 1.2.840.113556.1.4.221 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 256 +showInAdvancedViewOnly: TRUE +adminDisplayName: SAM-Account-Name +adminDescription: SAM-Account-Name oMSyntax: 64 +searchFlags: 13 +lDAPDisplayName: sAMAccountName +schemaIDGUID: 3e0abfd0-126a-11d0-a060-00aa006c33ed +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Governs-ID,${SCHEMADN} -cn: Governs-ID -name: Governs-ID objectClass: top objectClass: attributeSchema -lDAPDisplayName: governsID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf96797d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Governs-ID attributeID: 1.2.840.113556.1.2.22 attributeSyntax: 2.5.5.2 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Governs-ID +adminDescription: Governs-ID oMSyntax: 6 +searchFlags: 8 +lDAPDisplayName: governsID +schemaIDGUID: bf96797d-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=jpegPhoto,${SCHEMADN} -cn: jpegPhoto -name: jpegPhoto objectClass: top objectClass: attributeSchema -lDAPDisplayName: jpegPhoto -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: bac80572-09c4-4fa9-9ae6-7628d7adbe0e -adminDisplayName: jpegPhoto attributeID: 0.9.2342.19200300.100.1.60 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: jpegPhoto +adminDescription: Used to store one or more images of a person using the JPEG File Interchange Format [JFIF]. oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: jpegPhoto +schemaIDGUID: bac80572-09c4-4fa9-9ae6-7628d7adbe0e +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Sign-Certificates,${SCHEMADN} -cn: MSMQ-Sign-Certificates -name: MSMQ-Sign-Certificates objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQSignCertificates -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 9a0dc33b-c100-11d1-bbc5-0080c76670c0 -adminDisplayName: MSMQ-Sign-Certificates attributeID: 1.2.840.113556.1.4.947 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +rangeUpper: 1048576 +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Sign-Certificates +adminDescription: MSMQ-Sign-Certificates oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: mSMQSignCertificates +schemaIDGUID: 9a0dc33b-c100-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Initial-Auth-Incoming,${SCHEMADN} -cn: Initial-Auth-Incoming -name: Initial-Auth-Incoming objectClass: top objectClass: attributeSchema -lDAPDisplayName: initialAuthIncoming -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 52458023-ca6a-11d0-afff-0000f80367c1 -adminDisplayName: Initial-Auth-Incoming attributeID: 1.2.840.113556.1.4.539 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Initial-Auth-Incoming +adminDescription: Initial-Auth-Incoming oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: initialAuthIncoming +schemaIDGUID: 52458023-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Cross-Ref,${SCHEMADN} -cn: Domain-Cross-Ref -name: Domain-Cross-Ref objectClass: top objectClass: attributeSchema -lDAPDisplayName: domainCrossRef -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: b000ea7b-a086-11d0-afdd-00c04fd930c9 -adminDisplayName: Domain-Cross-Ref attributeID: 1.2.840.113556.1.4.472 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Domain-Cross-Ref oMObjectClass:: KwwCh3McAIVK +adminDescription: Domain-Cross-Ref +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: domainCrossRef +schemaIDGUID: b000ea7b-a086-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Text-Encoded-OR-Address,${SCHEMADN} -cn: Text-Encoded-OR-Address -name: Text-Encoded-OR-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: textEncodedORAddress -isSingleValued: TRUE -systemOnly: FALSE -schemaIDGUID: a8df7489-c5ea-11d1-bbcb-0080c76670c0 -adminDisplayName: Text-Encoded-OR-Address attributeID: 0.9.2342.19200300.100.1.2 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 1024 +mAPIID: 35969 +showInAdvancedViewOnly: TRUE +adminDisplayName: Text-Encoded-OR-Address +adminDescription: Text-Encoded-OR-Address oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: textEncodedORAddress +schemaIDGUID: a8df7489-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-DSA-Last-Obj-Removed,${SCHEMADN} -cn: USN-DSA-Last-Obj-Removed -name: USN-DSA-Last-Obj-Removed objectClass: top objectClass: attributeSchema -lDAPDisplayName: uSNDSALastObjRemoved -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a71-0de6-11d0-a285-00aa003049e2 -adminDisplayName: USN-DSA-Last-Obj-Removed attributeID: 1.2.840.113556.1.2.267 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +mAPIID: 33109 +showInAdvancedViewOnly: TRUE +adminDisplayName: USN-DSA-Last-Obj-Removed +adminDescription: USN-DSA-Last-Obj-Removed oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: uSNDSALastObjRemoved +schemaIDGUID: bf967a71-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Operations-For-Az-Role-BL,${SCHEMADN} -cn: ms-DS-Operations-For-Az-Role-BL -name: ms-DS-Operations-For-Az-Role-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-OperationsForAzRoleBL +attributeID: 1.2.840.113556.1.4.1813 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2023 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: f85b6228-3734-4525-b6b7-3f3bb220902c +showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Operations-For-Az-Role-BL -attributeID: 1.2.840.113556.1.4.1813 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Back-link from Az-Operation to Az-Role object(s) linking to it +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-OperationsForAzRoleBL +schemaIDGUID: f85b6228-3734-4525-b6b7-3f3bb220902c +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Consistency-Child-Count,${SCHEMADN} -cn: MS-DS-Consistency-Child-Count -name: MS-DS-Consistency-Child-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: mS-DS-ConsistencyChildCount -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1 -adminDisplayName: MS-DS-Consistency-Child-Count attributeID: 1.2.840.113556.1.4.1361 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Consistency-Child-Count +adminDescription: MS-DS-Consistency-Child-Count oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: mS-DS-ConsistencyChildCount +schemaIDGUID: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DSA-Signature,${SCHEMADN} -cn: DSA-Signature -name: DSA-Signature objectClass: top objectClass: attributeSchema -lDAPDisplayName: dSASignature -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 167757bc-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: DSA-Signature attributeID: 1.2.840.113556.1.2.74 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +mAPIID: 32887 +showInAdvancedViewOnly: TRUE +adminDisplayName: DSA-Signature +adminDescription: DSA-Signature oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: dSASignature +schemaIDGUID: 167757bc-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Child-Classes,${SCHEMADN} -cn: Allowed-Child-Classes -name: Allowed-Child-Classes objectClass: top objectClass: attributeSchema -lDAPDisplayName: allowedChildClasses -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad942-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Allowed-Child-Classes attributeID: 1.2.840.113556.1.4.911 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Allowed-Child-Classes +adminDescription: Allowed-Child-Classes oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: allowedChildClasses +schemaIDGUID: 9a7ad942-ca53-11d1-bbd0-0080c76670c0 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Attributes-Effective,${SCHEMADN} -cn: Allowed-Attributes-Effective -name: Allowed-Attributes-Effective objectClass: top objectClass: attributeSchema -lDAPDisplayName: allowedAttributesEffective -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad941-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Allowed-Attributes-Effective attributeID: 1.2.840.113556.1.4.914 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Allowed-Attributes-Effective +adminDescription: Allowed-Attributes-Effective oMSyntax: 6 - -dn: CN=NT-Mixed-Domain,${SCHEMADN} -cn: NT-Mixed-Domain -name: NT-Mixed-Domain -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: nTMixedDomain -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e97891f-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: NT-Mixed-Domain +searchFlags: 0 +lDAPDisplayName: allowedAttributesEffective +schemaIDGUID: 9a7ad941-ca53-11d1-bbd0-0080c76670c0 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=NT-Mixed-Domain,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.357 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: NT-Mixed-Domain +adminDescription: NT-Mixed-Domain oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: nTMixedDomain +schemaIDGUID: 3e97891f-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Has-Instantiated-NCs,${SCHEMADN} -cn: ms-DS-Has-Instantiated-NCs -name: ms-DS-Has-Instantiated-NCs objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-HasInstantiatedNCs +attributeID: 1.2.840.113556.1.4.1709 +attributeSyntax: 2.5.5.7 isSingleValued: FALSE +rangeLower: 4 +rangeUpper: 4 linkID: 2002 -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 11e9a5bc-4517-4049-af9c-51554fb0fc09 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-DS-Has-Instantiated-NCs -attributeID: 1.2.840.113556.1.4.1709 -attributeSyntax: 2.5.5.7 -oMSyntax: 127 oMObjectClass:: KoZIhvcUAQEBCw== +adminDescription: DS replication information detailing the state of the NCs present on a particular server. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-HasInstantiatedNCs +schemaIDGUID: 11e9a5bc-4517-4049-af9c-51554fb0fc09 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Min-Pwd-Length,${SCHEMADN} -cn: Min-Pwd-Length -name: Min-Pwd-Length objectClass: top objectClass: attributeSchema -lDAPDisplayName: minPwdLength -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679c3-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Min-Pwd-Length attributeID: 1.2.840.113556.1.4.79 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Min-Pwd-Length +adminDescription: Min-Pwd-Length oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: minPwdLength +schemaIDGUID: bf9679c3-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Policy-Object,${SCHEMADN} -cn: Domain-Policy-Object -name: Domain-Policy-Object objectClass: top objectClass: attributeSchema -lDAPDisplayName: domainPolicyObject -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96795d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Domain-Policy-Object attributeID: 1.2.840.113556.1.4.32 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Domain-Policy-Object oMObjectClass:: KwwCh3McAIVK +adminDescription: Domain-Policy-Object +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: domainPolicyObject +schemaIDGUID: bf96795d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Physical-Delivery-Office-Name,${SCHEMADN} -cn: Physical-Delivery-Office-Name -name: Physical-Delivery-Office-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: physicalDeliveryOfficeName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f7-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Physical-Delivery-Office-Name attributeID: 2.5.4.19 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 14873 +showInAdvancedViewOnly: TRUE +adminDisplayName: Physical-Delivery-Office-Name +adminDescription: Physical-Delivery-Office-Name oMSyntax: 64 +searchFlags: 5 +lDAPDisplayName: physicalDeliveryOfficeName +schemaIDGUID: bf9679f7-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Volume-Count,${SCHEMADN} -cn: Volume-Count -name: Volume-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: volumeCount -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 34aaa217-b699-11d0-afee-0000f80367c1 -adminDisplayName: Volume-Count attributeID: 1.2.840.113556.1.4.507 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Volume-Count +adminDescription: Volume-Count oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: volumeCount +schemaIDGUID: 34aaa217-b699-11d0-afee-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSServiceType,${SCHEMADN} -cn: msRADIUSServiceType -name: msRADIUSServiceType objectClass: top objectClass: attributeSchema -lDAPDisplayName: msRADIUSServiceType -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c90b6-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msRADIUSServiceType attributeID: 1.2.840.113556.1.4.1171 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: msRADIUSServiceType +adminDescription: msRADIUSServiceType oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msRADIUSServiceType +schemaIDGUID: db0c90b6-c1f2-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logon,${SCHEMADN} -cn: Last-Logon -name: Last-Logon objectClass: top objectClass: attributeSchema -lDAPDisplayName: lastLogon -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: bf967997-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Last-Logon attributeID: 1.2.840.113556.1.4.52 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Last-Logon +adminDescription: Last-Logon oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lastLogon +schemaIDGUID: bf967997-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Groups-to-Ignore,${SCHEMADN} -cn: Groups-to-Ignore -name: Groups-to-Ignore objectClass: top objectClass: attributeSchema -lDAPDisplayName: groupsToIgnore -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: eea65904-8ac6-11d0-afda-00c04fd930c9 -adminDisplayName: Groups-to-Ignore attributeID: 1.2.840.113556.1.4.344 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Groups-to-Ignore +adminDescription: Groups-to-Ignore oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: groupsToIgnore +schemaIDGUID: eea65904-8ac6-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-Info,${SCHEMADN} -cn: Schema-Info -name: Schema-Info objectClass: top objectClass: attributeSchema -lDAPDisplayName: schemaInfo -isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: f9fb64ae-93b4-11d2-9945-0000f87a57d4 -adminDisplayName: Schema-Info attributeID: 1.2.840.113556.1.4.1358 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Schema-Info +adminDescription: Schema-Info oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: schemaInfo +schemaIDGUID: f9fb64ae-93b4-11d2-9945-0000f87a57d4 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Component,${SCHEMADN} -cn: Domain-Component -name: Domain-Component objectClass: top objectClass: attributeSchema -lDAPDisplayName: dc -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: 19195a55-6da0-11d0-afd3-00c04fd930c9 -adminDisplayName: Domain-Component attributeID: 0.9.2342.19200300.100.1.25 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 255 +showInAdvancedViewOnly: TRUE +adminDisplayName: Domain-Component +adminDescription: Domain-Component oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: dc +schemaIDGUID: 19195a55-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Category,${SCHEMADN} -cn: Object-Category -name: Object-Category objectClass: top objectClass: attributeSchema -lDAPDisplayName: objectCategory -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: 26d97369-6070-11d1-a9c6-0000f80367c1 -adminDisplayName: Object-Category attributeID: 1.2.840.113556.1.4.782 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Object-Category oMObjectClass:: KwwCh3McAIVK +adminDescription: Object-Category +oMSyntax: 127 +searchFlags: 1 +lDAPDisplayName: objectCategory +schemaIDGUID: 26d97369-6070-11d1-a9c6-0000f80367c1 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Modify-Time-Stamp,${SCHEMADN} -cn: Modify-Time-Stamp -name: Modify-Time-Stamp objectClass: top objectClass: attributeSchema -lDAPDisplayName: modifyTimeStamp -isSingleValued: TRUE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Modify-Time-Stamp attributeID: 2.5.18.2 attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Modify-Time-Stamp +adminDescription: Modify-Time-Stamp oMSyntax: 24 +searchFlags: 0 +lDAPDisplayName: modifyTimeStamp +schemaIDGUID: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Display-Name,${SCHEMADN} -cn: Display-Name -name: Display-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: displayName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967953-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Display-Name attributeID: 1.2.840.113556.1.2.13 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 256 +showInAdvancedViewOnly: TRUE +adminDisplayName: Display-Name +adminDescription: Display-Name oMSyntax: 64 +searchFlags: 5 +lDAPDisplayName: displayName +schemaIDGUID: bf967953-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Description,${SCHEMADN} -cn: Admin-Description -name: Admin-Description objectClass: top objectClass: attributeSchema -lDAPDisplayName: adminDescription -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967919-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Admin-Description attributeID: 1.2.840.113556.1.2.226 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 1024 +mAPIID: 32842 +showInAdvancedViewOnly: TRUE +adminDisplayName: Admin-Description +adminDescription: Admin-Description oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: adminDescription +schemaIDGUID: bf967919-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-DnsRootAlias,${SCHEMADN} -cn: ms-DS-DnsRootAlias -name: ms-DS-DnsRootAlias objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-DnsRootAlias -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2143acca-eead-4d29-b591-85fa49ce9173 -adminDisplayName: ms-DS-DnsRootAlias attributeID: 1.2.840.113556.1.4.1719 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 255 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-DnsRootAlias +adminDescription: ms-DS-DnsRootAlias oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-DnsRootAlias +schemaIDGUID: 2143acca-eead-4d29-b591-85fa49ce9173 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Creation-Wizard,${SCHEMADN} -cn: Creation-Wizard -name: Creation-Wizard objectClass: top objectClass: attributeSchema -lDAPDisplayName: creationWizard -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 4d8601ed-ac85-11d0-afe3-00c04fd930c9 -adminDisplayName: Creation-Wizard attributeID: 1.2.840.113556.1.4.498 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Creation-Wizard +adminDescription: Creation-Wizard oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: creationWizard +schemaIDGUID: 4d8601ed-ac85-11d0-afe3-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Has-Partial-Replica-NCs,${SCHEMADN} -cn: Has-Partial-Replica-NCs -name: Has-Partial-Replica-NCs objectClass: top objectClass: attributeSchema -lDAPDisplayName: hasPartialReplicaNCs +attributeID: 1.2.840.113556.1.2.15 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +mAPIID: 32949 linkID: 74 -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967981-0de6-11d0-a285-00aa003049e2 +showInAdvancedViewOnly: TRUE adminDisplayName: Has-Partial-Replica-NCs -attributeID: 1.2.840.113556.1.2.15 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Has-Partial-Replica-NCs +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: hasPartialReplicaNCs +schemaIDGUID: bf967981-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Control-Access-Rights,${SCHEMADN} -cn: Control-Access-Rights -name: Control-Access-Rights objectClass: top objectClass: attributeSchema -lDAPDisplayName: controlAccessRights -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 6da8a4fc-0e52-11d0-a286-00aa003049e2 -adminDisplayName: Control-Access-Rights attributeID: 1.2.840.113556.1.4.200 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Control-Access-Rights +adminDescription: Control-Access-Rights oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: controlAccessRights +schemaIDGUID: 6da8a4fc-0e52-11d0-a286-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=UAS-Compat,${SCHEMADN} -cn: UAS-Compat -name: UAS-Compat objectClass: top objectClass: attributeSchema -lDAPDisplayName: uASCompat -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a61-0de6-11d0-a285-00aa003049e2 -adminDisplayName: UAS-Compat attributeID: 1.2.840.113556.1.4.155 attributeSyntax: 2.5.5.9 -oMSyntax: 2 - -dn: CN=Object-Sid,${SCHEMADN} -cn: Object-Sid -name: Object-Sid -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: objectSid isSingleValued: TRUE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: bf9679e8-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Object-Sid +showInAdvancedViewOnly: TRUE +adminDisplayName: UAS-Compat +adminDescription: UAS-Compat +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: uASCompat +schemaIDGUID: bf967a61-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Object-Sid,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.146 attributeSyntax: 2.5.5.17 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 28 +mAPIID: 32807 +showInAdvancedViewOnly: TRUE +adminDisplayName: Object-Sid +adminDescription: Object-Sid oMSyntax: 4 +searchFlags: 9 +lDAPDisplayName: objectSid +schemaIDGUID: bf9679e8-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Title,${SCHEMADN} -cn: Title -name: Title objectClass: top objectClass: attributeSchema -lDAPDisplayName: title -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a55-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Title attributeID: 2.5.4.12 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14871 +showInAdvancedViewOnly: TRUE +adminDisplayName: Title +adminDescription: Title oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: title +schemaIDGUID: bf967a55-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Pager-Other,${SCHEMADN} -cn: Phone-Pager-Other -name: Phone-Pager-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherPager -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ffa4-1191-11d0-a060-00aa006c33ed -adminDisplayName: Phone-Pager-Other attributeID: 1.2.840.113556.1.2.118 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 35950 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Pager-Other +adminDescription: Phone-Pager-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: otherPager +schemaIDGUID: f0f8ffa4-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Division,${SCHEMADN} -cn: Division -name: Division objectClass: top objectClass: attributeSchema -lDAPDisplayName: division -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: fe6136a0-2073-11d0-a9c2-00aa006c33ed -adminDisplayName: Division attributeID: 1.2.840.113556.1.4.261 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 256 +showInAdvancedViewOnly: TRUE +adminDisplayName: Division +adminDescription: Division oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: division +schemaIDGUID: fe6136a0-2073-11d0-a9c2-00aa006c33ed +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=SAM-Account-Type,${SCHEMADN} -cn: SAM-Account-Type -name: SAM-Account-Type +dn: CN=Range-Upper,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: sAMAccountType +attributeID: 1.2.840.113556.1.2.35 +attributeSyntax: 2.5.5.9 isSingleValued: TRUE -systemFlags: 18 +mAPIID: 33044 +showInAdvancedViewOnly: TRUE +adminDisplayName: Range-Upper +adminDescription: Range-Upper +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: rangeUpper +schemaIDGUID: bf967a0d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -schemaIDGUID: 6e7b626c-64f2-11d0-afd2-00c04fd930c9 -adminDisplayName: SAM-Account-Type +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=OM-Object-Class,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.2.218 +attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +mAPIID: 33021 +showInAdvancedViewOnly: TRUE +adminDisplayName: OM-Object-Class +adminDescription: OM-Object-Class +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: oMObjectClass +schemaIDGUID: bf9679ec-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=MAPI-ID,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.2.49 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 32974 +showInAdvancedViewOnly: TRUE +adminDisplayName: MAPI-ID +adminDescription: MAPI-ID +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: mAPIID +schemaIDGUID: bf9679b7-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=SAM-Account-Type,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.302 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: SAM-Account-Type +adminDescription: SAM-Account-Type oMSyntax: 2 +searchFlags: 1 +lDAPDisplayName: sAMAccountType +schemaIDGUID: 6e7b626c-64f2-11d0-afd2-00c04fd930c9 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Class-Category,${SCHEMADN} -cn: Object-Class-Category -name: Object-Class-Category objectClass: top objectClass: attributeSchema -lDAPDisplayName: objectClassCategory -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf9679e6-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Object-Class-Category attributeID: 1.2.840.113556.1.2.370 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 3 +mAPIID: 33014 +showInAdvancedViewOnly: TRUE +adminDisplayName: Object-Class-Category +adminDescription: Object-Class-Category oMSyntax: 10 +searchFlags: 0 +lDAPDisplayName: objectClassCategory +schemaIDGUID: bf9679e6-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Hiding-Value,${SCHEMADN} -cn: Default-Hiding-Value -name: Default-Hiding-Value objectClass: top objectClass: attributeSchema -lDAPDisplayName: defaultHidingValue -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: b7b13116-b82e-11d0-afee-0000f80367c1 -adminDisplayName: Default-Hiding-Value attributeID: 1.2.840.113556.1.4.518 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Default-Hiding-Value +adminDescription: Default-Hiding-Value oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: defaultHidingValue +schemaIDGUID: b7b13116-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msNPAllowDialin,${SCHEMADN} -cn: msNPAllowDialin -name: msNPAllowDialin objectClass: top objectClass: attributeSchema -lDAPDisplayName: msNPAllowDialin -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msNPAllowDialin attributeID: 1.2.840.113556.1.4.1119 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: msNPAllowDialin +adminDescription: msNPAllowDialin oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: msNPAllowDialin +schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Code-Page,${SCHEMADN} -cn: Code-Page -name: Code-Page objectClass: top objectClass: attributeSchema -lDAPDisplayName: codePage -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967938-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Code-Page attributeID: 1.2.840.113556.1.4.16 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 65535 +showInAdvancedViewOnly: TRUE +adminDisplayName: Code-Page +adminDescription: Code-Page oMSyntax: 2 +searchFlags: 16 +lDAPDisplayName: codePage +schemaIDGUID: bf967938-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Count,${SCHEMADN} -cn: Admin-Count -name: Admin-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: adminCount -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967918-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Admin-Count attributeID: 1.2.840.113556.1.4.150 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Admin-Count +adminDescription: Admin-Count oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: adminCount +schemaIDGUID: bf967918-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-Update,${SCHEMADN} -cn: Schema-Update -name: Schema-Update objectClass: top objectClass: attributeSchema -lDAPDisplayName: schemaUpdate -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9 -adminDisplayName: Schema-Update attributeID: 1.2.840.113556.1.4.481 attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Schema-Update +adminDescription: Schema-Update oMSyntax: 24 +searchFlags: 0 +lDAPDisplayName: schemaUpdate +schemaIDGUID: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9 +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Direction,${SCHEMADN} -cn: Trust-Direction -name: Trust-Direction objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustDirection -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a5c-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Trust-Direction attributeID: 1.2.840.113556.1.4.132 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Direction +adminDescription: Trust-Direction oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: trustDirection +schemaIDGUID: bf967a5c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Enabled,${SCHEMADN} -cn: Enabled -name: Enabled objectClass: top objectClass: attributeSchema -lDAPDisplayName: Enabled -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: a8df73f2-c5ea-11d1-bbcb-0080c76670c0 -adminDisplayName: Enabled attributeID: 1.2.840.113556.1.2.557 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +mAPIID: 35873 +showInAdvancedViewOnly: TRUE +adminDisplayName: Enabled +adminDescription: Enabled oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: Enabled +schemaIDGUID: a8df73f2-c5ea-11d1-bbcb-0080c76670c0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Locality-Name,${SCHEMADN} -cn: Locality-Name -name: Locality-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: l -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf9679a2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Locality-Name attributeID: 2.5.4.7 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 14887 +showInAdvancedViewOnly: TRUE +adminDisplayName: Locality-Name +adminDescription: Locality-Name oMSyntax: 64 +searchFlags: 17 +lDAPDisplayName: l +schemaIDGUID: bf9679a2-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=EFSPolicy,${SCHEMADN} -cn: EFSPolicy -name: EFSPolicy objectClass: top objectClass: attributeSchema -lDAPDisplayName: eFSPolicy -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9 -adminDisplayName: EFSPolicy attributeID: 1.2.840.113556.1.4.268 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: EFSPolicy +adminDescription: EFSPolicy oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: eFSPolicy +schemaIDGUID: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9 +attributeSecurityGUID: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Builtin-Modified-Count,${SCHEMADN} -cn: Builtin-Modified-Count -name: Builtin-Modified-Count objectClass: top objectClass: attributeSchema -lDAPDisplayName: builtinModifiedCount -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967930-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Builtin-Modified-Count attributeID: 1.2.840.113556.1.4.14 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Builtin-Modified-Count +adminDescription: Builtin-Modified-Count oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: builtinModifiedCount +schemaIDGUID: bf967930-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Office-Other,${SCHEMADN} -cn: Phone-Office-Other -name: Phone-Office-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherTelephone -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ffa5-1191-11d0-a060-00aa006c33ed -adminDisplayName: Phone-Office-Other attributeID: 1.2.840.113556.1.2.18 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14875 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Office-Other +adminDescription: Phone-Office-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: otherTelephone +schemaIDGUID: f0f8ffa5-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-ISDN-Primary,${SCHEMADN} -cn: Phone-ISDN-Primary -name: Phone-ISDN-Primary objectClass: top objectClass: attributeSchema -lDAPDisplayName: primaryInternationalISDNNumber -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0296c11f-40da-11d1-a9c0-0000f80367c1 -adminDisplayName: Phone-ISDN-Primary attributeID: 1.2.840.113556.1.4.649 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-ISDN-Primary +adminDescription: Phone-ISDN-Primary oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: primaryInternationalISDNNumber +schemaIDGUID: 0296c11f-40da-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Employee-ID,${SCHEMADN} -cn: Employee-ID -name: Employee-ID objectClass: top objectClass: attributeSchema -lDAPDisplayName: employeeID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967962-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Employee-ID attributeID: 1.2.840.113556.1.4.35 attributeSyntax: 2.5.5.12 -oMSyntax: 64 - -dn: CN=Tombstone-Lifetime,${SCHEMADN} -cn: Tombstone-Lifetime -name: Tombstone-Lifetime -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: tombstoneLifetime isSingleValued: TRUE -systemFlags: 16 +rangeLower: 0 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Employee-ID +adminDescription: Employee-ID +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: employeeID +schemaIDGUID: bf967962-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -schemaIDGUID: 16c3a860-1273-11d0-a060-00aa006c33ed -adminDisplayName: Tombstone-Lifetime +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Tombstone-Lifetime,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.2.54 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +mAPIID: 33093 +showInAdvancedViewOnly: TRUE +adminDisplayName: Tombstone-Lifetime +adminDescription: Tombstone-Lifetime oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: tombstoneLifetime +schemaIDGUID: 16c3a860-1273-11d0-a060-00aa006c33ed +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operating-System-Service-Pack,${SCHEMADN} -cn: Operating-System-Service-Pack -name: Operating-System-Service-Pack objectClass: top objectClass: attributeSchema -lDAPDisplayName: operatingSystemServicePack -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e978927-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Operating-System-Service-Pack attributeID: 1.2.840.113556.1.4.365 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Operating-System-Service-Pack +adminDescription: Operating-System-Service-Pack oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: operatingSystemServicePack +schemaIDGUID: 3e978927-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-Initialization,${SCHEMADN} -cn: Netboot-Initialization -name: Netboot-Initialization objectClass: top objectClass: attributeSchema -lDAPDisplayName: netbootInitialization -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e978920-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Netboot-Initialization attributeID: 1.2.840.113556.1.4.358 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Netboot-Initialization +adminDescription: Netboot-Initialization oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: netbootInitialization +schemaIDGUID: 3e978920-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Principal-Name,${SCHEMADN} -cn: User-Principal-Name -name: User-Principal-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: userPrincipalName -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: 28630ebb-41d5-11d1-a9c1-0000f80367c1 -adminDisplayName: User-Principal-Name attributeID: 1.2.840.113556.1.4.656 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeUpper: 1024 +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Principal-Name +adminDescription: User-Principal-Name oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: userPrincipalName +schemaIDGUID: 28630ebb-41d5-11d1-a9c1-0000f80367c1 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Service-Principal-Name,${SCHEMADN} -cn: Service-Principal-Name -name: Service-Principal-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: servicePrincipalName -isSingleValued: FALSE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: f3a64788-5306-11d1-a9c5-0000f80367c1 -adminDisplayName: Service-Principal-Name attributeID: 1.2.840.113556.1.4.771 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Service-Principal-Name +adminDescription: Service-Principal-Name oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: servicePrincipalName +schemaIDGUID: f3a64788-5306-11d1-a9c5-0000f80367c1 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Login-Workstations,${SCHEMADN} -cn: Other-Login-Workstations -name: Other-Login-Workstations objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherLoginWorkstations -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f1-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Other-Login-Workstations attributeID: 1.2.840.113556.1.4.91 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 0 +rangeUpper: 1024 +showInAdvancedViewOnly: TRUE +adminDisplayName: Other-Login-Workstations +adminDescription: Other-Login-Workstations oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: otherLoginWorkstations +schemaIDGUID: bf9679f1-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-IIS-FTP-Dir,${SCHEMADN} -cn: ms-IIS-FTP-Dir -name: ms-IIS-FTP-Dir objectClass: top objectClass: attributeSchema -lDAPDisplayName: msIIS-FTPDir -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee -adminDisplayName: ms-IIS-FTP-Dir attributeID: 1.2.840.113556.1.4.1786 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 256 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-IIS-FTP-Dir +adminDescription: Relative user directory on an FTP Root share. oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msIIS-FTPDir +schemaIDGUID: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Site-Affinity,${SCHEMADN} -cn: ms-DS-Site-Affinity -name: ms-DS-Site-Affinity objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Site-Affinity -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: c17c5602-bcb7-46f0-9656-6370ca884b72 -adminDisplayName: ms-DS-Site-Affinity attributeID: 1.2.840.113556.1.4.1443 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Site-Affinity +adminDescription: ms-DS-Site-Affinity oMSyntax: 4 +searchFlags: 1 +lDAPDisplayName: msDS-Site-Affinity +schemaIDGUID: c17c5602-bcb7-46f0-9656-6370ca884b72 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Max-Storage,${SCHEMADN} -cn: Max-Storage -name: Max-Storage objectClass: top objectClass: attributeSchema -lDAPDisplayName: maxStorage -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679bd-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Max-Storage attributeID: 1.2.840.113556.1.4.76 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Max-Storage +adminDescription: Max-Storage oMSyntax: 65 +searchFlags: 16 +lDAPDisplayName: maxStorage +schemaIDGUID: bf9679bd-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NT-Security-Descriptor,${SCHEMADN} -cn: NT-Security-Descriptor -name: NT-Security-Descriptor objectClass: top objectClass: attributeSchema -lDAPDisplayName: nTSecurityDescriptor -isSingleValued: TRUE -systemFlags: 26 -systemOnly: FALSE -schemaIDGUID: bf9679e3-0de6-11d0-a285-00aa003049e2 -adminDisplayName: NT-Security-Descriptor attributeID: 1.2.840.113556.1.2.281 attributeSyntax: 2.5.5.15 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 132096 +mAPIID: 32787 +showInAdvancedViewOnly: TRUE +adminDisplayName: NT-Security-Descriptor +adminDescription: NT-Security-Descriptor oMSyntax: 66 +searchFlags: 8 +lDAPDisplayName: nTSecurityDescriptor +schemaIDGUID: bf9679e3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 26 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Site-Object-BL,${SCHEMADN} -cn: Site-Object-BL -name: Site-Object-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: siteObjectBL +attributeID: 1.2.840.113556.1.4.513 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 47 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 3e10944d-c354-11d0-aff8-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Site-Object-BL -attributeID: 1.2.840.113556.1.4.513 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Site-Object-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: siteObjectBL +schemaIDGUID: 3e10944d-c354-11d0-aff8-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Query-Policy-BL,${SCHEMADN} -cn: Query-Policy-BL -name: Query-Policy-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: queryPolicyBL +attributeID: 1.2.840.113556.1.4.608 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 69 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: e1aea404-cd5b-11d0-afff-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Query-Policy-BL -attributeID: 1.2.840.113556.1.4.608 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Query-Policy-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: queryPolicyBL +schemaIDGUID: e1aea404-cd5b-11d0-afff-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Partial-Attribute-Set,${SCHEMADN} -cn: Partial-Attribute-Set -name: Partial-Attribute-Set objectClass: top objectClass: attributeSchema -lDAPDisplayName: partialAttributeSet -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: 19405b9e-3cfa-11d1-a9c0-0000f80367c1 -adminDisplayName: Partial-Attribute-Set attributeID: 1.2.840.113556.1.4.640 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Partial-Attribute-Set +adminDescription: Partial-Attribute-Set oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: partialAttributeSet +schemaIDGUID: 19405b9e-3cfa-11d1-a9c0-0000f80367c1 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Obj-Dist-Name,${SCHEMADN} -cn: Obj-Dist-Name -name: Obj-Dist-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: distinguishedName -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf9679e4-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Obj-Dist-Name attributeID: 2.5.4.49 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +mAPIID: 32828 +showInAdvancedViewOnly: TRUE +adminDisplayName: Obj-Dist-Name oMObjectClass:: KwwCh3McAIVK +adminDescription: Obj-Dist-Name +oMSyntax: 127 +searchFlags: 8 +lDAPDisplayName: distinguishedName +schemaIDGUID: bf9679e4-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Description,${SCHEMADN} -cn: Description -name: Description objectClass: top objectClass: attributeSchema -lDAPDisplayName: description -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967950-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Description attributeID: 2.5.4.13 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 0 +rangeUpper: 1024 +mAPIID: 32879 +showInAdvancedViewOnly: TRUE +adminDisplayName: Description +adminDescription: Description oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: description +schemaIDGUID: bf967950-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Class-ID,${SCHEMADN} -cn: ms-DS-Az-Class-ID -name: ms-DS-Az-Class-ID objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzClassId -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 013a7277-5c2d-49ef-a7de-b765b36a3f6f -adminDisplayName: MS-DS-Az-Class-ID attributeID: 1.2.840.113556.1.4.1816 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 40 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Class-ID +adminDescription: A class ID required by the AzRoles UI on the AzApplication object oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AzClassId +schemaIDGUID: 013a7277-5c2d-49ef-a7de-b765b36a3f6f +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RID-Available-Pool,${SCHEMADN} -cn: RID-Available-Pool -name: RID-Available-Pool objectClass: top objectClass: attributeSchema -lDAPDisplayName: rIDAvailablePool -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 66171888-8f3c-11d0-afda-00c04fd930c9 -adminDisplayName: RID-Available-Pool attributeID: 1.2.840.113556.1.4.370 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: RID-Available-Pool +adminDescription: RID-Available-Pool oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: rIDAvailablePool +schemaIDGUID: 66171888-8f3c-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Shell-Property-Pages,${SCHEMADN} -cn: Shell-Property-Pages -name: Shell-Property-Pages objectClass: top objectClass: attributeSchema -lDAPDisplayName: shellPropertyPages -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 52458039-ca6a-11d0-afff-0000f80367c1 -adminDisplayName: Shell-Property-Pages attributeID: 1.2.840.113556.1.4.563 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Shell-Property-Pages +adminDescription: Shell-Property-Pages oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: shellPropertyPages +schemaIDGUID: 52458039-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-SPN-Suffixes,${SCHEMADN} -cn: ms-DS-SPN-Suffixes -name: ms-DS-SPN-Suffixes objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-SPNSuffixes -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5 -adminDisplayName: ms-DS-SPN-Suffixes attributeID: 1.2.840.113556.1.4.1715 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeUpper: 255 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-SPN-Suffixes +adminDescription: ms-DS-SPN-Suffixes oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-SPNSuffixes +schemaIDGUID: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Private-Key,${SCHEMADN} -cn: Private-Key -name: Private-Key objectClass: top objectClass: attributeSchema -lDAPDisplayName: privateKey -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a03-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Private-Key attributeID: 1.2.840.113556.1.4.101 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Private-Key +adminDescription: Private-Key oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: privateKey +schemaIDGUID: bf967a03-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Facsimile-Telephone-Number,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 2.5.4.23 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14883 +showInAdvancedViewOnly: TRUE +adminDisplayName: Facsimile-Telephone-Number +adminDescription: Facsimile-Telephone-Number +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: facsimileTelephoneNumber +schemaIDGUID: bf967974-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Facsimile-Telephone-Number,${SCHEMADN} -cn: Facsimile-Telephone-Number -name: Facsimile-Telephone-Number +dn: CN=Search-Flags,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: facsimileTelephoneNumber +attributeID: 1.2.840.113556.1.2.334 +attributeSyntax: 2.5.5.9 isSingleValued: TRUE -systemFlags: 16 +rangeLower: 0 +mAPIID: 33069 +showInAdvancedViewOnly: TRUE +adminDisplayName: Search-Flags +adminDescription: Search-Flags +oMSyntax: 10 +searchFlags: 0 +lDAPDisplayName: searchFlags +schemaIDGUID: bf967a2d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -schemaIDGUID: bf967974-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Facsimile-Telephone-Number -attributeID: 2.5.4.23 -attributeSyntax: 2.5.5.12 -oMSyntax: 64 +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=MSMQ-Nt4-Stub,${SCHEMADN} -cn: MSMQ-Nt4-Stub -name: MSMQ-Nt4-Stub +dn: CN=Schema-Flags-Ex,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQNt4Stub -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 6f914be6-d57e-11d1-90a2-00c04fd91ab1 -adminDisplayName: MSMQ-Nt4-Stub -attributeID: 1.2.840.113556.1.4.960 +attributeID: 1.2.840.113556.1.4.120 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Schema-Flags-Ex +adminDescription: Schema-Flags-Ex oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: schemaFlagsEx +schemaIDGUID: bf967a2b-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Schema-Flags-Ex,${SCHEMADN} -cn: Schema-Flags-Ex -name: Schema-Flags-Ex +dn: CN=Is-Ephemeral,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: schemaFlagsEx +attributeID: 1.2.840.113556.1.4.1212 +attributeSyntax: 2.5.5.8 isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Is-Ephemeral +adminDescription: Is-Ephemeral +oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: isEphemeral +schemaIDGUID: f4c453f0-c5f1-11d1-bbcb-0080c76670c0 +systemOnly: TRUE systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a2b-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Schema-Flags-Ex -attributeID: 1.2.840.113556.1.4.120 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=MSMQ-Nt4-Stub,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.960 attributeSyntax: 2.5.5.9 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Nt4-Stub +adminDescription: MSMQ-Nt4-Stub oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: mSMQNt4Stub +schemaIDGUID: 6f914be6-d57e-11d1-90a2-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-IIS-FTP-Root,${SCHEMADN} -cn: ms-IIS-FTP-Root -name: ms-IIS-FTP-Root objectClass: top objectClass: attributeSchema -lDAPDisplayName: msIIS-FTPRoot -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2a7827a4-1483-49a5-9d84-52e3812156b4 -adminDisplayName: ms-IIS-FTP-Root attributeID: 1.2.840.113556.1.4.1785 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 256 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-IIS-FTP-Root +adminDescription: Virtual FTP Root where user home directory resides. oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msIIS-FTPRoot +schemaIDGUID: 2a7827a4-1483-49a5-9d84-52e3812156b4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Priority,${SCHEMADN} -cn: Group-Priority -name: Group-Priority objectClass: top objectClass: attributeSchema -lDAPDisplayName: groupPriority -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: eea65905-8ac6-11d0-afda-00c04fd930c9 -adminDisplayName: Group-Priority attributeID: 1.2.840.113556.1.4.345 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Group-Priority +adminDescription: Group-Priority oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: groupPriority +schemaIDGUID: eea65905-8ac6-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bridgehead-Transport-List,${SCHEMADN} -cn: Bridgehead-Transport-List -name: Bridgehead-Transport-List objectClass: top objectClass: attributeSchema -lDAPDisplayName: bridgeheadTransportList +attributeID: 1.2.840.113556.1.4.819 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 98 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: d50c2cda-8951-11d1-aebc-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Bridgehead-Transport-List -attributeID: 1.2.840.113556.1.4.819 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Bridgehead-Transport-List +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: bridgeheadTransportList +schemaIDGUID: d50c2cda-8951-11d1-aebc-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extended-Class-Info,${SCHEMADN} -cn: Extended-Class-Info -name: Extended-Class-Info objectClass: top objectClass: attributeSchema -lDAPDisplayName: extendedClassInfo -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad948-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: Extended-Class-Info attributeID: 1.2.840.113556.1.4.908 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Extended-Class-Info +adminDescription: Extended-Class-Info oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: extendedClassInfo +schemaIDGUID: 9a7ad948-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Flat-Name,${SCHEMADN} -cn: Flat-Name -name: Flat-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: flatName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: b7b13117-b82e-11d0-afee-0000f80367c1 -adminDisplayName: Flat-Name attributeID: 1.2.840.113556.1.4.511 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Flat-Name +adminDescription: Flat-Name oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: flatName +schemaIDGUID: b7b13117-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Wbem-Path,${SCHEMADN} -cn: Wbem-Path -name: Wbem-Path objectClass: top objectClass: attributeSchema -lDAPDisplayName: wbemPath -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 244b2970-5abd-11d0-afd2-00c04fd930c9 -adminDisplayName: Wbem-Path attributeID: 1.2.840.113556.1.4.301 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Wbem-Path +adminDescription: Wbem-Path oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: wbemPath +schemaIDGUID: 244b2970-5abd-11d0-afd2-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,${SCHEMADN} -cn: ms-DS-NC-Repl-Outbound-Neighbors -name: ms-DS-NC-Repl-Outbound-Neighbors objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-NCReplOutboundNeighbors -isSingleValued: FALSE -systemFlags: 20 -systemOnly: FALSE -schemaIDGUID: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f -adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors attributeID: 1.2.840.113556.1.4.1706 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-NC-Repl-Outbound-Neighbors +adminDescription: ms-DS-NC-Repl-Outbound-Neighbors oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-NCReplOutboundNeighbors +schemaIDGUID: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f +systemOnly: FALSE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Operations-For-Az-Task-BL,${SCHEMADN} -cn: ms-DS-Operations-For-Az-Task-BL -name: ms-DS-Operations-For-Az-Task-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-OperationsForAzTaskBL +attributeID: 1.2.840.113556.1.4.1809 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2019 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: a637d211-5739-4ed1-89b2-88974548bc59 +showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Operations-For-Az-Task-BL -attributeID: 1.2.840.113556.1.4.1809 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Back-link from Az-Operation to Az-Task object(s) linking to it +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-OperationsForAzTaskBL +schemaIDGUID: a637d211-5739-4ed1-89b2-88974548bc59 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Show-In-Advanced-View-Only,${SCHEMADN} -cn: Show-In-Advanced-View-Only -name: Show-In-Advanced-View-Only objectClass: top objectClass: attributeSchema -lDAPDisplayName: showInAdvancedViewOnly -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967984-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Show-In-Advanced-View-Only attributeID: 1.2.840.113556.1.2.169 attributeSyntax: 2.5.5.8 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Show-In-Advanced-View-Only +adminDescription: Show-In-Advanced-View-Only oMSyntax: 1 +searchFlags: 17 +lDAPDisplayName: showInAdvancedViewOnly +schemaIDGUID: bf967984-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Behavior-Version,${SCHEMADN} -cn: ms-DS-Behavior-Version -name: ms-DS-Behavior-Version objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Behavior-Version -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: d31a8757-2447-4545-8081-3bb610cacbf2 -adminDisplayName: ms-DS-Behavior-Version attributeID: 1.2.840.113556.1.4.1459 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Behavior-Version +adminDescription: ms-DS-Behavior-Version oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-Behavior-Version +schemaIDGUID: d31a8757-2447-4545-8081-3bb610cacbf2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Has-Master-NCs,${SCHEMADN} -cn: ms-DS-Has-Master-NCs -name: ms-DS-Has-Master-NCs objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-hasMasterNCs +attributeID: 1.2.840.113556.1.4.1836 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2036 -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad +showInAdvancedViewOnly: TRUE adminDisplayName: ms-DS-Has-Master-NCs -attributeID: 1.2.840.113556.1.4.1836 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: A list of the naming contexts contained by a DC. Deprecates hasMasterNCs. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-hasMasterNCs +schemaIDGUID: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pwd-History-Length,${SCHEMADN} -cn: Pwd-History-Length -name: Pwd-History-Length objectClass: top objectClass: attributeSchema -lDAPDisplayName: pwdHistoryLength -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a09-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Pwd-History-Length attributeID: 1.2.840.113556.1.4.95 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 0 +rangeUpper: 65535 +showInAdvancedViewOnly: TRUE +adminDisplayName: Pwd-History-Length +adminDescription: Pwd-History-Length oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: pwdHistoryLength +schemaIDGUID: bf967a09-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pek-List,${SCHEMADN} -cn: Pek-List -name: Pek-List objectClass: top objectClass: attributeSchema -lDAPDisplayName: pekList -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: 07383083-91df-11d1-aebc-0000f80367c1 -adminDisplayName: Pek-List attributeID: 1.2.840.113556.1.4.865 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Pek-List +adminDescription: Pek-List oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: pekList +schemaIDGUID: 07383083-91df-11d1-aebc-0000f80367c1 +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Postal-Code,${SCHEMADN} -cn: Postal-Code -name: Postal-Code objectClass: top objectClass: attributeSchema -lDAPDisplayName: postalCode -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679fd-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Postal-Code attributeID: 2.5.4.17 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 40 +mAPIID: 14890 +showInAdvancedViewOnly: TRUE +adminDisplayName: Postal-Code +adminDescription: Postal-Code oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: postalCode +schemaIDGUID: bf9679fd-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-Mirror-Data-File,${SCHEMADN} -cn: Netboot-Mirror-Data-File -name: Netboot-Mirror-Data-File objectClass: top objectClass: attributeSchema -lDAPDisplayName: netbootMirrorDataFile -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 2df90d85-009f-11d2-aa4c-00c04fd7d83a -adminDisplayName: Netboot-Mirror-Data-File attributeID: 1.2.840.113556.1.4.1241 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Netboot-Mirror-Data-File +adminDescription: Netboot-Mirror-Data-File oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: netbootMirrorDataFile +schemaIDGUID: 2df90d85-009f-11d2-aa4c-00c04fd7d83a +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Class-Store,${SCHEMADN} -cn: Default-Class-Store -name: Default-Class-Store objectClass: top objectClass: attributeSchema -lDAPDisplayName: defaultClassStore -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967948-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Default-Class-Store attributeID: 1.2.840.113556.1.4.213 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Default-Class-Store oMObjectClass:: KwwCh3McAIVK +adminDescription: Default-Class-Store +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: defaultClassStore +schemaIDGUID: bf967948-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Site-ID,${SCHEMADN} -cn: MSMQ-Site-ID -name: MSMQ-Site-ID -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: mSMQSiteID -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 9a0dc340-c100-11d1-bbc5-0080c76670c0 -adminDisplayName: MSMQ-Site-ID +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.953 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Site-ID +adminDescription: MSMQ-Site-ID oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: mSMQSiteID +schemaIDGUID: 9a0dc340-c100-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Show-In-Address-Book,${SCHEMADN} -cn: Show-In-Address-Book -name: Show-In-Address-Book objectClass: top objectClass: attributeSchema -lDAPDisplayName: showInAddressBook -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e74f60e-3e73-11d1-a9c0-0000f80367c1 -adminDisplayName: Show-In-Address-Book attributeID: 1.2.840.113556.1.4.644 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Show-In-Address-Book oMObjectClass:: KwwCh3McAIVK +adminDescription: Show-In-Address-Book +oMSyntax: 127 +searchFlags: 16 +lDAPDisplayName: showInAddressBook +schemaIDGUID: 3e74f60e-3e73-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=When-Created,${SCHEMADN} -cn: When-Created -name: When-Created objectClass: top objectClass: attributeSchema -lDAPDisplayName: whenCreated -isSingleValued: TRUE -systemFlags: 18 -systemOnly: TRUE -schemaIDGUID: bf967a78-0de6-11d0-a285-00aa003049e2 -adminDisplayName: When-Created attributeID: 1.2.840.113556.1.2.2 attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +mAPIID: 12295 +showInAdvancedViewOnly: TRUE +adminDisplayName: When-Created +adminDescription: When-Created oMSyntax: 24 +searchFlags: 0 +lDAPDisplayName: whenCreated +schemaIDGUID: bf967a78-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DS-Core-Propagation-Data,${SCHEMADN} -cn: DS-Core-Propagation-Data -name: DS-Core-Propagation-Data objectClass: top objectClass: attributeSchema -lDAPDisplayName: dSCorePropagationData -isSingleValued: FALSE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: d167aa4b-8b08-11d2-9939-0000f87a57d4 -adminDisplayName: DS-Core-Propagation-Data attributeID: 1.2.840.113556.1.4.1357 attributeSyntax: 2.5.5.11 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: DS-Core-Propagation-Data +adminDescription: DS-Core-Propagation-Data oMSyntax: 24 +searchFlags: 0 +lDAPDisplayName: dSCorePropagationData +schemaIDGUID: d167aa4b-8b08-11d2-9939-0000f87a57d4 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Display-Name-Printable,${SCHEMADN} -cn: Display-Name-Printable -name: Display-Name-Printable objectClass: top objectClass: attributeSchema -lDAPDisplayName: displayNamePrintable -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967954-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Display-Name-Printable attributeID: 1.2.840.113556.1.2.353 attributeSyntax: 2.5.5.5 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 256 +mAPIID: 14847 +showInAdvancedViewOnly: TRUE +adminDisplayName: Display-Name-Printable +adminDescription: Display-Name-Printable oMSyntax: 19 +searchFlags: 0 +lDAPDisplayName: displayNamePrintable +schemaIDGUID: bf967954-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=State-Or-Province-Name,${SCHEMADN} -cn: State-Or-Province-Name -name: State-Or-Province-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: st -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf967a39-0de6-11d0-a285-00aa003049e2 -adminDisplayName: State-Or-Province-Name attributeID: 2.5.4.8 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 14888 +showInAdvancedViewOnly: TRUE +adminDisplayName: State-Or-Province-Name +adminDescription: State-Or-Province-Name oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: st +schemaIDGUID: bf967a39-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-Reference,${SCHEMADN} -cn: Server-Reference -name: Server-Reference objectClass: top objectClass: attributeSchema -lDAPDisplayName: serverReference +attributeID: 1.2.840.113556.1.4.515 +attributeSyntax: 2.5.5.1 isSingleValued: TRUE linkID: 94 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 26d9736d-6070-11d1-a9c6-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Server-Reference -attributeID: 1.2.840.113556.1.4.515 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Server-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: serverReference +schemaIDGUID: 26d9736d-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Has-Domain-NCs,${SCHEMADN} -cn: ms-DS-Has-Domain-NCs -name: ms-DS-Has-Domain-NCs objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-HasDomainNCs +attributeID: 1.2.840.113556.1.4.1820 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +rangeLower: 4 +rangeUpper: 4 linkID: 2026 -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 6f17e347-a842-4498-b8b3-15e007da4fed +showInAdvancedViewOnly: TRUE adminDisplayName: ms-DS-Has-Domain-NCs -attributeID: 1.2.840.113556.1.4.1820 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: DS replication information detailing the domain NCs present on a particular server. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-HasDomainNCs +schemaIDGUID: 6f17e347-a842-4498-b8b3-15e007da4fed +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Invocation-Id,${SCHEMADN} -cn: Invocation-Id -name: Invocation-Id objectClass: top objectClass: attributeSchema -lDAPDisplayName: invocationId -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf96798e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Invocation-Id attributeID: 1.2.840.113556.1.2.115 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +mAPIID: 32959 +showInAdvancedViewOnly: TRUE +adminDisplayName: Invocation-Id +adminDescription: Invocation-Id oMSyntax: 4 +searchFlags: 1 +lDAPDisplayName: invocationId +schemaIDGUID: bf96798e-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Replica-Source,${SCHEMADN} -cn: Replica-Source -name: Replica-Source objectClass: top objectClass: attributeSchema -lDAPDisplayName: replicaSource -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a18-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Replica-Source attributeID: 1.2.840.113556.1.4.109 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Replica-Source +adminDescription: Replica-Source oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: replicaSource +schemaIDGUID: bf967a18-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Ip-Primary,${SCHEMADN} -cn: Phone-Ip-Primary -name: Phone-Ip-Primary objectClass: top objectClass: attributeSchema -lDAPDisplayName: ipPhone -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 4d146e4a-48d4-11d1-a9c3-0000f80367c1 -adminDisplayName: Phone-Ip-Primary attributeID: 1.2.840.113556.1.4.721 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Ip-Primary +adminDescription: Phone-Ip-Primary oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: ipPhone +schemaIDGUID: 4d146e4a-48d4-11d1-a9c3-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Home-Other,${SCHEMADN} -cn: Phone-Home-Other -name: Phone-Home-Other objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherHomePhone -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ffa2-1191-11d0-a060-00aa006c33ed -adminDisplayName: Phone-Home-Other attributeID: 1.2.840.113556.1.2.277 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14895 +showInAdvancedViewOnly: TRUE +adminDisplayName: Phone-Home-Other +adminDescription: Phone-Home-Other oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: otherHomePhone +schemaIDGUID: f0f8ffa2-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Organization-Name,${SCHEMADN} -cn: Organization-Name -name: Organization-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: o -isSingleValued: FALSE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf9679ef-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Organization-Name attributeID: 2.5.4.10 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 33025 +showInAdvancedViewOnly: TRUE +adminDisplayName: Organization-Name +adminDescription: Organization-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: o +schemaIDGUID: bf9679ef-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Operating-System,${SCHEMADN} -cn: Operating-System -name: Operating-System +dn: CN=Extended-Chars-Allowed,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: operatingSystem +attributeID: 1.2.840.113556.1.2.380 +attributeSyntax: 2.5.5.8 isSingleValued: TRUE -systemFlags: 16 +mAPIID: 32935 +showInAdvancedViewOnly: TRUE +adminDisplayName: Extended-Chars-Allowed +adminDescription: Extended-Chars-Allowed +oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: extendedCharsAllowed +schemaIDGUID: bf967966-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -schemaIDGUID: 3e978925-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Operating-System +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Operating-System,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.363 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Operating-System +adminDescription: Operating-System oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: operatingSystem +schemaIDGUID: 3e978925-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Object-Reference,${SCHEMADN} -cn: ms-DS-Object-Reference -name: ms-DS-Object-Reference objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-ObjectReference +attributeID: 1.2.840.113556.1.4.1840 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2038 -systemOnly: FALSE -schemaIDGUID: 638ec2e8-22e7-409c-85d2-11b21bee72de +showInAdvancedViewOnly: FALSE adminDisplayName: ms-DS-Object-Reference -attributeID: 1.2.840.113556.1.4.1840 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: A link to the object that uses the data stored in the object that contains this attribute. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-ObjectReference +schemaIDGUID: 638ec2e8-22e7-409c-85d2-11b21bee72de +systemOnly: FALSE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Interval1,${SCHEMADN} -cn: MSMQ-Interval1 -name: MSMQ-Interval1 objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQInterval1 -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1 -adminDisplayName: MSMQ-Interval1 attributeID: 1.2.840.113556.1.4.1308 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Interval1 +adminDescription: MSMQ-Interval1 oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: mSMQInterval1 +schemaIDGUID: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Rid,${SCHEMADN} -cn: Rid -name: Rid objectClass: top objectClass: attributeSchema -lDAPDisplayName: rid -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a22-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Rid attributeID: 1.2.840.113556.1.4.153 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Rid +adminDescription: Rid oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: rid +schemaIDGUID: bf967a22-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Profile-Path,${SCHEMADN} -cn: Profile-Path -name: Profile-Path objectClass: top objectClass: attributeSchema -lDAPDisplayName: profilePath -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a05-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Profile-Path attributeID: 1.2.840.113556.1.4.139 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Profile-Path +adminDescription: Profile-Path oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: profilePath +schemaIDGUID: bf967a05-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSCallbackNumber,${SCHEMADN} -cn: msRADIUSCallbackNumber -name: msRADIUSCallbackNumber objectClass: top objectClass: attributeSchema -lDAPDisplayName: msRADIUSCallbackNumber -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c909c-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msRADIUSCallbackNumber attributeID: 1.2.840.113556.1.4.1145 attributeSyntax: 2.5.5.5 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: msRADIUSCallbackNumber +adminDescription: msRADIUSCallbackNumber oMSyntax: 22 +searchFlags: 0 +lDAPDisplayName: msRADIUSCallbackNumber +schemaIDGUID: db0c909c-c1f2-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ACS-Policy-Name,${SCHEMADN} -cn: ACS-Policy-Name -name: ACS-Policy-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: aCSPolicyName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 1cb3559a-56d0-11d1-a9c6-0000f80367c1 -adminDisplayName: ACS-Policy-Name attributeID: 1.2.840.113556.1.4.772 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ACS-Policy-Name +adminDescription: ACS-Policy-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: aCSPolicyName +schemaIDGUID: 1cb3559a-56d0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Comment,${SCHEMADN} -cn: Comment -name: Comment -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: info -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96793e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Comment +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.2.81 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 1024 +mAPIID: 12292 +showInAdvancedViewOnly: TRUE +adminDisplayName: Comment +adminDescription: Comment oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: info +schemaIDGUID: bf96793e-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Object-Reference-BL,${SCHEMADN} -cn: ms-DS-Object-Reference-BL -name: ms-DS-Object-Reference-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-ObjectReferenceBL +attributeID: 1.2.840.113556.1.4.1841 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2039 -systemFlags: 1 -systemOnly: TRUE -schemaIDGUID: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4 +showInAdvancedViewOnly: FALSE adminDisplayName: ms-DS-Object-Reference-BL -attributeID: 1.2.840.113556.1.4.1841 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Back link for ms-DS-Object-Reference. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDS-ObjectReferenceBL +schemaIDGUID: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4 +systemOnly: TRUE +systemFlags: 1 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=When-Changed,${SCHEMADN} -cn: When-Changed -name: When-Changed objectClass: top objectClass: attributeSchema -lDAPDisplayName: whenChanged -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a77-0de6-11d0-a285-00aa003049e2 -adminDisplayName: When-Changed attributeID: 1.2.840.113556.1.2.3 attributeSyntax: 2.5.5.11 +isSingleValued: TRUE +mAPIID: 12296 +showInAdvancedViewOnly: TRUE +adminDisplayName: When-Changed +adminDescription: When-Changed oMSyntax: 24 +searchFlags: 0 +lDAPDisplayName: whenChanged +schemaIDGUID: bf967a77-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Last-Obj-Rem,${SCHEMADN} -cn: USN-Last-Obj-Rem -name: USN-Last-Obj-Rem objectClass: top objectClass: attributeSchema -lDAPDisplayName: uSNLastObjRem -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a73-0de6-11d0-a285-00aa003049e2 -adminDisplayName: USN-Last-Obj-Rem attributeID: 1.2.840.113556.1.2.121 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +mAPIID: 33110 +showInAdvancedViewOnly: TRUE +adminDisplayName: USN-Last-Obj-Rem +adminDescription: USN-Last-Obj-Rem oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: uSNLastObjRem +schemaIDGUID: bf967a73-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Reps-To,${SCHEMADN} -cn: Reps-To -name: Reps-To objectClass: top objectClass: attributeSchema -lDAPDisplayName: repsTo -isSingleValued: FALSE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a1e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Reps-To attributeID: 1.2.840.113556.1.2.83 attributeSyntax: 2.5.5.10 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Reps-To oMObjectClass:: KoZIhvcUAQEBBg== +adminDescription: Reps-To +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: repsTo +schemaIDGUID: bf967a1e-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Repl-UpToDate-Vector,${SCHEMADN} -cn: Repl-UpToDate-Vector -name: Repl-UpToDate-Vector objectClass: top objectClass: attributeSchema -lDAPDisplayName: replUpToDateVector -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a16-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Repl-UpToDate-Vector attributeID: 1.2.840.113556.1.4.4 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Repl-UpToDate-Vector +adminDescription: Repl-UpToDate-Vector oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: replUpToDateVector +schemaIDGUID: bf967a16-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=netboot-SCP-BL,${SCHEMADN} -cn: netboot-SCP-BL -name: netboot-SCP-BL objectClass: top objectClass: attributeSchema -lDAPDisplayName: netbootSCPBL +attributeID: 1.2.840.113556.1.4.864 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 101 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 07383082-91df-11d1-aebc-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: netboot-SCP-BL -attributeID: 1.2.840.113556.1.4.864 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: netboot-SCP-BL +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: netbootSCPBL +schemaIDGUID: 07383082-91df-11d1-aebc-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Mastered-By,${SCHEMADN} -cn: ms-DS-Mastered-By -name: ms-DS-Mastered-By objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDs-masteredBy +attributeID: 1.2.840.113556.1.4.1837 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 2037 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 60234769-4819-4615-a1b2-49d2f119acb5 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-DS-Mastered-By -attributeID: 1.2.840.113556.1.4.1837 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Back link for msDS-hasMasterNCs. +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msDs-masteredBy +schemaIDGUID: 60234769-4819-4615-a1b2-49d2f119acb5 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-COM-PartitionSetLink,${SCHEMADN} -cn: ms-COM-PartitionSetLink -name: ms-COM-PartitionSetLink objectClass: top objectClass: attributeSchema -lDAPDisplayName: msCOM-PartitionSetLink +attributeID: 1.2.840.113556.1.4.1424 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE linkID: 1041 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34 +showInAdvancedViewOnly: TRUE adminDisplayName: ms-COM-PartitionSetLink -attributeID: 1.2.840.113556.1.4.1424 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Link from a Partition to a PartitionSet. Default = adminDisplayName +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: msCOM-PartitionSetLink +schemaIDGUID: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Common-Name,${SCHEMADN} -cn: Common-Name -name: Common-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: cn -isSingleValued: TRUE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: bf96793f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Common-Name attributeID: 2.5.4.3 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +mAPIID: 14863 +showInAdvancedViewOnly: TRUE +adminDisplayName: Common-Name +adminDescription: Common-Name oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: cn +schemaIDGUID: bf96793f-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-All-Users-Trust-Quota,${SCHEMADN} -cn: MS-DS-All-Users-Trust-Quota -name: MS-DS-All-Users-Trust-Quota objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AllUsersTrustQuota -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: d3aa4a5c-4e03-4810-97aa-2b339e7a434b -adminDisplayName: MS-DS-All-Users-Trust-Quota attributeID: 1.2.840.113556.1.4.1789 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-All-Users-Trust-Quota +adminDescription: Used to enforce a combined users quota on the total number of Trusted-Domain objects created by using the control access right, "Create inbound Forest trust". oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-AllUsersTrustQuota +schemaIDGUID: d3aa4a5c-4e03-4810-97aa-2b339e7a434b +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Group,${SCHEMADN} -cn: Default-Group -name: Default-Group objectClass: top objectClass: attributeSchema -lDAPDisplayName: defaultGroup -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 720bc4e2-a54a-11d0-afdf-00c04fd930c9 -adminDisplayName: Default-Group attributeID: 1.2.840.113556.1.4.480 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Default-Group oMObjectClass:: KwwCh3McAIVK +adminDescription: Default-Group +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: defaultGroup +schemaIDGUID: 720bc4e2-a54a-11d0-afdf-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Comment,${SCHEMADN} -cn: User-Comment -name: User-Comment objectClass: top objectClass: attributeSchema -lDAPDisplayName: comment -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a6a-0de6-11d0-a285-00aa003049e2 -adminDisplayName: User-Comment attributeID: 1.2.840.113556.1.4.156 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: User-Comment +adminDescription: User-Comment oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: comment +schemaIDGUID: bf967a6a-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} -dn: CN=Local-Policy-Flags,${SCHEMADN} -cn: Local-Policy-Flags -name: Local-Policy-Flags +dn: CN=ms-ds-Schema-Extensions,${SCHEMADN} objectClass: top objectClass: attributeSchema -lDAPDisplayName: localPolicyFlags -isSingleValued: TRUE +attributeID: 1.2.840.113556.1.4.1440 +attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-ds-Schema-Extensions +adminDescription: ms-ds-Schema-Extensions +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: msDs-Schema-Extensions +schemaIDGUID: b39a61be-ed07-4cab-9a4a-4963ed0141e1 +systemOnly: TRUE systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf96799e-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Local-Policy-Flags +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Local-Policy-Flags,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.56 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Local-Policy-Flags +adminDescription: Local-Policy-Flags oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: localPolicyFlags +schemaIDGUID: bf96799e-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Interval2,${SCHEMADN} -cn: MSMQ-Interval2 -name: MSMQ-Interval2 objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQInterval2 -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1 -adminDisplayName: MSMQ-Interval2 attributeID: 1.2.840.113556.1.4.1309 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Interval2 +adminDescription: MSMQ-Interval2 oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: mSMQInterval2 +schemaIDGUID: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SID-History,${SCHEMADN} -cn: SID-History -name: SID-History objectClass: top objectClass: attributeSchema -lDAPDisplayName: sIDHistory -isSingleValued: FALSE -systemFlags: 18 -systemOnly: FALSE -schemaIDGUID: 17eb4278-d167-11d0-b002-0000f80367c1 -adminDisplayName: SID-History attributeID: 1.2.840.113556.1.4.609 attributeSyntax: 2.5.5.17 -oMSyntax: 4 - -dn: CN=ms-ds-Schema-Extensions,${SCHEMADN} -cn: ms-ds-Schema-Extensions -name: ms-ds-Schema-Extensions -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: msDs-Schema-Extensions isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: b39a61be-ed07-4cab-9a4a-4963ed0141e1 -adminDisplayName: ms-ds-Schema-Extensions -attributeID: 1.2.840.113556.1.4.1440 -attributeSyntax: 2.5.5.10 +showInAdvancedViewOnly: TRUE +adminDisplayName: SID-History +adminDescription: SID-History oMSyntax: 4 +searchFlags: 1 +lDAPDisplayName: sIDHistory +schemaIDGUID: 17eb4278-d167-11d0-b002-0000f80367c1 +attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf +systemOnly: FALSE +systemFlags: 18 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Unicode-Pwd,${SCHEMADN} -cn: Unicode-Pwd -name: Unicode-Pwd objectClass: top objectClass: attributeSchema -lDAPDisplayName: unicodePwd -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679e1-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Unicode-Pwd attributeID: 1.2.840.113556.1.4.90 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Unicode-Pwd +adminDescription: Unicode-Pwd oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: unicodePwd +schemaIDGUID: bf9679e1-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRASSavedFramedIPAddress,${SCHEMADN} -cn: msRASSavedFramedIPAddress -name: msRASSavedFramedIPAddress objectClass: top objectClass: attributeSchema -lDAPDisplayName: msRASSavedFramedIPAddress -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: db0c90c6-c1f2-11d1-bbc5-0080c76670c0 -adminDisplayName: msRASSavedFramedIPAddress attributeID: 1.2.840.113556.1.4.1190 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: msRASSavedFramedIPAddress +adminDescription: msRASSavedFramedIPAddress oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msRASSavedFramedIPAddress +schemaIDGUID: db0c90c6-c1f2-11d1-bbc5-0080c76670c0 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DRM-Identity-Certificate,${SCHEMADN} -cn: MS-DRM-Identity-Certificate -name: MS-DRM-Identity-Certificate objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDRM-IdentityCertificate -isSingleValued: FALSE -systemFlags: 16 -schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 -adminDisplayName: ms-DRM-Identity-Certificate attributeID: 1.2.840.113556.1.4.1843 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 10240 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DRM-Identity-Certificate +adminDescription: The XrML digital rights management certificates for this user. oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: msDRM-IdentityCertificate +schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logoff,${SCHEMADN} -cn: Last-Logoff -name: Last-Logoff objectClass: top objectClass: attributeSchema -lDAPDisplayName: lastLogoff -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: bf967996-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Last-Logoff attributeID: 1.2.840.113556.1.4.51 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Last-Logoff +adminDescription: Last-Logoff oMSyntax: 65 +searchFlags: 0 +lDAPDisplayName: lastLogoff +schemaIDGUID: bf967996-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DMD-Name,${SCHEMADN} -cn: DMD-Name -name: DMD-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: dmdName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 167757b9-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: DMD-Name attributeID: 1.2.840.113556.1.2.598 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 1024 +mAPIID: 35926 +showInAdvancedViewOnly: TRUE +adminDisplayName: DMD-Name +adminDescription: DMD-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: dmdName +schemaIDGUID: 167757b9-47f3-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-LabeledURI,${SCHEMADN} -cn: ms-Exch-LabeledURI -name: ms-Exch-LabeledURI objectClass: top objectClass: attributeSchema -lDAPDisplayName: msExchLabeledURI -isSingleValued: FALSE -schemaIDGUID: 16775820-47f3-11d1-a9c3-0000f80367c1 -adminDisplayName: ms-Exch-LabeledURI attributeID: 1.2.840.113556.1.2.593 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 1024 +mAPIID: 35921 +adminDisplayName: ms-Exch-LabeledURI +adminDescription: ms-Exch-LabeledURI oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msExchLabeledURI +schemaIDGUID: 16775820-47f3-11d1-a9c3-0000f80367c1 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Reports,${SCHEMADN} -cn: Reports -name: Reports objectClass: top objectClass: attributeSchema -lDAPDisplayName: directReports +attributeID: 1.2.840.113556.1.2.436 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +mAPIID: 32782 linkID: 43 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: bf967a1c-0de6-11d0-a285-00aa003049e2 +showInAdvancedViewOnly: TRUE adminDisplayName: Reports -attributeID: 1.2.840.113556.1.2.436 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Reports +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: directReports +schemaIDGUID: bf967a1c-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Repl-Property-Meta-Data,${SCHEMADN} -cn: Repl-Property-Meta-Data -name: Repl-Property-Meta-Data objectClass: top objectClass: attributeSchema -lDAPDisplayName: replPropertyMetaData -isSingleValued: TRUE -systemFlags: 27 -systemOnly: TRUE -schemaIDGUID: 281416c0-1968-11d0-a28f-00aa003049e2 -adminDisplayName: Repl-Property-Meta-Data attributeID: 1.2.840.113556.1.4.3 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Repl-Property-Meta-Data +adminDescription: Repl-Property-Meta-Data oMSyntax: 4 +searchFlags: 8 +lDAPDisplayName: replPropertyMetaData +schemaIDGUID: 281416c0-1968-11d0-a28f-00aa003049e2 +systemOnly: TRUE +systemFlags: 27 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=From-Entry,${SCHEMADN} -cn: From-Entry -name: From-Entry objectClass: top objectClass: attributeSchema -lDAPDisplayName: fromEntry -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad949-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: From-Entry attributeID: 1.2.840.113556.1.4.910 attributeSyntax: 2.5.5.8 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: From-Entry +adminDescription: From-Entry oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: fromEntry +schemaIDGUID: 9a7ad949-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Parent,${SCHEMADN} -cn: Trust-Parent -name: Trust-Parent objectClass: top objectClass: attributeSchema -lDAPDisplayName: trustParent -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: b000ea7a-a086-11d0-afdd-00c04fd930c9 -adminDisplayName: Trust-Parent attributeID: 1.2.840.113556.1.4.471 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Trust-Parent oMObjectClass:: KwwCh3McAIVK +adminDescription: Trust-Parent +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: trustParent +schemaIDGUID: b000ea7a-a086-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RID-Manager-Reference,${SCHEMADN} -cn: RID-Manager-Reference -name: RID-Manager-Reference objectClass: top objectClass: attributeSchema -lDAPDisplayName: rIDManagerReference -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: 66171886-8f3c-11d0-afda-00c04fd930c9 -adminDisplayName: RID-Manager-Reference attributeID: 1.2.840.113556.1.4.368 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: RID-Manager-Reference oMObjectClass:: KwwCh3McAIVK +adminDescription: RID-Manager-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: rIDManagerReference +schemaIDGUID: 66171886-8f3c-11d0-afda-00c04fd930c9 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lockout-Threshold,${SCHEMADN} -cn: Lockout-Threshold -name: Lockout-Threshold objectClass: top objectClass: attributeSchema -lDAPDisplayName: lockoutThreshold -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679a6-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Lockout-Threshold attributeID: 1.2.840.113556.1.4.73 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeUpper: 65535 +showInAdvancedViewOnly: TRUE +adminDisplayName: Lockout-Threshold +adminDescription: Lockout-Threshold oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: lockoutThreshold +schemaIDGUID: bf9679a6-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Desktop-Profile,${SCHEMADN} -cn: Desktop-Profile -name: Desktop-Profile objectClass: top objectClass: attributeSchema -lDAPDisplayName: desktopProfile -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: eea65906-8ac6-11d0-afda-00c04fd930c9 -adminDisplayName: Desktop-Profile attributeID: 1.2.840.113556.1.4.346 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Desktop-Profile +adminDescription: Desktop-Profile oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: desktopProfile +schemaIDGUID: eea65906-8ac6-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Text-Country,${SCHEMADN} -cn: Text-Country -name: Text-Country objectClass: top objectClass: attributeSchema -lDAPDisplayName: co -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: f0f8ffa7-1191-11d0-a060-00aa006c33ed -adminDisplayName: Text-Country attributeID: 1.2.840.113556.1.2.131 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 128 +mAPIID: 14886 +showInAdvancedViewOnly: TRUE +adminDisplayName: Text-Country +adminDescription: Text-Country oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: co +schemaIDGUID: f0f8ffa7-1191-11d0-a060-00aa006c33ed +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Teletex-Terminal-Identifier,${SCHEMADN} -cn: Teletex-Terminal-Identifier -name: Teletex-Terminal-Identifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: teletexTerminalIdentifier -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a4a-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Teletex-Terminal-Identifier attributeID: 2.5.4.22 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +mAPIID: 33091 +showInAdvancedViewOnly: TRUE +adminDisplayName: Teletex-Terminal-Identifier +adminDescription: Teletex-Terminal-Identifier oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: teletexTerminalIdentifier +schemaIDGUID: bf967a4a-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Telex-Primary,${SCHEMADN} -cn: Telex-Primary -name: Telex-Primary objectClass: top objectClass: attributeSchema -lDAPDisplayName: primaryTelexNumber -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0296c121-40da-11d1-a9c0-0000f80367c1 -adminDisplayName: Telex-Primary attributeID: 1.2.840.113556.1.4.648 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 64 +showInAdvancedViewOnly: TRUE +adminDisplayName: Telex-Primary +adminDescription: Telex-Primary oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: primaryTelexNumber +schemaIDGUID: 0296c121-40da-11d1-a9c0-0000f80367c1 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Manager,${SCHEMADN} -cn: Manager -name: Manager objectClass: top objectClass: attributeSchema -lDAPDisplayName: manager +attributeID: 0.9.2342.19200300.100.1.10 +attributeSyntax: 2.5.5.1 isSingleValued: TRUE +mAPIID: 32773 linkID: 42 -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679b5-0de6-11d0-a285-00aa003049e2 +showInAdvancedViewOnly: TRUE adminDisplayName: Manager -attributeID: 0.9.2342.19200300.100.1.10 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Manager +oMSyntax: 127 +searchFlags: 16 +lDAPDisplayName: manager +schemaIDGUID: bf9679b5-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Physical-Location-Object,${SCHEMADN} -cn: Physical-Location-Object -name: Physical-Location-Object objectClass: top objectClass: attributeSchema -lDAPDisplayName: physicalLocationObject -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: b7b13119-b82e-11d0-afee-0000f80367c1 -adminDisplayName: Physical-Location-Object attributeID: 1.2.840.113556.1.4.514 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Physical-Location-Object oMObjectClass:: KwwCh3McAIVK +adminDescription: Physical-Location-Object +oMSyntax: 127 +searchFlags: 1 +lDAPDisplayName: physicalLocationObject +schemaIDGUID: b7b13119-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Major-Version,${SCHEMADN} -cn: ms-DS-Az-Major-Version -name: ms-DS-Az-Major-Version objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AzMajorVersion -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: cfb9adb7-c4b7-4059-9568-1ed9db6b7248 -adminDisplayName: MS-DS-Az-Major-Version attributeID: 1.2.840.113556.1.4.1824 attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +rangeLower: 1 +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Major-Version +adminDescription: Major version number for AzRoles oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: msDS-AzMajorVersion +schemaIDGUID: cfb9adb7-c4b7-4059-9568-1ed9db6b7248 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Sub-Class-Of,${SCHEMADN} -cn: Sub-Class-Of -name: Sub-Class-Of objectClass: top objectClass: attributeSchema -lDAPDisplayName: subClassOf -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a3b-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Sub-Class-Of attributeID: 1.2.840.113556.1.2.21 attributeSyntax: 2.5.5.2 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Sub-Class-Of +adminDescription: Sub-Class-Of oMSyntax: 6 +searchFlags: 8 +lDAPDisplayName: subClassOf +schemaIDGUID: bf967a3b-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Must-Contain,${SCHEMADN} -cn: System-Must-Contain -name: System-Must-Contain objectClass: top objectClass: attributeSchema -lDAPDisplayName: systemMustContain -isSingleValued: FALSE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf967a45-0de6-11d0-a285-00aa003049e2 -adminDisplayName: System-Must-Contain attributeID: 1.2.840.113556.1.4.197 attributeSyntax: 2.5.5.2 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: System-Must-Contain +adminDescription: System-Must-Contain oMSyntax: 6 +searchFlags: 0 +lDAPDisplayName: systemMustContain +schemaIDGUID: bf967a45-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=roomNumber,${SCHEMADN} -cn: roomNumber -name: roomNumber objectClass: top objectClass: attributeSchema -lDAPDisplayName: roomNumber -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: 81d7f8c2-e327-4a0d-91c6-b42d4009115f -adminDisplayName: roomNumber attributeID: 0.9.2342.19200300.100.1.6 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: FALSE +adminDisplayName: roomNumber +adminDescription: The room number of an object. oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: roomNumber +schemaIDGUID: 81d7f8c2-e327-4a0d-91c6-b42d4009115f +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Employee-Type,${SCHEMADN} -cn: Employee-Type -name: Employee-Type objectClass: top objectClass: attributeSchema -lDAPDisplayName: employeeType -isSingleValued: TRUE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: a8df73f0-c5ea-11d1-bbcb-0080c76670c0 -adminDisplayName: Employee-Type attributeID: 1.2.840.113556.1.2.613 attributeSyntax: 2.5.5.12 -oMSyntax: 64 - -dn: CN=Current-Value,${SCHEMADN} -cn: Current-Value -name: Current-Value -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: currentValue isSingleValued: TRUE -systemFlags: 16 +rangeLower: 1 +rangeUpper: 256 +mAPIID: 35945 +showInAdvancedViewOnly: TRUE +adminDisplayName: Employee-Type +adminDescription: Employee-Type +oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: employeeType +schemaIDGUID: a8df73f0-c5ea-11d1-bbcb-0080c76670c0 systemOnly: FALSE -schemaIDGUID: bf967947-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Current-Value +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Current-Value,${SCHEMADN} +objectClass: top +objectClass: attributeSchema attributeID: 1.2.840.113556.1.4.27 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Current-Value +adminDescription: Current-Value oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: currentValue +schemaIDGUID: bf967947-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DIT-Content-Rules,${SCHEMADN} -cn: DIT-Content-Rules -name: DIT-Content-Rules objectClass: top objectClass: attributeSchema -lDAPDisplayName: dITContentRules -isSingleValued: FALSE -systemFlags: 134217748 -systemOnly: TRUE -schemaIDGUID: 9a7ad946-ca53-11d1-bbd0-0080c76670c0 -adminDisplayName: DIT-Content-Rules attributeID: 2.5.21.2 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: DIT-Content-Rules +adminDescription: DIT-Content-Rules oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: dITContentRules +schemaIDGUID: 9a7ad946-ca53-11d1-bbd0-0080c76670c0 +systemOnly: TRUE +systemFlags: 134217748 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Created,${SCHEMADN} -cn: USN-Created -name: USN-Created objectClass: top objectClass: attributeSchema -lDAPDisplayName: uSNCreated -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a70-0de6-11d0-a285-00aa003049e2 -adminDisplayName: USN-Created attributeID: 1.2.840.113556.1.2.19 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +mAPIID: 33108 +showInAdvancedViewOnly: TRUE +adminDisplayName: USN-Created +adminDescription: USN-Created oMSyntax: 65 +searchFlags: 9 +lDAPDisplayName: uSNCreated +schemaIDGUID: bf967a70-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Sub-Refs,${SCHEMADN} -cn: Sub-Refs -name: Sub-Refs objectClass: top objectClass: attributeSchema -lDAPDisplayName: subRefs -isSingleValued: FALSE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a3c-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Sub-Refs attributeID: 1.2.840.113556.1.2.7 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +mAPIID: 33083 +showInAdvancedViewOnly: TRUE +adminDisplayName: Sub-Refs oMObjectClass:: KwwCh3McAIVK +adminDescription: Sub-Refs +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: subRefs +schemaIDGUID: bf967a3c-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Proxy-Addresses,${SCHEMADN} -cn: Proxy-Addresses -name: Proxy-Addresses objectClass: top objectClass: attributeSchema -lDAPDisplayName: proxyAddresses -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967a06-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Proxy-Addresses attributeID: 1.2.840.113556.1.2.210 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 1123 +mAPIID: 32783 +showInAdvancedViewOnly: TRUE +adminDisplayName: Proxy-Addresses +adminDescription: Proxy-Addresses oMSyntax: 64 +searchFlags: 5 +lDAPDisplayName: proxyAddresses +schemaIDGUID: bf967a06-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Superior-DNS-Root,${SCHEMADN} -cn: Superior-DNS-Root -name: Superior-DNS-Root objectClass: top objectClass: attributeSchema -lDAPDisplayName: superiorDNSRoot -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 5245801d-ca6a-11d0-afff-0000f80367c1 -adminDisplayName: Superior-DNS-Root attributeID: 1.2.840.113556.1.4.532 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Superior-DNS-Root +adminDescription: Superior-DNS-Root oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: superiorDNSRoot +schemaIDGUID: 5245801d-ca6a-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Root-Trust,${SCHEMADN} -cn: Root-Trust -name: Root-Trust objectClass: top objectClass: attributeSchema -lDAPDisplayName: rootTrust -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 7bfdcb80-4807-11d1-a9c3-0000f80367c1 -adminDisplayName: Root-Trust attributeID: 1.2.840.113556.1.4.674 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Root-Trust oMObjectClass:: KwwCh3McAIVK +adminDescription: Root-Trust +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: rootTrust +schemaIDGUID: 7bfdcb80-4807-11d1-a9c3-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Shell-Context-Menu,${SCHEMADN} -cn: Shell-Context-Menu -name: Shell-Context-Menu objectClass: top objectClass: attributeSchema -lDAPDisplayName: shellContextMenu -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 553fd039-f32e-11d0-b0bc-00c04fd8dca6 -adminDisplayName: Shell-Context-Menu attributeID: 1.2.840.113556.1.4.615 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Shell-Context-Menu +adminDescription: Shell-Context-Menu oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: shellContextMenu +schemaIDGUID: 553fd039-f32e-11d0-b0bc-00c04fd8dca6 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Class-Display-Name,${SCHEMADN} -cn: Class-Display-Name -name: Class-Display-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: classDisplayName -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 548e1c22-dea6-11d0-b010-0000f80367c1 -adminDisplayName: Class-Display-Name attributeID: 1.2.840.113556.1.4.610 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Class-Display-Name +adminDescription: Class-Display-Name oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: classDisplayName +schemaIDGUID: 548e1c22-dea6-11d0-b010-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=CA-Certificate,${SCHEMADN} -cn: CA-Certificate -name: CA-Certificate objectClass: top objectClass: attributeSchema -lDAPDisplayName: cACertificate -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf967932-0de6-11d0-a285-00aa003049e2 -adminDisplayName: CA-Certificate attributeID: 2.5.4.37 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeLower: 1 +rangeUpper: 32768 +mAPIID: 32771 +showInAdvancedViewOnly: TRUE +adminDisplayName: CA-Certificate +adminDescription: CA-Certificate oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: cACertificate +schemaIDGUID: bf967932-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MHS-OR-Address,${SCHEMADN} -cn: MHS-OR-Address -name: MHS-OR-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: mhsORAddress -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 0296c122-40da-11d1-a9c0-0000f80367c1 -adminDisplayName: MHS-OR-Address attributeID: 1.2.840.113556.1.4.650 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: MHS-OR-Address +adminDescription: MHS-OR-Address oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: mhsORAddress +schemaIDGUID: 0296c122-40da-11d1-a9c0-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Nt-Pwd-History,${SCHEMADN} -cn: Nt-Pwd-History -name: Nt-Pwd-History objectClass: top objectClass: attributeSchema -lDAPDisplayName: ntPwdHistory -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679e2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Nt-Pwd-History attributeID: 1.2.840.113556.1.4.94 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Nt-Pwd-History +adminDescription: Nt-Pwd-History oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: ntPwdHistory +schemaIDGUID: bf9679e2-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SMTP-Mail-Address,${SCHEMADN} -cn: SMTP-Mail-Address -name: SMTP-Mail-Address objectClass: top objectClass: attributeSchema -lDAPDisplayName: mailAddress -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 26d9736f-6070-11d1-a9c6-0000f80367c1 -adminDisplayName: SMTP-Mail-Address attributeID: 1.2.840.113556.1.4.786 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: SMTP-Mail-Address +adminDescription: SMTP-Mail-Address oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: mailAddress +schemaIDGUID: 26d9736f-6070-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Foreign-Identifier,${SCHEMADN} -cn: Foreign-Identifier -name: Foreign-Identifier objectClass: top objectClass: attributeSchema -lDAPDisplayName: foreignIdentifier -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 3e97891e-8c01-11d0-afda-00c04fd930c9 -adminDisplayName: Foreign-Identifier attributeID: 1.2.840.113556.1.4.356 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Foreign-Identifier +adminDescription: Foreign-Identifier oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: foreignIdentifier +schemaIDGUID: 3e97891e-8c01-11d0-afda-00c04fd930c9 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Changed,${SCHEMADN} -cn: USN-Changed -name: USN-Changed objectClass: top objectClass: attributeSchema -lDAPDisplayName: uSNChanged -isSingleValued: TRUE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a6f-0de6-11d0-a285-00aa003049e2 -adminDisplayName: USN-Changed attributeID: 1.2.840.113556.1.2.120 attributeSyntax: 2.5.5.16 +isSingleValued: TRUE +mAPIID: 32809 +showInAdvancedViewOnly: TRUE +adminDisplayName: USN-Changed +adminDescription: USN-Changed oMSyntax: 65 +searchFlags: 9 +lDAPDisplayName: uSNChanged +schemaIDGUID: bf967a6f-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Reps-From,${SCHEMADN} -cn: Reps-From -name: Reps-From objectClass: top objectClass: attributeSchema -lDAPDisplayName: repsFrom -isSingleValued: FALSE -systemFlags: 19 -systemOnly: TRUE -schemaIDGUID: bf967a1d-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Reps-From attributeID: 1.2.840.113556.1.2.91 attributeSyntax: 2.5.5.10 -oMSyntax: 127 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Reps-From oMObjectClass:: KoZIhvcUAQEBBg== +adminDescription: Reps-From +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: repsFrom +schemaIDGUID: bf967a1d-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 19 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Well-Known-Objects,${SCHEMADN} -cn: Other-Well-Known-Objects -name: Other-Well-Known-Objects objectClass: top objectClass: attributeSchema -lDAPDisplayName: otherWellKnownObjects -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1 -adminDisplayName: Other-Well-Known-Objects attributeID: 1.2.840.113556.1.4.1359 attributeSyntax: 2.5.5.7 -oMSyntax: 127 +isSingleValued: FALSE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: Other-Well-Known-Objects oMObjectClass:: KoZIhvcUAQEBCw== +adminDescription: Other-Well-Known-Objects +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: otherWellKnownObjects +schemaIDGUID: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Repl-Cursors,${SCHEMADN} -cn: ms-DS-NC-Repl-Cursors -name: ms-DS-NC-Repl-Cursors objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-NCReplCursors -isSingleValued: FALSE -systemFlags: 20 -systemOnly: FALSE -schemaIDGUID: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc -adminDisplayName: ms-DS-NC-Repl-Cursors attributeID: 1.2.840.113556.1.4.1704 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-NC-Repl-Cursors +adminDescription: ms-DS-NC-Repl-Cursors oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-NCReplCursors +schemaIDGUID: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc +systemOnly: FALSE +systemFlags: 20 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Managed-Objects,${SCHEMADN} -cn: Managed-Objects -name: Managed-Objects objectClass: top objectClass: attributeSchema -lDAPDisplayName: managedObjects +attributeID: 1.2.840.113556.1.4.654 +attributeSyntax: 2.5.5.1 isSingleValued: FALSE +mAPIID: 32804 linkID: 73 -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 0296c124-40da-11d1-a9c0-0000f80367c1 +showInAdvancedViewOnly: TRUE adminDisplayName: Managed-Objects -attributeID: 1.2.840.113556.1.4.654 -attributeSyntax: 2.5.5.1 -oMSyntax: 127 oMObjectClass:: KwwCh3McAIVK +adminDescription: Managed-Objects +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: managedObjects +schemaIDGUID: 0296c124-40da-11d1-a9c0-0000f80367c1 +systemOnly: TRUE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Allowed-DNS-Suffixes,${SCHEMADN} -cn: ms-DS-Allowed-DNS-Suffixes -name: ms-DS-Allowed-DNS-Suffixes objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-AllowedDNSSuffixes -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 8469441b-9ac4-4e45-8205-bd219dbf672d -adminDisplayName: ms-DS-Allowed-DNS-Suffixes attributeID: 1.2.840.113556.1.4.1710 attributeSyntax: 2.5.5.12 +isSingleValued: FALSE +rangeLower: 0 +rangeUpper: 2048 +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Allowed-DNS-Suffixes +adminDescription: Allowed suffixes for dNSHostName on computer oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: msDS-AllowedDNSSuffixes +schemaIDGUID: 8469441b-9ac4-4e45-8205-bd219dbf672d +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NC-Name,${SCHEMADN} -cn: NC-Name -name: NC-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: nCName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: TRUE -schemaIDGUID: bf9679d6-0de6-11d0-a285-00aa003049e2 -adminDisplayName: NC-Name attributeID: 1.2.840.113556.1.2.16 attributeSyntax: 2.5.5.1 -oMSyntax: 127 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: NC-Name oMObjectClass:: KwwCh3McAIVK +adminDescription: NC-Name +oMSyntax: 127 +searchFlags: 8 +lDAPDisplayName: nCName +schemaIDGUID: bf9679d6-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NETBIOS-Name,${SCHEMADN} -cn: NETBIOS-Name -name: NETBIOS-Name objectClass: top objectClass: attributeSchema -lDAPDisplayName: nETBIOSName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679d8-0de6-11d0-a285-00aa003049e2 -adminDisplayName: NETBIOS-Name attributeID: 1.2.840.113556.1.4.87 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +rangeLower: 1 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: NETBIOS-Name +adminDescription: NETBIOS-Name oMSyntax: 64 +searchFlags: 1 +lDAPDisplayName: nETBIOSName +schemaIDGUID: bf9679d8-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Query-Filter,${SCHEMADN} -cn: Query-Filter -name: Query-Filter objectClass: top objectClass: attributeSchema -lDAPDisplayName: queryFilter -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: cbf70a26-7e78-11d2-9921-0000f87a57d4 -adminDisplayName: Query-Filter attributeID: 1.2.840.113556.1.4.1355 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Query-Filter +adminDescription: Query-Filter oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: queryFilter +schemaIDGUID: cbf70a26-7e78-11d2-9921-0000f87a57d4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Preferred-Delivery-Method,${SCHEMADN} -cn: Preferred-Delivery-Method -name: Preferred-Delivery-Method objectClass: top objectClass: attributeSchema -lDAPDisplayName: preferredDeliveryMethod -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679fe-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Preferred-Delivery-Method attributeID: 2.5.4.28 attributeSyntax: 2.5.5.9 +isSingleValued: FALSE +mAPIID: 33037 +showInAdvancedViewOnly: TRUE +adminDisplayName: Preferred-Delivery-Method +adminDescription: Preferred-Delivery-Method oMSyntax: 10 +searchFlags: 0 +lDAPDisplayName: preferredDeliveryMethod +schemaIDGUID: bf9679fe-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Site-Foreign,${SCHEMADN} -cn: MSMQ-Site-Foreign -name: MSMQ-Site-Foreign objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQSiteForeign -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: fd129d8a-d57e-11d1-90a2-00c04fd91ab1 -adminDisplayName: MSMQ-Site-Foreign attributeID: 1.2.840.113556.1.4.961 attributeSyntax: 2.5.5.8 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Site-Foreign +adminDescription: MSMQ-Site-Foreign oMSyntax: 1 +searchFlags: 0 +lDAPDisplayName: mSMQSiteForeign +schemaIDGUID: fd129d8a-d57e-11d1-90a2-00c04fd91ab1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=audio,${SCHEMADN} -cn: audio -name: audio objectClass: top objectClass: attributeSchema -lDAPDisplayName: audio -isSingleValued: FALSE -systemFlags: 0 -systemOnly: FALSE -schemaIDGUID: d0e1d224-e1a0-42ce-a2da-793ba5244f35 -adminDisplayName: audio attributeID: 0.9.2342.19200300.100.1.55 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeUpper: 250000 +showInAdvancedViewOnly: FALSE +adminDisplayName: audio +adminDescription: The Audio attribute type allows the storing of sounds in the Directory. oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: audio +schemaIDGUID: d0e1d224-e1a0-42ce-a2da-793ba5244f35 +systemOnly: FALSE +systemFlags: 0 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Script-Path,${SCHEMADN} -cn: Script-Path -name: Script-Path objectClass: top objectClass: attributeSchema -lDAPDisplayName: scriptPath -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679a8-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Script-Path attributeID: 1.2.840.113556.1.4.62 attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Script-Path +adminDescription: Script-Path oMSyntax: 64 +searchFlags: 16 +lDAPDisplayName: scriptPath +schemaIDGUID: bf9679a8-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Digests,${SCHEMADN} -cn: MSMQ-Digests -name: MSMQ-Digests objectClass: top objectClass: attributeSchema -lDAPDisplayName: mSMQDigests -isSingleValued: FALSE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: 9a0dc33c-c100-11d1-bbc5-0080c76670c0 -adminDisplayName: MSMQ-Digests attributeID: 1.2.840.113556.1.4.948 attributeSyntax: 2.5.5.10 +isSingleValued: FALSE +rangeLower: 16 +rangeUpper: 16 +showInAdvancedViewOnly: TRUE +adminDisplayName: MSMQ-Digests +adminDescription: MSMQ-Digests oMSyntax: 4 +searchFlags: 1 +lDAPDisplayName: mSMQDigests +schemaIDGUID: 9a0dc33c-c100-11d1-bbc5-0080c76670c0 +attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Cached-Membership,${SCHEMADN} -cn: ms-DS-Cached-Membership -name: ms-DS-Cached-Membership objectClass: top objectClass: attributeSchema -lDAPDisplayName: msDS-Cached-Membership -isSingleValued: TRUE -systemFlags: 17 -systemOnly: FALSE -schemaIDGUID: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20 -adminDisplayName: ms-DS-Cached-Membership attributeID: 1.2.840.113556.1.4.1441 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: ms-DS-Cached-Membership +adminDescription: ms-DS-Cached-Membership oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: msDS-Cached-Membership +schemaIDGUID: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20 +systemOnly: FALSE +systemFlags: 17 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logon-Hours,${SCHEMADN} -cn: Logon-Hours -name: Logon-Hours objectClass: top objectClass: attributeSchema -lDAPDisplayName: logonHours -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679ab-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Logon-Hours attributeID: 1.2.840.113556.1.4.64 attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Logon-Hours +adminDescription: Logon-Hours oMSyntax: 4 +searchFlags: 16 +lDAPDisplayName: logonHours +schemaIDGUID: bf9679ab-0de6-11d0-a285-00aa003049e2 +attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Top,${SCHEMADN} -cn: Top -name: Top objectClass: top objectClass: classSchema -systemPossSuperiors: lostAndFound -lDAPDisplayName: top +subClassOf: top governsID: 2.5.6.0 -rDNAttID: cn -systemMustContain: objectClass -systemMustContain: objectCategory -systemMustContain: nTSecurityDescriptor -systemMustContain: instanceType mayContain: msDS-ObjectReferenceBL +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Top +adminDescription: Top +objectClassCategory: 2 +lDAPDisplayName: top +schemaIDGUID: bf967ab7-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemPossSuperiors: lostAndFound systemMayContain: url systemMayContain: wWWHomePage systemMayContain: whenCreated @@ -7131,160 +8900,146 @@ systemMayContain: allowedAttributesEffective systemMayContain: allowedAttributes systemMayContain: adminDisplayName systemMayContain: adminDescription -objectClassCategory: 2 -subClassOf: top -defaultObjectCategory: CN=Top,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: TRUE +systemMustContain: objectClass +systemMustContain: objectCategory +systemMustContain: nTSecurityDescriptor +systemMustContain: instanceType defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967ab7-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Top,${SCHEMADN} dn: CN=Domain-DNS,${SCHEMADN} -cn: Domain-DNS -name: Domain-DNS objectClass: top objectClass: classSchema -systemAuxiliaryClass: samDomain -systemPossSuperiors: domainDNS -lDAPDisplayName: domainDNS +subClassOf: domain governsID: 1.2.840.113556.1.5.67 rDNAttID: dc +showInAdvancedViewOnly: TRUE +adminDisplayName: Domain-DNS +adminDescription: Domain-DNS +objectClassCategory: 1 +lDAPDisplayName: domainDNS +schemaIDGUID: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +systemPossSuperiors: domainDNS systemMayContain: msDS-Behavior-Version systemMayContain: msDS-AllowedDNSSuffixes systemMayContain: managedBy -objectClassCategory: 1 -subClassOf: domain -defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} -defaultHidingValue: FALSE -systemFlags: 16 -systemOnly: FALSE +systemAuxiliaryClass: samDomain defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +systemFlags: 16 +defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: lostAndFound -possibleInferiors: builtinDomain -possibleInferiors: computer -possibleInferiors: user -possibleInferiors: container -possibleInferiors: organization -possibleInferiors: domainDNS -possibleInferiors: locality -possibleInferiors: msDS-AzAdminManager -possibleInferiors: country -possibleInferiors: organizationalUnit -schemaIDGUID: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} dn: CN=ms-DS-Az-Application,${SCHEMADN} -cn: ms-DS-Az-Application -name: ms-DS-Az-Application objectClass: top objectClass: classSchema -systemPossSuperiors: msDS-AzAdminManager -lDAPDisplayName: msDS-AzApplication +subClassOf: top governsID: 1.2.840.113556.1.5.235 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Application +adminDescription: Defines an installed instance of an application bound to a particular policy store. +objectClassCategory: 1 +lDAPDisplayName: msDS-AzApplication +schemaIDGUID: ddf8de9b-cba5-4e12-842e-28d8b66f75ec +systemOnly: FALSE +systemPossSuperiors: msDS-AzAdminManager systemMayContain: msDS-AzApplicationData systemMayContain: msDS-AzGenerateAudits systemMayContain: msDS-AzApplicationVersion systemMayContain: msDS-AzClassId systemMayContain: msDS-AzApplicationName systemMayContain: description -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=ms-DS-Az-Application,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: container -possibleInferiors: msDS-AzScope -schemaIDGUID: ddf8de9b-cba5-4e12-842e-28d8b66f75ec +defaultObjectCategory: CN=ms-DS-Az-Application,${SCHEMADN} dn: CN=Builtin-Domain,${SCHEMADN} -cn: Builtin-Domain -name: Builtin-Domain objectClass: top objectClass: classSchema -systemAuxiliaryClass: samDomainBase -systemPossSuperiors: domainDNS -lDAPDisplayName: builtinDomain +subClassOf: top governsID: 1.2.840.113556.1.5.4 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Builtin-Domain +adminDescription: Builtin-Domain objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: builtinDomain +schemaIDGUID: bf967a81-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE +systemPossSuperiors: domainDNS +systemAuxiliaryClass: samDomainBase defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: computer -possibleInferiors: user -schemaIDGUID: bf967a81-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN} dn: CN=Infrastructure-Update,${SCHEMADN} -cn: Infrastructure-Update -name: Infrastructure-Update objectClass: top objectClass: classSchema -systemPossSuperiors: infrastructureUpdate -systemPossSuperiors: domain -lDAPDisplayName: infrastructureUpdate +subClassOf: top governsID: 1.2.840.113556.1.5.175 rDNAttID: cn -systemMayContain: dNReferenceUpdate +showInAdvancedViewOnly: TRUE +adminDisplayName: Infrastructure-Update +adminDescription: Infrastructure-Update objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Infrastructure-Update,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: infrastructureUpdate +schemaIDGUID: 2df90d89-009f-11d2-aa4c-00c04fd7d83a systemOnly: TRUE +systemPossSuperiors: infrastructureUpdate +systemPossSuperiors: domain +systemMayContain: dNReferenceUpdate defaultSecurityDescriptor: D:(A;;GA;;;SY) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: 2df90d89-009f-11d2-aa4c-00c04fd7d83a +defaultObjectCategory: CN=Infrastructure-Update,${SCHEMADN} dn: CN=Configuration,${SCHEMADN} -cn: Configuration -name: Configuration objectClass: top objectClass: classSchema -systemPossSuperiors: domainDNS -lDAPDisplayName: configuration +subClassOf: top governsID: 1.2.840.113556.1.5.12 rDNAttID: cn -systemMustContain: cn -systemMayContain: gPOptions -systemMayContain: gPLink +showInAdvancedViewOnly: TRUE +adminDisplayName: Configuration +adminDescription: Configuration objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Configuration,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: configuration +schemaIDGUID: bf967a87-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE +systemPossSuperiors: domainDNS +systemMayContain: gPOptions +systemMayContain: gPLink +systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: lostAndFound -possibleInferiors: sitesContainer -possibleInferiors: container -schemaIDGUID: bf967a87-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Configuration,${SCHEMADN} dn: CN=Cross-Ref,${SCHEMADN} -cn: Cross-Ref -name: Cross-Ref objectClass: top objectClass: classSchema -systemPossSuperiors: crossRefContainer -lDAPDisplayName: crossRef +subClassOf: top governsID: 1.2.840.113556.1.3.11 rDNAttID: cn -systemMustContain: nCName -systemMustContain: dnsRoot -systemMustContain: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Cross-Ref +adminDescription: Cross-Ref +objectClassCategory: 1 +lDAPDisplayName: crossRef +schemaIDGUID: bf967a8d-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: crossRefContainer systemMayContain: trustParent systemMayContain: superiorDNSRoot systemMayContain: rootTrust @@ -7292,50 +9047,55 @@ systemMayContain: nTMixedDomain systemMayContain: nETBIOSName systemMayContain: Enabled systemMayContain: msDS-SDReferenceDomain -systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay -systemMayContain: msDS-Replication-Notify-First-DSA-Delay -systemMayContain: msDS-NC-Replica-Locations -systemMayContain: msDS-DnsRootAlias -systemMayContain: msDS-Behavior-Version -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Cross-Ref,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE +systemMayContain: msDS-Replication-Notify-Subsequent-DSA-Delay +systemMayContain: msDS-Replication-Notify-First-DSA-Delay +systemMayContain: msDS-NC-Replica-Locations +systemMayContain: msDS-DnsRootAlias +systemMayContain: msDS-Behavior-Version +systemMustContain: nCName +systemMustContain: dnsRoot +systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967a8d-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Cross-Ref,${SCHEMADN} dn: CN=RID-Manager,${SCHEMADN} -cn: RID-Manager -name: RID-Manager objectClass: top objectClass: classSchema -systemPossSuperiors: container -lDAPDisplayName: rIDManager +subClassOf: top governsID: 1.2.840.113556.1.5.83 rDNAttID: cn -systemMustContain: rIDAvailablePool +showInAdvancedViewOnly: TRUE +adminDisplayName: RID-Manager +adminDescription: RID-Manager objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=RID-Manager,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: rIDManager +schemaIDGUID: 6617188d-8f3c-11d0-afda-00c04fd930c9 systemOnly: TRUE +systemPossSuperiors: container +systemMustContain: rIDAvailablePool defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: 6617188d-8f3c-11d0-afda-00c04fd930c9 +defaultObjectCategory: CN=RID-Manager,${SCHEMADN} dn: CN=Display-Specifier,${SCHEMADN} -cn: Display-Specifier -name: Display-Specifier objectClass: top objectClass: classSchema -systemPossSuperiors: container -lDAPDisplayName: displaySpecifier +subClassOf: top governsID: 1.2.840.113556.1.5.84 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Display-Specifier +adminDescription: Display-Specifier +objectClassCategory: 1 +lDAPDisplayName: displaySpecifier +schemaIDGUID: e0fa1e8a-9b45-11d0-afdd-00c04fd930c9 +systemOnly: FALSE +systemPossSuperiors: container systemMayContain: treatAsLeaf systemMayContain: shellPropertyPages systemMayContain: shellContextMenu @@ -7352,125 +9112,146 @@ systemMayContain: attributeDisplayNames systemMayContain: adminPropertyPages systemMayContain: adminMultiselectPropertyPages systemMayContain: adminContextMenu -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Display-Specifier,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: e0fa1e8a-9b45-11d0-afdd-00c04fd930c9 +defaultObjectCategory: CN=Display-Specifier,${SCHEMADN} dn: CN=ms-DS-Az-Scope,${SCHEMADN} -cn: ms-DS-Az-Scope -name: ms-DS-Az-Scope objectClass: top objectClass: classSchema -systemPossSuperiors: msDS-AzApplication -lDAPDisplayName: msDS-AzScope +subClassOf: top governsID: 1.2.840.113556.1.5.237 rDNAttID: cn -systemMustContain: msDS-AzScopeName -systemMayContain: msDS-AzApplicationData -systemMayContain: description +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Scope +adminDescription: Describes a set of objects managed by an application objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=ms-DS-Az-Scope,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: msDS-AzScope +schemaIDGUID: 4feae054-ce55-47bb-860e-5b12063a51de systemOnly: FALSE +systemPossSuperiors: msDS-AzApplication +systemMayContain: msDS-AzApplicationData +systemMayContain: description +systemMustContain: msDS-AzScopeName defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: container -schemaIDGUID: 4feae054-ce55-47bb-860e-5b12063a51de +defaultObjectCategory: CN=ms-DS-Az-Scope,${SCHEMADN} dn: CN=Locality,${SCHEMADN} -cn: Locality -name: Locality objectClass: top objectClass: classSchema +subClassOf: top +governsID: 2.5.6.3 +rDNAttID: l +showInAdvancedViewOnly: TRUE +adminDisplayName: Locality +adminDescription: Locality +objectClassCategory: 1 +lDAPDisplayName: locality +schemaIDGUID: bf967aa0-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemPossSuperiors: domainDNS systemPossSuperiors: country systemPossSuperiors: organizationalUnit systemPossSuperiors: organization systemPossSuperiors: locality -lDAPDisplayName: locality -governsID: 2.5.6.3 -rDNAttID: l -systemMustContain: l systemMayContain: street systemMayContain: st systemMayContain: seeAlso systemMayContain: searchGuide -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Locality,${SCHEMADN} -defaultHidingValue: FALSE -systemFlags: 16 -systemOnly: FALSE +systemMustContain: l defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: organization -possibleInferiors: locality -schemaIDGUID: bf967aa0-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Locality,${SCHEMADN} dn: CN=Cross-Ref-Container,${SCHEMADN} -cn: Cross-Ref-Container -name: Cross-Ref-Container objectClass: top objectClass: classSchema -systemPossSuperiors: configuration -lDAPDisplayName: crossRefContainer +subClassOf: top governsID: 1.2.840.113556.1.5.7000.53 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Cross-Ref-Container +adminDescription: Cross-Ref-Container +objectClassCategory: 1 +lDAPDisplayName: crossRefContainer +schemaIDGUID: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 +systemOnly: TRUE +systemPossSuperiors: configuration systemMayContain: msDS-SPNSuffixes systemMayContain: uPNSuffixes systemMayContain: msDS-UpdateScript systemMayContain: msDS-ExecuteScriptPassword systemMayContain: msDS-Behavior-Version -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Cross-Ref-Container,${SCHEMADN} +defaultSecurityDescriptor: D:(A;;GA;;;SY) +systemFlags: 16 defaultHidingValue: FALSE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Cross-Ref-Container,${SCHEMADN} + +dn: CN=Query-Policy,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.2.840.113556.1.5.106 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Query-Policy +adminDescription: Query-Policy +objectClassCategory: 1 +lDAPDisplayName: queryPolicy +schemaIDGUID: 83cc7075-cca7-11d0-afff-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: container +systemMayContain: lDAPIPDenyList +systemMayContain: lDAPAdminLimits +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 -systemOnly: TRUE -defaultSecurityDescriptor: D:(A;;GA;;;SY) +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: crossRef -schemaIDGUID: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 +defaultObjectCategory: CN=Query-Policy,${SCHEMADN} dn: CN=Subnet-Container,${SCHEMADN} -cn: Subnet-Container -name: Subnet-Container objectClass: top objectClass: classSchema -systemPossSuperiors: sitesContainer -lDAPDisplayName: subnetContainer +subClassOf: top governsID: 1.2.840.113556.1.5.95 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Subnet-Container +adminDescription: Subnet-Container objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Subnet-Container,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: subnetContainer +schemaIDGUID: b7b13125-b82e-11d0-afee-0000f80367c1 systemOnly: FALSE +systemPossSuperiors: sitesContainer defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: subnet -schemaIDGUID: b7b13125-b82e-11d0-afee-0000f80367c1 +defaultObjectCategory: CN=Subnet-Container,${SCHEMADN} dn: CN=NTDS-DSA,${SCHEMADN} -cn: NTDS-DSA -name: NTDS-DSA objectClass: top objectClass: classSchema -systemPossSuperiors: organization -systemPossSuperiors: server -lDAPDisplayName: nTDSDSA +subClassOf: applicationSettings governsID: 1.2.840.113556.1.5.7000.47 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: NTDS-DSA +adminDescription: NTDS-DSA +objectClassCategory: 1 +lDAPDisplayName: nTDSDSA +schemaIDGUID: f0f8ffab-1191-11d0-a060-00aa006c33ed +systemOnly: TRUE +systemPossSuperiors: organization +systemPossSuperiors: server systemMayContain: serverReference systemMayContain: msDS-RetiredReplNCSignatures systemMayContain: retiredReplDSASignatures @@ -7489,25 +9270,25 @@ systemMayContain: hasPartialReplicaNCs systemMayContain: hasMasterNCs systemMayContain: fRSRootPath systemMayContain: dMDLocation -objectClassCategory: 1 -subClassOf: applicationSettings -defaultObjectCategory: CN=NTDS-DSA,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: TRUE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: f0f8ffab-1191-11d0-a060-00aa006c33ed +defaultObjectCategory: CN=NTDS-DSA,${SCHEMADN} dn: CN=Sam-Domain,${SCHEMADN} -cn: Sam-Domain -name: Sam-Domain objectClass: top objectClass: classSchema -systemAuxiliaryClass: samDomainBase -lDAPDisplayName: samDomain +subClassOf: top governsID: 1.2.840.113556.1.5.3 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Sam-Domain +adminDescription: Sam-Domain +objectClassCategory: 3 +lDAPDisplayName: samDomain +schemaIDGUID: bf967a90-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemMayContain: treeName systemMayContain: rIDManagerReference systemMayContain: replicaSource @@ -7546,24 +9327,26 @@ systemMayContain: cACertificate systemMayContain: builtinModifiedCount systemMayContain: builtinCreationTime systemMayContain: auditingPolicy -objectClassCategory: 3 -subClassOf: top -defaultObjectCategory: CN=Sam-Domain,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE +systemAuxiliaryClass: samDomainBase defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967a90-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Sam-Domain,${SCHEMADN} dn: CN=Sam-Domain-Base,${SCHEMADN} -cn: Sam-Domain-Base -name: Sam-Domain-Base objectClass: top objectClass: classSchema -lDAPDisplayName: samDomainBase +subClassOf: top governsID: 1.2.840.113556.1.5.2 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Sam-Domain-Base +adminDescription: Sam-Domain-Base +objectClassCategory: 3 +lDAPDisplayName: samDomainBase +schemaIDGUID: bf967a91-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemMayContain: uASCompat systemMayContain: serverState systemMayContain: serverRole @@ -7585,54 +9368,52 @@ systemMayContain: lockOutObservationWindow systemMayContain: forceLogoff systemMayContain: domainReplica systemMayContain: creationTime -objectClassCategory: 3 -subClassOf: top -defaultObjectCategory: CN=Sam-Domain-Base,${SCHEMADN} -defaultHidingValue: TRUE systemFlags: 16 -systemOnly: FALSE +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967a91-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Sam-Domain-Base,${SCHEMADN} dn: CN=Country,${SCHEMADN} -cn: Country -name: Country objectClass: top objectClass: classSchema -systemPossSuperiors: domainDNS -systemPossSuperiors: organization -lDAPDisplayName: country +subClassOf: top governsID: 2.5.6.2 rDNAttID: c -systemMustContain: c -systemMayContain: co -systemMayContain: searchGuide +showInAdvancedViewOnly: TRUE +adminDisplayName: Country +adminDescription: Country objectClassCategory: 0 -subClassOf: top -defaultObjectCategory: CN=Country,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: country +schemaIDGUID: bf967a8c-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE +systemPossSuperiors: domainDNS +systemPossSuperiors: organization +systemMayContain: co +systemMayContain: searchGuide +systemMustContain: c defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: organization -possibleInferiors: locality -possibleInferiors: organizationalUnit -schemaIDGUID: bf967a8c-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Country,${SCHEMADN} dn: CN=Organizational-Unit,${SCHEMADN} -cn: Organizational-Unit -name: Organizational-Unit objectClass: top objectClass: classSchema +subClassOf: top +governsID: 2.5.6.5 +rDNAttID: ou +showInAdvancedViewOnly: TRUE +adminDisplayName: Organizational-Unit +adminDescription: Organizational-Unit +objectClassCategory: 1 +lDAPDisplayName: organizationalUnit +schemaIDGUID: bf967aa5-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemPossSuperiors: country systemPossSuperiors: organization systemPossSuperiors: organizationalUnit systemPossSuperiors: domainDNS -lDAPDisplayName: organizationalUnit -governsID: 2.5.6.5 -rDNAttID: ou -systemMustContain: ou systemMayContain: x121Address systemMayContain: userPassword systemMayContain: uPNSuffixes @@ -7664,90 +9445,55 @@ systemMayContain: defaultGroup systemMayContain: countryCode systemMayContain: c systemMayContain: businessCategory -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Organizational-Unit,${SCHEMADN} -defaultHidingValue: FALSE -systemFlags: 16 -systemOnly: FALSE +systemMustContain: ou defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO) +systemFlags: 16 +defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: computer -possibleInferiors: user -possibleInferiors: container -possibleInferiors: person -possibleInferiors: locality -possibleInferiors: msDS-AzAdminManager -possibleInferiors: organizationalUnit -possibleInferiors: organizationalPerson -schemaIDGUID: bf967aa5-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Organizational-Unit,${SCHEMADN} dn: CN=Lost-And-Found,${SCHEMADN} -cn: Lost-And-Found -name: Lost-And-Found objectClass: top objectClass: classSchema -systemPossSuperiors: configuration -systemPossSuperiors: domainDNS -systemPossSuperiors: dMD -lDAPDisplayName: lostAndFound +subClassOf: top governsID: 1.2.840.113556.1.5.139 rDNAttID: cn -systemMayContain: moveTreeState +showInAdvancedViewOnly: TRUE +adminDisplayName: Lost-And-Found +adminDescription: Lost-And-Found objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Lost-And-Found,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: lostAndFound +schemaIDGUID: 52ab8671-5709-11d1-a9c6-0000f80367c1 systemOnly: FALSE +systemPossSuperiors: configuration +systemPossSuperiors: domainDNS +systemPossSuperiors: dMD +systemMayContain: moveTreeState defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: msDS-AzApplication -possibleInferiors: lostAndFound -possibleInferiors: trustedDomain -possibleInferiors: subnetContainer -possibleInferiors: builtinDomain -possibleInferiors: sitesContainer -possibleInferiors: serversContainer -possibleInferiors: classSchema -possibleInferiors: computer -possibleInferiors: foreignSecurityPrincipal -possibleInferiors: user -possibleInferiors: container -possibleInferiors: msDS-AzScope -possibleInferiors: site -possibleInferiors: organization -possibleInferiors: domainDNS -possibleInferiors: person -possibleInferiors: locality -possibleInferiors: subnet -possibleInferiors: msDS-AzAdminManager -possibleInferiors: crossRef -possibleInferiors: displaySpecifier -possibleInferiors: nTDSService -possibleInferiors: country -possibleInferiors: organizationalUnit -possibleInferiors: secret -possibleInferiors: organizationalPerson -possibleInferiors: server -schemaIDGUID: 52ab8671-5709-11d1-a9c6-0000f80367c1 +defaultObjectCategory: CN=Lost-And-Found,${SCHEMADN} dn: CN=Organizational-Person,${SCHEMADN} -cn: Organizational-Person -name: Organizational-Person objectClass: top objectClass: classSchema +subClassOf: person +governsID: 2.5.6.7 +mayContain: houseIdentifier +mayContain: msExchHouseIdentifier +mayContain: homePostalAddress +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Organizational-Person +adminDescription: Organizational-Person +objectClassCategory: 0 +lDAPDisplayName: organizationalPerson +schemaIDGUID: bf967aa4-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemPossSuperiors: organizationalUnit systemPossSuperiors: organization systemPossSuperiors: container -lDAPDisplayName: organizationalPerson -governsID: 2.5.6.7 -rDNAttID: cn -mayContain: houseIdentifier -mayContain: msExchHouseIdentifier -mayContain: homePostalAddress systemMayContain: x121Address systemMayContain: comment systemMayContain: title @@ -7800,73 +9546,117 @@ systemMayContain: countryCode systemMayContain: company systemMayContain: assistant systemMayContain: streetAddress -objectClassCategory: 0 -subClassOf: person -defaultObjectCategory: CN=Person,${SCHEMADN} -defaultHidingValue: TRUE +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Person,${SCHEMADN} + +dn: CN=Attribute-Schema,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.2.840.113556.1.3.14 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Attribute-Schema +adminDescription: Attribute-Schema +objectClassCategory: 1 +lDAPDisplayName: attributeSchema +schemaIDGUID: bf967a80-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemPossSuperiors: dMD +systemMayContain: systemOnly +systemMayContain: searchFlags +systemMayContain: schemaFlagsEx +systemMayContain: rangeUpper +systemMayContain: rangeLower +systemMayContain: oMObjectClass +systemMayContain: msDs-Schema-Extensions +systemMayContain: msDS-IntId +systemMayContain: mAPIID +systemMayContain: linkID +systemMayContain: isMemberOfPartialAttributeSet +systemMayContain: isEphemeral +systemMayContain: isDefunct +systemMayContain: extendedCharsAllowed +systemMayContain: classDisplayName +systemMayContain: attributeSecurityGUID +systemMustContain: schemaIDGUID +systemMustContain: oMSyntax +systemMustContain: lDAPDisplayName +systemMustContain: isSingleValued +systemMustContain: cn +systemMustContain: attributeSyntax +systemMustContain: attributeID +defaultSecurityDescriptor: D:S: +systemFlags: 134217744 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967aa4-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NTDS-Service,${SCHEMADN} -cn: NTDS-Service -name: NTDS-Service objectClass: top objectClass: classSchema -systemPossSuperiors: container -lDAPDisplayName: nTDSService +subClassOf: top governsID: 1.2.840.113556.1.5.72 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: NTDS-Service +adminDescription: NTDS-Service +objectClassCategory: 1 +lDAPDisplayName: nTDSService +schemaIDGUID: 19195a5f-6da0-11d0-afd3-00c04fd930c9 +systemOnly: FALSE +systemPossSuperiors: container systemMayContain: tombstoneLifetime systemMayContain: sPNMappings systemMayContain: replTopologyStayOfExecution systemMayContain: msDS-Other-Settings systemMayContain: garbageCollPeriod systemMayContain: dSHeuristics -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=NTDS-Service,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: container -schemaIDGUID: 19195a5f-6da0-11d0-afd3-00c04fd930c9 +defaultObjectCategory: CN=NTDS-Service,${SCHEMADN} dn: CN=Servers-Container,${SCHEMADN} -cn: Servers-Container -name: Servers-Container objectClass: top objectClass: classSchema -systemPossSuperiors: site -lDAPDisplayName: serversContainer +subClassOf: top governsID: 1.2.840.113556.1.5.7000.48 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Servers-Container +adminDescription: Servers-Container objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Servers-Container,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: serversContainer +schemaIDGUID: f780acc0-56f0-11d1-a9c6-0000f80367c1 systemOnly: FALSE +systemPossSuperiors: site defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: server -schemaIDGUID: f780acc0-56f0-11d1-a9c6-0000f80367c1 +defaultObjectCategory: CN=Servers-Container,${SCHEMADN} dn: CN=Computer,${SCHEMADN} -cn: Computer -name: Computer objectClass: top objectClass: classSchema +subClassOf: user +governsID: 1.2.840.113556.1.3.30 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Computer +adminDescription: Computer +objectClassCategory: 1 +lDAPDisplayName: computer +schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemPossSuperiors: container systemPossSuperiors: organizationalUnit systemPossSuperiors: domainDNS -lDAPDisplayName: computer -governsID: 1.2.840.113556.1.3.30 -rDNAttID: cn systemMayContain: volumeCount systemMayContain: siteGUID systemMayContain: rIDSetReferences @@ -7892,48 +9682,54 @@ systemMayContain: dNSHostName systemMayContain: defaultLocalPolicyObject systemMayContain: cn systemMayContain: catalogs -objectClassCategory: 1 -subClassOf: user -defaultObjectCategory: CN=Computer,${SCHEMADN} -defaultHidingValue: FALSE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) +systemFlags: 16 +defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967a86-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Computer,${SCHEMADN} dn: CN=Person,${SCHEMADN} -cn: Person -name: Person objectClass: top objectClass: classSchema -systemPossSuperiors: organizationalUnit -systemPossSuperiors: container -lDAPDisplayName: person +subClassOf: top governsID: 2.5.6.6 -rDNAttID: cn -systemMustContain: cn mayContain: attributeCertificateAttribute +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Person +adminDescription: Person +objectClassCategory: 0 +lDAPDisplayName: person +schemaIDGUID: bf967aa7-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: organizationalUnit +systemPossSuperiors: container systemMayContain: userPassword systemMayContain: telephoneNumber systemMayContain: sn systemMayContain: serialNumber systemMayContain: seeAlso -objectClassCategory: 0 -subClassOf: top -defaultObjectCategory: CN=Person,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE +systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967aa7-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Person,${SCHEMADN} dn: CN=Container,${SCHEMADN} -cn: Container -name: Container objectClass: top objectClass: classSchema +subClassOf: top +governsID: 1.2.840.113556.1.3.23 +mayContain: msDS-ObjectReference +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Container +adminDescription: Container +objectClassCategory: 1 +lDAPDisplayName: container +schemaIDGUID: bf967a8b-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemPossSuperiors: msDS-AzScope systemPossSuperiors: msDS-AzApplication systemPossSuperiors: msDS-AzAdminManager @@ -7945,44 +9741,29 @@ systemPossSuperiors: organization systemPossSuperiors: configuration systemPossSuperiors: container systemPossSuperiors: organizationalUnit -lDAPDisplayName: container -governsID: 1.2.840.113556.1.3.23 -rDNAttID: cn -systemMustContain: cn -mayContain: msDS-ObjectReference systemMayContain: schemaVersion systemMayContain: defaultClassStore -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Container,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE +systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: trustedDomain -possibleInferiors: computer -possibleInferiors: foreignSecurityPrincipal -possibleInferiors: user -possibleInferiors: container -possibleInferiors: person -possibleInferiors: msDS-AzAdminManager -possibleInferiors: displaySpecifier -possibleInferiors: nTDSService -possibleInferiors: secret -possibleInferiors: organizationalPerson -schemaIDGUID: bf967a8b-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Container,${SCHEMADN} dn: CN=Site,${SCHEMADN} -cn: Site -name: Site objectClass: top objectClass: classSchema -systemPossSuperiors: sitesContainer -lDAPDisplayName: site +subClassOf: top governsID: 1.2.840.113556.1.5.31 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Site +adminDescription: Site +objectClassCategory: 1 +lDAPDisplayName: site +schemaIDGUID: bf967ab3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: sitesContainer systemMayContain: notificationList systemMayContain: mSMQSiteID systemMayContain: mSMQSiteForeign @@ -7993,29 +9774,28 @@ systemMayContain: managedBy systemMayContain: location systemMayContain: gPOptions systemMayContain: gPLink -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Site,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: serversContainer -schemaIDGUID: bf967ab3-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Site,${SCHEMADN} dn: CN=Organization,${SCHEMADN} -cn: Organization -name: Organization objectClass: top objectClass: classSchema +subClassOf: top +governsID: 2.5.6.4 +rDNAttID: o +showInAdvancedViewOnly: TRUE +adminDisplayName: Organization +adminDescription: Organization +objectClassCategory: 1 +lDAPDisplayName: organization +schemaIDGUID: bf967aa3-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemPossSuperiors: locality systemPossSuperiors: country systemPossSuperiors: domainDNS -lDAPDisplayName: organization -governsID: 2.5.6.4 -rDNAttID: o -systemMustContain: o systemMayContain: x121Address systemMayContain: userPassword systemMayContain: telexNumber @@ -8036,35 +9816,29 @@ systemMayContain: internationalISDNNumber systemMayContain: facsimileTelephoneNumber systemMayContain: destinationIndicator systemMayContain: businessCategory -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Organization,${SCHEMADN} -defaultHidingValue: FALSE -systemFlags: 16 -systemOnly: FALSE +systemMustContain: o defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: computer -possibleInferiors: user -possibleInferiors: container -possibleInferiors: domainDNS -possibleInferiors: locality -possibleInferiors: country -possibleInferiors: organizationalUnit -possibleInferiors: organizationalPerson -schemaIDGUID: bf967aa3-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Organization,${SCHEMADN} dn: CN=ms-DS-Az-Admin-Manager,${SCHEMADN} -cn: ms-DS-Az-Admin-Manager -name: ms-DS-Az-Admin-Manager objectClass: top objectClass: classSchema +subClassOf: top +governsID: 1.2.840.113556.1.5.234 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: MS-DS-Az-Admin-Manager +adminDescription: Root of Authorization Policy store instance +objectClassCategory: 1 +lDAPDisplayName: msDS-AzAdminManager +schemaIDGUID: cfee1051-5f28-4bae-a863-5d0cc18a8ed1 +systemOnly: FALSE systemPossSuperiors: domainDNS systemPossSuperiors: organizationalUnit systemPossSuperiors: container -lDAPDisplayName: msDS-AzAdminManager -governsID: 1.2.840.113556.1.5.234 -rDNAttID: cn systemMayContain: msDS-AzMinorVersion systemMayContain: msDS-AzMajorVersion systemMayContain: msDS-AzApplicationData @@ -8073,29 +9847,25 @@ systemMayContain: msDS-AzScriptTimeout systemMayContain: msDS-AzScriptEngineCacheMax systemMayContain: msDS-AzDomainTimeout systemMayContain: description -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: group -possibleInferiors: msDS-AzApplication -possibleInferiors: container -schemaIDGUID: cfee1051-5f28-4bae-a863-5d0cc18a8ed1 +defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,${SCHEMADN} dn: CN=Security-Principal,${SCHEMADN} -cn: Security-Principal -name: Security-Principal objectClass: top objectClass: classSchema -lDAPDisplayName: securityPrincipal +subClassOf: top governsID: 1.2.840.113556.1.5.6 rDNAttID: cn -systemMustContain: sAMAccountName -systemMustContain: objectSid +showInAdvancedViewOnly: TRUE +adminDisplayName: Security-Principal +adminDescription: Security-Principal +objectClassCategory: 3 +lDAPDisplayName: securityPrincipal +schemaIDGUID: bf967ab0-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemMayContain: supplementalCredentials systemMayContain: sIDHistory systemMayContain: securityIdentifier @@ -8108,51 +9878,49 @@ systemMayContain: nTSecurityDescriptor systemMayContain: msDS-KeyVersionNumber systemMayContain: altSecurityIdentities systemMayContain: accountNameHistory -objectClassCategory: 3 -subClassOf: top -defaultObjectCategory: CN=Security-Principal,${SCHEMADN} -defaultHidingValue: TRUE +systemMustContain: sAMAccountName +systemMustContain: objectSid systemFlags: 16 -systemOnly: FALSE +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967ab0-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Security-Principal,${SCHEMADN} dn: CN=Application-Settings,${SCHEMADN} -cn: Application-Settings -name: Application-Settings objectClass: top objectClass: classSchema -systemPossSuperiors: server -lDAPDisplayName: applicationSettings +subClassOf: top governsID: 1.2.840.113556.1.5.7000.49 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Application-Settings +adminDescription: Application-Settings +objectClassCategory: 2 +lDAPDisplayName: applicationSettings +schemaIDGUID: f780acc1-56f0-11d1-a9c6-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: server systemMayContain: notificationList systemMayContain: msDS-Settings systemMayContain: applicationName -objectClassCategory: 2 -subClassOf: top -defaultObjectCategory: CN=Application-Settings,${SCHEMADN} -defaultHidingValue: TRUE systemFlags: 16 -systemOnly: FALSE +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: f780acc1-56f0-11d1-a9c6-0000f80367c1 +defaultObjectCategory: CN=Application-Settings,${SCHEMADN} dn: CN=Class-Schema,${SCHEMADN} -cn: Class-Schema -name: Class-Schema objectClass: top objectClass: classSchema -systemPossSuperiors: dMD -lDAPDisplayName: classSchema +subClassOf: top governsID: 1.2.840.113556.1.3.13 rDNAttID: cn -systemMustContain: subClassOf -systemMustContain: schemaIDGUID -systemMustContain: objectClassCategory -systemMustContain: governsID -systemMustContain: defaultObjectCategory -systemMustContain: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Class-Schema +adminDescription: Class-Schema +objectClassCategory: 1 +lDAPDisplayName: classSchema +schemaIDGUID: bf967a83-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: dMD systemMayContain: systemPossSuperiors systemMayContain: systemOnly systemMayContain: systemMustContain @@ -8171,29 +9939,23 @@ systemMayContain: defaultSecurityDescriptor systemMayContain: defaultHidingValue systemMayContain: classDisplayName systemMayContain: auxiliaryClass -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Class-Schema,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 134217744 -systemOnly: FALSE +systemMustContain: subClassOf +systemMustContain: schemaIDGUID +systemMustContain: objectClassCategory +systemMustContain: governsID +systemMustContain: defaultObjectCategory +systemMustContain: cn defaultSecurityDescriptor: D:S: +systemFlags: 134217744 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967a83-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Class-Schema,${SCHEMADN} dn: CN=User,${SCHEMADN} -cn: User -name: User objectClass: top objectClass: classSchema -systemAuxiliaryClass: securityPrincipal -systemAuxiliaryClass: mailRecipient -systemPossSuperiors: builtinDomain -systemPossSuperiors: organizationalUnit -systemPossSuperiors: domainDNS -lDAPDisplayName: user +subClassOf: organizationalPerson governsID: 1.2.840.113556.1.5.9 -rDNAttID: cn mayContain: x500uniqueIdentifier mayContain: userSMIMECertificate mayContain: userPKCS12 @@ -8212,6 +9974,17 @@ mayContain: displayName mayContain: departmentNumber mayContain: carLicense mayContain: audio +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: User +adminDescription: User +objectClassCategory: 1 +lDAPDisplayName: user +schemaIDGUID: bf967aba-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: builtinDomain +systemPossSuperiors: organizationalUnit +systemPossSuperiors: domainDNS systemMayContain: pager systemMayContain: o systemMayContain: mobile @@ -8288,166 +10061,170 @@ systemMayContain: badPasswordTime systemMayContain: adminCount systemMayContain: aCSPolicyName systemMayContain: accountExpires -objectClassCategory: 1 -subClassOf: organizationalPerson -defaultObjectCategory: CN=Person,${SCHEMADN} -defaultHidingValue: FALSE -systemFlags: 16 -systemOnly: FALSE +systemAuxiliaryClass: securityPrincipal +systemAuxiliaryClass: mailRecipient defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) +systemFlags: 16 +defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967aba-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Person,${SCHEMADN} dn: CN=DMD,${SCHEMADN} -cn: DMD -name: DMD objectClass: top objectClass: classSchema -systemPossSuperiors: configuration -lDAPDisplayName: dMD +subClassOf: top governsID: 1.2.840.113556.1.3.9 rDNAttID: cn -systemMustContain: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: DMD +adminDescription: DMD +objectClassCategory: 1 +lDAPDisplayName: dMD +schemaIDGUID: bf967a8f-0de6-11d0-a285-00aa003049e2 +systemOnly: TRUE +systemPossSuperiors: configuration systemMayContain: schemaUpdate systemMayContain: schemaInfo systemMayContain: prefixMap systemMayContain: msDs-Schema-Extensions systemMayContain: msDS-IntId systemMayContain: dmdName -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=DMD,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: TRUE +systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: lostAndFound -possibleInferiors: classSchema -schemaIDGUID: bf967a8f-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=DMD,${SCHEMADN} dn: CN=Leaf,${SCHEMADN} -cn: Leaf -name: Leaf objectClass: top objectClass: classSchema -lDAPDisplayName: leaf +subClassOf: top governsID: 1.2.840.113556.1.5.20 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Leaf +adminDescription: Leaf objectClassCategory: 2 -subClassOf: top -defaultObjectCategory: CN=Leaf,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: leaf +schemaIDGUID: bf967a9e-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967a9e-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Leaf,${SCHEMADN} dn: CN=Secret,${SCHEMADN} -cn: Secret -name: Secret objectClass: top objectClass: classSchema -systemPossSuperiors: container -lDAPDisplayName: secret +subClassOf: leaf governsID: 1.2.840.113556.1.5.28 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Secret +adminDescription: Secret +objectClassCategory: 1 +lDAPDisplayName: secret +schemaIDGUID: bf967aae-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: container systemMayContain: priorValue systemMayContain: priorSetTime systemMayContain: lastSetTime systemMayContain: currentValue -objectClassCategory: 1 -subClassOf: leaf -defaultObjectCategory: CN=Secret,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967aae-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Secret,${SCHEMADN} dn: CN=Sites-Container,${SCHEMADN} -cn: Sites-Container -name: Sites-Container objectClass: top objectClass: classSchema -systemPossSuperiors: configuration -lDAPDisplayName: sitesContainer +subClassOf: top governsID: 1.2.840.113556.1.5.107 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Sites-Container +adminDescription: Sites-Container objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Sites-Container,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: sitesContainer +schemaIDGUID: 7a4117da-cd67-11d0-afff-0000f80367c1 systemOnly: FALSE +systemPossSuperiors: configuration defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: subnetContainer -possibleInferiors: site -schemaIDGUID: 7a4117da-cd67-11d0-afff-0000f80367c1 +defaultObjectCategory: CN=Sites-Container,${SCHEMADN} dn: CN=Server,${SCHEMADN} -cn: Server -name: Server objectClass: top objectClass: classSchema -systemPossSuperiors: serversContainer -lDAPDisplayName: server +subClassOf: top governsID: 1.2.840.113556.1.5.17 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Server +adminDescription: Server +objectClassCategory: 1 +lDAPDisplayName: server +schemaIDGUID: bf967a92-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: serversContainer systemMayContain: mailAddress systemMayContain: serverReference systemMayContain: serialNumber systemMayContain: managedBy systemMayContain: dNSHostName systemMayContain: bridgeheadTransportList -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Server,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: container -schemaIDGUID: bf967a92-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Server,${SCHEMADN} dn: CN=SubSchema,${SCHEMADN} -cn: SubSchema -name: SubSchema objectClass: top objectClass: classSchema -systemPossSuperiors: dMD -lDAPDisplayName: subSchema +subClassOf: top governsID: 2.5.20.1 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: SubSchema +adminDescription: SubSchema +objectClassCategory: 1 +lDAPDisplayName: subSchema +schemaIDGUID: 5a8b3261-c38d-11d1-bbc9-0080c76670c0 +systemOnly: TRUE +systemPossSuperiors: dMD systemMayContain: objectClasses systemMayContain: modifyTimeStamp systemMayContain: extendedClassInfo systemMayContain: extendedAttributeInfo systemMayContain: dITContentRules systemMayContain: attributeTypes -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=SubSchema,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 134217744 -systemOnly: TRUE defaultSecurityDescriptor: D:S: +systemFlags: 134217744 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: 5a8b3261-c38d-11d1-bbc9-0080c76670c0 +defaultObjectCategory: CN=SubSchema,${SCHEMADN} dn: CN=Trusted-Domain,${SCHEMADN} -cn: Trusted-Domain -name: Trusted-Domain objectClass: top objectClass: classSchema -systemPossSuperiors: container -lDAPDisplayName: trustedDomain +subClassOf: leaf governsID: 1.2.840.113556.1.5.34 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Trusted-Domain +adminDescription: Trusted-Domain +objectClassCategory: 1 +lDAPDisplayName: trustedDomain +schemaIDGUID: bf967ab8-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: container systemMayContain: trustType systemMayContain: trustPosixOffset systemMayContain: trustPartner @@ -8464,96 +10241,97 @@ systemMayContain: flatName systemMayContain: domainIdentifier systemMayContain: domainCrossRef systemMayContain: additionalTrustedServiceNames -objectClassCategory: 1 -subClassOf: leaf -defaultObjectCategory: CN=Trusted-Domain,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967ab8-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Trusted-Domain,${SCHEMADN} dn: CN=Domain,${SCHEMADN} -cn: Domain -name: Domain objectClass: top objectClass: classSchema -systemPossSuperiors: domain -systemPossSuperiors: organization -lDAPDisplayName: domain +subClassOf: top governsID: 1.2.840.113556.1.5.66 rDNAttID: dc -systemMustContain: dc +showInAdvancedViewOnly: TRUE +adminDisplayName: Domain +adminDescription: Domain objectClassCategory: 2 -subClassOf: top -defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: domain +schemaIDGUID: 19195a5a-6da0-11d0-afd3-00c04fd930c9 systemOnly: FALSE +systemPossSuperiors: domain +systemPossSuperiors: organization +systemMustContain: dc +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: domainDNS -schemaIDGUID: 19195a5a-6da0-11d0-afd3-00c04fd930c9 +defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} dn: CN=Foreign-Security-Principal,${SCHEMADN} -cn: Foreign-Security-Principal -name: Foreign-Security-Principal objectClass: top objectClass: classSchema -systemPossSuperiors: container -lDAPDisplayName: foreignSecurityPrincipal +subClassOf: top governsID: 1.2.840.113556.1.5.76 rDNAttID: cn -systemMustContain: objectSid -systemMayContain: foreignIdentifier +showInAdvancedViewOnly: TRUE +adminDisplayName: Foreign-Security-Principal +adminDescription: Foreign-Security-Principal objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Foreign-Security-Principal,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 +lDAPDisplayName: foreignSecurityPrincipal +schemaIDGUID: 89e31c12-8530-11d0-afda-00c04fd930c9 systemOnly: FALSE +systemPossSuperiors: container +systemMayContain: foreignIdentifier +systemMustContain: objectSid defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: 89e31c12-8530-11d0-afda-00c04fd930c9 +defaultObjectCategory: CN=Foreign-Security-Principal,${SCHEMADN} dn: CN=Subnet,${SCHEMADN} -cn: Subnet -name: Subnet objectClass: top objectClass: classSchema -systemPossSuperiors: subnetContainer -lDAPDisplayName: subnet +subClassOf: top governsID: 1.2.840.113556.1.5.96 rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Subnet +adminDescription: Subnet +objectClassCategory: 1 +lDAPDisplayName: subnet +schemaIDGUID: b7b13124-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: subnetContainer systemMayContain: siteObject systemMayContain: physicalLocationObject systemMayContain: location -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Subnet,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -possibleInferiors: container -schemaIDGUID: b7b13124-b82e-11d0-afee-0000f80367c1 +defaultObjectCategory: CN=Subnet,${SCHEMADN} dn: CN=Mail-Recipient,${SCHEMADN} -cn: Mail-Recipient -name: Mail-Recipient objectClass: top objectClass: classSchema -systemPossSuperiors: container -lDAPDisplayName: mailRecipient +subClassOf: top governsID: 1.2.840.113556.1.3.46 -rDNAttID: cn -systemMustContain: cn mayContain: userSMIMECertificate mayContain: secretary mayContain: msExchLabeledURI mayContain: msExchAssistantName mayContain: labeledURI +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Mail-Recipient +adminDescription: Mail-Recipient +objectClassCategory: 3 +lDAPDisplayName: mailRecipient +schemaIDGUID: bf967aa1-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemPossSuperiors: container systemMayContain: userCertificate systemMayContain: userCert systemMayContain: textEncodedORAddress @@ -8562,23 +10340,26 @@ systemMayContain: showInAddressBook systemMayContain: legacyExchangeDN systemMayContain: garbageCollPeriod systemMayContain: info -objectClassCategory: 3 -subClassOf: top -defaultObjectCategory: CN=Mail-Recipient,${SCHEMADN} -defaultHidingValue: TRUE -systemFlags: 16 -systemOnly: FALSE +systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967aa1-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Mail-Recipient,${SCHEMADN} dn: CN=Group,${SCHEMADN} -cn: Group -name: Group objectClass: top objectClass: classSchema -systemAuxiliaryClass: mailRecipient -systemAuxiliaryClass: securityPrincipal +subClassOf: top +governsID: 1.2.840.113556.1.5.8 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Group +adminDescription: Group +objectClassCategory: 1 +lDAPDisplayName: group +schemaIDGUID: bf967a9c-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE systemPossSuperiors: msDS-AzScope systemPossSuperiors: msDS-AzApplication systemPossSuperiors: msDS-AzAdminManager @@ -8586,10 +10367,6 @@ systemPossSuperiors: container systemPossSuperiors: builtinDomain systemPossSuperiors: organizationalUnit systemPossSuperiors: domainDNS -lDAPDisplayName: group -governsID: 1.2.840.113556.1.5.8 -rDNAttID: cn -systemMustContain: groupType systemMayContain: primaryGroupToken systemMayContain: operatorCount systemMayContain: nTGroupMembers @@ -8604,22 +10381,18 @@ systemMayContain: mail systemMayContain: desktopProfile systemMayContain: controlAccessRights systemMayContain: adminCount -objectClassCategory: 1 -subClassOf: top -defaultObjectCategory: CN=Group,${SCHEMADN} -defaultHidingValue: FALSE -systemFlags: 16 -systemOnly: FALSE +systemMustContain: groupType +systemAuxiliaryClass: mailRecipient +systemAuxiliaryClass: securityPrincipal defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) +systemFlags: 16 +defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} -schemaIDGUID: bf967a9c-0de6-11d0-a285-00aa003049e2 +defaultObjectCategory: CN=Group,${SCHEMADN} dn: CN=Aggregate,${SCHEMADN} objectClass: top objectClass: subSchema -cn: Aggregate -instanceType: 4 -name: Aggregate objectCategory: CN=SubSchema,${SCHEMADN} objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) @@ -8633,6 +10406,7 @@ objectClasses: ( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURA objectClasses: ( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST ( msDS-AzScopeName ) MAY ( msDS-AzApplicationData $ description ) ) objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST ( l ) MAY ( street $ st $ seeAlso $ searchGuide ) ) objectClasses: ( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY ( msDS-SPNSuffixes $ uPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-Behavior-Version ) ) +objectClasses: ( 1.2.840.113556.1.5.106 NAME 'queryPolicy' SUP top STRUCTURAL MAY ( lDAPIPDenyList $ lDAPAdminLimits ) ) objectClasses: ( 1.2.840.113556.1.5.95 NAME 'subnetContainer' SUP top STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.5.7000.47 NAME 'nTDSDSA' SUP applicationSettings STRUCTURAL MAY ( serverReference $ msDS-RetiredReplNCSignatures $ retiredReplDSASignatures $ queryPolicyObject $ options $ networkAddress $ msDS-ReplicationEpoch $ msDS-HasInstantiatedNCs $ msDS-hasMasterNCs $ msDS-HasDomainNCs $ msDS-Behavior-Version $ managedBy $ lastBackupRestorationTime $ invocationId $ hasPartialReplicaNCs $ hasMasterNCs $ fRSRootPath $ dMDLocation ) ) objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) @@ -8641,6 +10415,7 @@ objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuid objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) ) objectClasses: ( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY ( moveTreeState ) ) objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) ) +objectClasses: ( 1.2.840.113556.1.3.14 NAME 'attributeSchema' SUP top STRUCTURAL MUST ( schemaIDGUID $ oMSyntax $ lDAPDisplayName $ isSingleValued $ cn $ attributeSyntax $ attributeID ) MAY ( systemOnly $ searchFlags $ schemaFlagsEx $ rangeUpper $ rangeLower $ oMObjectClass $ msDs-Schema-Extensions $ msDS-IntId $ mAPIID $ linkID $ isMemberOfPartialAttributeSet $ isEphemeral $ isDefunct $ extendedCharsAllowed $ classDisplayName $ attributeSecurityGUID ) ) objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY ( tombstoneLifetime $ sPNMappings $ replTopologyStayOfExecution $ msDS-Other-Settings $ garbageCollPeriod $ dSHeuristics ) ) objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY ( volumeCount $ siteGUID $ rIDSetReferences $ policyReplicationFlags $ physicalLocationObject $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ operatingSystem $ networkAddress $ netbootSIFFile $ netbootMirrorDataFile $ netbootMachineFilePath $ netbootInitialization $ netbootGUID $ msDS-AdditionalSamAccountName $ msDS-AdditionalDnsHostName $ managedBy $ machineRole $ location $ localPolicyFlags $ dNSHostName $ defaultLocalPolicyObject $ cn $ catalogs ) ) @@ -8666,27 +10441,27 @@ objectClasses: ( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY ( si objectClasses: ( 1.2.840.113556.1.3.46 NAME 'mailRecipient' SUP top AUXILIARY MUST ( cn ) MAY ( userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST ( groupType ) MAY ( primaryGroupToken $ operatorCount $ nTGroupMembers $ nonSecurityMember $ msDS-NonMembers $ msDS-AzLDAPQuery $ member $ managedBy $ groupMembershipSAM $ groupAttributes $ mail $ desktopProfile $ controlAccessRights $ adminCount ) ) attributeTypes: ( 1.2.840.113556.1.4.1304 NAME 'sDRightsEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.104 NAME 'ownerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.104 NAME 'ownerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.1720 NAME 'msDS-ReplicationEpoch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.202 NAME 'auditingPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.646 NAME 'otherFacsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.2.256 NAME 'streetAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.121 NAME 'securityIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1782 NAME 'msDS-KeyVersionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1782 NAME 'msDS-KeyVersionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1307 NAME 'accountNameHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.752 NAME 'userSharedFolderOther' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.751 NAME 'userSharedFolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.966 NAME 'mSMQDigestsMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.755 NAME 'domainIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.755 NAME 'domainIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.655 NAME 'legacyExchangeDN' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.618 NAME 'wellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) -attributeTypes: ( 1.2.840.113556.1.4.1 NAME 'name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.531 NAME 'nonSecurityMemberBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.618 NAME 'wellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1 NAME 'name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.531 NAME 'nonSecurityMemberBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1707 NAME 'msDS-ReplAttributeMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1242 NAME 'dNReferenceUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1242 NAME 'dNReferenceUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.892 NAME 'gPOptions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1790 NAME 'msDS-PerUserTrustTombstonesQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME 'pager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) @@ -8697,49 +10472,52 @@ attributeTypes: ( 1.2.840.113556.1.4.1418 NAME 'tokenGroupsGlobalAndUniversal' S attributeTypes: ( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.96 NAME 'pwdLastSet' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.6 NAME 'objectClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.21.6 NAME 'objectClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.470 NAME 'trustAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1702 NAME 'msDS-TrustForestTrustInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.512 NAME 'siteObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.638 NAME 'isPrivilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.638 NAME 'isPrivilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.28 NAME 'dnsRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.168 NAME 'modifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' ) attributeTypes: ( 2.5.4.15 NAME 'businessCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'middleName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.30 NAME 'attributeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.677 NAME 'replTopologyStayOfExecution' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.359 NAME 'netbootGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.25 NAME 'mayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 1.2.840.113556.1.4.135 NAME 'trustAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.748 NAME 'attributeDisplayNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.614 NAME 'adminContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.67 NAME 'lSAModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.66 NAME 'lSACreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.154 NAME 'serverState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.125 NAME 'supplementalCredentials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.2.460 NAME 'lDAPDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.125 NAME 'supplementalCredentials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.1130 NAME 'msNPSavedCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) attributeTypes: ( 1.2.840.113556.1.4.38 NAME 'flags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.812 NAME 'createWizardExt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.36 NAME 'dMDLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.36 NAME 'dMDLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.596 NAME 'msExchHouseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.647 NAME 'otherMobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.32 NAME 'attributeSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.149 NAME 'attributeSecurityGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.212 NAME 'dSHeuristics' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.5 NAME 'serialNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) attributeTypes: ( 1.2.840.113556.1.4.1697 NAME 'msDS-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.144 NAME 'operatorCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1153 NAME 'msRADIUSFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.45 NAME 'homeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.540 NAME 'initialAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1664 NAME 'msDS-Replication-Notify-Subsequent-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.810 NAME 'createDialog' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.607 NAME 'queryPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) @@ -8751,11 +10529,11 @@ attributeTypes: ( 1.2.840.113556.1.4.652 NAME 'assistant' SYNTAX '1.3.6.1.4.1.14 attributeTypes: ( 1.2.840.113556.1.4.361 NAME 'netbootMachineFilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.45 NAME 'x500uniqueIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.55 NAME 'dBCSPwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.538 NAME 'prefixMap' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1807 NAME 'msDS-MembersForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.538 NAME 'prefixMap' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1807 NAME 'msDS-MembersForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.781 NAME 'lastKnownParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.369 NAME 'fSMORoleOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.673 NAME 'retiredReplDSASignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.673 NAME 'retiredReplDSASignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.459 NAME 'networkAddress' SYNTAX '1.2.840.113556.1.4.905' ) attributeTypes: ( 1.2.840.113556.1.2.471 NAME 'schemaVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) attributeTypes: ( 1.2.840.113556.1.2.8 NAME 'possSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) @@ -8771,9 +10549,9 @@ attributeTypes: ( 1.2.840.113556.1.4.749 NAME 'url' SYNTAX '1.3.6.1.4.1.1466.115 attributeTypes: ( 1.2.840.113556.1.4.145 NAME 'revision' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.76 NAME 'objectVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1705 NAME 'msDS-NCReplInboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1425 NAME 'msCOM-UserLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1409 NAME 'masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.916 NAME 'canonicalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1425 NAME 'msCOM-UserLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1409 NAME 'masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.916 NAME 'canonicalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1661 NAME 'msDS-NC-Replica-Locations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.1721 NAME 'msDS-UpdateScript' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.88 NAME 'nextRid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -8781,9 +10559,10 @@ attributeTypes: ( 2.5.4.24 NAME 'x121Address' SYNTAX '1.3.6.1.4.1.1466.115.121.1 attributeTypes: ( 2.5.4.35 NAME 'userPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.639 NAME 'isMemberOfPartialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) attributeTypes: ( 1.2.840.113556.1.4.1189 NAME 'msRASSavedCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.136 NAME 'trustType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -8791,38 +10570,41 @@ attributeTypes: ( 1.2.840.113556.1.4.158 NAME 'domainReplica' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.2.615 NAME 'personalTitle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.651 NAME 'otherMailbox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME 'mail' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.231 NAME 'oMSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.661 NAME 'isDefunct' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1621 NAME 'msDS-Other-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.71 NAME 'machineRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1795 NAME 'msDS-AzDomainTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.198 NAME 'systemAuxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.661 NAME 'isDefunct' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.198 NAME 'systemAuxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.160 NAME 'lmPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.166 NAME 'groupMembershipSAM' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.133 NAME 'trustPartner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.1 NAME 'instanceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.1 NAME 'instanceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.806 NAME 'treatAsLeaf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.562 NAME 'adminPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1799 NAME 'msDS-AzScopeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1826 NAME 'msDS-RetiredReplNCSignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.14 NAME 'hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.844 NAME 'lDAPIPDenyList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1826 NAME 'msDS-RetiredReplNCSignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.14 NAME 'hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.81 NAME 'modifiedCountAtLastProm' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.78 NAME 'minPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.39 NAME 'forceLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1305 NAME 'moveTreeState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.1787 NAME 'msDS-AllowedToDelegateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.170 NAME 'systemOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1716 NAME 'msDS-IntId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.619 NAME 'dNSHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1825 NAME 'msDS-AzMinorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.170 NAME 'systemOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1716 NAME 'msDS-IntId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.49 NAME 'badPasswordTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.843 NAME 'lDAPAdminLimits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.151 NAME 'oEMInformation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.42 NAME 'givenName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1347 NAME 'sPNMappings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -8831,9 +10613,9 @@ attributeTypes: ( 1.2.840.113556.1.4.303 NAME 'notificationList' SYNTAX '1.3.6.1 attributeTypes: ( 1.2.840.113556.1.4.1301 NAME 'tokenGroups' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.97 NAME 'preferredOU' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1410 NAME 'mS-DS-CreatorSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1410 NAME 'mS-DS-CreatorSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1793 NAME 'msDS-NonMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1815 NAME 'msDS-TasksForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1815 NAME 'msDS-TasksForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) @@ -8841,15 +10623,15 @@ attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1 attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.820 NAME 'bridgeheadServerListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.820 NAME 'bridgeheadServerListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1819 NAME 'msDS-AzApplicationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.866 NAME 'pekKeyChangeInterval' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 2.5.4.6 NAME 'c' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) attributeTypes: ( 1.2.840.113556.1.4.25 NAME 'countryCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME 'mobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.669 NAME 'rIDSetReferences' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.148 NAME 'schemaIDGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.148 NAME 'schemaIDGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.669 NAME 'rIDSetReferences' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.351 NAME 'auxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME 'uid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -8857,16 +10639,17 @@ attributeTypes: ( 1.2.840.113556.1.4.889 NAME 'additionalTrustedServiceNames' SY attributeTypes: ( 1.2.840.113556.1.2.464 NAME 'wWWHomePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.896 NAME 'uSNSource' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1360 NAME 'mS-DS-ConsistencyGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.870 NAME 'frsComputerReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.913 NAME 'allowedAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.870 NAME 'frsComputerReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.913 NAME 'allowedAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1798 NAME 'msDS-AzApplicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.890 NAME 'uPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1788 NAME 'msDS-PerUserTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1411 NAME 'ms-DS-MachineAccountQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.157 NAME 'serverRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME 'homePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.34 NAME 'rangeLower' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.415 NAME 'operatingSystemHotfix' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1717 NAME 'msDS-AdditionalDnsHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.1717 NAME 'msDS-AdditionalDnsHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1797 NAME 'msDS-AzScriptTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.24 NAME 'mustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 2.5.4.36 NAME 'userCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) @@ -8874,7 +10657,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1124 NAME 'msNPCallingStationID' SYNTAX '1. attributeTypes: ( 1.2.840.113556.1.4.1460 NAME 'msDS-User-Account-Control-Computed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.44 NAME 'homeDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1792 NAME 'msDS-AzLDAPQuery' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.663 NAME 'partialAttributeDeletionList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.663 NAME 'partialAttributeDeletionList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.868 NAME 'isCriticalSystemObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.891 NAME 'gPLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1354 NAME 'scopeFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -8888,8 +10671,8 @@ attributeTypes: ( 1.2.840.113556.1.4.65 NAME 'logonWorkstation' SYNTAX '1.3.6.1. attributeTypes: ( 1.2.840.113556.1.4.1696 NAME 'lastLogonTimestamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.100 NAME 'priorValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.53 NAME 'lastSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.2 NAME 'objectGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1811 NAME 'msDS-TasksForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.2 NAME 'objectGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1811 NAME 'msDS-TasksForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.653 NAME 'managedBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.93 NAME 'pwdProperties' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.13 NAME 'builtinCreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) @@ -8903,15 +10686,15 @@ attributeTypes: ( 1.2.840.113556.1.4.645 NAME 'userCert' SYNTAX '1.3.6.1.4.1.146 attributeTypes: ( 1.2.840.113556.1.4.530 NAME 'nonSecurityMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 2.5.4.31 NAME 'member' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.152 NAME 'groupAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.375 NAME 'systemFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1249 NAME 'proxiedObjectName' SYNTAX '1.2.840.113556.1.4.903' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.375 NAME 'systemFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1249 NAME 'proxiedObjectName' SYNTAX '1.2.840.113556.1.4.903' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1708 NAME 'msDS-ReplValueMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.912 NAME 'allowedChildClassesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.912 NAME 'allowedChildClassesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1805 NAME 'msDS-AzGenerateAudits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1817 NAME 'msDS-AzApplicationVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.219 NAME 'iconPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.5.4.9 NAME 'street' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1783 NAME 'msDS-ExecuteScriptPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1783 NAME 'msDS-ExecuteScriptPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1784 NAME 'msDS-LogonTimeSyncInterval' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.301 NAME 'garbageCollPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.967 NAME 'mSMQSignCertificatesMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) @@ -8920,9 +10703,9 @@ attributeTypes: ( 1.2.840.113556.1.4.169 NAME 'logonCount' SYNTAX '1.3.6.1.4.1.1 attributeTypes: ( 1.2.840.113556.1.4.58 NAME 'localeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) attributeTypes: ( 1.2.840.113556.1.4.12 NAME 'badPwdCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.129 NAME 'trustAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.18.10 NAME 'subSchemaSubEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 2.5.18.10 NAME 'subSchemaSubEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.2.48 NAME 'isDeleted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.48 NAME 'isDeleted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1687 NAME 'extraColumns' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1690 NAME 'adminMultiselectPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.307 NAME 'options' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -8932,35 +10715,37 @@ attributeTypes: ( 1.2.840.113556.1.4.26 NAME 'creationTime' SYNTAX '1.2.840.1135 attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 2.5.4.16 NAME 'postalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.5.4.43 NAME 'initials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.33 NAME 'isSingleValued' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1240 NAME 'netbootSIFFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1718 NAME 'msDS-AdditionalSamAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.195 NAME 'systemPossSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.1718 NAME 'msDS-AdditionalSamAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.195 NAME 'systemPossSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.2.610 NAME 'employeeNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.662 NAME 'lockoutTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.537 NAME 'dynamicLDAPServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.444 NAME 'msExchAssistantName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1794 NAME 'msDS-NonMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1794 NAME 'msDS-NonMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.194 NAME 'adminDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.499 NAME 'contextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.50 NAME 'linkID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 2.5.4.4 NAME 'sn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.22 NAME 'governsID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.22 NAME 'governsID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.947 NAME 'mSMQSignCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.539 NAME 'initialAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.472 NAME 'domainCrossRef' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1361 NAME 'mS-DS-ConsistencyChildCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.74 NAME 'dSASignature' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.911 NAME 'allowedChildClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.914 NAME 'allowedAttributesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.4.911 NAME 'allowedChildClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.914 NAME 'allowedAttributesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.357 NAME 'nTMixedDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1709 NAME 'msDS-HasInstantiatedNCs' SYNTAX '1.2.840.113556.1.4.903' ) +attributeTypes: ( 1.2.840.113556.1.4.1709 NAME 'msDS-HasInstantiatedNCs' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.79 NAME 'minPwdLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.32 NAME 'domainPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) @@ -8968,23 +10753,26 @@ attributeTypes: ( 1.2.840.113556.1.4.507 NAME 'volumeCount' SYNTAX '1.3.6.1.4.1. attributeTypes: ( 1.2.840.113556.1.4.1171 NAME 'msRADIUSServiceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.52 NAME 'lastLogon' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.344 NAME 'groupsToIgnore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1358 NAME 'schemaInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.1358 NAME 'schemaInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME 'dc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.782 NAME 'objectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 2.5.18.2 NAME 'modifyTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) +attributeTypes: ( 2.5.18.2 NAME 'modifyTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.13 NAME 'displayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.226 NAME 'adminDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1719 NAME 'msDS-DnsRootAlias' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.498 NAME 'creationWizard' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.15 NAME 'hasPartialReplicaNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.2.15 NAME 'hasPartialReplicaNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.200 NAME 'controlAccessRights' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.155 NAME 'uASCompat' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.146 NAME 'objectSid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.146 NAME 'objectSid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 2.5.4.12 NAME 'title' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.118 NAME 'otherPager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.261 NAME 'division' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.35 NAME 'rangeUpper' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.218 NAME 'oMObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.49 NAME 'mAPIID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.370 NAME 'objectClassCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.370 NAME 'objectClassCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.518 NAME 'defaultHidingValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1119 NAME 'msNPAllowDialin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.16 NAME 'codePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -9008,10 +10796,10 @@ attributeTypes: ( 1.2.840.113556.1.4.1786 NAME 'msIIS-FTPDir' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.4.1443 NAME 'msDS-Site-Affinity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.76 NAME 'maxStorage' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.281 NAME 'nTSecurityDescriptor' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.513 NAME 'siteObjectBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.608 NAME 'queryPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.640 NAME 'partialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.513 NAME 'siteObjectBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.608 NAME 'queryPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.640 NAME 'partialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 2.5.4.13 NAME 'description' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1816 NAME 'msDS-AzClassId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.370 NAME 'rIDAvailablePool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) @@ -9019,19 +10807,21 @@ attributeTypes: ( 1.2.840.113556.1.4.563 NAME 'shellPropertyPages' SYNTAX '1.3.6 attributeTypes: ( 1.2.840.113556.1.4.1715 NAME 'msDS-SPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.101 NAME 'privateKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 2.5.4.23 NAME 'facsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.960 NAME 'mSMQNt4Stub' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) +attributeTypes: ( 1.2.840.113556.1.2.334 NAME 'searchFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.120 NAME 'schemaFlagsEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1212 NAME 'isEphemeral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.960 NAME 'mSMQNt4Stub' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) attributeTypes: ( 1.2.840.113556.1.4.1785 NAME 'msIIS-FTPRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.345 NAME 'groupPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.819 NAME 'bridgeheadTransportList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.511 NAME 'flatName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.301 NAME 'wbemPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.1706 NAME 'msDS-NCReplOutboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1809 NAME 'msDS-OperationsForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1809 NAME 'msDS-OperationsForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.169 NAME 'showInAdvancedViewOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1459 NAME 'msDS-Behavior-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1836 NAME 'msDS-hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1459 NAME 'msDS-Behavior-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1836 NAME 'msDS-hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.95 NAME 'pwdHistoryLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.865 NAME 'pekList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 2.5.4.17 NAME 'postalCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) @@ -9039,17 +10829,18 @@ attributeTypes: ( 1.2.840.113556.1.4.1241 NAME 'netbootMirrorDataFile' SYNTAX '1 attributeTypes: ( 1.2.840.113556.1.4.213 NAME 'defaultClassStore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.953 NAME 'mSMQSiteID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' ) +attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) attributeTypes: ( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.2.115 NAME 'invocationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.109 NAME 'replicaSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.115 NAME 'invocationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.109 NAME 'replicaSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.721 NAME 'ipPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.277 NAME 'otherHomePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 2.5.4.10 NAME 'o' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.2.380 NAME 'extendedCharsAllowed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.363 NAME 'operatingSystem' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1840 NAME 'msDS-ObjectReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.1308 NAME 'mSMQInterval1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -9058,33 +10849,33 @@ attributeTypes: ( 1.2.840.113556.1.4.139 NAME 'profilePath' SYNTAX '1.3.6.1.4.1. attributeTypes: ( 1.2.840.113556.1.4.1145 NAME 'msRADIUSCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.772 NAME 'aCSPolicyName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.81 NAME 'info' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1841 NAME 'msDS-ObjectReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.2.3 NAME 'whenChanged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.121 NAME 'uSNLastObjRem' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.83 NAME 'repsTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.4 NAME 'replUpToDateVector' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.864 NAME 'netbootSCPBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1837 NAME 'msDs-masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.1841 NAME 'msDS-ObjectReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.3 NAME 'whenChanged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.121 NAME 'uSNLastObjRem' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.83 NAME 'repsTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.4 NAME 'replUpToDateVector' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.864 NAME 'netbootSCPBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1837 NAME 'msDs-masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1309 NAME 'mSMQInterval2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.609 NAME 'sIDHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.90 NAME 'unicodePwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1190 NAME 'msRASSavedFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1843 NAME 'msDRM-IdentityCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.51 NAME 'lastLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.598 NAME 'dmdName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.593 NAME 'msExchLabeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' ) +attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.131 NAME 'co' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) @@ -9093,14 +10884,14 @@ attributeTypes: ( 1.2.840.113556.1.4.648 NAME 'primaryTelexNumber' SYNTAX '1.3.6 attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.514 NAME 'physicalLocationObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1824 NAME 'msDS-AzMajorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.21 NAME 'subClassOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.197 NAME 'systemMustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) +attributeTypes: ( 1.2.840.113556.1.2.21 NAME 'subClassOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.197 NAME 'systemMustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.2.613 NAME 'employeeType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.27 NAME 'currentValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.19 NAME 'uSNCreated' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.7 NAME 'subRefs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.19 NAME 'uSNCreated' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.7 NAME 'subRefs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.210 NAME 'proxyAddresses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) @@ -9111,13 +10902,13 @@ attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1 attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.356 NAME 'foreignIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.120 NAME 'uSNChanged' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.91 NAME 'repsFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.2.120 NAME 'uSNChanged' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.2.91 NAME 'repsFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1359 NAME 'otherWellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) attributeTypes: ( 1.2.840.113556.1.4.1704 NAME 'msDS-NCReplCursors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.654 NAME 'managedObjects' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) +attributeTypes: ( 1.2.840.113556.1.4.654 NAME 'managedObjects' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1710 NAME 'msDS-AllowedDNSSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.16 NAME 'nCName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.2.16 NAME 'nCName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.87 NAME 'nETBIOSName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1355 NAME 'queryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index f35346f716..150586976f 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -83,9 +83,7 @@ #attributeSyntax: 2.5.5.10 #oMSyntax: 4 -dn: cn=sambaPassword,${SCHEMADN} -cn: sambaPassword -name: sambaPassword +dn: CN=sambaPassword,${SCHEMADN} objectClass: top objectClass: attributeSchema lDAPDisplayName: sambaPassword @@ -99,8 +97,6 @@ attributeSyntax: 2.5.5.5 oMSyntax: 22 dn: cn=dnsDomain,${SCHEMADN} -cn: dnsDomain -name: dnsDomain objectClass: top objectClass: attributeSchema lDAPDisplayName: dnsDomain @@ -108,14 +104,12 @@ isSingleValued: FALSE systemFlags: 17 systemOnly: TRUE schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 -adminDisplayName: SAMBA-Password +adminDisplayName: DNS-Domain attributeID: 1.3.6.1.4.1.7165.4.1.6 attributeSyntax: 2.5.5.4 oMSyntax: 20 dn: cn=privilege,${SCHEMADN} -cn: privilege -name: privilege objectClass: top objectClass: attributeSchema lDAPDisplayName: privilege -- cgit From f1851e7abc3d019253f679deed31c6e948127037 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 23 Apr 2007 21:56:23 +0000 Subject: r22494: Skip subSchema again, but we will need to remap this objectClass. Make the Fedora DS backend test again. Andrew Bartlett (This used to be commit 65327a0e4d61e2c9813720f04fe24ffc5c49278b) --- source4/setup/schema-map-fedora-ds-1.0 | 1 - source4/setup/schema-map-openldap-2.3 | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index f3387130b6..7419a8d7b8 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -15,7 +15,6 @@ top #This shouldn't make it to the ldap server sambaPassword #Skip ObjectClasses -# #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index 21867140c5..bedf402a9f 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -19,7 +19,7 @@ top #This shouldn't make it to the ldap server sambaPassword #Skip ObjectClasses -#subSchema +subSchema #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID -- cgit From 17078a46b899c8af2f38479391094a0b2b1a3d5b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 24 Apr 2007 05:57:56 +0000 Subject: r22497: Support renaming objectclasses and attributes for the LDAP backend. OpenLDAP is fussy about operational attributes in user-supplied schema. Andrew Bartlett (This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a) --- source4/setup/schema-map-openldap-2.3 | 12 ++++++++---- source4/setup/schema_samba4.ldif | 4 ++++ 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index bedf402a9f..9268b1c969 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -1,7 +1,6 @@ #Standard OpenLDAP attributes name labeledURI -objectClasses createTimeStamp attributeTypes objectClass @@ -10,7 +9,6 @@ seeAlso uid subSchemaSubEntry structuralObjectClass -modifyTimeStamp distinguishedName description cn @@ -18,8 +16,14 @@ dITContentRules top #This shouldn't make it to the ldap server sambaPassword -#Skip ObjectClasses -subSchema +#These conflict with OpenLDAP builtins +objectClasses:samba4ObjectClasses +2.5.21.6:1.3.6.1.4.1.7165.4.255.5 +subSchema:samba4SubSchema +2.5.20.1:1.3.6.1.4.1.7165.4.255.4 +#Remap these so that we don't put operational attributes in a schema MAY +modifyTimeStamp:samba4ModifyTimestamp +2.5.18.2:1.3.6.1.4.1.7165.4.255.3 #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 150586976f..c0a50bd508 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -165,3 +165,7 @@ oMSyntax: 20 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 #Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2 + +#Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3 +#Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4 +#Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5 -- cgit From e5ea03737fa3d989f4f9d0d679b959da221849c9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 27 Apr 2007 10:06:34 +0000 Subject: r22530: use message() to make --quiet work metze (This used to be commit 7c381b2d4f92622ac7efdcc6b8e405d418e2d4bb) --- source4/setup/provision | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index b6b271045c..168fe8292f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -120,10 +120,10 @@ var ldapbackend = (options["ldap-backend"] != undefined); var ldapmodule = (options["ldap-module"] != undefined); if (options["aci"] != undefined) { - println("set ACI: " + subobj["ACI"]); + message("set ACI: %s\n", subobj["ACI"]); } -println("set DOMAIN SID: " + subobj["DOMAINSID"]); +message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]); if (ldapbackend) { if (!ldapmodule) { -- cgit From 4d23d4b21029c7958055cf8fac1052ad16f67752 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 27 Apr 2007 11:13:37 +0000 Subject: r22531: Fix up OpenLDAP schema map to almost pass 'make test'. Andrew Bartlett (This used to be commit ef9320ae5b0b01bd39b60c22ff4e3698ac0ae9a7) --- source4/setup/schema-map-openldap-2.3 | 6 ++++-- source4/setup/schema_samba4.ldif | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index 9268b1c969..44fc3de6df 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -2,7 +2,6 @@ name labeledURI createTimeStamp -attributeTypes objectClass userPassword seeAlso @@ -12,11 +11,14 @@ structuralObjectClass distinguishedName description cn -dITContentRules top #This shouldn't make it to the ldap server sambaPassword #These conflict with OpenLDAP builtins +attributeTypes:samba4AttributeTypes +2.5.21.5:1.3.6.1.4.1.7165.4.255.7 +dITContentRules:samba4DITContentRules +2.5.21.2:1.3.6.1.4.1.7165.4.255.6 objectClasses:samba4ObjectClasses 2.5.21.6:1.3.6.1.4.1.7165.4.255.5 subSchema:samba4SubSchema diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index c0a50bd508..2967261758 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -169,3 +169,5 @@ oMSyntax: 20 #Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3 #Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4 #Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5 +#Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6 +#Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7 -- cgit From 82ad0ea6eaab04cdb1739da468b5ed2169421439 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 29 Apr 2007 15:24:49 +0000 Subject: r22572: Don't manually set objectGUID values (This used to be commit b5afec8b828e1aba231501b68aa4196b94a87c32) --- source4/setup/provision_configuration.ldif | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 8b89f3489c..24f68b63c8 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -95,7 +95,6 @@ showInAdvancedViewOnly: TRUE systemFlags: 33554432 objectCategory: CN=NTDS-DSA,${SCHEMADN} dMDLocation: ${SCHEMADN} -objectGUID: ${INVOCATIONID} invocationId: ${INVOCATIONID} msDS-Behavior-Version: 2 -- cgit From 112728c65101948204fe9a7c1373ff21f1724cdb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 8 May 2007 04:38:16 +0000 Subject: r22756: Make it easier to setup an LDAP replica. Provision with --partitions-only (suggestions for a better name welcome) will setup the partitions records, but no any data in those partitions. This can then point at the already configured remote LDAP server. Andrew Bartlett (This used to be commit ee7b06fc832ca7c572205c7c268c3c7c552effa0) --- source4/setup/provision | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 168fe8292f..2a3ddecd3e 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -29,6 +29,7 @@ options = GetOptions(ARGV, 'users=s', 'quiet', 'blank', + 'partitions-only', 'ldap-base', 'ldap-backend=s', 'ldap-module=s', @@ -79,6 +80,7 @@ provision [options] --users GROUPNAME choose 'users' group --quiet Be quiet --blank do not add users or groups, just the structure + --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision --ldap-module= MODULE LDB mapping module to use for the LDAP backend @@ -118,7 +120,7 @@ var blank = (options["blank"] != undefined); var ldapbase = (options["ldap-base"] != undefined); var ldapbackend = (options["ldap-backend"] != undefined); var ldapmodule = (options["ldap-module"] != undefined); - +var partitions_only = (options["partitions-only"] != undefined); if (options["aci"] != undefined) { message("set ACI: %s\n", subobj["ACI"]); } @@ -148,6 +150,8 @@ message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); if (ldapbase) { provision_ldapbase(subobj, message, paths); +} else if (partitions_only) { + provision_become_dc(subobj, message, false, paths, system_session); } else { provision(subobj, message, blank, paths, system_session, creds, ldapbackend); provision_dns(subobj, message, paths, system_session, creds); -- cgit From 71cbc569cbfc610e952acf78bd6e5100fc9cc85b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 15 May 2007 08:00:49 +0000 Subject: r22885: now we use kernberos more, we need to index on userPrincipalName (This used to be commit 600d39e0bacfd669bdee0ea3aec6bdc02113993b) --- source4/setup/provision_index.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_index.ldif b/source4/setup/provision_index.ldif index 7c055f53aa..a641d0dd06 100644 --- a/source4/setup/provision_index.ldif +++ b/source4/setup/provision_index.ldif @@ -1,5 +1,6 @@ dn: @INDEXLIST @IDXATTR: name +@IDXATTR: userPrincipalName @IDXATTR: sAMAccountName @IDXATTR: objectSid @IDXATTR: objectCategory -- cgit From e9dcc9a3daa38efa56b9ee3a8f453a5d2a938713 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 15 May 2007 08:01:37 +0000 Subject: r22887: and servicePrincipalName .... (This used to be commit 45d668d19f661cbaff257b91ed2525577e3cf0d2) --- source4/setup/provision_index.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_index.ldif b/source4/setup/provision_index.ldif index a641d0dd06..7a130600c0 100644 --- a/source4/setup/provision_index.ldif +++ b/source4/setup/provision_index.ldif @@ -1,6 +1,7 @@ dn: @INDEXLIST @IDXATTR: name @IDXATTR: userPrincipalName +@IDXATTR: servicePrincipalName @IDXATTR: sAMAccountName @IDXATTR: objectSid @IDXATTR: objectCategory -- cgit From 5ca5e6bdf94fc80cfa3abca4876ac93f017348ae Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 May 2007 00:17:45 +0000 Subject: r22921: This index saves another 7 seconds off a 'make quicktest', and is a common search operator. Andrew Bartlett (This used to be commit a258455e757dcc67637502bedf7066580cbf4034) --- source4/setup/provision_index.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_index.ldif b/source4/setup/provision_index.ldif index 7a130600c0..95970817f3 100644 --- a/source4/setup/provision_index.ldif +++ b/source4/setup/provision_index.ldif @@ -1,5 +1,6 @@ dn: @INDEXLIST @IDXATTR: name +@IDXATTR: cn @IDXATTR: userPrincipalName @IDXATTR: servicePrincipalName @IDXATTR: sAMAccountName -- cgit From c0aa1f0d9e60e4b92bb3650e30e87ddf9e3c76fb Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 17 May 2007 10:33:40 +0000 Subject: r22972: added the basic ldif needed to support group policies in Samba4. WinXP clients do correctly see our group policies, but the gpmc admin tool doesn't yet work to allow you to edit the policies (This used to be commit 4c6e01a585f59caf7d2d87833f5eedc018ed8acc) --- source4/setup/provision.ldif | 28 ++++++++++++++++++++++++++++ source4/setup/provision_basedn_modify.ldif | 3 +++ 2 files changed, 31 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 71a4f44ba7..360dea47f8 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -95,3 +95,31 @@ modifiedCount: 1 objectCategory: CN=Builtin-Domain,${SCHEMADN} isCriticalSystemObject: TRUE +dn: CN={${POLICYGUID}},CN=Policies,CN=System,DC=bludom,DC=tridgell,DC=net +objectClass: top +objectClass: container +objectClass: groupPolicyContainer +displayName: Default Domain Policy +objectCategory: CN=Group-Policy-Container,${SCHEMADN} +gPCFunctionalityVersion: 2 +gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} +versionNumber: 1 +flags: 0 +gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248 + 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 + FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2 + 488-11D1-A28C-00C04FB94F17}] +gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1 + 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E- + 11D1-A7CC-0000F87571E3}] +nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) + +dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +objectCategory: CN=Container,${SCHEMADN} + +dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +objectCategory: CN=Container,${SCHEMADN} diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index c0595a9be5..286ecdd49c 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -85,4 +85,7 @@ masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=S replace: msDs-masteredBy msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - +replace: gPLink +gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2] +- ${DOMAINGUID_MOD} -- cgit From 4f9977aaba46b88534589b01e48457fa3f5afbb7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 18 May 2007 01:22:27 +0000 Subject: r22984: not everyone uses tridgell.net (fortunately) (This used to be commit f60817d7970ab449ac327f4da312f10350b9636f) --- source4/setup/provision.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 360dea47f8..4d75fe6e1a 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -95,7 +95,7 @@ modifiedCount: 1 objectCategory: CN=Builtin-Domain,${SCHEMADN} isCriticalSystemObject: TRUE -dn: CN={${POLICYGUID}},CN=Policies,CN=System,DC=bludom,DC=tridgell,DC=net +dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container objectClass: groupPolicyContainer -- cgit From e40d9cbdc8336d7f4d3d4b3b469bc96c93790d76 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 May 2007 04:06:42 +0000 Subject: r23027: Make sure the parent object always exists. Andrew Bartlett (This used to be commit 55c7c0906ccb741ab002f460164ccbbe56b55a98) --- source4/setup/provision.ldif | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 4d75fe6e1a..49f87d8cbc 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -95,6 +95,10 @@ modifiedCount: 1 objectCategory: CN=Builtin-Domain,${SCHEMADN} isCriticalSystemObject: TRUE +dn: CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container + dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container -- cgit From 1b6792585130d17dfbd819bea275595bec06bc91 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 21 May 2007 09:15:27 +0000 Subject: r23033: regenerate schema.ldif with minischema.js metze (This used to be commit c9e017c00864d08ad6eb38092abd29810604e207) --- source4/setup/schema.ldif | 137 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 7fbf32536d..4a94a56e7d 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -900,6 +900,23 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=GPC-WQL-Filter,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.1694 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: GPC-WQL-Filter +adminDescription: GPC-WQL-Filter +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: gPCWQLFilter +schemaIDGUID: 7bd4c7a6-1add-4436-8c04-3999a880154c +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=Server-Reference-BL,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -1365,6 +1382,24 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Version-Number,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.141 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Version-Number +adminDescription: Version-Number +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: versionNumber +schemaIDGUID: bf967a76-0de6-11d0-a285-00aa003049e2 +systemOnly: FALSE +systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=Object-Class,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -5220,6 +5255,23 @@ lDAPDisplayName: msExchAssistantName schemaIDGUID: a8df7394-c5ea-11d1-bbcb-0080c76670c0 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=GPC-User-Extension-Names,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.1349 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: GPC-User-Extension-Names +adminDescription: GPC-User-Extension-Names +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: gPCUserExtensionNames +schemaIDGUID: 42a75fc6-783f-11d2-9916-0000f87a57d4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=ms-DS-Non-Members-BL,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -5462,6 +5514,23 @@ schemaIDGUID: a8df7489-c5ea-11d1-bbcb-0080c76670c0 systemOnly: FALSE objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=GPC-Functionality-Version,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.893 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: GPC-Functionality-Version +adminDescription: GPC-Functionality-Version +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: gPCFunctionalityVersion +schemaIDGUID: f30e3bc0-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=USN-DSA-Last-Obj-Removed,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -7877,6 +7946,7 @@ searchFlags: 0 lDAPDisplayName: msDRM-IdentityCertificate schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 systemFlags: 16 +isMemberOfPartialAttributeSet: TRUE objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logoff,${SCHEMADN} @@ -8285,6 +8355,23 @@ systemOnly: TRUE systemFlags: 134217748 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=GPC-Machine-Extension-Names,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.1348 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: GPC-Machine-Extension-Names +adminDescription: GPC-Machine-Extension-Names +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: gPCMachineExtensionNames +schemaIDGUID: 32ff8ecc-783f-11d2-9916-0000f87a57d4 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=USN-Created,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -8799,6 +8886,23 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=GPC-File-Sys-Path,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.894 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: GPC-File-Sys-Path +adminDescription: GPC-File-Sys-Path +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: gPCFileSysPath +schemaIDGUID: f30e3bc1-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=Top,${SCHEMADN} objectClass: top objectClass: classSchema @@ -10390,6 +10494,32 @@ defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Group,${SCHEMADN} +dn: CN=Group-Policy-Container,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: container +governsID: 1.2.840.113556.1.5.157 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Group-Policy-Container +adminDescription: Group-Policy-Container +objectClassCategory: 1 +lDAPDisplayName: groupPolicyContainer +schemaIDGUID: f30e3bc2-9ff0-11d1-b603-0000f80367c1 +systemOnly: FALSE +systemMayContain: versionNumber +systemMayContain: gPCWQLFilter +systemMayContain: gPCUserExtensionNames +systemMayContain: gPCMachineExtensionNames +systemMayContain: gPCFunctionalityVersion +systemMayContain: gPCFileSysPath +systemMayContain: flags +defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED) +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Group-Policy-Container,${SCHEMADN} + dn: CN=Aggregate,${SCHEMADN} objectClass: top objectClass: subSchema @@ -10440,6 +10570,7 @@ objectClasses: ( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top S objectClasses: ( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY ( siteObject $ physicalLocationObject $ location ) ) objectClasses: ( 1.2.840.113556.1.3.46 NAME 'mailRecipient' SUP top AUXILIARY MUST ( cn ) MAY ( userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST ( groupType ) MAY ( primaryGroupToken $ operatorCount $ nTGroupMembers $ nonSecurityMember $ msDS-NonMembers $ msDS-AzLDAPQuery $ member $ managedBy $ groupMembershipSAM $ groupAttributes $ mail $ desktopProfile $ controlAccessRights $ adminCount ) ) +objectClasses: ( 1.2.840.113556.1.5.157 NAME 'groupPolicyContainer' SUP container STRUCTURAL MAY ( versionNumber $ gPCWQLFilter $ gPCUserExtensionNames $ gPCMachineExtensionNames $ gPCFunctionalityVersion $ gPCFileSysPath $ flags ) ) attributeTypes: ( 1.2.840.113556.1.4.1304 NAME 'sDRightsEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.104 NAME 'ownerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) @@ -10489,6 +10620,7 @@ attributeTypes: ( 1.2.840.113556.1.4.359 NAME 'netbootGUID' SYNTAX '1.3.6.1.4.1. attributeTypes: ( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.25 NAME 'mayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) attributeTypes: ( 1.2.840.113556.1.4.135 NAME 'trustAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1694 NAME 'gPCWQLFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.748 NAME 'attributeDisplayNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -10515,6 +10647,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1153 NAME 'msRADIUSFramedIPAddress' SYNTAX attributeTypes: ( 1.2.840.113556.1.4.45 NAME 'homeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.540 NAME 'initialAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.141 NAME 'versionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) @@ -10725,6 +10858,7 @@ attributeTypes: ( 1.2.840.113556.1.4.662 NAME 'lockoutTime' SYNTAX '1.2.840.1135 attributeTypes: ( 1.2.840.113556.1.4.537 NAME 'dynamicLDAPServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.444 NAME 'msExchAssistantName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.1349 NAME 'gPCUserExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1794 NAME 'msDS-NonMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.194 NAME 'adminDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.499 NAME 'contextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -10738,6 +10872,7 @@ attributeTypes: ( 1.2.840.113556.1.4.947 NAME 'mSMQSignCertificates' SYNTAX '1.3 attributeTypes: ( 1.2.840.113556.1.4.539 NAME 'initialAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.472 NAME 'domainCrossRef' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.893 NAME 'gPCFunctionalityVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1361 NAME 'mS-DS-ConsistencyChildCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -10890,6 +11025,7 @@ attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.2.613 NAME 'employeeType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.27 NAME 'currentValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) +attributeTypes: ( 1.2.840.113556.1.4.1348 NAME 'gPCMachineExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.2.19 NAME 'uSNCreated' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.7 NAME 'subRefs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.210 NAME 'proxyAddresses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) @@ -10918,6 +11054,7 @@ attributeTypes: ( 1.2.840.113556.1.4.62 NAME 'scriptPath' SYNTAX '1.3.6.1.4.1.14 attributeTypes: ( 1.2.840.113556.1.4.948 NAME 'mSMQDigests' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.1441 NAME 'msDS-Cached-Membership' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.64 NAME 'logonHours' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.894 NAME 'gPCFileSysPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dITContentRules: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' AUX ( samDomain ) MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) dITContentRules: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) dITContentRules: ( 1.2.840.113556.1.5.3 NAME 'samDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) -- cgit From 5fb459e4fa3201a3d5cbc22c5ff011bfc98a9519 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 29 May 2007 01:20:47 +0000 Subject: r23177: Add in a new provision-backend script. This helps set up the OpenLDAP or Fedora DS backend. This required a new mkdir() call in ejs. We can now provision just the schema for ad2oLschema to operate on (with provision_schema(), without performing the whole provision, just to wipe it again (adjustments to 'make test' to come soon). Andrew Bartlett (This used to be commit 01d54d13dc66ef2127ac52c64ede53d0790738ec) --- source4/setup/fedorads-partitions.ldif | 28 ++++++++ source4/setup/fedorads.inf | 26 ++++++++ source4/setup/provision-backend | 114 +++++++++++++++++++++++++++++++++ source4/setup/slapd.conf | 73 +++++++++++++++++++++ 4 files changed, 241 insertions(+) create mode 100644 source4/setup/fedorads-partitions.ldif create mode 100644 source4/setup/fedorads.inf create mode 100755 source4/setup/provision-backend create mode 100644 source4/setup/slapd.conf (limited to 'source4/setup') diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif new file mode 100644 index 0000000000..7533b1583a --- /dev/null +++ b/source4/setup/fedorads-partitions.ldif @@ -0,0 +1,28 @@ +dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config +objectclass: top +objectclass: extensibleObject +objectclass: nsMappingTree +nsslapd-state: backend +nsslapd-backend: configData +cn: ${CONFIGDN} + +dn: cn=configData,cn=ldbm database,cn=plugins,cn=config +objectclass: extensibleObject +objectclass: nsBackendInstance +nsslapd-suffix: ${CONFIGDN} +cn: configData + +dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config +objectclass: top +objectclass: extensibleObject +objectclass: nsMappingTree +nsslapd-state: backend +nsslapd-backend: schemaData +cn: ${SCHEMADN} + +dn: cn=schemaData,cn=ldbm database,cn=plugins,cn=config +objectclass: extensibleObject +objectclass: nsBackendInstance +nsslapd-suffix: ${SCHEMADN} +cn: schemaData + diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf new file mode 100644 index 0000000000..a5d282d392 --- /dev/null +++ b/source4/setup/fedorads.inf @@ -0,0 +1,26 @@ +[General] +SuiteSpotUserID = ${ROOT} +FullMachineName= ${HOSTNAME}.${DNSDOMAIN} +ServerRoot= ${LDAPDIR} + +[slapd] +ldapifilepath=${LDAPDIR}/ldapi +Suffix= ${DOMAINDN} +RootDN= cn=Manager,${DOMAINDN} +RootDNPwd= ${LDAPMANAGERPASS} +ServerIdentifier= samba4 + +inst_dir= ${LDAPDIR}/slapd-samba4 +config_dir= ${LDAPDIR}/slapd-samba4 +schema_dir= ${LDAPDIR}/slapd-samba4/schema +lock_dir= ${LDAPDIR}/slapd-samba4/lock +log_dir= ${LDAPDIR}/slapd-samba4/logs +run_dir= ${LDAPDIR}/slapd-samba4/logs +db_dir= ${LDAPDIR}/slapd-samba4/db +bak_dir= ${LDAPDIR}/slapd-samba4/bak +tmp_dir= ${LDAPDIR}/slapd-samba4/tmp +ldif_dir= ${LDAPDIR}/slapd-samba4/ldif +cert_dir= ${LDAPDIR}/slapd-samba4 + +start_server= 0 +install_full_schema= 0 \ No newline at end of file diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend new file mode 100755 index 0000000000..6a5ec3e892 --- /dev/null +++ b/source4/setup/provision-backend @@ -0,0 +1,114 @@ +#!/bin/sh +exec smbscript "$0" ${1+"$@"} +/* + provision a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +options = GetOptions(ARGV, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", + 'realm=s', + 'host-name=s', + 'ldap-manager-pass=s', + 'root=s', + 'quiet', + 'ldap-backend-type=s'); + +if (options == undefined) { + println("Failed to parse options"); + return -1; +} + +sys = sys_init(); + +libinclude("base.js"); +libinclude("provision.js"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 provisioning + +provision [options] + --realm REALM set realm + --host-name HOSTNAME set hostname + --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) + --root USERNAME choose 'root' unix username + --quiet Be quiet + --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure + --ldap-module= MODULE LDB mapping module to use for the LDAP backend +You must provide at least a realm and ldap-backend-type + +"); + exit(1); +} + +if (options['host-name'] == undefined) { + options['host-name'] = hostname(); +} + +/* + main program +*/ +if (options["realm"] == undefined || + options["ldap-backend-type"] == undefined || + options["host-name"] == undefined) { + ShowHelp(); +} + +/* cope with an initially blank smb.conf */ +var lp = loadparm_init(); +lp.set("realm", options.realm); +lp.reload(); + +var subobj = provision_guess(); +for (r in options) { + var key = strupper(join("", split("-", r))); + subobj[key] = options[r]; +} + +var ldapbackend = (options["ldap-backend-type"] != undefined); + +var paths = provision_default_paths(subobj); +provision_fix_subobj(subobj, message, paths); +message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); +message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS); + +var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; +sys.mkdir(subobj.LDAPDIR, 0700); + +provision_schema(subobj, message, tmp_schema_ldb, paths); + +var mapping; +var ext; +if (options["ldap-backend-type"] == "fedora-ds") { + mapping = "schema-map-fedora-ds-1.0"; + ext = "ldif"; + setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); + setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); +} else if (options["ldap-backend-type"] == "openldap") { + mapping = "schema-map-openldap-2.3"; + ext = "schema"; + setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); +} +message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n"); + +message("All OK\n"); +return 0; diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf new file mode 100644 index 0000000000..a6fe73a4de --- /dev/null +++ b/source4/setup/slapd.conf @@ -0,0 +1,73 @@ +loglevel 0 + +include ${LDAPDIR}/backend-schema.schema + +pidfile ${LDAPDIR}/slapd.pid +argsfile ${LDAPDIR}/slapd.args +sasl-realm ${DNSDOMAIN} +access to * by * write + +allow update_anon + +authz-regexp + uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth + ldap:///${DOMAINDN}??sub?(samAccountName=\$1) + +authz-regexp + uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth + ldap:///${DOMAINDN}??sub?(samAccountName=\$1) + +include $modconf + +defaultsearchbase \"${DOMAINDN}\" + +backend bdb +database bdb +suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\" +directory ${LDAPDIR}/db/schema +index objectClass eq +index samAccountName eq +index name eq +index objectCategory eq +index lDAPDisplayName eq +index subClassOf eq + +database bdb +suffix \"cn=Configuration,${DOMAINDN}\" +directory ${LDAPDIR}/db/config +index objectClass eq +index samAccountName eq +index name eq +index objectSid eq +index objectCategory eq +index nCName eq pres +index subClassOf eq +index dnsRoot eq +index nETBIOSName eq pres + +database bdb +suffix \"${DOMAINDN}\" +rootdn \"cn=Manager,${DOMAINDN}\" +rootpw ${LDAPMANAGERPASS} +directory ${LDAPDIR}/db/user +index objectClass eq +index samAccountName eq +index name eq +index objectSid eq +index objectCategory eq +index member eq +index uidNumber eq +index gidNumber eq +index unixName eq +index privilege eq +index nCName eq pres +index lDAPDisplayName eq +index subClassOf eq +index dnsRoot eq +index nETBIOSName eq pres + +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 -- cgit From 86a4886e393189b7679ec6220d4d59bb6ef1b50e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 29 May 2007 12:18:41 +0000 Subject: r23189: Work towards a totally scripted setup of LDAP backends, so others can easily try this out. I also intend to use this for the selftest, but I'm chasing issues with the OpenlDAP (but not Fedora DS) backend. Andrew Bartlett (This used to be commit 0f457b1d2e20c36ab220b4a6711ce7930c4c7d21) --- source4/setup/fedorads-partitions.ldif | 4 ++-- source4/setup/fedorads.inf | 1 + source4/setup/provision | 1 + source4/setup/provision-backend | 38 +++++++++++++++++++++++++++++----- source4/setup/slapd.conf | 12 +++++------ 5 files changed, 43 insertions(+), 13 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif index 7533b1583a..12855f9c70 100644 --- a/source4/setup/fedorads-partitions.ldif +++ b/source4/setup/fedorads-partitions.ldif @@ -1,4 +1,4 @@ -dn: cn=\"${CONFIGDN}\",cn=mapping tree,cn=config +dn: cn="${CONFIGDN}",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree @@ -12,7 +12,7 @@ objectclass: nsBackendInstance nsslapd-suffix: ${CONFIGDN} cn: configData -dn: cn=\"${SCHEMADN}\",cn=mapping tree,cn=config +dn: cn="${SCHEMADN}",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index a5d282d392..785e65ce56 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -9,6 +9,7 @@ Suffix= ${DOMAINDN} RootDN= cn=Manager,${DOMAINDN} RootDNPwd= ${LDAPMANAGERPASS} ServerIdentifier= samba4 +${SERVERPORT} inst_dir= ${LDAPDIR}/slapd-samba4 config_dir= ${LDAPDIR}/slapd-samba4 diff --git a/source4/setup/provision b/source4/setup/provision index 2a3ddecd3e..3c5d31dc0f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -150,6 +150,7 @@ message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); if (ldapbase) { provision_ldapbase(subobj, message, paths); + message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n"); } else if (partitions_only) { provision_become_dc(subobj, message, false, paths, system_session); } else { diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 6a5ec3e892..9c1649ac3e 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -16,7 +16,8 @@ options = GetOptions(ARGV, 'ldap-manager-pass=s', 'root=s', 'quiet', - 'ldap-backend-type=s'); + 'ldap-backend-type=s', + 'ldap-backend-port=i'); if (options == undefined) { println("Failed to parse options"); @@ -52,8 +53,8 @@ provision [options] --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) --root USERNAME choose 'root' unix username --quiet Be quiet - --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure - --ldap-module= MODULE LDB mapping module to use for the LDAP backend + --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure + --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only) You must provide at least a realm and ldap-backend-type "); @@ -84,13 +85,12 @@ for (r in options) { subobj[key] = options[r]; } -var ldapbackend = (options["ldap-backend-type"] != undefined); + var paths = provision_default_paths(subobj); provision_fix_subobj(subobj, message, paths); message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS); - var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; sys.mkdir(subobj.LDAPDIR, 0700); @@ -101,12 +101,40 @@ var ext; if (options["ldap-backend-type"] == "fedora-ds") { mapping = "schema-map-fedora-ds-1.0"; ext = "ldif"; + if (options["ldap-backend-port"] != undefined) { + message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); + subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; + } else { + message("Will listen on LDAPI only\n"); + subobj.SERVERPORT=""; + } setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); } else if (options["ldap-backend-type"] == "openldap") { + provision_ldapbase(subobj, message, paths); mapping = "schema-map-openldap-2.3"; ext = "schema"; setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); + setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); + sys.mkdir(subobj.LDAPDIR + "/db", 0700); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + if (options["ldap-backend-port"] != undefined) { + message("NOTE: OpenLDAP TCP ports are controlled on the command line, not in the generated config file\n"); + } } message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n"); diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index a6fe73a4de..770c688f35 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -17,13 +17,13 @@ authz-regexp uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth ldap:///${DOMAINDN}??sub?(samAccountName=\$1) -include $modconf +include ${LDAPDIR}/modules.conf -defaultsearchbase \"${DOMAINDN}\" +defaultsearchbase ${DOMAINDN} backend bdb database bdb -suffix \"cn=Schema,cn=Configuration,${DOMAINDN}\" +suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -33,7 +33,7 @@ index lDAPDisplayName eq index subClassOf eq database bdb -suffix \"cn=Configuration,${DOMAINDN}\" +suffix ${CONFIGDN} directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -46,8 +46,8 @@ index dnsRoot eq index nETBIOSName eq pres database bdb -suffix \"${DOMAINDN}\" -rootdn \"cn=Manager,${DOMAINDN}\" +suffix ${DOMAINDN} +rootdn cn=Manager,${DOMAINDN} rootpw ${LDAPMANAGERPASS} directory ${LDAPDIR}/db/user index objectClass eq -- cgit From 9f6c762b0acfd65da7d4b9ed80d107400aca1bbd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 29 May 2007 14:51:24 +0000 Subject: r23205: abartlet please commit the correct content ... this just fixes make install metze (This used to be commit 236da2cb3db5297b6b9c40a572c3d547954f5090) --- source4/setup/DB_CONFIG | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 source4/setup/DB_CONFIG (limited to 'source4/setup') diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG new file mode 100644 index 0000000000..e69de29bb2 -- cgit From 66d0f5c7a35d2a4b1dd9c444d7f68d779ab6fc18 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 29 May 2007 23:24:42 +0000 Subject: r23232: Add in some extra files required by the new provision-backend. (sorry for breaking the build) Andrew Bartlett (This used to be commit 0108334fe3331b7a2cfa972c6f0674b56d436cb5) --- source4/setup/DB_CONFIG | 23 +++++++++++++++++++++++ source4/setup/modules.conf | 1 + 2 files changed, 24 insertions(+) create mode 100644 source4/setup/modules.conf (limited to 'source4/setup') diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG index e69de29bb2..3198e17b14 100644 --- a/source4/setup/DB_CONFIG +++ b/source4/setup/DB_CONFIG @@ -0,0 +1,23 @@ +# Set the database in memory cache size. +# +set_cachesize 0 524288 0 + + +# +# Set database flags (this is a test environment, we don't need to fsync()). +# +set_flags DB_TXN_NOSYNC + +# + Set log values. +# +set_lg_regionmax 104857 +set_lg_max 1048576 +set_lg_bsize 209715 +set_lg_dir ${LDAPDBDIR}/bdb-logs + + +# +# Set temporary file creation directory. +# +set_tmp_dir ${LDAPDBDIR}/tmp diff --git a/source4/setup/modules.conf b/source4/setup/modules.conf new file mode 100644 index 0000000000..c90dab767f --- /dev/null +++ b/source4/setup/modules.conf @@ -0,0 +1 @@ +#OpenLDAP modules configuration file for ${REALM} -- cgit From e6aecd8b91cb9811bac2b3e2a47a9a09116b09b7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 30 May 2007 01:09:18 +0000 Subject: r23235: Don't do a seperate LDAP provision step. Instead, everything we need (including the config files) is created by provision-backend. Andrew Bartlett (This used to be commit 6d4d90399f5a0451fcf2156a465123801e027359) --- source4/setup/DB_CONFIG | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/DB_CONFIG b/source4/setup/DB_CONFIG index 3198e17b14..b4d2bfa868 100644 --- a/source4/setup/DB_CONFIG +++ b/source4/setup/DB_CONFIG @@ -1,22 +1,16 @@ +# # Set the database in memory cache size. # set_cachesize 0 524288 0 - # -# Set database flags (this is a test environment, we don't need to fsync()). -# -set_flags DB_TXN_NOSYNC - -# - Set log values. +# Set log values. # set_lg_regionmax 104857 set_lg_max 1048576 set_lg_bsize 209715 set_lg_dir ${LDAPDBDIR}/bdb-logs - # # Set temporary file creation directory. # -- cgit From b3f3a4b52900a72de88bbb69e4ea3c425d49c2d8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 21 Jun 2007 08:52:15 +0000 Subject: r23559: After running testprogs/ejs/minschema.js update schema.ldif (on abartlet's request). Guenther (This used to be commit 5410b23ea6649f49e8f24a57854f5e72f114aaef) --- source4/setup/schema.ldif | 131 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 4a94a56e7d..585b418311 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -9019,6 +9019,19 @@ objectClass: top objectClass: classSchema subClassOf: domain governsID: 1.2.840.113556.1.5.67 +possibleInferiors: group +possibleInferiors: lostAndFound +possibleInferiors: builtinDomain +possibleInferiors: computer +possibleInferiors: user +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: organization +possibleInferiors: domainDNS +possibleInferiors: locality +possibleInferiors: msDS-AzAdminManager +possibleInferiors: country +possibleInferiors: organizationalUnit rDNAttID: dc showInAdvancedViewOnly: TRUE adminDisplayName: Domain-DNS @@ -9043,6 +9056,10 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.235 +possibleInferiors: group +possibleInferiors: container +possibleInferiors: msDS-AzScope +possibleInferiors: groupPolicyContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Az-Application @@ -9069,6 +9086,9 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.4 +possibleInferiors: group +possibleInferiors: computer +possibleInferiors: user rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Builtin-Domain @@ -9112,6 +9132,10 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.12 +possibleInferiors: lostAndFound +possibleInferiors: sitesContainer +possibleInferiors: container +possibleInferiors: groupPolicyContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Configuration @@ -9227,6 +9251,9 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.237 +possibleInferiors: group +possibleInferiors: container +possibleInferiors: groupPolicyContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Az-Scope @@ -9250,6 +9277,8 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 2.5.6.3 +possibleInferiors: organization +possibleInferiors: locality rDNAttID: l showInAdvancedViewOnly: TRUE adminDisplayName: Locality @@ -9279,6 +9308,7 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.7000.53 +possibleInferiors: crossRef rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Cross-Ref-Container @@ -9326,6 +9356,7 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.95 +possibleInferiors: subnet rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Subnet-Container @@ -9482,6 +9513,9 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 2.5.6.2 +possibleInferiors: organization +possibleInferiors: locality +possibleInferiors: organizationalUnit rDNAttID: c showInAdvancedViewOnly: TRUE adminDisplayName: Country @@ -9506,6 +9540,16 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 2.5.6.5 +possibleInferiors: group +possibleInferiors: computer +possibleInferiors: user +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: person +possibleInferiors: locality +possibleInferiors: msDS-AzAdminManager +possibleInferiors: organizationalUnit +possibleInferiors: organizationalPerson rDNAttID: ou showInAdvancedViewOnly: TRUE adminDisplayName: Organizational-Unit @@ -9561,6 +9605,38 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.139 +possibleInferiors: group +possibleInferiors: msDS-AzApplication +possibleInferiors: lostAndFound +possibleInferiors: trustedDomain +possibleInferiors: subnetContainer +possibleInferiors: builtinDomain +possibleInferiors: sitesContainer +possibleInferiors: serversContainer +possibleInferiors: attributeSchema +possibleInferiors: classSchema +possibleInferiors: computer +possibleInferiors: foreignSecurityPrincipal +possibleInferiors: user +possibleInferiors: container +possibleInferiors: msDS-AzScope +possibleInferiors: groupPolicyContainer +possibleInferiors: site +possibleInferiors: organization +possibleInferiors: domainDNS +possibleInferiors: person +possibleInferiors: queryPolicy +possibleInferiors: locality +possibleInferiors: subnet +possibleInferiors: msDS-AzAdminManager +possibleInferiors: crossRef +possibleInferiors: displaySpecifier +possibleInferiors: nTDSService +possibleInferiors: country +possibleInferiors: organizationalUnit +possibleInferiors: secret +possibleInferiors: organizationalPerson +possibleInferiors: server rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Lost-And-Found @@ -9704,6 +9780,8 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.72 +possibleInferiors: container +possibleInferiors: groupPolicyContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: NTDS-Service @@ -9730,6 +9808,7 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.7000.48 +possibleInferiors: server rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Servers-Container @@ -9825,6 +9904,20 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.3.23 +possibleInferiors: group +possibleInferiors: trustedDomain +possibleInferiors: computer +possibleInferiors: foreignSecurityPrincipal +possibleInferiors: user +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: person +possibleInferiors: queryPolicy +possibleInferiors: msDS-AzAdminManager +possibleInferiors: displaySpecifier +possibleInferiors: nTDSService +possibleInferiors: secret +possibleInferiors: organizationalPerson mayContain: msDS-ObjectReference rDNAttID: cn showInAdvancedViewOnly: TRUE @@ -9859,6 +9952,7 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.31 +possibleInferiors: serversContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Site @@ -9889,6 +9983,15 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 2.5.6.4 +possibleInferiors: computer +possibleInferiors: user +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: domainDNS +possibleInferiors: locality +possibleInferiors: country +possibleInferiors: organizationalUnit +possibleInferiors: organizationalPerson rDNAttID: o showInAdvancedViewOnly: TRUE adminDisplayName: Organization @@ -9932,6 +10035,10 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.234 +possibleInferiors: group +possibleInferiors: msDS-AzApplication +possibleInferiors: container +possibleInferiors: groupPolicyContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: MS-DS-Az-Admin-Manager @@ -10178,6 +10285,9 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.3.9 +possibleInferiors: lostAndFound +possibleInferiors: attributeSchema +possibleInferiors: classSchema rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: DMD @@ -10248,6 +10358,8 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.107 +possibleInferiors: subnetContainer +possibleInferiors: site rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Sites-Container @@ -10268,6 +10380,8 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.17 +possibleInferiors: container +possibleInferiors: groupPolicyContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Server @@ -10356,6 +10470,7 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.66 +possibleInferiors: domainDNS rDNAttID: dc showInAdvancedViewOnly: TRUE adminDisplayName: Domain @@ -10399,6 +10514,8 @@ objectClass: top objectClass: classSchema subClassOf: top governsID: 1.2.840.113556.1.5.96 +possibleInferiors: container +possibleInferiors: groupPolicyContainer rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Subnet @@ -10499,6 +10616,20 @@ objectClass: top objectClass: classSchema subClassOf: container governsID: 1.2.840.113556.1.5.157 +possibleInferiors: group +possibleInferiors: trustedDomain +possibleInferiors: computer +possibleInferiors: foreignSecurityPrincipal +possibleInferiors: user +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: person +possibleInferiors: queryPolicy +possibleInferiors: msDS-AzAdminManager +possibleInferiors: displaySpecifier +possibleInferiors: nTDSService +possibleInferiors: secret +possibleInferiors: organizationalPerson rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Group-Policy-Container -- cgit From e9d19477e43b65f91bd152f5249b684dbefa5cc6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Jun 2007 10:18:20 +0000 Subject: r23560: - Activate metze's schema modules (from metze's schema-loading-13 patch). - samba3sam.js: rework the samba3sam test to not use objectCategory, as it's has special rules (dnsName a simple match) - ldap.js: Test the ordering of the objectClass attributes for the baseDN - schema_init.c: Load the mayContain and mustContain (and system...) attributes when reading the schema from ldb - To make the schema load not suck in terms of performance, write the schema into a static global variable - ldif_handlers.c: Match objectCategory for equality and canonicolisation based on the loaded schema, not simple tring manipuation - ldb_msg.c: don't duplicate attributes when adding attributes to a list - kludge_acl.c: return allowedAttributesEffective based on schema results and privilages Andrew Bartlett (This used to be commit dcff83ebe463bc7391841f55856d7915c204d000) --- source4/setup/provision | 6 +++--- source4/setup/provision_partitions.ldif | 6 +++--- source4/setup/provision_schema_basedn_modify.ldif | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 3c5d31dc0f..9a67d06963 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -132,11 +132,11 @@ if (ldapbackend) { subobj["LDAPMODULE"] = "entryUUID"; } subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"]; - subobj["DOMAINDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; + subobj["DOMAINDN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches"; subobj["CONFIGDN_LDB"] = subobj["LDAPBACKEND"]; - subobj["CONFIGDN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; + subobj["CONFIGDN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches"; subobj["SCHEMADN_LDB"] = subobj["LDAPBACKEND"]; - subobj["SCHEMADN_MOD"] = subobj["LDAPMODULE"] + ",paged_searches"; + subobj["SCHEMADN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches"; } if (!provision_validate(subobj, message)) { diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index 3800918bc1..c6107c6502 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB} replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST -modules:${SCHEMADN}:${SCHEMADN_MOD} -modules:${CONFIGDN}:${CONFIGDN_MOD} -modules:${DOMAINDN}:${DOMAINDN_MOD} +modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2} +modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2} +modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2} dn: @MODULES @LIST: ${MODULES_LIST} diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 1f188d0679..a222a654f7 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -23,3 +23,21 @@ fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},C - replace: objectVersion objectVersion: 30 +- +replace: prefixMap +prefixMap:: QkRTRAAAAAAiAAAAAAACACIAAAAAAAAAAgAAAAQAAgABAAAAAgAAAAgAAgACAAAACA + AAAAwAAgADAAAACAAAABAAAgAEAAAACAAAABQAAgAFAAAACAAAABgAAgAGAAAACAAAABwAAgAHAAA + ACAAAACAAAgAIAAAAAgAAACQAAgAJAAAACAAAACgAAgAKAAAACAAAACwAAgATAAAACAAAADAAAgAU + AAAACAAAADQAAgAVAAAACQAAADgAAgAWAAAACQAAADwAAgAXAAAACgAAAEAAAgAYAAAAAgAAAEQAA + gAZAAAAAgAAAEgAAgAaAAAAAgAAAEwAAgALAAAACgAAAFAAAgAMAAAACQAAAFQAAgANAAAACgAAAF + gAAgAOAAAACQAAAFwAAgAPAAAACgAAAGAAAgAQAAAACQAAAGQAAgARAAAACQAAAGgAAgASAAAACgA + AAGwAAgAbAAAACQAAAHAAAgAcAAAACQAAAHQAAgAdAAAACAAAAHgAAgAeAAAACAAAAHwAAgAfAAAA + CQAAAIAAAgAgAAAACQAAAIQAAgAhAAAACQAAAIgAAgACAAAAVQQAAAIAAABVBgAACAAAACqGSIb3F + AECCAAAACqGSIb3FAEDCAAAAGCGSAFlAgIBCAAAAGCGSAFlAgIDCAAAAGCGSAFlAgEFCAAAAGCGSA + FlAgEEAgAAAFUFAAAIAAAAKoZIhvcUAQQIAAAAKoZIhvcUAQUIAAAACZImiZPyLGQIAAAAYIZIAYb + 4QgMJAAAACZImiZPyLGQBAAAACQAAAGCGSAGG+EIDAQAAAAoAAAAqhkiG9xQBBbZYAAACAAAAVRUA + AAIAAABVEgAAAgAAAFUUAAAKAAAAKoZIhvcUAQSCBAAACQAAACqGSIb3FAEFOAAAAAoAAAAqhkiG9 + xQBBIIGAAAJAAAAKoZIhvcUAQU5AAAACgAAACqGSIb3FAEEggcAAAkAAAAqhkiG9xQBBToAAAAJAA + AAKoZIhvcUAQVJAAAACgAAACqGSIb3FAEEgjEAAAkAAAArBgEEAYs6ZXcAAAAJAAAAYIZIAYb4QgM + CAAAACAAAACsGAQQBgXoBCAAAACqGSIb3DQEJCQAAAAmSJomT8ixkBAAAAAkAAAArBgEEAbd9BAEA + AAAJAAAAKwYBBAG3fQQC -- cgit From 3a78f7323a986703c9b7100f551b1c907a9e104b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 4 Jul 2007 11:06:32 +0000 Subject: r23703: Start to get Samba4 to again work with LDAP backends, after I turned on metze's schema work. Andrew Bartlett (This used to be commit 3111bbdf64f57bf8d2638fd9829c071dcfeb4af1) --- source4/setup/provision | 15 ++++++++------- source4/setup/provision-backend | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 9a67d06963..8e67dd4b3c 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -129,14 +129,15 @@ message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]); if (ldapbackend) { if (!ldapmodule) { - subobj["LDAPMODULE"] = "entryUUID"; + subobj.LDAPMODULE = "entryUUID"; } - subobj["DOMAINDN_LDB"] = subobj["LDAPBACKEND"]; - subobj["DOMAINDN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches"; - subobj["CONFIGDN_LDB"] = subobj["LDAPBACKEND"]; - subobj["CONFIGDN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches"; - subobj["SCHEMADN_LDB"] = subobj["LDAPBACKEND"]; - subobj["SCHEMADN_MOD2"] = subobj["LDAPMODULE"] + ",paged_searches"; + subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; + subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; + subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; + subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; + subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; + subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; + message("LDAP module: %s backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); } if (!provision_validate(subobj, message)) { diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 9c1649ac3e..2fa0cc0ecc 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -88,7 +88,7 @@ for (r in options) { var paths = provision_default_paths(subobj); -provision_fix_subobj(subobj, message, paths); +provision_fix_subobj(subobj, paths); message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS); var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; -- cgit From c37cfae81e6f87feecb0737cb7e646c9a7da1114 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jul 2007 00:34:11 +0000 Subject: r23715: Make the provision-backend script print out the exact commands to run, to set up the LDAP backend. Andrew Bartlett (This used to be commit cc7900210a2e473060d5897ec729923ac6b2f18d) --- source4/setup/provision | 9 +++++++-- source4/setup/provision-backend | 13 +++++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 8e67dd4b3c..175ed8f161 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -121,13 +121,19 @@ var ldapbase = (options["ldap-base"] != undefined); var ldapbackend = (options["ldap-backend"] != undefined); var ldapmodule = (options["ldap-module"] != undefined); var partitions_only = (options["partitions-only"] != undefined); +var paths = provision_default_paths(subobj); if (options["aci"] != undefined) { message("set ACI: %s\n", subobj["ACI"]); } message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]); +provision_fix_subobj(subobj, paths); + if (ldapbackend) { + if (options["ldap-backend"] == "ldapi") { + subobj.LDAPBACKEND = subobj.LDAPI_URI; + } if (!ldapmodule) { subobj.LDAPMODULE = "entryUUID"; } @@ -137,7 +143,7 @@ if (ldapbackend) { subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; - message("LDAP module: %s backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); + message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); } if (!provision_validate(subobj, message)) { @@ -146,7 +152,6 @@ if (!provision_validate(subobj, message)) { var system_session = system_session(); var creds = options.get_credentials(); -var paths = provision_default_paths(subobj); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); if (ldapbase) { diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 2fa0cc0ecc..b36eed5343 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -98,6 +98,7 @@ provision_schema(subobj, message, tmp_schema_ldb, paths); var mapping; var ext; +var slapd_command; if (options["ldap-backend-type"] == "fedora-ds") { mapping = "schema-map-fedora-ds-1.0"; ext = "ldif"; @@ -110,6 +111,8 @@ if (options["ldap-backend-type"] == "fedora-ds") { } setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); + + slapd_command = "(see documentation)"; } else if (options["ldap-backend-type"] == "openldap") { provision_ldapbase(subobj, message, paths); mapping = "schema-map-openldap-2.3"; @@ -133,10 +136,16 @@ if (options["ldap-backend-type"] == "fedora-ds") { sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); if (options["ldap-backend-port"] != undefined) { - message("NOTE: OpenLDAP TCP ports are controlled on the command line, not in the generated config file\n"); + message("\nStart slapd with: \n"); + slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h ldap://0.0.0.0:" + options["ldap-backend-port"] + " -h " + subobj.LDAPI_URI; + } else { + slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; } } -message("ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext + "\n"); +var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext; + +message("\nCreate a suitable schema file with:\n%s\n", schema_command); +message("\nStart slapd with: \n%s\n", slapd_command); message("All OK\n"); return 0; -- cgit From 97172e11204b2863ab1e4021aea3c40668d33aef Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jul 2007 01:45:37 +0000 Subject: r23716: Clarify LDAP Manager DN and fix slapd startup syntax. Andrew Bartlett (This used to be commit 17dad5d8c345c2c3a7643bff7a43473339a22d40) --- source4/setup/fedorads.inf | 4 ++-- source4/setup/provision-backend | 4 ++-- source4/setup/slapd.conf | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index 785e65ce56..43d02da206 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -6,8 +6,8 @@ ServerRoot= ${LDAPDIR} [slapd] ldapifilepath=${LDAPDIR}/ldapi Suffix= ${DOMAINDN} -RootDN= cn=Manager,${DOMAINDN} -RootDNPwd= ${LDAPMANAGERPASS} +RootDN= ${LDAP_MANAGERDN} +RootDNPwd= ${LDAP_MANAGERPASS} ServerIdentifier= samba4 ${SERVERPORT} diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index b36eed5343..5a3018b724 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -90,7 +90,7 @@ for (r in options) { var paths = provision_default_paths(subobj); provision_fix_subobj(subobj, paths); message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); -message("Using LDAP Manager password: %s\n", subobj.LDAPMANAGERPASS); +message("Using %s password: %s\n", subobj.LDAP_MANAGERDN, subobj.LDAP_MANAGERPASS); var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; sys.mkdir(subobj.LDAPDIR, 0700); @@ -137,7 +137,7 @@ if (options["ldap-backend-type"] == "fedora-ds") { setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); if (options["ldap-backend-port"] != undefined) { message("\nStart slapd with: \n"); - slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h ldap://0.0.0.0:" + options["ldap-backend-port"] + " -h " + subobj.LDAPI_URI; + slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h \"ldap://0.0.0.0:" + options["ldap-backend-port"] + " " + subobj.LDAPI_URI "\""; } else { slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; } diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 770c688f35..b39e3d5cfb 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -47,8 +47,8 @@ index nETBIOSName eq pres database bdb suffix ${DOMAINDN} -rootdn cn=Manager,${DOMAINDN} -rootpw ${LDAPMANAGERPASS} +rootdn ${LDAP_MANAGERDN} +rootpw ${LDAP_MANAGERPASS} directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq -- cgit From 90b49dc5208a083922c75595749d9abd4ef5b652 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jul 2007 02:52:58 +0000 Subject: r23717: We need to remove the _ in LDAP_MANAGERPASS for the --ldap-manager-pass= option to work. Andrew Bartlett (This used to be commit fbcb1ec14125a4ca57922ec75b01af9a99dcd954) --- source4/setup/fedorads.inf | 4 ++-- source4/setup/provision-backend | 2 +- source4/setup/slapd.conf | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index 43d02da206..8aed0338fb 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -6,8 +6,8 @@ ServerRoot= ${LDAPDIR} [slapd] ldapifilepath=${LDAPDIR}/ldapi Suffix= ${DOMAINDN} -RootDN= ${LDAP_MANAGERDN} -RootDNPwd= ${LDAP_MANAGERPASS} +RootDN= ${LDAPMANAGERDN} +RootDNPwd= ${LDAPMANAGERPASS} ServerIdentifier= samba4 ${SERVERPORT} diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 5a3018b724..208869c930 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -90,7 +90,7 @@ for (r in options) { var paths = provision_default_paths(subobj); provision_fix_subobj(subobj, paths); message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); -message("Using %s password: %s\n", subobj.LDAP_MANAGERDN, subobj.LDAP_MANAGERPASS); +message("Using %s password: %s\n", subobj.LDAPMANAGERDN, subobj.LDAPMANAGERPASS); var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; sys.mkdir(subobj.LDAPDIR, 0700); diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index b39e3d5cfb..34896d04b9 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -47,8 +47,8 @@ index nETBIOSName eq pres database bdb suffix ${DOMAINDN} -rootdn ${LDAP_MANAGERDN} -rootpw ${LDAP_MANAGERPASS} +rootdn ${LDAPMANAGERDN} +rootpw ${LDAPMANAGERPASS} directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq -- cgit From 967866f17084df7a78ed6ecfcb9d2b31deaa28a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 5 Jul 2007 06:15:40 +0000 Subject: r23720: Allow the member server to work against an LDAP Backend. Another case where LDB isn't as strict as OpenLDAP, the self join record contains duplicate servicePrincipalNames once the DNS name and domain name are made equal. (Easier to just skip the useless self-join). Andrew Bartlett (This used to be commit 49ff929be6fcf57721532de13bdd7a7e1617af6f) --- source4/setup/provision_self_join.ldif | 23 +++++++++++++++++++++++ source4/setup/provision_users.ldif | 23 ----------------------- 2 files changed, 23 insertions(+), 23 deletions(-) create mode 100644 source4/setup/provision_self_join.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif new file mode 100644 index 0000000000..5ebc87b106 --- /dev/null +++ b/source4/setup/provision_self_join.ldif @@ -0,0 +1,23 @@ +#Join the DC to itself by default + +dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} +objectClass: computer +cn: ${NETBIOSNAME} +userAccountControl: 532480 +localPolicyFlags: 0 +primaryGroupID: 516 +accountExpires: 9223372036854775807 +sAMAccountName: ${NETBIOSNAME}$ +sAMAccountType: 805306369 +operatingSystem: Samba +operatingSystemVersion: 4.0 +dNSHostName: ${DNSNAME} +isCriticalSystemObject: TRUE +sambaPassword: ${MACHINEPASS} +servicePrincipalName: HOST/${DNSNAME} +servicePrincipalName: HOST/${NETBIOSNAME} +servicePrincipalName: HOST/${DNSNAME}/${REALM} +servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} +servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} +servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} +${HOSTGUID_ADD} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index d00570b121..f1244fe8a1 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -67,29 +67,6 @@ privilege: SeInteractiveLogonRight privilege: SeNetworkLogonRight privilege: SeRemoteInteractiveLogonRight - -dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} -objectClass: computer -cn: ${NETBIOSNAME} -userAccountControl: 532480 -localPolicyFlags: 0 -primaryGroupID: 516 -accountExpires: 9223372036854775807 -sAMAccountName: ${NETBIOSNAME}$ -sAMAccountType: 805306369 -operatingSystem: Samba -operatingSystemVersion: 4.0 -dNSHostName: ${DNSNAME} -isCriticalSystemObject: TRUE -sambaPassword: ${MACHINEPASS} -servicePrincipalName: HOST/${DNSNAME} -servicePrincipalName: HOST/${NETBIOSNAME} -servicePrincipalName: HOST/${DNSNAME}/${REALM} -servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} -servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} -servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} -${HOSTGUID_ADD} - dn: CN=Users,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -- cgit From 1cc770fc588b86b5162689c7acdafa05b745f059 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 Jul 2007 13:26:10 +0000 Subject: r23815: Thanks to Matthias Wallnoefer for pointing out that we had the wrong objectClass for OU=Domain Controllers,${DOMAINDN} (was CN=Domain Controllers,${DOMAINDN}) This fixes both the SAMR server and the LDIF templates. Andrew Bartlett (This used to be commit 625a9e6c041bedc93925bdebb3a60af1dbdde317) --- source4/setup/provision.ldif | 4 ++-- source4/setup/provision_self_join.ldif | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 49f87d8cbc..e44a4642b2 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -1,6 +1,6 @@ -dn: CN=Domain Controllers,${DOMAINDN} +dn: OU=Domain Controllers,${DOMAINDN} objectClass: top -objectClass: container +objectClass: organizationalUnit cn: Domain Controllers description: Default container for domain controllers instanceType: 4 diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 5ebc87b106..25f9fab6d3 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -1,6 +1,6 @@ #Join the DC to itself by default -dn: CN=${NETBIOSNAME},CN=Domain Controllers,${DOMAINDN} +dn: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} objectClass: computer cn: ${NETBIOSNAME} userAccountControl: 532480 -- cgit From 10f6e1657303dabcf7dbbaed8547f0cb6e845a5d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 13 Jul 2007 08:01:36 +0000 Subject: r23859: Work to have Group Policy work 'out of the box' in Samba4. This involves creating the SYSVOL and NETLOGON shares at provision time, and creating the right subdirectories. This also changes the behaviour of lp.get("foo") in ejs - we now return undefined, rather than syntax error, if the parameter doesn't exist (perhaps because the share isn't defined). Andrew Bartlett (This used to be commit 45cadf3bc0d38f6600666511a392e1ce353adee7) --- source4/setup/provision | 3 +++ source4/setup/provision.ldif | 28 ---------------------------- source4/setup/provision.smb.conf | 6 ++++++ source4/setup/provision_group_policy.ldif | 28 ++++++++++++++++++++++++++++ 4 files changed, 37 insertions(+), 28 deletions(-) create mode 100644 source4/setup/provision_group_policy.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 175ed8f161..ddb424477b 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -14,7 +14,9 @@ options = GetOptions(ARGV, 'realm=s', 'domain=s', 'domain-guid=s', + 'domain-guid=s', 'domain-sid=s', + 'policy-guid=s', 'host-name=s', 'host-ip=s', 'host-guid=s', @@ -69,6 +71,7 @@ provision [options] --host-name HOSTNAME set hostname --host-ip IPADDRESS set ipaddress --host-guid GUID set hostguid (otherwise random) + --policy-guid GUID set group policy guid (otherwise random) --invocationid GUID set invocationid (otherwise random) --adminpass PASSWORD choose admin password (otherwise random) --krbtgtpass PASSWORD choose krbtgt password (otherwise random) diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index e44a4642b2..d531f831d6 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -99,31 +99,3 @@ dn: CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container -dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} -objectClass: top -objectClass: container -objectClass: groupPolicyContainer -displayName: Default Domain Policy -objectCategory: CN=Group-Policy-Container,${SCHEMADN} -gPCFunctionalityVersion: 2 -gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} -versionNumber: 1 -flags: 0 -gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248 - 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 - FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2 - 488-11D1-A28C-00C04FB94F17}] -gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1 - 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E- - 11D1-A7CC-0000F87571E3}] -nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) - -dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} -objectClass: top -objectClass: container -objectCategory: CN=Container,${SCHEMADN} - -dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} -objectClass: top -objectClass: container -objectCategory: CN=Container,${SCHEMADN} diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf index 9d922c49c9..fe08d7e3be 100644 --- a/source4/setup/provision.smb.conf +++ b/source4/setup/provision.smb.conf @@ -4,4 +4,10 @@ realm = ${REALM} server role = domain controller +[netlogon] + path = ${NETLOGONPATH} + read only = no +[sysvol] + path = ${SYSVOLPATH} + read only = no diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif new file mode 100644 index 0000000000..b5a2ef17e2 --- /dev/null +++ b/source4/setup/provision_group_policy.ldif @@ -0,0 +1,28 @@ +dn: CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +objectClass: groupPolicyContainer +displayName: Default Domain Policy +objectCategory: CN=Group-Policy-Container,${SCHEMADN} +gPCFunctionalityVersion: 2 +gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} +versionNumber: 1 +flags: 0 +gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248 + 8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4 + FB-11D0-A0D0-00A0C90F574B}][{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}{53D6AB1B-2 + 488-11D1-A28C-00C04FB94F17}] +gPCUserExtensionNames: [{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-1 + 1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E- + 11D1-A7CC-0000F87571E3}] +nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) + +dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +objectCategory: CN=Container,${SCHEMADN} + +dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} +objectClass: top +objectClass: container +objectCategory: CN=Container,${SCHEMADN} -- cgit From 4e697b288be11a195d493f2d6800ea8c1e251fee Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 27 Jul 2007 03:08:15 +0000 Subject: r24060: Fix bug #4806 by Matthias Wallnöfer : We need to include the attribute allowedChildClassesEffective for MMC to allow the creation of containers. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This may need further refinement, but it seems to work for now. Andrew Bartlett (This used to be commit d053b8e218767cb12e20a00fb18995e30869db11) --- source4/setup/provision_users_modify.ldif | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif index 04ff57368e..5fbfebfd46 100644 --- a/source4/setup/provision_users_modify.ldif +++ b/source4/setup/provision_users_modify.ldif @@ -17,7 +17,3 @@ objectCategory: CN=Container,${SCHEMADN} - replace: isCriticalSystemObject isCriticalSystemObject: TRUE -- -replace: allowedChildClassesEffective -allowedChildClassesEffective: user -allowedChildClassesEffective: group -- cgit From ae7819d715e80cfbd17c4bec1c93685198febe6a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Aug 2007 05:58:47 +0000 Subject: r24262: Set the objectCategory by default in the objectclass module, rather than using templates. Modify the samba3sam test to be less fussy, and not use the objectclass module (which requires proper schema stuff now). Andrew Bartlett (This used to be commit 53c248c2645e86fbc8720860aed92a479483b528) --- source4/setup/provision_templates.ldif | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 6e264be9d6..914582eaf0 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -4,7 +4,6 @@ objectClass: container description: Container for SAM account templates showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE ### @@ -30,7 +29,6 @@ primaryGroupID: 513 accountExpires: -1 logonCount: 0 sAMAccountType: 805306368 -objectCategory: CN=Person,${SCHEMADN} dn: CN=TemplateComputer,CN=Templates objectClass: top @@ -50,7 +48,6 @@ primaryGroupID: 513 accountExpires: -1 logonCount: 0 sAMAccountType: 805306369 -objectCategory: CN=Computer,${SCHEMADN} dn: CN=TemplateTrustingDomain,CN=Templates objectClass: top @@ -74,7 +71,6 @@ objectClass: Template objectClass: groupTemplate groupType: -2147483646 sAMAccountType: 268435456 -objectCategory: CN=Group,${SCHEMADN} # Currently this isn't used, we don't have a way to detect it different from an incoming alias # @@ -92,7 +88,6 @@ objectClass: top objectClass: Template objectClass: foreignSecurityPrincipalTemplate showInAdvancedViewOnly: TRUE -objectCategory: CN=Foreign-Security-Principal,${SCHEMADN} dn: CN=TemplateSecret,CN=Templates objectClass: top -- cgit From 2da0be9d5e3e7bd91c145031a0bc238a010a9e97 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 24 Aug 2007 01:57:54 +0000 Subject: r24640: Add a suggested BIND configuration snippit, to help with DNS configuration. When we sort out GSS-TSIG on the server, we can expand this to have the 'right stuff'. Andrew Bartlett (This used to be commit 8f02ade1b2cc164f64f4ea8a371c107ccf6a81b3) --- source4/setup/named.conf | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 source4/setup/named.conf (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf new file mode 100644 index 0000000000..56bb3e0f35 --- /dev/null +++ b/source4/setup/named.conf @@ -0,0 +1,10 @@ +# +# Insert this snippit into your named.conf or bind.conf to configure +# the BIND nameserver. +# + +zone "${DNSDOMAIN}." IN { + type master; + file "${DNSDOMAIN}.zone"; +}; + -- cgit From 61582b5d8a7d718e201bdeaa1d9d991bd1e4a133 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 24 Aug 2007 13:21:43 +0000 Subject: r24650: Some more instructions to have make GSS-TSIG work (This used to be commit 98350b35ab0b0f06cc9ddf8edaf3dfe705c3e5bf) --- source4/setup/named.conf | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 56bb3e0f35..eb5098ae3c 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -1,10 +1,22 @@ # -# Insert this snippit into your named.conf or bind.conf to configure +# Insert these snippets into your named.conf or bind.conf to configure # the BIND nameserver. # +#insert this into options {} +tkey-gssapi-credential "DNS/${DNSDOMAIN}" +tkey-domain "${REALM}"; + +#the zone file zone "${DNSDOMAIN}." IN { type master; file "${DNSDOMAIN}.zone"; }; +# Also, you need to change your init scripts to set this environment variable +# for named: KRB_KTNAME so that it points to the keytab generated. +# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following +# line to the /etc/sysconfig/named file +# export KRB_KTNAME=/etc/named.keytab + +# *TODO*: generate and install a keytab file in /etc/named.keytab -- cgit From 7663475111079b8e2415d6e1ee20527c7463f613 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 24 Aug 2007 13:31:05 +0000 Subject: r24651: Allow dynamic updates for the domain controller over its own name (This used to be commit ce9b64341159cb1a8f42809dcecc0b1e80eb8a5e) --- source4/setup/named.conf | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index eb5098ae3c..2513632a47 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -11,6 +11,11 @@ tkey-domain "${REALM}"; zone "${DNSDOMAIN}." IN { type master; file "${DNSDOMAIN}.zone"; + update-policy { + /* use ANY only for Domain controllers for now */ + /* for normal machines A AAAA PTR is probbaly all is needed */ + grant ${HOSTNAME}.${DNSDOMAIN}@${REALM} name ${HOSTNAME}.${DNSDOMAIN} ANY; + }; }; # Also, you need to change your init scripts to set this environment variable -- cgit From b409d4120f9ae451f93a2322267c0f346531d9f3 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 26 Aug 2007 15:16:40 +0000 Subject: r24667: Finally merge the registry improvements that Wilco Baan Hofman and I have been working on for at least half a year now. Contains the following improvements: * proper layering (finally!) for the registry library. Distinction is now made between 'real' backends (local, remote, wine, etc) and the low-level hive backends (regf, creg, ldb, ...) that are only used by the local registry backend * tests for all important hive and registry operations * re-enable RPC-WINREG tests (still needs more work though, as some return values aren't checked yet) * write support for REGF files * dir backend now supports setting/reading values, creating keys * support for storing security descriptors * remove CREG backend as it was incomplete, didn't match the data model and wasn't used at all anyway * support for parsing ADM files as used by the policy editor (see lib/policy) * support for parsing PREG files (format used by .POL files) * new streaming interface for registry diffs (improves speed and memory usage for regdiff/regpatch significantly) ... and fixes a large number of bugs in the registry code (This used to be commit 7a1eec6358bc863dfc671c542b7185d3e39d7b5a) --- source4/setup/provision.reg | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 source4/setup/provision.reg (limited to 'source4/setup') diff --git a/source4/setup/provision.reg b/source4/setup/provision.reg new file mode 100644 index 0000000000..337d1fccd2 --- /dev/null +++ b/source4/setup/provision.reg @@ -0,0 +1,17 @@ +REGEDIT4 + +[HKEY_LOCAL_MACHINE] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions] +ProductType="LanmanNT" + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters] +RefusePasswordChange=REG_DWORD:0 + +[HKEY_USERS] + +[HKEY_CLASSES_ROOT] -- cgit From ebce7a586b57cecc2f744ec5abf4d5d1c882a475 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Aug 2007 01:54:32 +0000 Subject: r24694: Remove objectCategory entries from the setup templates. These can be autogenerated by the objectclass module when the the entries are added. Andrew Bartlett (This used to be commit 79e13349f00d009fc5dd0cdddade379df906ebc8) --- source4/setup/provision.ldif | 8 -------- source4/setup/provision_computers_modify.ldif | 3 --- source4/setup/provision_configuration.ldif | 14 -------------- source4/setup/provision_group_policy.ldif | 3 --- source4/setup/provision_users.ldif | 16 ---------------- source4/setup/provision_users_modify.ldif | 3 --- 6 files changed, 47 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index d531f831d6..c6b07c5751 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -6,7 +6,6 @@ description: Default container for domain controllers instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 -objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=ForeignSecurityPrincipals,${DOMAINDN} @@ -17,7 +16,6 @@ description: Default container for security identifiers (SIDs) associated with o instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 -objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=System,${DOMAINDN} @@ -28,7 +26,6 @@ description: Builtin system settings instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=Container,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=RID Manager$,CN=System,${DOMAINDN} @@ -38,7 +35,6 @@ cn: RID Manager$ instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=RID-Manager,${SCHEMADN} isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} rIDAvailablePool: 4611686014132423217 @@ -49,7 +45,6 @@ objectClass: container cn: DomainUpdates instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,${SCHEMADN} dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top @@ -57,7 +52,6 @@ objectClass: container cn: Windows2003Update instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,${SCHEMADN} revision: 8 dn: CN=Infrastructure,${DOMAINDN} @@ -67,7 +61,6 @@ cn: Infrastructure instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 -objectCategory: CN=Infrastructure-Update,${SCHEMADN} isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -92,7 +85,6 @@ objectSid: S-1-5-32 serverState: 1 uASCompat: 1 modifiedCount: 1 -objectCategory: CN=Builtin-Domain,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Policies,CN=System,${DOMAINDN} diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif index 9f0c1884ea..b7502e5107 100644 --- a/source4/setup/provision_computers_modify.ldif +++ b/source4/setup/provision_computers_modify.ldif @@ -12,8 +12,5 @@ showInAdvancedViewOnly: FALSE replace: systemFlags systemFlags: 2348810240 - -replace: objectCategory -objectCategory: CN=Container,${SCHEMADN} -- replace: isCriticalSystemObject isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 24f68b63c8..0e6ee4d845 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -8,7 +8,6 @@ cn: Partitions instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 -objectCategory: CN=Cross-Ref-Container,${SCHEMADN} msDS-Behavior-Version: 0 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -19,7 +18,6 @@ cn: Enterprise Configuration instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 -objectCategory: CN=Cross-Ref,${SCHEMADN} nCName: ${CONFIGDN} dnsRoot: ${DNSDOMAIN} @@ -30,7 +28,6 @@ cn: Enterprise Schema instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 -objectCategory: CN=Cross-Ref,${SCHEMADN} nCName: ${SCHEMADN} dnsRoot: ${DNSDOMAIN} @@ -41,7 +38,6 @@ cn: ${DOMAIN} instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 3 -objectCategory: CN=Cross-Ref,${SCHEMADN} nCName: ${DOMAINDN} nETBIOSName: ${DOMAIN} dnsRoot: ${DNSDOMAIN} @@ -53,7 +49,6 @@ cn: Sites instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 -objectCategory: CN=Sites-Container,${SCHEMADN} dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top @@ -62,7 +57,6 @@ cn: ${DEFAULTSITE} instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 -objectCategory: CN=Site,${SCHEMADN} dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top @@ -71,7 +65,6 @@ cn: Servers instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 -objectCategory: CN=Servers-Container,${SCHEMADN} dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top @@ -80,7 +73,6 @@ cn: ${NETBIOSNAME} instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1375731712 -objectCategory: CN=Server,${SCHEMADN} dNSHostName: ${DNSNAME} serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} @@ -93,7 +85,6 @@ options: 1 instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 33554432 -objectCategory: CN=NTDS-DSA,${SCHEMADN} dMDLocation: ${SCHEMADN} invocationId: ${INVOCATIONID} msDS-Behavior-Version: 2 @@ -105,7 +96,6 @@ cn: Services instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 -objectCategory: CN=Container,${SCHEMADN} dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top @@ -113,7 +103,6 @@ objectClass: container cn: Windows NT instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,${SCHEMADN} dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top @@ -121,7 +110,6 @@ objectClass: nTDSService cn: Directory Service instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=NTDS-Service,${SCHEMADN} sPNMappings: host=ldap,dns,cifs,http dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} @@ -130,7 +118,6 @@ objectClass: container cn: Query-Policies instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Container,${SCHEMADN} dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top @@ -138,7 +125,6 @@ objectClass: queryPolicy cn: Default Query Policy instanceType: 4 showInAdvancedViewOnly: TRUE -objectCategory: CN=Query-Policy,${SCHEMADN} lDAPAdminLimits: MaxValRange=1500 lDAPAdminLimits: MaxReceiveBuffer=10485760 lDAPAdminLimits: MaxDatagramRecv=4096 diff --git a/source4/setup/provision_group_policy.ldif b/source4/setup/provision_group_policy.ldif index b5a2ef17e2..0f3e1f15f9 100644 --- a/source4/setup/provision_group_policy.ldif +++ b/source4/setup/provision_group_policy.ldif @@ -3,7 +3,6 @@ objectClass: top objectClass: container objectClass: groupPolicyContainer displayName: Default Domain Policy -objectCategory: CN=Group-Policy-Container,${SCHEMADN} gPCFunctionalityVersion: 2 gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}} versionNumber: 1 @@ -20,9 +19,7 @@ nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCL dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container -objectCategory: CN=Container,${SCHEMADN} dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container -objectCategory: CN=Container,${SCHEMADN} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index f1244fe8a1..fa81784f1e 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -40,7 +40,6 @@ sAMAccountName: Administrators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeSecurityPrivilege privilege: SeBackupPrivilege @@ -78,7 +77,6 @@ sAMAccountName: Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Guests,CN=Builtin,${DOMAINDN} @@ -93,7 +91,6 @@ sAMAccountName: Guests sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Print Operators,CN=Builtin,${DOMAINDN} @@ -107,7 +104,6 @@ sAMAccountName: Print Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeLoadDriverPrivilege privilege: SeShutdownPrivilege @@ -124,7 +120,6 @@ sAMAccountName: Backup Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege privilege: SeRestorePrivilege @@ -142,7 +137,6 @@ sAMAccountName: Replicator sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} @@ -155,7 +149,6 @@ sAMAccountName: Remote Desktop Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN} @@ -168,7 +161,6 @@ sAMAccountName: Network Configuration Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} @@ -181,7 +173,6 @@ sAMAccountName: Performance Monitor Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN} @@ -194,7 +185,6 @@ sAMAccountName: Performance Log Users sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=krbtgt,CN=Users,${DOMAINDN} @@ -222,7 +212,6 @@ cn: Domain Computers description: All workstations and servers joined to the domain objectSid: ${DOMAINSID}-515 sAMAccountName: Domain Computers -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Domain Controllers,CN=Users,${DOMAINDN} @@ -267,7 +256,6 @@ groupType: 2147483652 sAMAccountType: 536870912 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Domain Admins,CN=Users,${DOMAINDN} @@ -310,7 +298,6 @@ description: Members in this group can modify group policy for the domain member: CN=Administrator,CN=Users,${DOMAINDN} objectSid: ${DOMAINSID}-520 sAMAccountName: Group Policy Creator Owners -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} @@ -323,7 +310,6 @@ objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 536870912 groupType: 2147483652 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE dn: CN=Server Operators,CN=Builtin,${DOMAINDN} @@ -338,7 +324,6 @@ sAMAccountName: Server Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege privilege: SeSystemtimePrivilege @@ -359,7 +344,6 @@ sAMAccountName: Account Operators sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 -objectCategory: CN=Group,${SCHEMADN} isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif index 5fbfebfd46..42dff07080 100644 --- a/source4/setup/provision_users_modify.ldif +++ b/source4/setup/provision_users_modify.ldif @@ -12,8 +12,5 @@ showInAdvancedViewOnly: FALSE replace: systemFlags systemFlags: 2348810240 - -replace: objectCategory -objectCategory: CN=Container,${SCHEMADN} -- replace: isCriticalSystemObject isCriticalSystemObject: TRUE -- cgit From 4b31fd4409cd9eca29469c09ce4b585c6d5f1a81 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Aug 2007 02:26:24 +0000 Subject: r24696: Fix bug 4918 reported by Matthias Wallnöfer with a patch from Andrew Kroeger . MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The changes to samldb_fill_foreignSecurityPrincipal_object() look much larger then they are: We just skip all the objectSid generation if the SID is supplied. By providing a few more objects, standard dialogs on the clients are better behaved, for these 'well known' users. Andrew Bartlett (This used to be commit 35ee4aee719e69983d650602d1c6422a31600001) --- source4/setup/provision_users.ldif | 237 +++++++++++++++++++++++++++++++++++++ 1 file changed, 237 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index fa81784f1e..dcb9ef14fa 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -347,3 +347,240 @@ groupType: 2147483653 isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight +dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Pre-Windows 2000 Compatible Access +description: A backward compatibility group which allows read access on all users and groups in the domain +objectSid: S-1-5-32-554 +sAMAccountName: Pre-Windows 2000 Compatible Access +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE +privilege: SeRemoteInteractiveLogonRight +privilege: SeChangeNotifyPrivilege + +dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Incoming Forest Trust Builders +description: Members of this group can create incoming, one-way trusts to this forest +objectSid: S-1-5-32-557 +sAMAccountName: Incoming Forest Trust Builders +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Windows Authorization Access Group +description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects +objectSid: S-1-5-32-560 +sAMAccountName: Windows Authorization Access Group +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Terminal Server License Servers +description: Terminal Server License Servers +objectSid: S-1-5-32-561 +sAMAccountName: Terminal Server License Servers +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Distributed COM Users +description: Members are allowed to launch, activate and use Distributed COM objects on this machine. +objectSid: S-1-5-32-562 +sAMAccountName: Distributed COM Users +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 +isCriticalSystemObject: TRUE + +dn: CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: container +cn: WellKnown Security Principals +systemFlags: 2147483648 +showInAdvancedViewOnly: TRUE + +dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Anonymous Logon +objectSid: S-1-5-7 +showInAdvancedViewOnly: TRUE + +dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Authenticated Users +objectSid: S-1-5-11 +showInAdvancedViewOnly: TRUE + +dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Batch +objectSid: S-1-5-3 +showInAdvancedViewOnly: TRUE + +dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Creator Group +objectSid: S-1-3-1 +showInAdvancedViewOnly: TRUE + +dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Creator Owner +objectSid: S-1-3-0 +showInAdvancedViewOnly: TRUE + +dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Dialup +objectSid: S-1-5-1 +showInAdvancedViewOnly: TRUE + +dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Digest Authentication +objectSid: S-1-5-64-21 +showInAdvancedViewOnly: TRUE + +dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Enterprise Domain Controllers +objectSid: S-1-5-9 +showInAdvancedViewOnly: TRUE + +dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Everyone +objectSid: S-1-1-0 +showInAdvancedViewOnly: TRUE + +dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Interactive +objectSid: S-1-5-4 +showInAdvancedViewOnly: TRUE + +dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Local Service +objectSid: S-1-5-19 +showInAdvancedViewOnly: TRUE + +dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Network +objectSid: S-1-5-2 +showInAdvancedViewOnly: TRUE + +dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Network Service +objectSid: S-1-5-20 +showInAdvancedViewOnly: TRUE + +dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: NTLM Authentication +objectSid: S-1-5-64-10 +showInAdvancedViewOnly: TRUE + +dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Other Organization +objectSid: S-1-5-1000 +showInAdvancedViewOnly: TRUE + +dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Proxy +objectSid: S-1-5-8 +showInAdvancedViewOnly: TRUE + +dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Remote Interactive Logon +objectSid: S-1-5-14 +showInAdvancedViewOnly: TRUE + +dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Restricted +objectSid: S-1-5-12 +showInAdvancedViewOnly: TRUE + +dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: SChannel Authentication +objectSid: S-1-5-64-14 +showInAdvancedViewOnly: TRUE + +dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Self +objectSid: S-1-5-10 +showInAdvancedViewOnly: TRUE + +dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Service +objectSid: S-1-5-6 +showInAdvancedViewOnly: TRUE + +dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Terminal Server User +objectSid: S-1-5-13 +showInAdvancedViewOnly: TRUE + +dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: This Organization +objectSid: S-1-5-15 +showInAdvancedViewOnly: TRUE + +dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Well-Known-Security-Id-System +objectSid: S-1-5-18 +showInAdvancedViewOnly: TRUE + -- cgit From 2edf63b6d647eba131e213bd9dbc543100396930 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 27 Aug 2007 13:13:08 +0000 Subject: r24703: Use standard registry diff files when provisioning rather than LDIF files for the registry files. (This used to be commit 67ad556b7388e5d82756e0a3cfc596e44136329c) --- source4/setup/hklm.ldif | 43 ------------------------------------------- source4/setup/provision.reg | 6 ++++++ 2 files changed, 6 insertions(+), 43 deletions(-) delete mode 100644 source4/setup/hklm.ldif (limited to 'source4/setup') diff --git a/source4/setup/hklm.ldif b/source4/setup/hklm.ldif deleted file mode 100644 index 419a4c504a..0000000000 --- a/source4/setup/hklm.ldif +++ /dev/null @@ -1,43 +0,0 @@ -dn: @INDEXLIST -@IDXATTR: key - -dn: @ATTRIBUTES -key: CASE_INSENSITIVE -value: CASE_INSENSITIVE - -dn: key=control,key=currentcontrolset,key=system,hive=NONE -key: control - -dn: value=ProductType,key=productoptions,key=control,key=currentcontrolset,key=system,hive=NONE -value: ProductType -data: LanmanNT -type: 1 - -dn: key=productoptions,key=control,key=currentcontrolset,key=system,hive=NONE -key: productoptions - -dn: key=system,hive=NONE -key: system - -dn: key=print,key=control,key=currentcontrolset,key=system,hive=NONE -key: print - -dn: key=currentcontrolset,key=system,hive=NONE -key: currentcontrolset - -dn: key=Terminal Server,key=control,key=currentcontrolset,key=system,hive=NONE -key: Terminal Server - -dn: key=Services,key=CurrentControlSet,key=System,hive=NONE -key: Services - -dn: key=Netlogon,key=Services,key=CurrentControlSet,key=System,hive=NONE -key: Netlogon - -dn: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,hive=NONE -key: Parameters - -dn: value=RefusePasswordChange,key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=System,hive=NONE -value: RefusePasswordChange -type: 4 -data: 0 diff --git a/source4/setup/provision.reg b/source4/setup/provision.reg index 337d1fccd2..867f3e204c 100644 --- a/source4/setup/provision.reg +++ b/source4/setup/provision.reg @@ -2,6 +2,12 @@ REGEDIT4 [HKEY_LOCAL_MACHINE] +[HKEY_LOCAL_MACHINE\System] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control] + [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions] ProductType="LanmanNT" -- cgit From 349cc1e14b5d6c3225427f76c8703ab7537b6daa Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 27 Aug 2007 13:53:18 +0000 Subject: r24704: Fix bug in the registry patch code.. all the more proves this code needs tests. (This used to be commit aa98d219571c4a7af1e5a0f8483cc17a4b6b36e2) --- source4/setup/provision.reg | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.reg b/source4/setup/provision.reg index 867f3e204c..0e657f3e6a 100644 --- a/source4/setup/provision.reg +++ b/source4/setup/provision.reg @@ -9,12 +9,20 @@ REGEDIT4 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions] -ProductType="LanmanNT" +ProductType=LanmanNT [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server] +[HKEY_LOCAL_MACHINE\System] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon] + [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters] RefusePasswordChange=REG_DWORD:0 -- cgit From 73388ce54c5910ee407af6b70e25597d0b696a58 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 28 Aug 2007 04:28:02 +0000 Subject: r24729: First try and publishing a DNS service account, for folks to play with. The keytab in dns.keytab should (I hope) do the job. Andrew Bartlett (This used to be commit af4d331eef91ef7699d179d15e7337fff1eff7bb) --- source4/setup/provision | 1 + source4/setup/provision_users.ldif | 16 ++++++++++++++++ source4/setup/secrets.ldif | 14 ++++++++++++++ 3 files changed, 31 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index ddb424477b..f6b9cde188 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -24,6 +24,7 @@ options = GetOptions(ARGV, 'adminpass=s', 'krbtgtpass=s', 'machinepass=s', + 'dnspass=s', 'root=s', 'nobody=s', 'nogroup=s', diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index dcb9ef14fa..60a26c1ebf 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -205,6 +205,22 @@ servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE sambaPassword: ${KRBTGTPASS} +dn: CN=dns,CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: dns +description: DNS Service Account +showInAdvancedViewOnly: TRUE +userAccountControl: 514 +accountExpires: 9223372036854775807 +sAMAccountName: dns +sAMAccountType: 805306368 +servicePrincipalName: DNS/${DNSDOMAIN} +isCriticalSystemObject: TRUE +sambaPassword: ${DNSPASS} + dn: CN=Domain Computers,CN=Users,${DOMAINDN} objectClass: top objectClass: group diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index ef5cb695d0..8c61c06a54 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -38,3 +38,17 @@ objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw krb5Keytab: HDB:ldb:${SAM_LDB}: #The trailing : here is a HACK, but it matches the Heimdal format. + +# A hook from our credentials system into HDB, as we must be on a KDC, +# we can look directly into the database. +dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals +objectClass: top +objectClass: secret +objectClass: kerberosSecret +realm: ${REALM} +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +servicePrincipalName: DNS/${DNSDOMAIN} +privateKeytab: ${DNS_KEYTAB} +secret: ${DNSPASS} + -- cgit From f681306335eaf6b33d6fcaa70ac29a8cf1f5889f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 29 Aug 2007 01:37:26 +0000 Subject: r24760: Ensure we base64 encode any password being put into LDIF, to avoid provision failures when some of the random password values are illigal LDIF. Andrew Bartlett (This used to be commit 876003f6c6466bfd37ec9b05c9a1f1cc83dd9898) --- source4/setup/provision_self_join.ldif | 2 +- source4/setup/provision_users.ldif | 6 +++--- source4/setup/secrets.ldif | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 25f9fab6d3..ff44a35f6d 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -13,7 +13,7 @@ operatingSystem: Samba operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} isCriticalSystemObject: TRUE -sambaPassword: ${MACHINEPASS} +sambaPassword:: ${MACHINEPASS_B64} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} servicePrincipalName: HOST/${DNSNAME}/${REALM} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 60a26c1ebf..f6fbb0bd52 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -13,7 +13,7 @@ adminCount: 1 accountExpires: -1 sAMAccountName: Administrator isCriticalSystemObject: TRUE -sambaPassword: ${ADMINPASS} +sambaPassword:: ${ADMINPASS_B64} dn: CN=Guest,CN=Users,${DOMAINDN} objectClass: user @@ -203,7 +203,7 @@ sAMAccountName: krbtgt sAMAccountType: 805306368 servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE -sambaPassword: ${KRBTGTPASS} +sambaPassword:: ${KRBTGTPASS_B64} dn: CN=dns,CN=Users,${DOMAINDN} objectClass: top @@ -219,7 +219,7 @@ sAMAccountName: dns sAMAccountType: 805306368 servicePrincipalName: DNS/${DNSDOMAIN} isCriticalSystemObject: TRUE -sambaPassword: ${DNSPASS} +sambaPassword:: ${DNSPASS_B64} dn: CN=Domain Computers,CN=Users,${DOMAINDN} objectClass: top diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 8c61c06a54..80015b4b41 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -14,7 +14,7 @@ objectClass: primaryDomain objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} -secret: ${MACHINEPASS} +secret:: ${MACHINEPASS_B64} secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ whenCreated: ${LDAPTIME} @@ -50,5 +50,5 @@ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} servicePrincipalName: DNS/${DNSDOMAIN} privateKeytab: ${DNS_KEYTAB} -secret: ${DNSPASS} +secret:: ${DNSPASS_B64} -- cgit From b4aa01dcd192491e2f5f0c9b28d446d7a668ee74 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 2 Sep 2007 23:28:00 +0000 Subject: r24909: Patch from Andrew Kroeger on the slow road to working GSS-TSIG DDNS. Andrew Bartlett (This used to be commit 99f832e7edcf940003fe9a2506622d991bc00f27) --- source4/setup/named.conf | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 2513632a47..6f97adf644 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -4,7 +4,7 @@ # #insert this into options {} -tkey-gssapi-credential "DNS/${DNSDOMAIN}" +tkey-gssapi-credential "DNS/${DNSDOMAIN}"; tkey-domain "${REALM}"; #the zone file @@ -19,9 +19,18 @@ zone "${DNSDOMAIN}." IN { }; # Also, you need to change your init scripts to set this environment variable -# for named: KRB_KTNAME so that it points to the keytab generated. +# for named: KRB5_KTNAME so that it points to the keytab generated. # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following -# line to the /etc/sysconfig/named file -# export KRB_KTNAME=/etc/named.keytab - -# *TODO*: generate and install a keytab file in /etc/named.keytab +# line to the /etc/sysconfig/named file: +# export KRB5_KTNAME=${DNS_KEYTAB} +# +# Please note that most distributions have BIND configured to run under +# a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as +# the user "named" once the daemon relinquishes its rights. Therefore, +# the file "dns.keytab" must be readable by the user that BIND run as. +# If BIND is running as a non-root user, the "dns.keytab" file must have its +# permissions altered to allow thge daemon to read it. In the FC6 +# example, execute the commands: +# +# chgrp named /usr/local/samba/private/dns.keytab +# chmod g+r /usr/local/samba/private/dns.keytab -- cgit From ced6fc995f3bc9b00770ff1002a57f20d6b3e109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 2 Sep 2007 23:42:40 +0000 Subject: r24911: Make better use of substituted variables in example named.conf Andrew Bartlett (This used to be commit 9f18a9711771a88be7c38bc26ae6e59fb98f93dd) --- source4/setup/named.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 6f97adf644..17beb7a2d7 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -22,15 +22,15 @@ zone "${DNSDOMAIN}." IN { # for named: KRB5_KTNAME so that it points to the keytab generated. # In RedHat derived systems such RHEL/CentOS/Fedora you can add the following # line to the /etc/sysconfig/named file: -# export KRB5_KTNAME=${DNS_KEYTAB} +# export KRB5_KTNAME=${DNS_KEYTAB_ABS} # # Please note that most distributions have BIND configured to run under # a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as # the user "named" once the daemon relinquishes its rights. Therefore, -# the file "dns.keytab" must be readable by the user that BIND run as. -# If BIND is running as a non-root user, the "dns.keytab" file must have its +# the file "${DNS_KEYTAB}" must be readable by the user that BIND run as. +# If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its # permissions altered to allow thge daemon to read it. In the FC6 # example, execute the commands: # -# chgrp named /usr/local/samba/private/dns.keytab -# chmod g+r /usr/local/samba/private/dns.keytab +# chgrp named ${DNS_KEYTAB_ABS} +# chmod g+r ${DNS_KEYTAB_ABS} -- cgit From d14a29fb74f2751142b3576a30ebdcd079268bc1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Sep 2007 02:48:50 +0000 Subject: r24913: Fix typo (This used to be commit 4634bb282bec35c75e74e47f5ce67835a3556b68) --- source4/setup/named.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 17beb7a2d7..bb9f421db0 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -29,7 +29,7 @@ zone "${DNSDOMAIN}." IN { # the user "named" once the daemon relinquishes its rights. Therefore, # the file "${DNS_KEYTAB}" must be readable by the user that BIND run as. # If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its -# permissions altered to allow thge daemon to read it. In the FC6 +# permissions altered to allow the daemon to read it. In the FC6 # example, execute the commands: # # chgrp named ${DNS_KEYTAB_ABS} -- cgit From 8294016a1b72770f5c322decda9b705ed90fd40d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Sep 2007 02:51:24 +0000 Subject: r24914: In response to bug #4892 by Matthias Wallnöfer , allow the objectclass module to reconstruct the objectclass hierarchy, rather than using templates. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The issue being fixed in particular is that 'top' was not being set on containers. This should ensure we do this right for all objects. Andrew Bartlett (This used to be commit d17a0058ba8492b8b3f81b6f10fc34b3e45bb8a6) --- source4/setup/provision_templates.ldif | 30 ------------------------------ 1 file changed, 30 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 914582eaf0..fa0718a0b7 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -12,11 +12,6 @@ isCriticalSystemObject: TRUE ### dn: CN=TemplateUser,CN=Templates -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: Template -objectClass: userTemplate userAccountControl: 514 badPwdCount: 0 codePage: 0 @@ -31,11 +26,6 @@ logonCount: 0 sAMAccountType: 805306368 dn: CN=TemplateComputer,CN=Templates -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: Template -objectClass: userTemplate userAccountControl: 4098 badPwdCount: 0 codePage: 0 @@ -50,9 +40,6 @@ logonCount: 0 sAMAccountType: 805306369 dn: CN=TemplateTrustingDomain,CN=Templates -objectClass: top -objectClass: Template -objectClass: userTemplate userAccountControl: 2080 badPwdCount: 0 codePage: 0 @@ -66,38 +53,21 @@ logonCount: 0 sAMAccountType: 805306370 dn: CN=TemplateGroup,CN=Templates -objectClass: top -objectClass: Template -objectClass: groupTemplate groupType: -2147483646 sAMAccountType: 268435456 # Currently this isn't used, we don't have a way to detect it different from an incoming alias # # dn: CN=TemplateAlias,CN=Templates -# objectClass: top -# objectClass: Template -# objectClass: aliasTemplate # cn: TemplateAlias # instanceType: 4 # groupType: -2147483644 # sAMAccountType: 268435456 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates -objectClass: top -objectClass: Template -objectClass: foreignSecurityPrincipalTemplate showInAdvancedViewOnly: TRUE dn: CN=TemplateSecret,CN=Templates -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: secretTemplate dn: CN=TemplateTrustedDomain,CN=Templates -objectClass: top -objectClass: leaf -objectClass: Template -objectClass: trustedDomainTemplate -- cgit From 09a5ef13844788926d4ad519f4fb15fa008e66d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 18 Sep 2007 02:43:56 +0000 Subject: r25203: Don't use subclasses in Samba4, as we always fill out the full objectClass list. Andrew Bartlett (This used to be commit e882dcb7aaa52843c656084c47c0b3c49557c22e) --- source4/setup/provision_init.ldif | 11 ----------- source4/setup/provision_partitions.ldif | 1 - 2 files changed, 12 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 12d71f9080..a69399c3e6 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -23,17 +23,6 @@ sAMAccountType: INTEGER systemFlags: INTEGER userAccountControl: INTEGER -dn: @SUBCLASSES -top: domain -top: person -top: group -domain: domainDNS -person: organizationalPerson -organizationalPerson: user -user: computer -template: userTemplate -template: groupTemplate - dn: @KLUDGEACL passwordAttribute: sambaPassword passwordAttribute: ntPwdHash diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index c6107c6502..f07ec680e0 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -2,7 +2,6 @@ dn: @PARTITION partition: ${SCHEMADN}:${SCHEMADN_LDB} partition: ${CONFIGDN}:${CONFIGDN_LDB} partition: ${DOMAINDN}:${DOMAINDN_LDB} -replicateEntries: @SUBCLASSES replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2} -- cgit From ee257e902ade941f734d5b647511d14e051ac0d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 22 Sep 2007 12:57:17 +0000 Subject: r25299: Modify the provision script to take an additional argument: --server-role This must be set to either 'domain controller', 'domain member' or 'standalone'. The default for the provision now changes to 'standalone'. This is not because Samba4 is particularlly useful in that mode, but because we still want a positive sign from the administrator that we should advertise as a DC. We now do more to ensure the 'standalone' and 'member server' provision output is reasonable, and try not to set odd things into the database that only belong for the DC. Andrew Bartlett (This used to be commit 4cc4ed7719aff712e735628410bd3813c7d6aa40) --- source4/setup/named.conf | 5 ++-- source4/setup/provision | 3 ++ source4/setup/provision.smb.conf | 13 --------- source4/setup/provision.smb.conf.dc | 13 +++++++++ source4/setup/provision.smb.conf.member | 5 ++++ source4/setup/provision.smb.conf.standlone | 5 ++++ source4/setup/provision_self_join.ldif | 18 ++++++++++++ source4/setup/provision_users.ldif | 16 ----------- source4/setup/secrets.ldif | 44 ------------------------------ source4/setup/secrets_dc.ldif | 44 ++++++++++++++++++++++++++++++ 10 files changed, 91 insertions(+), 75 deletions(-) delete mode 100644 source4/setup/provision.smb.conf create mode 100644 source4/setup/provision.smb.conf.dc create mode 100644 source4/setup/provision.smb.conf.member create mode 100644 source4/setup/provision.smb.conf.standlone create mode 100644 source4/setup/secrets_dc.ldif (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index bb9f421db0..025788093e 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -3,11 +3,12 @@ # the BIND nameserver. # -#insert this into options {} +# If you have a very recent BIND, supporting GSS-TSIG, +# insert this into options {} (otherwise omit, it is not required if we don't accept updates) tkey-gssapi-credential "DNS/${DNSDOMAIN}"; tkey-domain "${REALM}"; -#the zone file +# You should always include the actual zone configuration reference: zone "${DNSDOMAIN}." IN { type master; file "${DNSDOMAIN}.zone"; diff --git a/source4/setup/provision b/source4/setup/provision index f6b9cde188..b8f955dcf4 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -32,6 +32,7 @@ options = GetOptions(ARGV, 'users=s', 'quiet', 'blank', + 'server-role=s', 'partitions-only', 'ldap-base', 'ldap-backend=s', @@ -84,6 +85,7 @@ provision [options] --users GROUPNAME choose 'users' group --quiet Be quiet --blank do not add users or groups, just the structure + --server-role ROLE Set server role to provision for (default standalone) --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision @@ -112,6 +114,7 @@ if (options["realm"] == undefined || var lp = loadparm_init(); lp.set("realm", options.realm); lp.set("workgroup", options.domain); +lp.set("server role", options["server-role"]); lp.reload(); var subobj = provision_guess(); diff --git a/source4/setup/provision.smb.conf b/source4/setup/provision.smb.conf deleted file mode 100644 index fe08d7e3be..0000000000 --- a/source4/setup/provision.smb.conf +++ /dev/null @@ -1,13 +0,0 @@ -[globals] - netbios name = ${HOSTNAME} - workgroup = ${DOMAIN} - realm = ${REALM} - server role = domain controller - -[netlogon] - path = ${NETLOGONPATH} - read only = no - -[sysvol] - path = ${SYSVOLPATH} - read only = no diff --git a/source4/setup/provision.smb.conf.dc b/source4/setup/provision.smb.conf.dc new file mode 100644 index 0000000000..5b8e141cbf --- /dev/null +++ b/source4/setup/provision.smb.conf.dc @@ -0,0 +1,13 @@ +[globals] + netbios name = ${HOSTNAME} + workgroup = ${DOMAIN_CONF} + realm = ${REALM_CONF} + server role = ${SERVERROLE} + +[netlogon] + path = ${NETLOGONPATH} + read only = no + +[sysvol] + path = ${SYSVOLPATH} + read only = no diff --git a/source4/setup/provision.smb.conf.member b/source4/setup/provision.smb.conf.member new file mode 100644 index 0000000000..bc37d4f3d3 --- /dev/null +++ b/source4/setup/provision.smb.conf.member @@ -0,0 +1,5 @@ +[globals] + netbios name = ${HOSTNAME} + workgroup = ${DOMAIN_CONF} + realm = ${REALM_CONF} + server role = ${SERVERROLE} diff --git a/source4/setup/provision.smb.conf.standlone b/source4/setup/provision.smb.conf.standlone new file mode 100644 index 0000000000..bc37d4f3d3 --- /dev/null +++ b/source4/setup/provision.smb.conf.standlone @@ -0,0 +1,5 @@ +[globals] + netbios name = ${HOSTNAME} + workgroup = ${DOMAIN_CONF} + realm = ${REALM_CONF} + server role = ${SERVERROLE} diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index ff44a35f6d..dca7b7c93e 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -21,3 +21,21 @@ servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} ${HOSTGUID_ADD} + +#Provide a account for DNS keytab export +dn: CN=dns,CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: dns +description: DNS Service Account +showInAdvancedViewOnly: TRUE +userAccountControl: 514 +accountExpires: 9223372036854775807 +sAMAccountName: dns +sAMAccountType: 805306368 +servicePrincipalName: DNS/${DNSDOMAIN} +isCriticalSystemObject: TRUE +sambaPassword:: ${DNSPASS_B64} + diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index f6fbb0bd52..030fe5d742 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -205,22 +205,6 @@ servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE sambaPassword:: ${KRBTGTPASS_B64} -dn: CN=dns,CN=Users,${DOMAINDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: dns -description: DNS Service Account -showInAdvancedViewOnly: TRUE -userAccountControl: 514 -accountExpires: 9223372036854775807 -sAMAccountName: dns -sAMAccountType: 805306368 -servicePrincipalName: DNS/${DNSDOMAIN} -isCriticalSystemObject: TRUE -sambaPassword:: ${DNSPASS_B64} - dn: CN=Domain Computers,CN=Users,${DOMAINDN} objectClass: top objectClass: group diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 80015b4b41..95cbe20e5f 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -8,47 +8,3 @@ objectClass: top objectClass: container cn: Primary Domains -dn: flatname=${DOMAIN},CN=Primary Domains -objectClass: top -objectClass: primaryDomain -objectClass: kerberosSecret -flatname: ${DOMAIN} -realm: ${REALM} -secret:: ${MACHINEPASS_B64} -secureChannelType: 6 -sAMAccountName: ${NETBIOSNAME}$ -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -msDS-KeyVersionNumber: 1 -objectSid: ${DOMAINSID} -privateKeytab: ${SECRETS_KEYTAB} - -# A hook from our credentials system into HDB, as we must be on a KDC, -# we can look directly into the database. -dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals -objectClass: top -objectClass: secret -objectClass: kerberosSecret -flatname: ${DOMAIN} -realm: ${REALM} -sAMAccountName: krbtgt -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -objectSid: ${DOMAINSID} -servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:${SAM_LDB}: -#The trailing : here is a HACK, but it matches the Heimdal format. - -# A hook from our credentials system into HDB, as we must be on a KDC, -# we can look directly into the database. -dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals -objectClass: top -objectClass: secret -objectClass: kerberosSecret -realm: ${REALM} -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} -servicePrincipalName: DNS/${DNSDOMAIN} -privateKeytab: ${DNS_KEYTAB} -secret:: ${DNSPASS_B64} - diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif new file mode 100644 index 0000000000..64469352bb --- /dev/null +++ b/source4/setup/secrets_dc.ldif @@ -0,0 +1,44 @@ +dn: flatname=${DOMAIN},CN=Primary Domains +objectClass: top +objectClass: primaryDomain +objectClass: kerberosSecret +flatname: ${DOMAIN} +realm: ${REALM} +secret:: ${MACHINEPASS_B64} +secureChannelType: 6 +sAMAccountName: ${NETBIOSNAME}$ +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +msDS-KeyVersionNumber: 1 +objectSid: ${DOMAINSID} +privateKeytab: ${SECRETS_KEYTAB} + +# A hook from our credentials system into HDB, as we must be on a KDC, +# we can look directly into the database. +dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals +objectClass: top +objectClass: secret +objectClass: kerberosSecret +flatname: ${DOMAIN} +realm: ${REALM} +sAMAccountName: krbtgt +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +objectSid: ${DOMAINSID} +servicePrincipalName: kadmin/changepw +krb5Keytab: HDB:ldb:${SAM_LDB}: +#The trailing : here is a HACK, but it matches the Heimdal format. + +# A hook from our credentials system into HDB, as we must be on a KDC, +# we can look directly into the database. +dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals +objectClass: top +objectClass: secret +objectClass: kerberosSecret +realm: ${REALM} +whenCreated: ${LDAPTIME} +whenChanged: ${LDAPTIME} +servicePrincipalName: DNS/${DNSDOMAIN} +privateKeytab: ${DNS_KEYTAB} +secret:: ${DNSPASS_B64} + -- cgit From e12730322c242dc7bd05402289a63c455a0a9bae Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Sep 2007 09:34:54 +0000 Subject: r25303: Print out the options the provision script generated. This should help users produce predictable setups. Andrew Bartlett (This used to be commit 9789bd3c0a3f75f19fa523b251736cf6cdc157ce) --- source4/setup/provision | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index b8f955dcf4..b204fc9e51 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -14,7 +14,6 @@ options = GetOptions(ARGV, 'realm=s', 'domain=s', 'domain-guid=s', - 'domain-guid=s', 'domain-sid=s', 'policy-guid=s', 'host-name=s', @@ -169,6 +168,18 @@ if (ldapbase) { } else { provision(subobj, message, blank, paths, system_session, creds, ldapbackend); provision_dns(subobj, message, paths, system_session, creds); + message("To reproduce this provision, run with:\n"); + message("--realm='" + subobj.REALM_CONF + "' --domain='" + subobj.DOMAIN_CONF + "' --domain-guid='" + subobj.DOMAINGUID + "' \\\n"); + message("--policy-guid='" + subobj.POLICYGUID + "' --host-name='" + subobj.HOSTNAME + "' --host-ip='" + subobj.HOSTIP + "' \\\n"); + message("--host-guid='" + subobj.HOSTGUID + "' --invocationid='" + subobj.INVOCATIONID + "' \\\n"); + message("--adminpass='" + subobj.ADMINPASS + "' --krbtgtpass='" + subobj.KRBTGTPASS + "' \\\n"); + message("--machinepass='" + subobj.MACHINEPASS + "' --dnspass='" + subobj.DNSPASS + "' \\\n"); + message("--root='" + subobj.ROOT + "' --nobody='" + subobj.NOBODY + "' --nogroup-'" + subobj.NOGROUP + "' \\\n"); + message("--wheel='" + subobj.WHEEL + "' --users='" + subobj.USERS + "' --server-role='" + subobj.SERVERROLE + "' \\\n"); + message("--ldap-backend='" + subobj.LDAPBACKEND + "' --ldap-mdoule='" + subobj.LDAPMODULE + "' \\\n"); + message("--aci='" + subobj.ACI + "' \\\n") } + + message("All OK\n"); return 0; -- cgit From 2606996653a1bd6d0bb7efc1c5c00afb554e0630 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Sep 2007 17:43:15 +0000 Subject: r25354: Thanks to Amin Azez for finally getting me to fix a provision without an smb.conf already setup. Andrew Bartlett (This used to be commit a00044d2294b482ea83e9d7392eb8113a9c94b6e) --- source4/setup/provision.smb.conf.standalone | 5 +++++ source4/setup/provision.smb.conf.standlone | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) create mode 100644 source4/setup/provision.smb.conf.standalone delete mode 100644 source4/setup/provision.smb.conf.standlone (limited to 'source4/setup') diff --git a/source4/setup/provision.smb.conf.standalone b/source4/setup/provision.smb.conf.standalone new file mode 100644 index 0000000000..bc37d4f3d3 --- /dev/null +++ b/source4/setup/provision.smb.conf.standalone @@ -0,0 +1,5 @@ +[globals] + netbios name = ${HOSTNAME} + workgroup = ${DOMAIN_CONF} + realm = ${REALM_CONF} + server role = ${SERVERROLE} diff --git a/source4/setup/provision.smb.conf.standlone b/source4/setup/provision.smb.conf.standlone deleted file mode 100644 index bc37d4f3d3..0000000000 --- a/source4/setup/provision.smb.conf.standlone +++ /dev/null @@ -1,5 +0,0 @@ -[globals] - netbios name = ${HOSTNAME} - workgroup = ${DOMAIN_CONF} - realm = ${REALM_CONF} - server role = ${SERVERROLE} -- cgit From b6678a276cdf0dde4848175d165b7ca62f73bce5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 1 Oct 2007 21:07:07 +0000 Subject: r25450: Make it easier to test with a particular version of OpenLDAP, by setting OPENLDAP_PATH, move to using hdb as the backend (allows subtree renames), and re-enable the --quiet option. Andrew Bartlett (This used to be commit a186a0fa68cdcfb3abd430534657e5e278a5ebda) --- source4/setup/slapd.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 34896d04b9..15e3610e3a 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -21,7 +21,7 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} -backend bdb +backend hdb database bdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema @@ -32,7 +32,7 @@ index objectCategory eq index lDAPDisplayName eq index subClassOf eq -database bdb +database hdb suffix ${CONFIGDN} directory ${LDAPDIR}/db/config index objectClass eq @@ -45,7 +45,7 @@ index subClassOf eq index dnsRoot eq index nETBIOSName eq pres -database bdb +database hdb suffix ${DOMAINDN} rootdn ${LDAPMANAGERDN} rootpw ${LDAPMANAGERPASS} -- cgit From 43890c4c58d6323697d8005911e9f3c91bbd4055 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 1 Oct 2007 21:08:06 +0000 Subject: r25451: Rework the display of provision options to use printf syntax, and avoid %s in the substituted strings from becoming a problem. Andrew Bartlett (This used to be commit 3c4f107239eb6b2f4022a4eac06c5dd3ace71174) --- source4/setup/provision | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index b204fc9e51..bf03026987 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -88,8 +88,8 @@ provision [options] --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision - --ldap-module= MODULE LDB mapping module to use for the LDAP backend - --aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server + --ldap-module MODULE LDB mapping module to use for the LDAP backend + --aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server You must provide at least a realm and domain "); @@ -169,14 +169,26 @@ if (ldapbase) { provision(subobj, message, blank, paths, system_session, creds, ldapbackend); provision_dns(subobj, message, paths, system_session, creds); message("To reproduce this provision, run with:\n"); - message("--realm='" + subobj.REALM_CONF + "' --domain='" + subobj.DOMAIN_CONF + "' --domain-guid='" + subobj.DOMAINGUID + "' \\\n"); - message("--policy-guid='" + subobj.POLICYGUID + "' --host-name='" + subobj.HOSTNAME + "' --host-ip='" + subobj.HOSTIP + "' \\\n"); - message("--host-guid='" + subobj.HOSTGUID + "' --invocationid='" + subobj.INVOCATIONID + "' \\\n"); - message("--adminpass='" + subobj.ADMINPASS + "' --krbtgtpass='" + subobj.KRBTGTPASS + "' \\\n"); - message("--machinepass='" + subobj.MACHINEPASS + "' --dnspass='" + subobj.DNSPASS + "' \\\n"); - message("--root='" + subobj.ROOT + "' --nobody='" + subobj.NOBODY + "' --nogroup-'" + subobj.NOGROUP + "' \\\n"); - message("--wheel='" + subobj.WHEEL + "' --users='" + subobj.USERS + "' --server-role='" + subobj.SERVERROLE + "' \\\n"); - message("--ldap-backend='" + subobj.LDAPBACKEND + "' --ldap-mdoule='" + subobj.LDAPMODULE + "' \\\n"); +/* There has to be a better way than this... */ + message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF); + if (subobj.DOMAINGUID != undefined) { + message("--domain-guid='%s' \\\n", subobj.DOMAINGUID); + } + if (subobj.HOSTGUID != undefined) { + message("--host-guid='%s' \\\n", subobj.HOSTGUID); + } + message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP); + message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); + message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); + message("--root='%s' --nobody='%s' --nogroup-'%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); + message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE); + if (ldapbackend) { + message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); + } + if (ldapmodule) { + message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE); + } message("--aci='" + subobj.ACI + "' \\\n") } -- cgit From 999d47e41e661d2a35d394000d516caa76a89779 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 1 Oct 2007 21:08:53 +0000 Subject: r25452: Move the creation of the server entry to the self join, as this makes no sense on a member server. Andrew Bartlett (This used to be commit 70467fa4c5d25b83c48dbbeb8236d5acb4550e77) --- source4/setup/provision_configuration.ldif | 23 ----------------------- source4/setup/provision_self_join.ldif | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+), 23 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 0e6ee4d845..050f110d9a 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -66,29 +66,6 @@ instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 -dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -objectClass: top -objectClass: server -cn: ${NETBIOSNAME} -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 1375731712 -dNSHostName: ${DNSNAME} -serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} - -dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -objectClass: top -objectClass: applicationSettings -objectClass: nTDSDSA -cn: NTDS Settings -options: 1 -instanceType: 4 -showInAdvancedViewOnly: TRUE -systemFlags: 33554432 -dMDLocation: ${SCHEMADN} -invocationId: ${INVOCATIONID} -msDS-Behavior-Version: 2 - dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index dca7b7c93e..8c6959dbaa 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -39,3 +39,26 @@ servicePrincipalName: DNS/${DNSDOMAIN} isCriticalSystemObject: TRUE sambaPassword:: ${DNSPASS_B64} +dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +objectClass: top +objectClass: server +cn: ${NETBIOSNAME} +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 1375731712 +dNSHostName: ${DNSNAME} +serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} + +dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +objectClass: top +objectClass: applicationSettings +objectClass: nTDSDSA +cn: NTDS Settings +options: 1 +instanceType: 4 +showInAdvancedViewOnly: TRUE +systemFlags: 33554432 +dMDLocation: ${SCHEMADN} +invocationId: ${INVOCATIONID} +msDS-Behavior-Version: 2 + -- cgit From 5c4a4b45667a714cb1154f20eccb56d00c1163a7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 10 Oct 2007 23:25:22 +0200 Subject: r25616: Fedora DS now has a way to install the schema and extra configuration as part of the setup inf file. Andrew Bartlett (This used to be commit 6c8987464e198430885b9e71b54fed6758886fdd) --- source4/setup/fedorads.inf | 4 +++- source4/setup/provision-backend | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index 8aed0338fb..fe51d01db1 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -24,4 +24,6 @@ ldif_dir= ${LDAPDIR}/slapd-samba4/ldif cert_dir= ${LDAPDIR}/slapd-samba4 start_server= 0 -install_full_schema= 0 \ No newline at end of file +install_full_schema= 0 +SchemaFile=${LDAPDIR}/99_ad.ldif +ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 208869c930..b713595a7e 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -97,11 +97,11 @@ sys.mkdir(subobj.LDAPDIR, 0700); provision_schema(subobj, message, tmp_schema_ldb, paths); var mapping; -var ext; +var backend_schema; var slapd_command; if (options["ldap-backend-type"] == "fedora-ds") { mapping = "schema-map-fedora-ds-1.0"; - ext = "ldif"; + backend_schema = "backend-schema.ldif"; if (options["ldap-backend-port"] != undefined) { message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; @@ -116,7 +116,7 @@ if (options["ldap-backend-type"] == "fedora-ds") { } else if (options["ldap-backend-type"] == "openldap") { provision_ldapbase(subobj, message, paths); mapping = "schema-map-openldap-2.3"; - ext = "schema"; + backend_schema = "99_ad.ldif"; setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); sys.mkdir(subobj.LDAPDIR + "/db", 0700); @@ -142,7 +142,7 @@ if (options["ldap-backend-type"] == "fedora-ds") { slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; } } -var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/backend-schema." + ext; +var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; message("\nCreate a suitable schema file with:\n%s\n", schema_command); message("\nStart slapd with: \n%s\n", slapd_command); -- cgit From 7c721a1f49d576e0a47c35e465206ade1c05d5a9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Oct 2007 10:54:06 +0100 Subject: r25747: Implement linked attributes, for add operations. Much more work is still required here, particularly to handle this better during the provision, and to handle modifies and deletes, but this is a start. Andrew Bartlett (This used to be commit 2ba99d58e9fe1f8e4b15a58a2fdfce6e876f99b4) --- source4/setup/provision_users.ldif | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 030fe5d742..95c28f92d8 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -2,11 +2,6 @@ dn: CN=Administrator,CN=Users,${DOMAINDN} objectClass: user cn: Administrator description: Built-in account for administering the computer/domain -memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} -memberOf: CN=Domain Admins,CN=Users,${DOMAINDN} -memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN} -memberOf: CN=Schema Admins,CN=Users,${DOMAINDN} -memberOf: CN=Administrators,CN=Builtin,${DOMAINDN} userAccountControl: 66048 objectSid: ${DOMAINSID}-500 adminCount: 1 @@ -19,7 +14,6 @@ dn: CN=Guest,CN=Users,${DOMAINDN} objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain -memberOf: CN=Guests,CN=Builtin,${DOMAINDN} userAccountControl: 66082 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 @@ -241,7 +235,6 @@ objectClass: group cn: Enterprise Admins description: Designated administrators of the enterprise member: CN=Administrator,CN=Users,${DOMAINDN} -memberOf: CN=Administrators,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-519 adminCount: 1 sAMAccountName: Enterprise Admins @@ -264,7 +257,6 @@ objectClass: group cn: Domain Admins description: Designated administrators of the domain member: CN=Administrator,CN=Users,${DOMAINDN} -memberOf: CN=Administrators,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-512 adminCount: 1 sAMAccountName: Domain Admins @@ -275,7 +267,6 @@ objectClass: top objectClass: group cn: Domain Users description: All domain users -memberOf: CN=Users,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-513 sAMAccountName: Domain Users isCriticalSystemObject: TRUE @@ -285,7 +276,6 @@ objectClass: top objectClass: group cn: Domain Guests description: All domain guests -memberOf: CN=Guests,CN=Builtin,${DOMAINDN} objectSid: ${DOMAINSID}-514 sAMAccountName: Domain Guests isCriticalSystemObject: TRUE -- cgit From 47f6988c6d51d245ecacf2ab5c638382a7fdaeb5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Oct 2007 21:01:07 +0100 Subject: r25753: Move cn=rootdse to @ROOTDSE to avoid being caught up in schema restrictions. Andrew Bartlett (This used to be commit f3390c9054244c0e4381007b36bbac9a17800570) --- source4/setup/provision_rootdse_add.ldif | 2 +- source4/setup/provision_rootdse_modify.ldif | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif index 63abf64e89..9f19796ec6 100644 --- a/source4/setup/provision_rootdse_add.ldif +++ b/source4/setup/provision_rootdse_add.ldif @@ -1,5 +1,5 @@ # the rootDSE module looks in this record for its base data -dn: cn=ROOTDSE +dn: @ROOTDSE subschemaSubentry: CN=Aggregate,${SCHEMADN} dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} defaultNamingContext: ${DOMAINDN} diff --git a/source4/setup/provision_rootdse_modify.ldif b/source4/setup/provision_rootdse_modify.ldif index 5ccda79b7a..1f950171a2 100644 --- a/source4/setup/provision_rootdse_modify.ldif +++ b/source4/setup/provision_rootdse_modify.ldif @@ -1,5 +1,5 @@ # mark the database as syncronized -dn: cn=ROOTDSE +dn: @ROOTDSE changetype: modify replace: isSynchronized isSynchronized: TRUE -- cgit From 27c9f6c235c3c625f4c4e60a73d8f2e86bd4a186 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Nov 2007 05:35:16 +0100 Subject: r25891: Test that we get the correct return value when we attempt to reference invalid entries with a linked attribute. Make Samba4 pass that test, by fixing a silly bug in the linked_attributes module. (By passing down the 'original' request structure, tdb would override our handle, and therefore we would never be called for the 'wait', which collects the errors). Fix up the provision templates to handle the newly required referential integrity. Andrew Bartlett (This used to be commit 0377d85bbdcb2c4f110b0519005f0d1d10bc0c0b) --- source4/setup/provision_users.ldif | 242 ++++++++++++++++++------------------- 1 file changed, 121 insertions(+), 121 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 95c28f92d8..7c1a438d8e 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -20,6 +20,127 @@ objectSid: ${DOMAINSID}-501 sAMAccountName: Guest isCriticalSystemObject: TRUE +dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Enterprise Admins +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +isCriticalSystemObject: TRUE + +dn: CN=krbtgt,CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: krbtgt +description: Key Distribution Center Service Account +showInAdvancedViewOnly: TRUE +userAccountControl: 514 +objectSid: ${DOMAINSID}-502 +adminCount: 1 +accountExpires: 9223372036854775807 +sAMAccountName: krbtgt +sAMAccountType: 805306368 +servicePrincipalName: kadmin/changepw +isCriticalSystemObject: TRUE +sambaPassword:: ${KRBTGTPASS_B64} + +dn: CN=Domain Computers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Computers +description: All workstations and servers joined to the domain +objectSid: ${DOMAINSID}-515 +sAMAccountName: Domain Computers +isCriticalSystemObject: TRUE + +dn: CN=Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Controllers +description: All domain controllers in the domain +objectSid: ${DOMAINSID}-516 +adminCount: 1 +sAMAccountName: Domain Controllers +isCriticalSystemObject: TRUE + +dn: CN=Schema Admins,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Schema Admins +description: Designated administrators of the schema +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-518 +adminCount: 1 +sAMAccountName: Schema Admins +isCriticalSystemObject: TRUE + +dn: CN=Cert Publishers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Cert Publishers +description: Members of this group are permitted to publish certificates to the Active Directory +groupType: 2147483652 +sAMAccountType: 536870912 +objectSid: ${DOMAINSID}-517 +sAMAccountName: Cert Publishers +isCriticalSystemObject: TRUE + +dn: CN=Domain Admins,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Admins +description: Designated administrators of the domain +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-512 +adminCount: 1 +sAMAccountName: Domain Admins +isCriticalSystemObject: TRUE + +dn: CN=Domain Users,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Users +description: All domain users +objectSid: ${DOMAINSID}-513 +sAMAccountName: Domain Users +isCriticalSystemObject: TRUE + +dn: CN=Domain Guests,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Guests +description: All domain guests +objectSid: ${DOMAINSID}-514 +sAMAccountName: Domain Guests +isCriticalSystemObject: TRUE + +dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Group Policy Creator Owners +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-520 +sAMAccountName: Group Policy Creator Owners +isCriticalSystemObject: TRUE + +dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: RAS and IAS Servers +description: Servers in this group can access remote access properties of users +instanceType: 4 +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers +sAMAccountType: 536870912 +groupType: 2147483652 +isCriticalSystemObject: TRUE + dn: CN=Administrators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group @@ -181,127 +302,6 @@ systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE -dn: CN=krbtgt,CN=Users,${DOMAINDN} -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: user -cn: krbtgt -description: Key Distribution Center Service Account -showInAdvancedViewOnly: TRUE -userAccountControl: 514 -objectSid: ${DOMAINSID}-502 -adminCount: 1 -accountExpires: 9223372036854775807 -sAMAccountName: krbtgt -sAMAccountType: 805306368 -servicePrincipalName: kadmin/changepw -isCriticalSystemObject: TRUE -sambaPassword:: ${KRBTGTPASS_B64} - -dn: CN=Domain Computers,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Domain Computers -description: All workstations and servers joined to the domain -objectSid: ${DOMAINSID}-515 -sAMAccountName: Domain Computers -isCriticalSystemObject: TRUE - -dn: CN=Domain Controllers,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Domain Controllers -description: All domain controllers in the domain -objectSid: ${DOMAINSID}-516 -adminCount: 1 -sAMAccountName: Domain Controllers -isCriticalSystemObject: TRUE - -dn: CN=Schema Admins,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Schema Admins -description: Designated administrators of the schema -member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-518 -adminCount: 1 -sAMAccountName: Schema Admins -isCriticalSystemObject: TRUE - -dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Enterprise Admins -description: Designated administrators of the enterprise -member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-519 -adminCount: 1 -sAMAccountName: Enterprise Admins -isCriticalSystemObject: TRUE - -dn: CN=Cert Publishers,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Cert Publishers -description: Members of this group are permitted to publish certificates to the Active Directory -groupType: 2147483652 -sAMAccountType: 536870912 -objectSid: ${DOMAINSID}-517 -sAMAccountName: Cert Publishers -isCriticalSystemObject: TRUE - -dn: CN=Domain Admins,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Domain Admins -description: Designated administrators of the domain -member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-512 -adminCount: 1 -sAMAccountName: Domain Admins -isCriticalSystemObject: TRUE - -dn: CN=Domain Users,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Domain Users -description: All domain users -objectSid: ${DOMAINSID}-513 -sAMAccountName: Domain Users -isCriticalSystemObject: TRUE - -dn: CN=Domain Guests,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Domain Guests -description: All domain guests -objectSid: ${DOMAINSID}-514 -sAMAccountName: Domain Guests -isCriticalSystemObject: TRUE - -dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: Group Policy Creator Owners -description: Members in this group can modify group policy for the domain -member: CN=Administrator,CN=Users,${DOMAINDN} -objectSid: ${DOMAINSID}-520 -sAMAccountName: Group Policy Creator Owners -isCriticalSystemObject: TRUE - -dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} -objectClass: top -objectClass: group -cn: RAS and IAS Servers -description: Servers in this group can access remote access properties of users -instanceType: 4 -objectSid: ${DOMAINSID}-553 -sAMAccountName: RAS and IAS Servers -sAMAccountType: 536870912 -groupType: 2147483652 -isCriticalSystemObject: TRUE - dn: CN=Server Operators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -- cgit From 716391f10679e82835f42490e1d8a69af2acad82 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 10 Nov 2007 05:31:26 +0100 Subject: r25921: Now also listen on ldapi by default in the LDAP server Create a phpLDAPadmin configuration file example to use ldapi to talk to Samba4 Andrew Bartlett (This used to be commit 54f4c8ba6127757fd272bd97e301188eb69977ed) --- source4/setup/phpldapadmin-config.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 source4/setup/phpldapadmin-config.php (limited to 'source4/setup') diff --git a/source4/setup/phpldapadmin-config.php b/source4/setup/phpldapadmin-config.php new file mode 100644 index 0000000000..5a4c2d7a6b --- /dev/null +++ b/source4/setup/phpldapadmin-config.php @@ -0,0 +1,28 @@ +SetValue($i,'server','name','Samba4 LDAP Server'); +$ldapservers->SetValue($i,'server','host','${S4_LDAPI_URI}'); +$ldapservers->SetValue($i,'server','auth_type','session'); +$ldapservers->SetValue($i,'login','attr','dn'); +?> -- cgit From 3f2ca10d2d86f0cd64822f9e5f95633f41263237 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Nov 2007 22:38:55 +0100 Subject: r25940: Rework the samldb and templates handling. Templates just don't belong in the sam.ldb, as they don't obey any of the other rules. This moves them to a seperate templates.ldb. In samldb, this patch reworks the duplicate SID and Name detection code, to use ldb_search_exp_fmt() rather than gendb_search. This returns far more useful errors, which we now handle and report better. The call to samdb_search_for_parent_domain() has been moved in samldb, to allow both the account and SID uniqueness checks to be in the same domain. This function also returns better errors. dcesrv_drsuapi.c is updated for the new prototype of samdb_search_for_parent_domain() Andrew Bartlett (This used to be commit f1ab90c88c782c693b41795d70368650806543b5) --- source4/setup/provision_templates.ldif | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index fa0718a0b7..8797efaf98 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -1,15 +1,21 @@ +### +# Templates to be put in templates.ldb. Not part of main samdb any more. +### + +dn: @OPTIONS +checkBaseOnSearch: TRUE + +dn: @INDEXLIST +@IDXATTR: cn + +dn: @ATTRIBUTES +cn: CASE_INSENSITIVE +dn: CASE_INSENSITIVE + dn: CN=Templates objectClass: top objectClass: container description: Container for SAM account templates -showInAdvancedViewOnly: TRUE -systemFlags: 2348810240 -isCriticalSystemObject: TRUE - -### -# note! the template users must not match normal searches. Be careful -# with what classes you put them in -### dn: CN=TemplateUser,CN=Templates userAccountControl: 514 -- cgit From bd6a651b38446512af4982a376ddead658b6ee74 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Nov 2007 02:45:31 +0100 Subject: r25960: Enable checks on the validity of the search base on sam.ldb in Samba4. Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this error is now correctly emited from ldb. Andrew Bartlett (This used to be commit ed57862b90812e5a38ca81935b131338112fb19f) --- source4/setup/provision_init.ldif | 3 +++ source4/setup/provision_partitions.ldif | 1 + 2 files changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index a69399c3e6..c922fa0bd2 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -23,6 +23,9 @@ sAMAccountType: INTEGER systemFlags: INTEGER userAccountControl: INTEGER +dn: @OPTIONS +checkBaseOnSearch: TRUE + dn: @KLUDGEACL passwordAttribute: sambaPassword passwordAttribute: ntPwdHash diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index f07ec680e0..674e16713d 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -4,6 +4,7 @@ partition: ${CONFIGDN}:${CONFIGDN_LDB} partition: ${DOMAINDN}:${DOMAINDN_LDB} replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST +replicateEntries: @OPTIONS modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2} modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2} modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2} -- cgit From adef944c4314daded57d21b8f1dd2a1b8156740e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 27 Nov 2007 02:26:47 +0100 Subject: r26137: Rename the entryUUID module to better match it's purpose: being a simple ldap mapping (a complex mapping will follow). Fix the module to handle 'name' better, rather than using the 'name' attribute built into OpenLDAP, rename to samba4RDN. We need to see if this can be handled in the backend. Also rename the functions and inernal module name to entryuuid for consistancy. Andrew Bartlett (This used to be commit a7be80766f4270d63433bbd6a976ebf302ed3433) --- source4/setup/provision | 2 +- source4/setup/schema-map-openldap-2.3 | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index bf03026987..010f7e7708 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -141,7 +141,7 @@ if (ldapbackend) { subobj.LDAPBACKEND = subobj.LDAPI_URI; } if (!ldapmodule) { - subobj.LDAPMODULE = "entryUUID"; + subobj.LDAPMODULE = "entryuuid"; } subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index 44fc3de6df..3bbd6d9e57 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -1,5 +1,4 @@ #Standard OpenLDAP attributes -name labeledURI createTimeStamp objectClass @@ -23,6 +22,8 @@ objectClasses:samba4ObjectClasses 2.5.21.6:1.3.6.1.4.1.7165.4.255.5 subSchema:samba4SubSchema 2.5.20.1:1.3.6.1.4.1.7165.4.255.4 +#'name' is the RDN in AD, but something else in OpenLDAP +name:samba4RDN #Remap these so that we don't put operational attributes in a schema MAY modifyTimeStamp:samba4ModifyTimestamp 2.5.18.2:1.3.6.1.4.1.7165.4.255.3 -- cgit From a2a4aba5fd7a2ec0a7131f32c8bccd5dbe04e1f1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Dec 2007 05:51:04 +0100 Subject: r26245: Make it easier to handle the LDAP backend, with it's differing needs, by seperating the modules list into parts. That way, we can remove the modules that the backend will provide. Andrew Bartlett (This used to be commit d67e5c7896f6d3064298897ae4d3204498824b06) --- source4/setup/provision | 1 + source4/setup/provision_partitions.ldif | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 010f7e7708..9d818fdc18 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -142,6 +142,7 @@ if (ldapbackend) { } if (!ldapmodule) { subobj.LDAPMODULE = "entryuuid"; + subobj.TDB_MODULES_LIST = ""; } subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index 674e16713d..fb8bc7f595 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -10,4 +10,4 @@ modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2} modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2} dn: @MODULES -@LIST: ${MODULES_LIST} +@LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2} -- cgit From f5860b5a853c40c9e48f5bb0a87c086d268c53bd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 5 Dec 2007 00:40:48 +0100 Subject: r26298: Use metze's schema loading code to pre-initialise the schema into the samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1) --- source4/setup/provision_basedn_modify.ldif | 8 ------- .../provision_configuration_basedn_modify.ldif | 6 ----- source4/setup/provision_schema_basedn_modify.ldif | 9 -------- source4/setup/provision_self_join.ldif | 7 +++++- source4/setup/schema_samba4.ldif | 27 ++++++++++++---------- 5 files changed, 21 insertions(+), 36 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 286ecdd49c..fa990599d9 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -3,8 +3,6 @@ ############################### dn: ${DOMAINDN} changetype: modify -replace: dnsDomain -dnsDomain: ${DNSDOMAIN} - replace: dc dc: ${RDN_DC} @@ -79,12 +77,6 @@ replace: subRefs subRefs: ${CONFIGDN} subRefs: ${SCHEMADN} - -replace: masteredBy -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- -replace: msDs-masteredBy -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- replace: gPLink gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2] - diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif index 897499b163..46ba4e9649 100644 --- a/source4/setup/provision_configuration_basedn_modify.ldif +++ b/source4/setup/provision_configuration_basedn_modify.ldif @@ -14,9 +14,3 @@ objectCategory: CN=Configuration,${SCHEMADN} - replace: subRefs subRefs: ${SCHEMADN} -- -replace: masteredBy -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- -replace: msDs-masteredBy -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index a222a654f7..92c5cf1ace 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -9,15 +9,6 @@ instanceType: 13 replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - -replace: objectCategory -objectCategory: CN=DMD,${SCHEMADN} -- -replace: masteredBy -masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- -replace: msDs-masteredBy -msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} -- replace: fSMORoleOwner fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 8c6959dbaa..06230e8d00 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -61,4 +61,9 @@ systemFlags: 33554432 dMDLocation: ${SCHEMADN} invocationId: ${INVOCATIONID} msDS-Behavior-Version: 2 - +msDS-hasMasterNCs: ${CONFIGDN} +msDS-hasMasterNCs: ${SCHEMADN} +msDS-hasMasterNCs: ${DOMAINDN} +hasMasterNCs: ${CONFIGDN} +hasMasterNCs: ${SCHEMADN} +hasMasterNCs: ${DOMAINDN} diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 2967261758..a9f79f1635 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -96,18 +96,21 @@ attributeID: 1.3.6.1.4.1.7165.4.1.5 attributeSyntax: 2.5.5.5 oMSyntax: 22 -dn: cn=dnsDomain,${SCHEMADN} -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: dnsDomain -isSingleValued: FALSE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 -adminDisplayName: DNS-Domain -attributeID: 1.3.6.1.4.1.7165.4.1.6 -attributeSyntax: 2.5.5.4 -oMSyntax: 20 +# +# Not used anymore +# +#dn: cn=dnsDomain,${SCHEMADN} +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: dnsDomain +#isSingleValued: FALSE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018 +#adminDisplayName: DNS-Domain +#attributeID: 1.3.6.1.4.1.7165.4.1.6 +#attributeSyntax: 2.5.5.4 +#oMSyntax: 20 dn: cn=privilege,${SCHEMADN} objectClass: top -- cgit From 8edcbc847452b8e95c99427f94dde1fa968089a6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 5 Dec 2007 04:26:28 +0100 Subject: r26305: Update template files and testsuite to try and work with current openldap, and fully support different LDAP server locations. Andrew Bartlett (This used to be commit a00bb942537f0f638c2a8295770749cb4b5d9ef3) --- source4/setup/schema-map-openldap-2.3 | 1 + source4/setup/slapd.conf | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index 3bbd6d9e57..0bce95afba 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -11,6 +11,7 @@ distinguishedName description cn top +memberOf #This shouldn't make it to the ldap server sambaPassword #These conflict with OpenLDAP builtins diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 15e3610e3a..0fd018e943 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -40,10 +40,10 @@ index samAccountName eq index name eq index objectSid eq index objectCategory eq -index nCName eq pres +index nCName eq index subClassOf eq index dnsRoot eq -index nETBIOSName eq pres +index nETBIOSName eq database hdb suffix ${DOMAINDN} @@ -60,11 +60,11 @@ index uidNumber eq index gidNumber eq index unixName eq index privilege eq -index nCName eq pres +index nCName eq index lDAPDisplayName eq index subClassOf eq index dnsRoot eq -index nETBIOSName eq pres +index nETBIOSName eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... -- cgit From c926cddfad97713ca017c03e61c6e90414c1ad62 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 10 Dec 2007 09:29:00 +0100 Subject: r26366: Import provision scripts in Python. (This used to be commit 090c799f98adf2c4186daca445c81b4e26e91f2f) --- source4/setup/provision.py | 180 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) create mode 100755 source4/setup/provision.py (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py new file mode 100755 index 0000000000..38312f2946 --- /dev/null +++ b/source4/setup/provision.py @@ -0,0 +1,180 @@ +#!/usr/bin/python +# +# Unix SMB/CIFS implementation. +# provision a Samba4 server +# Copyright (C) Andrew Tridgell 2005 +# Copyright (C) Jelmer Vernooij 2007 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import getopt +import optparse +import sys + +# Add path to the library for in-tree use +sys.path.append("bin/python") +sys.path.append("scripting/python") + +from auth import system_session +import samba.getopt as options +import param +from samba.provision import (provision, provision_guess, + provision_default_paths, provision_ldapbase, + provision_dns) + +parser = optparse.OptionParser("provision [options]") +parser.add_option_group(options.SambaOptions(parser)) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--setupdir", type="string", metavar="DIR", + help="directory with setup files") +parser.add_option("--realm", type="string", metavar="REALM", help="set realm") +parser.add_option("--domain", type="string", metavar="DOMAIN", + help="set domain") +parser.add_option("--domain-guid", type="string", metavar="GUID", + help="set domainguid (otherwise random)") +parser.add_option("--domain-sid", type="string", metavar="SID", + help="set domainsid (otherwise random)") +parser.add_option("--policy-guid", type="string", metavar="GUID", + help="set policy guid") +parser.add_option("--host-name", type="string", metavar="HOSTNAME", + help="set hostname") +parser.add_option("--host-ip", type="string", metavar="IPADDRESS", + help="set ipaddress") +parser.add_option("--host-guid", type="string", metavar="GUID", + help="set hostguid (otherwise random)") +parser.add_option("--invocationid", type="string", metavar="GUID", + help="set invocationid (otherwise random)") +parser.add_option("--adminpass", type="string", metavar="PASSWORD", + help="choose admin password (otherwise random)") +parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", + help="choose krbtgt password (otherwise random)") +parser.add_option("--machinepass", type="string", metavar="PASSWORD", + help="choose machine password (otherwise random)") +parser.add_option("--dnspass", type="string", metavar="PASSWORD", + help="choose dns password (otherwise random)") +parser.add_option("--root", type="string", metavar="USERNAME", + help="choose 'root' unix username") +parser.add_option("--nobody", type="string", metavar="USERNAME", + help="choose 'nobody' user") +parser.add_option("--nogroup", type="string", metavar="GROUPNAME", + help="choose 'nogroup' group") +parser.add_option("--wheel", type="string", metavar="GROUPNAME", + help="choose 'wheel' privileged group") +parser.add_option("--users", type="string", metavar="GROUPNAME", + help="choose 'users' group") +parser.add_option("--quiet", help="Be quiet") +parser.add_option("--blank", + help="do not add users or groups, just the structure") +parser.add_option("--ldap-base", + help="output only an LDIF file, suitable for creating an LDAP baseDN") +parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", + help="LDAP server to use for this provision") +parser.add_option("--ldap-module=", type="string", metavar="MODULE", + help="LDB mapping module to use for the LDAP backend") +parser.add_option("--aci", type="string", metavar="ACI", + help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain") +parser.add_option("--server-role", type="choice", metavar="ROLE", + choices=["domain controller", "domain server"], + help="Set server role to provision for (default standalone)") +parser.add_option("--partitions-only", + help="Configure Samba's partitions, but do not modify them (ie, join a BDC)") + +opts = parser.parse_args()[0] + +def message(text): + """print a message if quiet is not set.""" + if opts.quiet: + print text + +hostname = opts.host_name + +if opts.realm is None or opts.domain is None or opts.host_name is None: + if opts.realm is None: + print >>sys.stderr, "No realm set" + if opts.domain is None: + print >>sys.stderr, "No domain set" + if opts.host_name is None: + print >>sys.stderr, "No host name set" + parser.print_help() + sys.exit(1) + +# cope with an initially blank smb.conf +lp = param.ParamFile(opts.configfile) +lp.set("realm", opts.realm); +lp.set("workgroup", opts.domain); +lp.set("server role", opts.server_role); +lp.use() + +subobj = provision_guess(lp) +subobj.domain_guid = opts.domain_guid +subobj.host_guid = opts.host_guid + +if opts.aci is not None: + print "set ACI: %s" % subobj.aci + +print "set domain sid: %s" % subobj.domainsid +paths = provision_default_paths(lp, subobj) +paths.smbconf = opts.configfile +subobj.fix(paths); + +if opts.ldap_backend: + if opts.ldap_backend == "ldapi": + subobj.ldap_backend = subobj.ldapi_uri + + if not opts.ldap_module: + subobj.ldapmodule = "entryuuid" + + subobj.domaindn_ldb = subobj.ldap_backend + subobj.domaindn_mod2 = ",%s,paged_searches" % subobj.ldapmodule + subobj.configdn_ldb = subobj.ldap_backend + subobj.configdn_mod2 = ",%s,paged_searches" % subobj.ldapmodule + subobj.schemadn_ldb = subobj.ldap_backend + subobj.schemadn_mod2 = ",%s,paged_searches" % subobj.ldapmodule + message("LDAP module: %s on backend: %s" % (subobj.ldapmodule, subobj.ldap_backend)) + +subobj.validate(lp) + +creds = credopts.get_credentials() +message("Provisioning for %s in realm %s" % (subobj.domain, subobj.realm)) +message("Using administrator password: %s" % subobj.adminpass) + +setup_dir = opts.setupdir +if setup_dir is None: + setup_dir = "setup" +if opts.ldap_base: + provision_ldapbase(setup_dir, subobj, message, paths) + message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) +elif opts.partitions_only: + provision_become_dc(setup_dir, subobj, message, False, + paths, system_session, creds) +else: + provision(lp, setup_dir, subobj, message, opts.blank, paths, + system_session, creds, opts.ldap_backend) + provision_dns(setup_dir, subobj, message, paths, + system_session, creds) + message("To reproduce this provision, run with:") + message("--realm='" + subobj.realm_conf + "' --domain='" + subobj.domain_conf + "' --domain-guid='" + subobj.domain_guid + "' \\") + message("--policy-guid='" + subobj.policyguid + "' --host-name='" + subobj.hostname + "' --host-ip='" + subobj.hostip + "' \\") + message("--host-guid='" + subobj.host_guid + "' --invocationid='" + subobj.invocationid + "' \\") + message("--adminpass='" + subobj.adminpass + "' --krbtgtpass='" + subobj.krbtgtpass + "' \\") + message("--machinepass='" + subobj.machinepass + "' --dnspass='" + subobj.dnspass + "' \\") + message("--root='" + subobj.root + "' --nobody='" + subobj.nobody + "' --nogroup-'" + subobj.nogroup + "' \\") + message("--wheel='" + subobj.wheel + "' --users='" + subobj.users + "' --server-role='" + subobj.serverrole + "' \\") + message("--ldap-backend='" + subobj.ldap_backend + "' --ldap-module='" + subobj.ldapmodule + "' \\") + message("--aci='" + subobj.aci + "' \\") + +message("All OK") -- cgit From 1a562591ec8abfdbb0ffcd1dfb14f78655ff0a42 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 10 Dec 2007 10:29:26 +0100 Subject: r26370: Import upgrade script in Python. (This used to be commit 277f2165241dafe68e31a8197194c94d9d4a535e) --- source4/setup/upgrade.py | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100755 source4/setup/upgrade.py (limited to 'source4/setup') diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py new file mode 100755 index 0000000000..e5e6d2c832 --- /dev/null +++ b/source4/setup/upgrade.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# +# Upgrade from Samba3 +# Copyright Jelmer Vernooij 2005-2007 +# Released under the GNU GPL v3 or later +# +import getopt +import optparse +import samba.options + +parser = optparse.OptionParser("upgrade [options]") +parser.add_option_group(options.SambaOptions(parser)) +parser.add_option_group(options.VersionOptions(parser)) +parser.add_option_group(options.CredentialsOptions(parser)) +parser.add_option("--realm", type="string", metavar="REALM", help="set realm") +parser.add_option("--quiet", help="Be quiet") +parser.add_option("--verify", help="Verify resulting configuration") +parser.add_option("--blank", + help="do not add users or groups, just the structure") +parser.add_option("--targetdir", type="string", metavar="DIR", + help="Set target directory") + +def message(text): + """Print a message if quiet is not set.""" + if opts.quiet: + print text + +message("Reading Samba3 databases and smb.conf\n") +samba3 = samba3_read(options.ARGV[0], options.ARGV[1]) + +message("Provisioning\n") +subobj = upgrade_provision(samba3) +if options.targetdir is not None: + paths = ProvisionPaths() + paths.smbconf = os.path.join(options.targetdir, "smb.conf") + ldbs = ["hklm","hkcr","hku","hkcu","hkpd","hkpt","samdb","rootdse","secrets","wins"] + for n in ldbs: + paths[n] = sprintf("tdb://%s/%s.ldb", options.targetdir, n) + paths.dns = os.path.join(options.targetdir, "dns.zone") +else: + paths = provision_default_paths(subobj) + +creds = options.get_credentials() +system_session = system_session() +paths = provision_default_paths(subobj) + +if options.realm: + subobj.realm = options.realm + +provision(lp, subobj, message, options.blank, paths, system_session, creds, undefined) + +ret = upgrade(subobj,samba3,message,paths, system_session, creds) +if ret > 0: + message("Failed to import %d entries\n", ret) +else: + provision_dns(subobj, message, paths, system_session, creds) + message("All OK\n") + +if options.verify: + message("Verifying...\n") + ret = upgrade_verify(subobj, samba3, paths, message) -- cgit From 03f178a728ba41f6ec82d35201ad25421e1bb951 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Dec 2007 09:46:41 +0100 Subject: r26424: Patch and hits from Howard Chu for our automated setup of OpenLDAP. This makes it consistant with the Fedora DS setup, and doesn't mix both hdb and bdb. Andrew Bartlett (This used to be commit 1ffada95d269c8f7d054bec7f6eaff8449995d40) --- source4/setup/slapd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 0fd018e943..446facbf3d 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -22,7 +22,7 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} backend hdb -database bdb +database hdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema index objectClass eq -- cgit From 0a01f50f9802ecfae430d2218af3b96a3682218d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Dec 2007 15:50:02 +0100 Subject: r26475: Add ldb.set_credentials function. (This used to be commit dbebb4ef477d2c8de7b8d1e5cde9b9dada47044f) --- source4/setup/provision.py | 7 ++++--- source4/setup/upgrade.py | 11 ++++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 38312f2946..71360cecc8 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -24,15 +24,16 @@ import optparse import sys # Add path to the library for in-tree use -sys.path.append("bin/python") sys.path.append("scripting/python") +import samba + from auth import system_session import samba.getopt as options import param from samba.provision import (provision, provision_guess, - provision_default_paths, provision_ldapbase, - provision_dns) + provision_default_paths, provision_ldapbase, + provision_dns) parser = optparse.OptionParser("provision [options]") parser.add_option_group(options.SambaOptions(parser)) diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index e5e6d2c832..96584a1026 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -6,7 +6,10 @@ # import getopt import optparse -import samba.options +import sys +sys.path.append("scripting/python") +import samba +import samba.getopt parser = optparse.OptionParser("upgrade [options]") parser.add_option_group(options.SambaOptions(parser)) @@ -20,10 +23,12 @@ parser.add_option("--blank", parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") +opts = parser.parse_args()[0] + def message(text): """Print a message if quiet is not set.""" - if opts.quiet: - print text + if opts.quiet: + print text message("Reading Samba3 databases and smb.conf\n") samba3 = samba3_read(options.ARGV[0], options.ARGV[1]) -- cgit From 32f439bfa458f7936b507cb5a1e3c74bcb8c68bf Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 17 Dec 2007 11:12:36 +0100 Subject: r26503: Change order of arguments in param interface so it's easier to make the section name optional. Fix several smaller bits and pieces in the Python code. (This used to be commit 1b89311e5fa4fcde060df50e580dc221205cc8ca) --- source4/setup/provision.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 71360cecc8..a65eff1cf8 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -110,15 +110,15 @@ if opts.realm is None or opts.domain is None or opts.host_name is None: print >>sys.stderr, "No domain set" if opts.host_name is None: print >>sys.stderr, "No host name set" - parser.print_help() + parser.print_usage() sys.exit(1) # cope with an initially blank smb.conf -lp = param.ParamFile(opts.configfile) +lp = param.ParamFile() +lp.read(opts.configfile) lp.set("realm", opts.realm); lp.set("workgroup", opts.domain); lp.set("server role", opts.server_role); -lp.use() subobj = provision_guess(lp) subobj.domain_guid = opts.domain_guid @@ -161,12 +161,12 @@ if opts.ldap_base: message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) elif opts.partitions_only: provision_become_dc(setup_dir, subobj, message, False, - paths, system_session, creds) + paths, system_session(), creds) else: provision(lp, setup_dir, subobj, message, opts.blank, paths, - system_session, creds, opts.ldap_backend) + system_session(), creds, opts.ldap_backend) provision_dns(setup_dir, subobj, message, paths, - system_session, creds) + system_session(), creds) message("To reproduce this provision, run with:") message("--realm='" + subobj.realm_conf + "' --domain='" + subobj.domain_conf + "' --domain-guid='" + subobj.domain_guid + "' \\") message("--policy-guid='" + subobj.policyguid + "' --host-name='" + subobj.hostname + "' --host-ip='" + subobj.hostip + "' \\") -- cgit From f89c7a6e5eb082794d64b487e69fc442d138ca28 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 17 Dec 2007 12:07:51 +0100 Subject: r26505: Add python bindings for some samdb-related functions, improve provisioning in python. (This used to be commit d2402251666738c0372bbbaeaa1d26c06e254033) --- source4/setup/provision.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index a65eff1cf8..c9ee2a9217 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -116,9 +116,9 @@ if opts.realm is None or opts.domain is None or opts.host_name is None: # cope with an initially blank smb.conf lp = param.ParamFile() lp.read(opts.configfile) -lp.set("realm", opts.realm); -lp.set("workgroup", opts.domain); -lp.set("server role", opts.server_role); +lp.set_string("realm", opts.realm); +lp.set_string("workgroup", opts.domain); +lp.set_string("server role", opts.server_role); subobj = provision_guess(lp) subobj.domain_guid = opts.domain_guid -- cgit From 323c174be37214d561a5d525a7c3eef47ac700e8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 17 Dec 2007 12:19:45 +0100 Subject: r26506: Start running (really trivial) tests for upgrade script. (This used to be commit 73bd4a9566d15f85a971e3a87cefbec2e2eece1c) --- source4/setup/provision.py | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index c9ee2a9217..c5f29c38ea 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -116,9 +116,9 @@ if opts.realm is None or opts.domain is None or opts.host_name is None: # cope with an initially blank smb.conf lp = param.ParamFile() lp.read(opts.configfile) -lp.set_string("realm", opts.realm); -lp.set_string("workgroup", opts.domain); -lp.set_string("server role", opts.server_role); +lp.set_string("realm", opts.realm) +lp.set_string("workgroup", opts.domain) +lp.set_string("server role", opts.server_role) subobj = provision_guess(lp) subobj.domain_guid = opts.domain_guid @@ -160,22 +160,17 @@ if opts.ldap_base: provision_ldapbase(setup_dir, subobj, message, paths) message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) elif opts.partitions_only: - provision_become_dc(setup_dir, subobj, message, False, - paths, system_session(), creds) + provision_become_dc(setup_dir, subobj, message, False, + paths, system_session(), creds) else: - provision(lp, setup_dir, subobj, message, opts.blank, paths, - system_session(), creds, opts.ldap_backend) - provision_dns(setup_dir, subobj, message, paths, - system_session(), creds) - message("To reproduce this provision, run with:") - message("--realm='" + subobj.realm_conf + "' --domain='" + subobj.domain_conf + "' --domain-guid='" + subobj.domain_guid + "' \\") - message("--policy-guid='" + subobj.policyguid + "' --host-name='" + subobj.hostname + "' --host-ip='" + subobj.hostip + "' \\") - message("--host-guid='" + subobj.host_guid + "' --invocationid='" + subobj.invocationid + "' \\") - message("--adminpass='" + subobj.adminpass + "' --krbtgtpass='" + subobj.krbtgtpass + "' \\") - message("--machinepass='" + subobj.machinepass + "' --dnspass='" + subobj.dnspass + "' \\") - message("--root='" + subobj.root + "' --nobody='" + subobj.nobody + "' --nogroup-'" + subobj.nogroup + "' \\") - message("--wheel='" + subobj.wheel + "' --users='" + subobj.users + "' --server-role='" + subobj.serverrole + "' \\") - message("--ldap-backend='" + subobj.ldap_backend + "' --ldap-module='" + subobj.ldapmodule + "' \\") - message("--aci='" + subobj.aci + "' \\") + provision(lp, setup_dir, subobj, message, opts.blank, paths, + system_session(), creds, opts.ldap_backend) + provision_dns(setup_dir, subobj, message, paths, system_session(), creds) + message("To reproduce this provision, run with:") + def shell_escape(arg): + if " " in arg: + return '"%s"' % arg + return arg + message(" ".join([shell_escape(arg) for arg in sys.argv])) message("All OK") -- cgit From e33749af5bb339fbb4b371ad6f5f131299e1fdec Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 17 Dec 2007 13:21:29 +0100 Subject: r26509: Don't make boolean options eat the next argument. (This used to be commit b4ae4cbfe5b66364f437a76aa0a4f82e9bc39ce1) --- source4/setup/provision.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index c5f29c38ea..5a92ac7e8e 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -77,11 +77,12 @@ parser.add_option("--wheel", type="string", metavar="GROUPNAME", help="choose 'wheel' privileged group") parser.add_option("--users", type="string", metavar="GROUPNAME", help="choose 'users' group") -parser.add_option("--quiet", help="Be quiet") +parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--blank", help="do not add users or groups, just the structure") parser.add_option("--ldap-base", - help="output only an LDIF file, suitable for creating an LDAP baseDN") + help="output only an LDIF file, suitable for creating an LDAP baseDN", + action="store_true") parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", help="LDAP server to use for this provision") parser.add_option("--ldap-module=", type="string", metavar="MODULE", @@ -92,7 +93,7 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", choices=["domain controller", "domain server"], help="Set server role to provision for (default standalone)") parser.add_option("--partitions-only", - help="Configure Samba's partitions, but do not modify them (ie, join a BDC)") + help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") opts = parser.parse_args()[0] -- cgit From 57b8a8fd42f5d89f439fd9d0781bd8f561a84131 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 17 Dec 2007 23:16:12 +0100 Subject: r26517: Add functions for setting and getting parameters on a LoadParm. Pass loadparm context along to Ldb contexts. Other minor Python improvements. (This used to be commit 7a15b486bae8fb774058b2d94cc12b7b01ee6ac0) --- source4/setup/provision.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 5a92ac7e8e..d00cb15ebd 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -115,11 +115,11 @@ if opts.realm is None or opts.domain is None or opts.host_name is None: sys.exit(1) # cope with an initially blank smb.conf -lp = param.ParamFile() -lp.read(opts.configfile) -lp.set_string("realm", opts.realm) -lp.set_string("workgroup", opts.domain) -lp.set_string("server role", opts.server_role) +lp = param.LoadParm() +lp.load(opts.configfile) +lp.set("realm", opts.realm) +lp.set("workgroup", opts.domain) +lp.set("server role", opts.server_role) subobj = provision_guess(lp) subobj.domain_guid = opts.domain_guid @@ -162,7 +162,7 @@ if opts.ldap_base: message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) elif opts.partitions_only: provision_become_dc(setup_dir, subobj, message, False, - paths, system_session(), creds) + paths, lp, system_session(), creds) else: provision(lp, setup_dir, subobj, message, opts.blank, paths, system_session(), creds, opts.ldap_backend) -- cgit From 63f53094efa29b76eb4136cddf19d9c5d325fc5f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Dec 2007 02:21:14 +0100 Subject: r26520: More Python updates. (This used to be commit a8b1fe15ac853082961132ede061fe1556ae29f7) --- source4/setup/provision.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index d00cb15ebd..5821531a07 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -99,7 +99,7 @@ opts = parser.parse_args()[0] def message(text): """print a message if quiet is not set.""" - if opts.quiet: + if not opts.quiet: print text hostname = opts.host_name -- cgit From 1c29a63d443fde3fc0253f634822c12749f1afad Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Dec 2007 17:21:13 +0100 Subject: r26523: Refactor provisioning code. (This used to be commit ac1083178f9e521dcd5d3d8b5199abcb00159adf) --- source4/setup/provision.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 5821531a07..5f61ce6c5c 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -166,7 +166,7 @@ elif opts.partitions_only: else: provision(lp, setup_dir, subobj, message, opts.blank, paths, system_session(), creds, opts.ldap_backend) - provision_dns(setup_dir, subobj, message, paths, system_session(), creds) + provision_dns(setup_dir, subobj, message, paths, system_session(), creds, lp) message("To reproduce this provision, run with:") def shell_escape(arg): if " " in arg: -- cgit From 80529722e30d087bf9a18e239d0ef4e35865c49f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Dec 2007 17:29:08 +0100 Subject: r26526: Fix argument value. (This used to be commit af28f0c56d8e5ccc6ce8916d5bbdf9045e1fb47e) --- source4/setup/provision.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 5f61ce6c5c..0cc0a75d92 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -90,7 +90,7 @@ parser.add_option("--ldap-module=", type="string", metavar="MODULE", parser.add_option("--aci", type="string", metavar="ACI", help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain") parser.add_option("--server-role", type="choice", metavar="ROLE", - choices=["domain controller", "domain server"], + choices=["domain controller", "member server"], help="Set server role to provision for (default standalone)") parser.add_option("--partitions-only", help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") -- cgit From 595ec370da471116b35464dc65d2962f28380d74 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Dec 2007 23:27:24 +0100 Subject: r26535: Get rid of all-knowing ProvisionSettings object. (This used to be commit 40bf88c8a70e8379a6081cb6050034bcd7ae56eb) --- source4/setup/provision.py | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 0cc0a75d92..898dfc7405 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -31,9 +31,8 @@ import samba from auth import system_session import samba.getopt as options import param -from samba.provision import (provision, provision_guess, - provision_default_paths, provision_ldapbase, - provision_dns) +from samba.provision import (provision, + provision_default_paths, provision_ldapbase) parser = optparse.OptionParser("provision [options]") parser.add_option_group(options.SambaOptions(parser)) @@ -121,17 +120,11 @@ lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) lp.set("server role", opts.server_role) -subobj = provision_guess(lp) -subobj.domain_guid = opts.domain_guid -subobj.host_guid = opts.host_guid - if opts.aci is not None: - print "set ACI: %s" % subobj.aci + print "set ACI: %s" % opts.aci -print "set domain sid: %s" % subobj.domainsid -paths = provision_default_paths(lp, subobj) +paths = provision_default_paths(lp, opts.realm.lower()) paths.smbconf = opts.configfile -subobj.fix(paths); if opts.ldap_backend: if opts.ldap_backend == "ldapi": @@ -148,25 +141,28 @@ if opts.ldap_backend: subobj.schemadn_mod2 = ",%s,paged_searches" % subobj.ldapmodule message("LDAP module: %s on backend: %s" % (subobj.ldapmodule, subobj.ldap_backend)) -subobj.validate(lp) - creds = credopts.get_credentials() -message("Provisioning for %s in realm %s" % (subobj.domain, subobj.realm)) -message("Using administrator password: %s" % subobj.adminpass) setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" if opts.ldap_base: - provision_ldapbase(setup_dir, subobj, message, paths) + provision_ldapbase(setup_dir, message, paths) message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) elif opts.partitions_only: - provision_become_dc(setup_dir, subobj, message, False, + provision_become_dc(setup_dir, message, False, paths, lp, system_session(), creds) else: - provision(lp, setup_dir, subobj, message, opts.blank, paths, - system_session(), creds, opts.ldap_backend) - provision_dns(setup_dir, subobj, message, paths, system_session(), creds, lp) + provision(lp, setup_dir, message, opts.blank, paths, + system_session(), creds, opts.ldap_backend, realm=opts.realm, + domainguid=opts.domain_guid, domainsid=opts.domain_sid, + policyguid=opts.policy_guid, hostname=opts.host_name, + hostip=opts.host_ip, hostguid=opts.host_guid, + invocationid=opts.invocationid, adminpass=opts.adminpass, + krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, + dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, + nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, + aci=opts.aci, serverrole=opts.server_role) message("To reproduce this provision, run with:") def shell_escape(arg): if " " in arg: -- cgit From b7ffc3b404fbe3cf759e743c23e7bdbf75e71286 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 22 Dec 2007 02:26:38 -0600 Subject: r26562: Fix provisioning using Python. (This used to be commit b07ca944ba62a3f3de58c06b66533c0953a32de9) --- source4/setup/provision.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 898dfc7405..a16dde718d 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -77,7 +77,7 @@ parser.add_option("--wheel", type="string", metavar="GROUPNAME", parser.add_option("--users", type="string", metavar="GROUPNAME", help="choose 'users' group") parser.add_option("--quiet", help="Be quiet", action="store_true") -parser.add_option("--blank", +parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") parser.add_option("--ldap-base", help="output only an LDIF file, suitable for creating an LDAP baseDN", -- cgit From 7c146c42d2cf51e891b9f29d3b61a40f173a3b23 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:31 -0600 Subject: r26593: - More work on the python versions of samba3dump and the samba3sam tests. - Initial work converting the upgrade code to Python. - Removed the old EJS upgrade code because it has been broken for a long time. (This used to be commit 150cf39fbd4fe088546870fb0d8f20c0d9eb4aca) --- source4/setup/upgrade | 114 ----------------------------------------------- source4/setup/upgrade.py | 62 +++++++++++++------------- 2 files changed, 32 insertions(+), 144 deletions(-) delete mode 100755 source4/setup/upgrade (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade deleted file mode 100755 index f05e22f2e0..0000000000 --- a/source4/setup/upgrade +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - Upgrade from Samba3 - Copyright Jelmer Vernooij 2005 - Released under the GNU GPL v2 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'verify', - 'targetdir=s', - 'quiet', - 'realm', - 'blank'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -libinclude("base.js"); -libinclude("provision.js"); -libinclude("upgrade.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 import tool - -provision [options] - --targetdir=DIR Output to specified directory - --quiet Be quiet - --blank Do not add users or groups, just the structure - --realm=REALM Override realm to use - -"); - exit(1); -} - -if (options.ARGV.length != 2) { - ShowHelp(); - exit(1); -} - -var lp = loadparm_init(); - -message("Reading Samba3 databases and smb.conf\n"); -var samba3 = samba3_read(options.ARGV[0], options.ARGV[1]); - -if (samba3 == undefined) { - println("Error reading Samba3 data"); - exit(1); -} - - - -message("Provisioning\n"); -var subobj = upgrade_provision(samba3); -var paths; -if (options.targetdir != undefined) { - paths = new Object(); - paths.smbconf = sprintf("%s/smb.conf", options.targetdir); - var ldbs = new Array("hklm","hkcr","hku","hkcu","hkpd","hkpt","samdb","rootdse","secrets","wins"); - for (var i in ldbs) { - var n = ldbs[i]; - paths[n] = sprintf("tdb://%s/%s.ldb", options.targetdir, n); - } - paths.dns = options.targetdir+"/dns.zone"; -} else { - paths = provision_default_paths(subobj);; -} - -var creds = options.get_credentials(); -var system_session = system_session(); -var paths = provision_default_paths(subobj); - -if (options.realm != undefined) { - subobj.REALM = options.realm; -} - -provision(subobj, message, options.blank, paths, system_session, creds, undefined); - -var ret = upgrade(subobj,samba3,message,paths, system_session, creds); -if (ret > 0) { - message("Failed to import %d entries\n", ret); -} else { - provision_dns(subobj, message, paths, system_session, creds); - - message("All OK\n"); -} - -if (options.verify != undefined) { - message("Verifying...\n"); - ret = upgrade_verify(subobj, samba3,paths,message); -} - -return ret; diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 96584a1026..186ad3772b 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -6,15 +6,20 @@ # import getopt import optparse -import sys +import os, sys sys.path.append("scripting/python") +import param import samba -import samba.getopt +import samba.getopt as options +from samba.provision import provision_default_paths -parser = optparse.OptionParser("upgrade [options]") +parser = optparse.OptionParser("upgrade [options] ") parser.add_option_group(options.SambaOptions(parser)) parser.add_option_group(options.VersionOptions(parser)) -parser.add_option_group(options.CredentialsOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--setupdir", type="string", metavar="DIR", + help="directory with setup files") parser.add_option("--realm", type="string", metavar="REALM", help="set realm") parser.add_option("--quiet", help="Be quiet") parser.add_option("--verify", help="Verify resulting configuration") @@ -23,44 +28,41 @@ parser.add_option("--blank", parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") -opts = parser.parse_args()[0] +opts, args = parser.parse_args() def message(text): """Print a message if quiet is not set.""" if opts.quiet: print text +if len(args) < 1: + parser.print_usage() + sys.exit(1) +from samba.samba3 import Samba3 message("Reading Samba3 databases and smb.conf\n") -samba3 = samba3_read(options.ARGV[0], options.ARGV[1]) - -message("Provisioning\n") -subobj = upgrade_provision(samba3) -if options.targetdir is not None: - paths = ProvisionPaths() - paths.smbconf = os.path.join(options.targetdir, "smb.conf") - ldbs = ["hklm","hkcr","hku","hkcu","hkpd","hkpt","samdb","rootdse","secrets","wins"] - for n in ldbs: - paths[n] = sprintf("tdb://%s/%s.ldb", options.targetdir, n) - paths.dns = os.path.join(options.targetdir, "dns.zone") +libdir = args[0] +if not os.path.isdir(libdir): + print "error: %s is not a directory" + sys.exit(1) +if len(args) > 1: + smbconf = args[1] else: - paths = provision_default_paths(subobj) + smbconf = os.path.join(libdir, "smb.conf") +samba3 = Samba3(libdir, smbconf) -creds = options.get_credentials() -system_session = system_session() -paths = provision_default_paths(subobj) +from samba.upgrade import upgrade_provision -if options.realm: - subobj.realm = options.realm +message("Provisioning\n") -provision(lp, subobj, message, options.blank, paths, system_session, creds, undefined) +setup_dir = opts.setupdir +if setup_dir is None: + setup_dir = "setup" -ret = upgrade(subobj,samba3,message,paths, system_session, creds) -if ret > 0: - message("Failed to import %d entries\n", ret) -else: - provision_dns(subobj, message, paths, system_session, creds) - message("All OK\n") +creds = credopts.get_credentials() +lp = param.LoadParm() +lp.load(opts.configfile) +upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session()) -if options.verify: +if opts.verify: message("Verifying...\n") ret = upgrade_verify(subobj, samba3, paths, message) -- cgit From 533cc583ed20efdfd6bee60f86d16fef3942898b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:44 -0600 Subject: r26596: Fixed upgrade.py. Added blackbox tests for provision and upgrade Python scripts. Clean up temporary files created by the Python tests. (This used to be commit 2227fb6df62240cae64d27a1920d878316f819fc) --- source4/setup/provision.py | 22 ++++++++++++---------- source4/setup/upgrade.py | 19 +++++++++++-------- 2 files changed, 23 insertions(+), 18 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index a16dde718d..f6f032da70 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -21,7 +21,7 @@ import getopt import optparse -import sys +import os, sys # Add path to the library for in-tree use sys.path.append("scripting/python") @@ -32,7 +32,7 @@ from auth import system_session import samba.getopt as options import param from samba.provision import (provision, - provision_default_paths, provision_ldapbase) + provision_paths_from_lp, provision_ldapbase) parser = optparse.OptionParser("provision [options]") parser.add_option_group(options.SambaOptions(parser)) @@ -93,6 +93,8 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", help="Set server role to provision for (default standalone)") parser.add_option("--partitions-only", help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") +parser.add_option("--targetdir", type="string", metavar="DIR", + help="Set target directory") opts = parser.parse_args()[0] @@ -101,29 +103,29 @@ def message(text): if not opts.quiet: print text -hostname = opts.host_name - -if opts.realm is None or opts.domain is None or opts.host_name is None: +if opts.realm is None or opts.domain is None: if opts.realm is None: print >>sys.stderr, "No realm set" if opts.domain is None: print >>sys.stderr, "No domain set" - if opts.host_name is None: - print >>sys.stderr, "No host name set" parser.print_usage() sys.exit(1) # cope with an initially blank smb.conf lp = param.LoadParm() -lp.load(opts.configfile) +if opts.configfile: + lp.load(opts.configfile) +if opts.targetdir is not None: + lp.set("private dir", os.path.abspath(opts.targetdir)) + lp.set("lock dir", os.path.abspath(opts.targetdir)) lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) -lp.set("server role", opts.server_role) +lp.set("server role", opts.server_role or "domain controller") if opts.aci is not None: print "set ACI: %s" % opts.aci -paths = provision_default_paths(lp, opts.realm.lower()) +paths = provision_paths_from_lp(lp, opts.realm.lower()) paths.smbconf = opts.configfile if opts.ldap_backend: diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 186ad3772b..c531e28ed5 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -11,7 +11,7 @@ sys.path.append("scripting/python") import param import samba import samba.getopt as options -from samba.provision import provision_default_paths +from auth import system_session parser = optparse.OptionParser("upgrade [options] ") parser.add_option_group(options.SambaOptions(parser)) @@ -22,7 +22,6 @@ parser.add_option("--setupdir", type="string", metavar="DIR", help="directory with setup files") parser.add_option("--realm", type="string", metavar="REALM", help="set realm") parser.add_option("--quiet", help="Be quiet") -parser.add_option("--verify", help="Verify resulting configuration") parser.add_option("--blank", help="do not add users or groups, just the structure") parser.add_option("--targetdir", type="string", metavar="DIR", @@ -51,6 +50,7 @@ else: samba3 = Samba3(libdir, smbconf) from samba.upgrade import upgrade_provision +from samba.provision import provision_paths_from_lp message("Provisioning\n") @@ -60,9 +60,12 @@ if setup_dir is None: creds = credopts.get_credentials() lp = param.LoadParm() -lp.load(opts.configfile) -upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session()) - -if opts.verify: - message("Verifying...\n") - ret = upgrade_verify(subobj, samba3, paths, message) +if opts.configfile: + lp.load(opts.configfile) +if opts.targetdir is not None: + lp.set("private dir", os.path.abspath(opts.targetdir)) + lp.set("lock dir", os.path.abspath(opts.targetdir)) +paths = provision_paths_from_lp(lp, "") +paths.smbconf = opts.configfile +upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), + lp=lp, paths=paths) -- cgit From 43a03b0fb48ceb528539a16b0023fb5b30b7a79e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 25 Dec 2007 16:36:53 -0600 Subject: r26598: Simplify the way Python tests are run. (This used to be commit d649f73431fc993e31522e7fc8e1e35e0a4421d8) --- source4/setup/provision.py | 2 ++ source4/setup/upgrade.py | 2 ++ 2 files changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index f6f032da70..94560fc042 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -116,6 +116,8 @@ lp = param.LoadParm() if opts.configfile: lp.load(opts.configfile) if opts.targetdir is not None: + if not os.path.exists(opts.targetdir): + os.mkdir(opts.targetdir) lp.set("private dir", os.path.abspath(opts.targetdir)) lp.set("lock dir", os.path.abspath(opts.targetdir)) lp.set("realm", opts.realm) diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index c531e28ed5..ea6f83d7de 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -63,6 +63,8 @@ lp = param.LoadParm() if opts.configfile: lp.load(opts.configfile) if opts.targetdir is not None: + if not os.path.exists(opts.targetdir): + os.mkdir(opts.targetdir) lp.set("private dir", os.path.abspath(opts.targetdir)) lp.set("lock dir", os.path.abspath(opts.targetdir)) paths = provision_paths_from_lp(lp, "") -- cgit From 8ff2de3f294af0f4ffd03eda015f01da13fba2dd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Dec 2007 04:18:54 -0600 Subject: r26610: Write out a memberof.conf, to run the memberof plugin on all linked attributes, as found in the schema. Index 'cn', as otherwise exact match searches on this attribute always fail (need to figure out what is so special about cn in OpenLDAP). Andrew Bartlett (This used to be commit 5a4a2d10bc5729d4adac4b173b0dc05e2e076c32) --- source4/setup/provision-backend | 30 ++++++++++++++++++++++++++++++ source4/setup/slapd.conf | 5 +++++ 2 files changed, 35 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index b713595a7e..83fda33519 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -141,6 +141,36 @@ if (options["ldap-backend-type"] == "fedora-ds") { } else { slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; } + + var ldb = ldb_init(); + ldb.filename = tmp_schema_ldb; + + var connect_ok = ldb.connect(ldb.filename); + assert(connect_ok); + var attrs = new Array("linkID", "lDAPDisplayName"); + var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + var memberof_config = ""; + for (i=0; i < res.msgs.length; i++) { +searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); + var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); + if (target != undefined) { + memberof_config = memberof_config + "overlay memberof +memberof-dangling error +memberof-refint TRUE +memberof-group-oc top +memberof-member-ad " + res.msgs[i].lDAPDisplayName + " +memberof-memberof-ad " + target + " + +"; + } + } + ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); + if (!ok) { + message("failed to create file: " + f + "\n"); + assert(ok); + } + } var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 446facbf3d..d50e5708fb 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -31,6 +31,7 @@ index name eq index objectCategory eq index lDAPDisplayName eq index subClassOf eq +index cn eq database hdb suffix ${CONFIGDN} @@ -44,6 +45,7 @@ index nCName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq database hdb suffix ${DOMAINDN} @@ -65,9 +67,12 @@ index lDAPDisplayName eq index subClassOf eq index dnsRoot eq index nETBIOSName eq +index cn eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 + +include ${LDAPDIR}/memberof.conf -- cgit From 65837a784b424cff6152101cf6c69a68e6272cf0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Dec 2007 16:25:13 -0600 Subject: r26621: vampire: Add simple Python-based vampire script (This used to be commit 46580d51d3e40ef83754fceefa392fe1df38e37d) --- source4/setup/vampire.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100755 source4/setup/vampire.py (limited to 'source4/setup') diff --git a/source4/setup/vampire.py b/source4/setup/vampire.py new file mode 100755 index 0000000000..392cd2d4fb --- /dev/null +++ b/source4/setup/vampire.py @@ -0,0 +1,54 @@ +#!/usr/bin/python + +# Unix SMB/CIFS implementation. +# Vampire a remote domain +# Copyright (C) Jelmer Vernooij 2007 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +from net import libnet +import optparse +import samba.getopt as options +import param +from auth import system_session +import sys + +parser = optparse.OptionParser("vampire [options] ") +parser.add_option_group(options.SambaOptions(parser)) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) + +opts, args = parser.parse_args() + +if len(args) < 1: + parser.print_usage() + sys.exit(1) + +def vampire(domain, session_info, credentials, lp): + ctx = libnet(lp_ctx=lp) + ctx.cred = credentials + machine_creds = Credentials(); + machine_creds.set_domain(domain); + if not machine_creds.set_machine_account(): + raise Exception("Failed to access domain join information!") + ctx.samsync_ldb(vampire_ctx, machine_creds=machine_creds, + session_info=session_info) + +lp = param.LoadParm() +if opts.configfile: + lp.load(opts.configfile) +vampire(args[0], session_info=system_session(), + credentials=credopts.get_credentials(), lp=lp) -- cgit From a61e25f17492bf78eb5d5ec962f0d174f94d8f84 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Dec 2007 16:25:17 -0600 Subject: r26622: python: Update license version, clarify copyright. (This used to be commit 3ee62094074d74b6c69948730f2892f0a430f40b) --- source4/setup/provision.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 94560fc042..e166d5f3dd 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -2,8 +2,10 @@ # # Unix SMB/CIFS implementation. # provision a Samba4 server -# Copyright (C) Andrew Tridgell 2005 # Copyright (C) Jelmer Vernooij 2007 +# +# Based on the original in EJS: +# Copyright (C) Andrew Tridgell 2005 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -- cgit From 0189176cd5e5c7b534bcb6993204c53913f4fe08 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Jan 2008 03:27:53 -0600 Subject: r26635: The OpenLDAP folks have been very accommodating, and their memberof plugin allows the error being returned to be adjusted. Andrew Bartlett (This used to be commit f2731fddf07dfda5d69ad19851dab8f82b05f1a5) --- source4/setup/provision-backend | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 83fda33519..66555c4e19 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -161,6 +161,7 @@ memberof-refint TRUE memberof-group-oc top memberof-member-ad " + res.msgs[i].lDAPDisplayName + " memberof-memberof-ad " + target + " +memberof-dangling-error 32 "; } -- cgit From 108fd49c4194c204615a7a02a71ff5af86f36f13 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Jan 2008 04:01:07 -0600 Subject: r26636: Remove useless 'backend' parameter, and make the memberof overlay use global. Andrew Bartlett (This used to be commit 3b6f461e9a1b0fee7a589b8d171f4fcec6340ca4) --- source4/setup/slapd.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index d50e5708fb..e4e86eece9 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -21,7 +21,8 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} -backend hdb +include ${LDAPDIR}/memberof.conf + database hdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema @@ -74,5 +75,3 @@ index cn eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 - -include ${LDAPDIR}/memberof.conf -- cgit From d59ac4d6e93cd9171bbc1c878a88410295a1f9e5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Jan 2008 05:50:04 -0600 Subject: r26686: Fix bug 5143 by Jason Tarbet. This prevented an easy cut-and-paste of the provision options used. Andrew Bartlett (This used to be commit 51cd93344dfeb3556fada523e38bbcd7e51fbbe1) --- source4/setup/provision | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 9d818fdc18..161698ccf4 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -182,7 +182,7 @@ if (ldapbase) { message("--invocationid='%s' \\\n", subobj.INVOCATIONID); message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); - message("--root='%s' --nobody='%s' --nogroup-'%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); + message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE); if (ldapbackend) { message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); -- cgit From 20bf9e1f7f1f084fa00af79850c30fa9c70ede35 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 7 Jan 2008 22:34:53 -0600 Subject: r26691: registry: Add subkeys required for Server Manager Alerts and Peplication. See bugs 4934 and 4935. (This used to be commit fdd2ba336b4cf742f6e59253beab5dd226a87a85) --- source4/setup/provision.reg | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision.reg b/source4/setup/provision.reg index 0e657f3e6a..892b5ec50c 100644 --- a/source4/setup/provision.reg +++ b/source4/setup/provision.reg @@ -26,6 +26,15 @@ ProductType=LanmanNT [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters] RefusePasswordChange=REG_DWORD:0 +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\REPLICATOR] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\REPLICATOR\Parameters] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Alerter] + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Alerter\Parameters] + [HKEY_USERS] [HKEY_CLASSES_ROOT] + -- cgit From 3688b7669a03ae9e5166f12ab9e1a82f066002c7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jan 2008 09:54:22 +1100 Subject: Make Samba4 and Fedora DS happier Recent changes to Samba4 have made the Fedora DS backend fail. This is a start on fixing that. Andrew Bartlett (This used to be commit 48dc07902ffb792532ff216e507e53103d448b7b) --- source4/setup/fedorads-partitions.ldif | 2 ++ source4/setup/schema-map-fedora-ds-1.0 | 2 ++ source4/setup/schema_samba4.ldif | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/fedorads-partitions.ldif b/source4/setup/fedorads-partitions.ldif index 12855f9c70..571fb599b9 100644 --- a/source4/setup/fedorads-partitions.ldif +++ b/source4/setup/fedorads-partitions.ldif @@ -7,6 +7,7 @@ nsslapd-backend: configData cn: ${CONFIGDN} dn: cn=configData,cn=ldbm database,cn=plugins,cn=config +objectclass: top objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: ${CONFIGDN} @@ -21,6 +22,7 @@ nsslapd-backend: schemaData cn: ${SCHEMADN} dn: cn=schemaData,cn=ldbm database,cn=plugins,cn=config +objectclass: top objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: ${SCHEMADN} diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index 7419a8d7b8..86f8c0b726 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -14,6 +14,8 @@ dITContentRules top #This shouldn't make it to the ldap server sambaPassword +#This should be provided by the LDAP server, only in our schema to permit provision +aci #Skip ObjectClasses #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index a9f79f1635..8bd1705468 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -174,3 +174,23 @@ oMSyntax: 20 #Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5 #Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6 #Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7 + + +# +# Fedora DS uses this attribute, and we need to set it via our module stack +# +dn: CN=aci,${SCHEMADN} +cn: aci +name: aci +objectClass: top +objectClass: attributeSchema +lDAPDisplayName: aci +isSingleValued: TRUE +systemFlags: 16 +systemOnly: FALSE +schemaIDGUID: d8e6c1fa-db08-4f26-a53b-23c414aac92d +adminDisplayName: aci +attributeID: 1.3.6.1.4.1.7165.4.1.11 +attributeSyntax: 2.5.5.4 +oMSyntax: 20 + -- cgit From 3f7ec9bf191f2179c2112191d0c909e309411c29 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Jan 2008 10:44:49 +1100 Subject: Add in new module to normalise DNs being returned from OpenLDAP. This fixes the case of the attribute in teh DN. Fix option spelling for example re-provision Andrew Bartlett (This used to be commit e3a76be04760a81a9c1b7ad9b139f088decc9ee6) --- source4/setup/provision | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 161698ccf4..ce1e8a6b4f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -141,7 +141,7 @@ if (ldapbackend) { subobj.LDAPBACKEND = subobj.LDAPI_URI; } if (!ldapmodule) { - subobj.LDAPMODULE = "entryuuid"; + subobj.LDAPMODULE = "normalise,entryuuid"; subobj.TDB_MODULES_LIST = ""; } subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; @@ -188,7 +188,7 @@ if (ldapbase) { message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); } if (ldapmodule) { - message("--ldap-mdoule='%s' \\\n", + subobj.LDAPMODULE); + message("--ldap-module='%s' \\\n", + subobj.LDAPMODULE); } message("--aci='" + subobj.ACI + "' \\\n") } -- cgit From 9ff39862266f19c2a8e0243ec97ea8d7c463c3ef Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 16 Jan 2008 09:26:14 +1100 Subject: Start generating a configuration for the refint overlay. This OpenLDAP module should ensure that after a subtree rename, attributes are still consistant. Andrew Bartlett (This used to be commit f7f765c29b1aca1179a47bdd8712917c3f244f15) --- source4/setup/provision-backend | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 66555c4e19..ba9e67f229 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -151,10 +151,12 @@ if (options["ldap-backend-type"] == "fedora-ds") { var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); assert(res.error == 0); var memberof_config = ""; + var refint_attributes = ""; for (i=0; i < res.msgs.length; i++) { searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); if (target != undefined) { + refint_attributes = refint_attributes + " " + target + " " + res.msgs[i].lDAPDisplayName; memberof_config = memberof_config + "overlay memberof memberof-dangling error memberof-refint TRUE @@ -166,6 +168,11 @@ memberof-dangling-error 32 "; } } + + memberof_config = "overlay refint +refint_attributes" + refint_attributes + " +" + memberof_config; + ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); if (!ok) { message("failed to create file: " + f + "\n"); -- cgit From b44f322f5d5940cb61b2f9c9e44fc25ed00e81be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2008 10:35:08 +1100 Subject: OpenLDAP backend: Place the refint overlay after the memberof overlay This still doesn't work for me, but is the recommended order. Andrew Bartlett (This used to be commit 4c869c54c2b8125fc88e58bbfddf1975476978a5) --- source4/setup/provision-backend | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index ba9e67f229..6582587624 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -169,9 +169,10 @@ memberof-dangling-error 32 } } - memberof_config = "overlay refint + memberof_config = memberof_config + " +overlay refint refint_attributes" + refint_attributes + " -" + memberof_config; +"; ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); if (!ok) { -- cgit From f1e177a7b8e660b245d5fb9b11a66b43c9b69784 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2008 12:00:27 +1100 Subject: provision: simplfy by removing old code to manually create baseDNs. Previously, we would create the first record in the DB as an LDIF file, with the expectation that the administrator would use slapadd to create the database. We now do everything over LDAP, which is far simpler, and allows the LDB module chain to do its work, without special cases. Also fix naming of the output schema when suggesting the comamnd line to run ad2oLschema in provision-backend. Andrew Bartlett (This used to be commit e77375758d66e94e5e0b6e61a97c9281c3d9c71f) --- source4/setup/provision | 6 +----- source4/setup/provision-backend | 5 ++--- source4/setup/provision_basedn.ldif | 1 - source4/setup/provision_configuration_basedn.ldif | 1 - source4/setup/provision_schema_basedn.ldif | 1 - 5 files changed, 3 insertions(+), 11 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index ce1e8a6b4f..8b24c51040 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -123,7 +123,6 @@ for (r in options) { } var blank = (options["blank"] != undefined); -var ldapbase = (options["ldap-base"] != undefined); var ldapbackend = (options["ldap-backend"] != undefined); var ldapmodule = (options["ldap-module"] != undefined); var partitions_only = (options["partitions-only"] != undefined); @@ -161,10 +160,7 @@ var system_session = system_session(); var creds = options.get_credentials(); message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); message("Using administrator password: %s\n", subobj.ADMINPASS); -if (ldapbase) { - provision_ldapbase(subobj, message, paths); - message("Please install the LDIF located in " + paths.ldap_basedn_ldif + ", " + paths.ldap_config_basedn_ldif + " and " + paths.ldap_schema_basedn_ldif + " into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server\n"); -} else if (partitions_only) { +if (partitions_only) { provision_become_dc(subobj, message, false, paths, system_session); } else { provision(subobj, message, blank, paths, system_session, creds, ldapbackend); diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 6582587624..abd1b9a875 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -101,7 +101,7 @@ var backend_schema; var slapd_command; if (options["ldap-backend-type"] == "fedora-ds") { mapping = "schema-map-fedora-ds-1.0"; - backend_schema = "backend-schema.ldif"; + backend_schema = "99_ad.ldif"; if (options["ldap-backend-port"] != undefined) { message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; @@ -114,9 +114,8 @@ if (options["ldap-backend-type"] == "fedora-ds") { slapd_command = "(see documentation)"; } else if (options["ldap-backend-type"] == "openldap") { - provision_ldapbase(subobj, message, paths); mapping = "schema-map-openldap-2.3"; - backend_schema = "99_ad.ldif"; + backend_schema = "backend-schema.schema"; setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); sys.mkdir(subobj.LDAPDIR + "/db", 0700); diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 234c1f9e8f..3c7537f013 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -5,7 +5,6 @@ dn: ${DOMAINDN} objectClass: top objectClass: domain objectClass: domainDNS -${EXTENSIBLEOBJECT} ${ACI} dc: ${RDN_DC} diff --git a/source4/setup/provision_configuration_basedn.ldif b/source4/setup/provision_configuration_basedn.ldif index df1e1b19ba..575f8faa0a 100644 --- a/source4/setup/provision_configuration_basedn.ldif +++ b/source4/setup/provision_configuration_basedn.ldif @@ -4,6 +4,5 @@ dn: ${CONFIGDN} objectClass: top objectClass: configuration -${EXTENSIBLEOBJECT} ${ACI} cn: Configuration diff --git a/source4/setup/provision_schema_basedn.ldif b/source4/setup/provision_schema_basedn.ldif index 7b4f599072..fbfd4c09d6 100644 --- a/source4/setup/provision_schema_basedn.ldif +++ b/source4/setup/provision_schema_basedn.ldif @@ -4,6 +4,5 @@ dn: ${SCHEMADN} objectClass: top objectClass: dMD -${EXTENSIBLEOBJECT} ${ACI} cn: Schema -- cgit From 064eb82870596e72373c290dfaf0e6b8289303de Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:25:01 +1100 Subject: Remove --ldap-base from the python provision script (This is a merge from the ejs script) Andrew Bartlett (This used to be commit d822dfa017b84895222ace8c44935fb872930548) --- source4/setup/provision.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index e166d5f3dd..88015ce0a3 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -34,7 +34,7 @@ from auth import system_session import samba.getopt as options import param from samba.provision import (provision, - provision_paths_from_lp, provision_ldapbase) + provision_paths_from_lp) parser = optparse.OptionParser("provision [options]") parser.add_option_group(options.SambaOptions(parser)) @@ -81,9 +81,6 @@ parser.add_option("--users", type="string", metavar="GROUPNAME", parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") -parser.add_option("--ldap-base", - help="output only an LDIF file, suitable for creating an LDAP baseDN", - action="store_true") parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", help="LDAP server to use for this provision") parser.add_option("--ldap-module=", type="string", metavar="MODULE", @@ -152,10 +149,7 @@ creds = credopts.get_credentials() setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -if opts.ldap_base: - provision_ldapbase(setup_dir, message, paths) - message("Please install the LDIF located in %s, %s and into your LDAP server, and re-run with --ldap-backend=ldap://my.ldap.server" % (paths.ldap_basedn_ldif, paths.ldap_config_basedn_ldif, paths.ldap_schema_basedn_ldif)) -elif opts.partitions_only: +if opts.partitions_only: provision_become_dc(setup_dir, message, False, paths, lp, system_session(), creds) else: -- cgit From 958b0e8ad1eb85881a2f7c3d193d121c21e7a258 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:28:52 +1100 Subject: Use syncrepl on all OpenLDAP databases (creates contextCSN attribute) This module needs to be loaded on each database, not just the main partition. We use it to create the usn for the entries. Andrew Bartlett (This used to be commit ffb12aad8a80bb90d66dc66baba81b856622a6bb) --- source4/setup/slapd.conf | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index e4e86eece9..83f4da3359 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -34,6 +34,12 @@ index lDAPDisplayName eq index subClassOf eq index cn eq +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 + database hdb suffix ${CONFIGDN} directory ${LDAPDIR}/db/config @@ -48,6 +54,12 @@ index dnsRoot eq index nETBIOSName eq index cn eq +#syncprov is stable in OpenLDAP 2.3, and available in 2.2. +#We only need this for the contextCSN attribute anyway.... +overlay syncprov +syncprov-checkpoint 100 10 +syncprov-sessionlog 100 + database hdb suffix ${DOMAINDN} rootdn ${LDAPMANAGERDN} -- cgit From 873c7457c61584aec8c051849863151af79e2894 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 13:30:20 +1100 Subject: Don't manually specify instanceID in the template files. The instanceid module creates this automaticlly, so we don't need this any more. Andrew Bartlett (This used to be commit f6dbdf34e8a790f460b705100e45ee3928b6b1b3) --- source4/setup/display_specifiers.ldif | 2 -- source4/setup/provision.ldif | 8 -------- source4/setup/provision_computers_modify.ldif | 3 --- source4/setup/provision_configuration.ldif | 12 ------------ source4/setup/provision_configuration_basedn_modify.ldif | 6 ------ source4/setup/provision_schema_basedn_modify.ldif | 3 --- source4/setup/provision_self_join.ldif | 2 -- source4/setup/provision_templates.ldif | 1 - source4/setup/provision_users.ldif | 3 --- source4/setup/provision_users_modify.ldif | 3 --- 10 files changed, 43 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index b76955a0cb..574912b3e8 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -2,14 +2,12 @@ dn: CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container showInAdvancedViewOnly: TRUE -instanceType: 4 dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 name: 409 -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c6b07c5751..5e15bf347a 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -3,7 +3,6 @@ objectClass: top objectClass: organizationalUnit cn: Domain Controllers description: Default container for domain controllers -instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -13,7 +12,6 @@ objectClass: top objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains -instanceType: 4 showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -23,7 +21,6 @@ objectClass: top objectClass: container cn: System description: Builtin system settings -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -32,7 +29,6 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectclass: top objectclass: rIDManager cn: RID Manager$ -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -43,14 +39,12 @@ dn: CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: DomainUpdates -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: Windows2003Update -instanceType: 4 showInAdvancedViewOnly: TRUE revision: 8 @@ -58,7 +52,6 @@ dn: CN=Infrastructure,${DOMAINDN} objectclass: top objectclass: infrastructureUpdate cn: Infrastructure -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -68,7 +61,6 @@ dn: CN=Builtin,${DOMAINDN} objectClass: top objectClass: builtinDomain cn: Builtin -instanceType: 4 showInAdvancedViewOnly: FALSE forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 diff --git a/source4/setup/provision_computers_modify.ldif b/source4/setup/provision_computers_modify.ldif index b7502e5107..3bb4074d42 100644 --- a/source4/setup/provision_computers_modify.ldif +++ b/source4/setup/provision_computers_modify.ldif @@ -3,9 +3,6 @@ changetype: modify replace: description description: Default container for upgraded computer accounts - -replace: instanceType -instanceType: 4 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 050f110d9a..750fa1326a 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -5,7 +5,6 @@ dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer cn: Partitions -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 msDS-Behavior-Version: 0 @@ -15,7 +14,6 @@ dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Configuration -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${CONFIGDN} @@ -25,7 +23,6 @@ dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Schema -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${SCHEMADN} @@ -35,7 +32,6 @@ dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: ${DOMAIN} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 3 nCName: ${DOMAINDN} @@ -46,7 +42,6 @@ dn: CN=Sites,${CONFIGDN} objectClass: top objectClass: sitesContainer cn: Sites -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -54,7 +49,6 @@ dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: site cn: ${DEFAULTSITE} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -62,7 +56,6 @@ dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: serversContainer cn: Servers -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2181038080 @@ -70,7 +63,6 @@ dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Services -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 2147483648 @@ -78,14 +70,12 @@ dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Windows NT -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: nTDSService cn: Directory Service -instanceType: 4 showInAdvancedViewOnly: TRUE sPNMappings: host=ldap,dns,cifs,http @@ -93,14 +83,12 @@ dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Query-Policies -instanceType: 4 showInAdvancedViewOnly: TRUE dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: queryPolicy cn: Default Query Policy -instanceType: 4 showInAdvancedViewOnly: TRUE lDAPAdminLimits: MaxValRange=1500 lDAPAdminLimits: MaxReceiveBuffer=10485760 diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif index 46ba4e9649..a72f2c8eca 100644 --- a/source4/setup/provision_configuration_basedn_modify.ldif +++ b/source4/setup/provision_configuration_basedn_modify.ldif @@ -3,14 +3,8 @@ ############################### dn: ${CONFIGDN} changetype: modify -replace: instanceType -instanceType: 13 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - -replace: objectCategory -objectCategory: CN=Configuration,${SCHEMADN} -- replace: subRefs subRefs: ${SCHEMADN} diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 92c5cf1ace..986f0d632c 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -3,9 +3,6 @@ ############################### dn: ${SCHEMADN} changetype: modify -replace: instanceType -instanceType: 13 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: TRUE - diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 06230e8d00..1caa62163e 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -43,7 +43,6 @@ dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: server cn: ${NETBIOSNAME} -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 1375731712 dNSHostName: ${DNSNAME} @@ -55,7 +54,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings options: 1 -instanceType: 4 showInAdvancedViewOnly: TRUE systemFlags: 33554432 dMDLocation: ${SCHEMADN} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 8797efaf98..04eaabcab7 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -66,7 +66,6 @@ sAMAccountType: 268435456 # # dn: CN=TemplateAlias,CN=Templates # cn: TemplateAlias -# instanceType: 4 # groupType: -2147483644 # sAMAccountType: 268435456 diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 7c1a438d8e..3e6f717f15 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -134,7 +134,6 @@ objectClass: top objectClass: group cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users -instanceType: 4 objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers sAMAccountType: 536870912 @@ -307,7 +306,6 @@ objectClass: top objectClass: group cn: Server Operators description: Members can administer domain servers -instanceType: 4 objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators @@ -327,7 +325,6 @@ objectClass: top objectClass: group cn: Account Operators description: Members can administer domain user and group accounts -instanceType: 4 objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators diff --git a/source4/setup/provision_users_modify.ldif b/source4/setup/provision_users_modify.ldif index 42dff07080..06954c44f0 100644 --- a/source4/setup/provision_users_modify.ldif +++ b/source4/setup/provision_users_modify.ldif @@ -3,9 +3,6 @@ changetype: modify replace: description description: Default container for upgraded user accounts - -replace: instanceType -instanceType: 4 -- replace: showInAdvancedViewOnly showInAdvancedViewOnly: FALSE - -- cgit From 53c1cdd11ad56723cd7bada2df0cc2faa88227df Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 17:08:34 +1100 Subject: Don't set 'name' in the LDIF, this is handled by the rdn_name module. Andrew Bartlett (This used to be commit e9003feb1b9eb3d5b82e82910b63306e5ecc2908) --- source4/setup/display_specifiers.ldif | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index 574912b3e8..b06d89778c 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -7,14 +7,12 @@ dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 -name: 409 showInAdvancedViewOnly: TRUE dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: user-Display -name: user-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 9,{FA3E1D55-16DF-446d-872E-BD04D4F39C93} adminPropertyPages: 8,{0910dd01-df8c-11d1-ae27-00c04fa35813} @@ -33,7 +31,6 @@ dn: CN=group-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: group-Display -name: group-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 4,{4E40F770-369C-11d0-8922-00A024AB2DBB} adminPropertyPages: 3,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} @@ -61,7 +58,6 @@ dn: CN=computer-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: computer-Display -name: computer-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 10,{0F65B1BF-740F-11d1-BBE6-0060081692B3} adminPropertyPages: 7,{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3} @@ -79,7 +75,6 @@ dn: CN=organizationalUnit-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: organizationalUnit-Display -name: organizationalUnit-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 6,{FA3E1D55-16DF-446d-872E-BD04D4F39C93} adminPropertyPages: 5,{4E40F770-369C-11d0-8922-00A024AB2DBB} @@ -95,7 +90,6 @@ dn: CN=container-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: container-Display -name: container-Display contextMenu: 0,{62AE1F9A-126A-11D0-A14B-0800361B1103} adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB} adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} @@ -110,7 +104,6 @@ dn: CN=default-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: displaySpecifier cn: default-Display -name: default-Display adminPropertyPages: 3,{4E40F770-369C-11d0-8922-00A024AB2DBB} adminPropertyPages: 2,{6dfe6488-a212-11d0-bcd5-00c04fd8d5b6} adminPropertyPages: 1,{6384e23e-736d-11d1-bd0d-00c04fd8d5b6} -- cgit From b39676089e8a4b0f2cca96c15ed21e054a78e8e2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jan 2008 18:10:18 +1100 Subject: Remove default 'showInAdvancedViewOnly' values. This means we only show and set the values when they are not the values the schema and objectclass module would impose. Andrew Bartlett (This used to be commit c2f2e01357c1b087aa1261fb2cac8687426d5a78) --- source4/setup/display_specifiers.ldif | 2 -- source4/setup/provision.ldif | 11 +++------- source4/setup/provision_configuration.ldif | 12 ----------- .../provision_configuration_basedn_modify.ldif | 3 --- source4/setup/provision_schema_basedn_modify.ldif | 3 --- source4/setup/provision_self_join.ldif | 4 +--- source4/setup/provision_templates.ldif | 1 - source4/setup/provision_users.ldif | 25 ---------------------- 8 files changed, 4 insertions(+), 57 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/display_specifiers.ldif b/source4/setup/display_specifiers.ldif index b06d89778c..7d6633244d 100644 --- a/source4/setup/display_specifiers.ldif +++ b/source4/setup/display_specifiers.ldif @@ -1,13 +1,11 @@ dn: CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container -showInAdvancedViewOnly: TRUE dn: CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top objectClass: container cn: 409 -showInAdvancedViewOnly: TRUE dn: CN=user-Display,CN=409,CN=DisplaySpecifiers,${CONFIGDN} objectClass: top diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 5e15bf347a..3fb9361d0b 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -3,25 +3,24 @@ objectClass: top objectClass: organizationalUnit cn: Domain Controllers description: Default container for domain controllers -showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE +showInAdvancedViewOnly: FALSE dn: CN=ForeignSecurityPrincipals,${DOMAINDN} objectClass: top objectClass: container cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains -showInAdvancedViewOnly: FALSE systemFlags: 2348810240 isCriticalSystemObject: TRUE +showInAdvancedViewOnly: FALSE dn: CN=System,${DOMAINDN} objectClass: top objectClass: container cn: System description: Builtin system settings -showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE @@ -29,7 +28,6 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectclass: top objectclass: rIDManager cn: RID Manager$ -showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -39,20 +37,17 @@ dn: CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: DomainUpdates -showInAdvancedViewOnly: TRUE dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${DOMAINDN} objectClass: top objectClass: container cn: Windows2003Update -showInAdvancedViewOnly: TRUE revision: 8 dn: CN=Infrastructure,${DOMAINDN} objectclass: top objectclass: infrastructureUpdate cn: Infrastructure -showInAdvancedViewOnly: TRUE systemFlags: 2348810240 isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -61,7 +56,6 @@ dn: CN=Builtin,${DOMAINDN} objectClass: top objectClass: builtinDomain cn: Builtin -showInAdvancedViewOnly: FALSE forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 @@ -78,6 +72,7 @@ serverState: 1 uASCompat: 1 modifiedCount: 1 isCriticalSystemObject: TRUE +showInAdvancedViewOnly: FALSE dn: CN=Policies,CN=System,${DOMAINDN} objectClass: top diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 750fa1326a..0fe90b0739 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -5,7 +5,6 @@ dn: CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRefContainer cn: Partitions -showInAdvancedViewOnly: TRUE systemFlags: 2147483648 msDS-Behavior-Version: 0 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} @@ -14,7 +13,6 @@ dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Configuration -showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${CONFIGDN} dnsRoot: ${DNSDOMAIN} @@ -23,7 +21,6 @@ dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: Enterprise Schema -showInAdvancedViewOnly: TRUE systemFlags: 1 nCName: ${SCHEMADN} dnsRoot: ${DNSDOMAIN} @@ -32,7 +29,6 @@ dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN} objectClass: top objectClass: crossRef cn: ${DOMAIN} -showInAdvancedViewOnly: TRUE systemFlags: 3 nCName: ${DOMAINDN} nETBIOSName: ${DOMAIN} @@ -42,54 +38,46 @@ dn: CN=Sites,${CONFIGDN} objectClass: top objectClass: sitesContainer cn: Sites -showInAdvancedViewOnly: TRUE systemFlags: 2181038080 dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: site cn: ${DEFAULTSITE} -showInAdvancedViewOnly: TRUE systemFlags: 2181038080 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: serversContainer cn: Servers -showInAdvancedViewOnly: TRUE systemFlags: 2181038080 dn: CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Services -showInAdvancedViewOnly: TRUE systemFlags: 2147483648 dn: CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Windows NT -showInAdvancedViewOnly: TRUE dn: CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: nTDSService cn: Directory Service -showInAdvancedViewOnly: TRUE sPNMappings: host=ldap,dns,cifs,http dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: container cn: Query-Policies -showInAdvancedViewOnly: TRUE dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN} objectClass: top objectClass: queryPolicy cn: Default Query Policy -showInAdvancedViewOnly: TRUE lDAPAdminLimits: MaxValRange=1500 lDAPAdminLimits: MaxReceiveBuffer=10485760 lDAPAdminLimits: MaxDatagramRecv=4096 diff --git a/source4/setup/provision_configuration_basedn_modify.ldif b/source4/setup/provision_configuration_basedn_modify.ldif index a72f2c8eca..9b87e1cead 100644 --- a/source4/setup/provision_configuration_basedn_modify.ldif +++ b/source4/setup/provision_configuration_basedn_modify.ldif @@ -3,8 +3,5 @@ ############################### dn: ${CONFIGDN} changetype: modify -replace: showInAdvancedViewOnly -showInAdvancedViewOnly: TRUE -- replace: subRefs subRefs: ${SCHEMADN} diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 986f0d632c..4e690376d7 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -3,9 +3,6 @@ ############################### dn: ${SCHEMADN} changetype: modify -replace: showInAdvancedViewOnly -showInAdvancedViewOnly: TRUE -- replace: fSMORoleOwner fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} - diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 1caa62163e..58669660f4 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -30,7 +30,6 @@ objectClass: organizationalPerson objectClass: user cn: dns description: DNS Service Account -showInAdvancedViewOnly: TRUE userAccountControl: 514 accountExpires: 9223372036854775807 sAMAccountName: dns @@ -38,12 +37,12 @@ sAMAccountType: 805306368 servicePrincipalName: DNS/${DNSDOMAIN} isCriticalSystemObject: TRUE sambaPassword:: ${DNSPASS_B64} +showInAdvancedViewOnly: TRUE dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} objectClass: top objectClass: server cn: ${NETBIOSNAME} -showInAdvancedViewOnly: TRUE systemFlags: 1375731712 dNSHostName: ${DNSNAME} serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} @@ -54,7 +53,6 @@ objectClass: applicationSettings objectClass: nTDSDSA cn: NTDS Settings options: 1 -showInAdvancedViewOnly: TRUE systemFlags: 33554432 dMDLocation: ${SCHEMADN} invocationId: ${INVOCATIONID} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 04eaabcab7..fafedc6966 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -70,7 +70,6 @@ sAMAccountType: 268435456 # sAMAccountType: 268435456 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates -showInAdvancedViewOnly: TRUE dn: CN=TemplateSecret,CN=Templates diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 3e6f717f15..05fde15974 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -401,173 +401,148 @@ objectClass: top objectClass: container cn: WellKnown Security Principals systemFlags: 2147483648 -showInAdvancedViewOnly: TRUE dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Anonymous Logon objectSid: S-1-5-7 -showInAdvancedViewOnly: TRUE dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Authenticated Users objectSid: S-1-5-11 -showInAdvancedViewOnly: TRUE dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Batch objectSid: S-1-5-3 -showInAdvancedViewOnly: TRUE dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Creator Group objectSid: S-1-3-1 -showInAdvancedViewOnly: TRUE dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Creator Owner objectSid: S-1-3-0 -showInAdvancedViewOnly: TRUE dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Dialup objectSid: S-1-5-1 -showInAdvancedViewOnly: TRUE dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Digest Authentication objectSid: S-1-5-64-21 -showInAdvancedViewOnly: TRUE dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Enterprise Domain Controllers objectSid: S-1-5-9 -showInAdvancedViewOnly: TRUE dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Everyone objectSid: S-1-1-0 -showInAdvancedViewOnly: TRUE dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Interactive objectSid: S-1-5-4 -showInAdvancedViewOnly: TRUE dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Local Service objectSid: S-1-5-19 -showInAdvancedViewOnly: TRUE dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Network objectSid: S-1-5-2 -showInAdvancedViewOnly: TRUE dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Network Service objectSid: S-1-5-20 -showInAdvancedViewOnly: TRUE dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: NTLM Authentication objectSid: S-1-5-64-10 -showInAdvancedViewOnly: TRUE dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Other Organization objectSid: S-1-5-1000 -showInAdvancedViewOnly: TRUE dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Proxy objectSid: S-1-5-8 -showInAdvancedViewOnly: TRUE dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Remote Interactive Logon objectSid: S-1-5-14 -showInAdvancedViewOnly: TRUE dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Restricted objectSid: S-1-5-12 -showInAdvancedViewOnly: TRUE dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: SChannel Authentication objectSid: S-1-5-64-14 -showInAdvancedViewOnly: TRUE dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Self objectSid: S-1-5-10 -showInAdvancedViewOnly: TRUE dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Service objectSid: S-1-5-6 -showInAdvancedViewOnly: TRUE dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Terminal Server User objectSid: S-1-5-13 -showInAdvancedViewOnly: TRUE dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: This Organization objectSid: S-1-5-15 -showInAdvancedViewOnly: TRUE dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN} objectClass: top objectClass: foreignSecurityPrincipal cn: Well-Known-Security-Id-System objectSid: S-1-5-18 -showInAdvancedViewOnly: TRUE -- cgit From decdf5954d5e1ae84318d6767317965f544a897f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 23 Jan 2008 23:33:36 +0100 Subject: python: Add convenience function for getting command line loadparm context and default to using system smb.conf. (This used to be commit b3afde0f00ab5093b577b139a062c233d4db2524) --- source4/setup/provision.py | 9 ++++----- source4/setup/upgrade.py | 9 ++++----- source4/setup/vampire.py | 7 +++---- 3 files changed, 11 insertions(+), 14 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 88015ce0a3..b9a11bdd78 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -37,7 +37,8 @@ from samba.provision import (provision, provision_paths_from_lp) parser = optparse.OptionParser("provision [options]") -parser.add_option_group(options.SambaOptions(parser)) +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) @@ -111,9 +112,7 @@ if opts.realm is None or opts.domain is None: sys.exit(1) # cope with an initially blank smb.conf -lp = param.LoadParm() -if opts.configfile: - lp.load(opts.configfile) +lp = sambaopts.get_loadparm() if opts.targetdir is not None: if not os.path.exists(opts.targetdir): os.mkdir(opts.targetdir) @@ -127,7 +126,7 @@ if opts.aci is not None: print "set ACI: %s" % opts.aci paths = provision_paths_from_lp(lp, opts.realm.lower()) -paths.smbconf = opts.configfile +paths.smbconf = sambaopts.get_loadparm_path() if opts.ldap_backend: if opts.ldap_backend == "ldapi": diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index ea6f83d7de..4cf9641ef2 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -14,7 +14,8 @@ import samba.getopt as options from auth import system_session parser = optparse.OptionParser("upgrade [options] ") -parser.add_option_group(options.SambaOptions(parser)) +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) @@ -59,15 +60,13 @@ if setup_dir is None: setup_dir = "setup" creds = credopts.get_credentials() -lp = param.LoadParm() -if opts.configfile: - lp.load(opts.configfile) +lp = sambaopts.get_loadparm() if opts.targetdir is not None: if not os.path.exists(opts.targetdir): os.mkdir(opts.targetdir) lp.set("private dir", os.path.abspath(opts.targetdir)) lp.set("lock dir", os.path.abspath(opts.targetdir)) paths = provision_paths_from_lp(lp, "") -paths.smbconf = opts.configfile +paths.smbconf = sambaopts.get_loadparm_path() upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), lp=lp, paths=paths) diff --git a/source4/setup/vampire.py b/source4/setup/vampire.py index 392cd2d4fb..728c53146a 100755 --- a/source4/setup/vampire.py +++ b/source4/setup/vampire.py @@ -26,7 +26,8 @@ from auth import system_session import sys parser = optparse.OptionParser("vampire [options] ") -parser.add_option_group(options.SambaOptions(parser)) +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) @@ -47,8 +48,6 @@ def vampire(domain, session_info, credentials, lp): ctx.samsync_ldb(vampire_ctx, machine_creds=machine_creds, session_info=session_info) -lp = param.LoadParm() -if opts.configfile: - lp.load(opts.configfile) +lp = sambaopts.get_loadparm() vampire(args[0], session_info=system_session(), credentials=credopts.get_credentials(), lp=lp) -- cgit From 08f94e2754a95b50fc421c18a07401d4fd141941 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 11:26:21 +1100 Subject: Remove useless subs from the ejs provision The less things we manually place into the templates, the easier the conversion to python will be. Andrew Bartlett (This used to be commit f65e5c164476b80468aa19452b108db17c642f8b) --- source4/setup/secrets_dc.ldif | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index 64469352bb..71c7fc2f5b 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -7,8 +7,6 @@ realm: ${REALM} secret:: ${MACHINEPASS_B64} secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} msDS-KeyVersionNumber: 1 objectSid: ${DOMAINSID} privateKeytab: ${SECRETS_KEYTAB} @@ -22,8 +20,6 @@ objectClass: kerberosSecret flatname: ${DOMAIN} realm: ${REALM} sAMAccountName: krbtgt -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw krb5Keytab: HDB:ldb:${SAM_LDB}: @@ -36,8 +32,6 @@ objectClass: top objectClass: secret objectClass: kerberosSecret realm: ${REALM} -whenCreated: ${LDAPTIME} -whenChanged: ${LDAPTIME} servicePrincipalName: DNS/${DNSDOMAIN} privateKeytab: ${DNS_KEYTAB} secret:: ${DNSPASS_B64} -- cgit From 1557e7b930b95fa5309390c46f72e14628447703 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 11:33:37 +1100 Subject: Kill another sub that the modules will handle for us. (This used to be commit e9bb130d63e86fafc4cbf379e2e237354b88bcf8) --- source4/setup/provision_basedn.ldif | 1 - source4/setup/provision_basedn_modify.ldif | 3 --- 2 files changed, 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 3c7537f013..11eb0593e8 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -6,5 +6,4 @@ objectClass: top objectClass: domain objectClass: domainDNS ${ACI} -dc: ${RDN_DC} diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index fa990599d9..dadfda720e 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -4,9 +4,6 @@ dn: ${DOMAINDN} changetype: modify - -replace: dc -dc: ${RDN_DC} -- replace: forceLogoff forceLogoff: 9223372036854775808 - -- cgit From 48e79659d1a81bb5a5dd3932f9e8f7c0b1a99947 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 24 Jan 2008 16:17:45 +1100 Subject: Make the repl_meta_data module the default for domain controllers. Andrew Bartlett (This used to be commit ae2ea1bd0cd2b326b09b372428969f2cf52ce519) --- source4/setup/provision | 8 ++++---- source4/setup/provision_partitions.ldif | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 8b24c51040..9e135cddbb 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -143,12 +143,10 @@ if (ldapbackend) { subobj.LDAPMODULE = "normalise,entryuuid"; subobj.TDB_MODULES_LIST = ""; } + subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches"; subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; - subobj.DOMAINDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; - subobj.CONFIGDN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; - subobj.SCHEMADN_MOD2 = "," + subobj.LDAPMODULE + ",paged_searches"; message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); } @@ -175,7 +173,9 @@ if (partitions_only) { message("--host-guid='%s' \\\n", subobj.HOSTGUID); } message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP); - message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + if (subobj.INVOCATIONID != undefined) { + message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + } message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); diff --git a/source4/setup/provision_partitions.ldif b/source4/setup/provision_partitions.ldif index fb8bc7f595..93fea6bc2d 100644 --- a/source4/setup/provision_partitions.ldif +++ b/source4/setup/provision_partitions.ldif @@ -5,9 +5,9 @@ partition: ${DOMAINDN}:${DOMAINDN_LDB} replicateEntries: @ATTRIBUTES replicateEntries: @INDEXLIST replicateEntries: @OPTIONS -modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2} -modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2} -modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2} +modules:${SCHEMADN}:${SCHEMADN_MOD},${BACKEND_MOD} +modules:${CONFIGDN}:${CONFIGDN_MOD},${BACKEND_MOD} +modules:${DOMAINDN}:${DOMAINDN_MOD},${BACKEND_MOD} dn: @MODULES @LIST: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2} -- cgit From 37f35d2a03409e0d52232d4c4f956ec8637d4884 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 25 Jan 2008 01:02:13 +0100 Subject: python/provision: Reconcile code partitions-only provisioning and generic provisioning, some other minor refactoring of the provisioning. Pair-programmed by Andrew and me using obby :-) (This used to be commit 688adcbb635af87fcfedb869b7f1857a947fd2f9) --- source4/setup/provision.py | 83 +++++++++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 42 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index b9a11bdd78..743a94700d 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -33,8 +33,10 @@ import samba from auth import system_session import samba.getopt as options import param -from samba.provision import (provision, - provision_paths_from_lp) +from samba.provision import (provision, + provision_paths_from_lp, + FILL_FULL, FILL_NT4SYNC, + FILL_DRS) parser = optparse.OptionParser("provision [options]") sambaopts = options.SambaOptions(parser) @@ -84,8 +86,9 @@ parser.add_option("--blank", action="store_true", help="do not add users or groups, just the structure") parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", help="LDAP server to use for this provision") -parser.add_option("--ldap-module=", type="string", metavar="MODULE", - help="LDB mapping module to use for the LDAP backend") +parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", + help="LDB mapping module to use for the LDAP backend", + choices=["fedora-ds", "openldap"]) parser.add_option("--aci", type="string", metavar="ACI", help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain") parser.add_option("--server-role", type="choice", metavar="ROLE", @@ -122,51 +125,47 @@ lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) lp.set("server role", opts.server_role or "domain controller") + if opts.aci is not None: print "set ACI: %s" % opts.aci -paths = provision_paths_from_lp(lp, opts.realm.lower()) +private_dir = None +if opts.targetdir is not None: + private_dir = os.path.join(opts.targetdir, "private") +paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir) paths.smbconf = sambaopts.get_loadparm_path() -if opts.ldap_backend: - if opts.ldap_backend == "ldapi": - subobj.ldap_backend = subobj.ldapi_uri - - if not opts.ldap_module: - subobj.ldapmodule = "entryuuid" - - subobj.domaindn_ldb = subobj.ldap_backend - subobj.domaindn_mod2 = ",%s,paged_searches" % subobj.ldapmodule - subobj.configdn_ldb = subobj.ldap_backend - subobj.configdn_mod2 = ",%s,paged_searches" % subobj.ldapmodule - subobj.schemadn_ldb = subobj.ldap_backend - subobj.schemadn_mod2 = ",%s,paged_searches" % subobj.ldapmodule - message("LDAP module: %s on backend: %s" % (subobj.ldapmodule, subobj.ldap_backend)) - creds = credopts.get_credentials() setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -if opts.partitions_only: - provision_become_dc(setup_dir, message, False, - paths, lp, system_session(), creds) -else: - provision(lp, setup_dir, message, opts.blank, paths, - system_session(), creds, opts.ldap_backend, realm=opts.realm, - domainguid=opts.domain_guid, domainsid=opts.domain_sid, - policyguid=opts.policy_guid, hostname=opts.host_name, - hostip=opts.host_ip, hostguid=opts.host_guid, - invocationid=opts.invocationid, adminpass=opts.adminpass, - krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, - dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, - nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, - aci=opts.aci, serverrole=opts.server_role) - message("To reproduce this provision, run with:") - def shell_escape(arg): - if " " in arg: - return '"%s"' % arg - return arg - message(" ".join([shell_escape(arg) for arg in sys.argv])) - -message("All OK") + +samdb_fill = FILL_FULL +if opts.blank: + samdb_fill = FILL_NT4SYNC +elif opts.partitions_only: + samdb_fill = FILL_DRS + +provision(lp, setup_dir, message, paths, + system_session(), creds, opts.ldap_backend, + samdb_fill=samdb_fill, realm=opts.realm, + domainguid=opts.domain_guid, domainsid=opts.domain_sid, + policyguid=opts.policy_guid, hostname=opts.host_name, + hostip=opts.host_ip, hostguid=opts.host_guid, + invocationid=opts.invocationid, adminpass=opts.adminpass, + krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, + dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, + nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, + aci=opts.aci, serverrole=opts.server_role, + ldap_backend=opts.ldap_backend, + ldap_backend_type=opts.ldap_backend_type) + +message("To reproduce this provision, run with:") +def shell_escape(arg): + if " " in arg: + return '"%s"' % arg + return arg +message(" ".join([shell_escape(arg) for arg in sys.argv])) + +message("All OK") \ No newline at end of file -- cgit From dbf400c3da853e6845f0d0b667f713639b29582e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 25 Jan 2008 01:41:06 +0100 Subject: python/provision: Create private dir if it didn't exist yet. (This used to be commit 66df250ff355d3c1b7f0252fc1f95a8c79a28c6d) --- source4/setup/provision.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 743a94700d..c8087f7bd7 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -2,7 +2,8 @@ # # Unix SMB/CIFS implementation. # provision a Samba4 server -# Copyright (C) Jelmer Vernooij 2007 +# Copyright (C) Jelmer Vernooij 2007-2008 +# Copyright (C) Andrew Bartlett 2008 # # Based on the original in EJS: # Copyright (C) Andrew Tridgell 2005 @@ -115,11 +116,15 @@ if opts.realm is None or opts.domain is None: sys.exit(1) # cope with an initially blank smb.conf +private_dir = None lp = sambaopts.get_loadparm() if opts.targetdir is not None: if not os.path.exists(opts.targetdir): os.mkdir(opts.targetdir) - lp.set("private dir", os.path.abspath(opts.targetdir)) + private_dir = os.path.join(opts.targetdir, "private") + if not os.path.exists(private_dir): + os.mkdir(private_dir) + lp.set("private dir", os.path.abspath(private_dir)) lp.set("lock dir", os.path.abspath(opts.targetdir)) lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) @@ -129,9 +134,6 @@ lp.set("server role", opts.server_role or "domain controller") if opts.aci is not None: print "set ACI: %s" % opts.aci -private_dir = None -if opts.targetdir is not None: - private_dir = os.path.join(opts.targetdir, "private") paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir) paths.smbconf = sambaopts.get_loadparm_path() @@ -168,4 +170,4 @@ def shell_escape(arg): return arg message(" ".join([shell_escape(arg) for arg in sys.argv])) -message("All OK") \ No newline at end of file +message("All OK") -- cgit From 0efa783849ff4bd449cdcc5f643f0101d48746bb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 8 Feb 2008 17:12:54 +1100 Subject: Remove unused parameter from provision() Andrew Bartlett (This used to be commit c8b0a8a196d8d187a86aef497953d0105436aff8) --- source4/setup/provision.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index c8087f7bd7..9f887e8b3b 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -150,7 +150,7 @@ elif opts.partitions_only: samdb_fill = FILL_DRS provision(lp, setup_dir, message, paths, - system_session(), creds, opts.ldap_backend, + system_session(), creds, samdb_fill=samdb_fill, realm=opts.realm, domainguid=opts.domain_guid, domainsid=opts.domain_sid, policyguid=opts.policy_guid, hostname=opts.host_name, -- cgit From b2d47f9794bc805051fde55f1f94d29db96c6a62 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 9 Feb 2008 09:59:45 +1100 Subject: From a request from Peter Huang, include IPsec sechema. (We may need to include more defaults in the template, but I want to start small for now). Andrew Bartlett (This used to be commit a466dda118f785bf784548106637577a5e25a30e) --- source4/setup/provision.ldif | 4 + source4/setup/schema.ldif | 281 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 284 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 3fb9361d0b..37b6bdaa60 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -78,3 +78,7 @@ dn: CN=Policies,CN=System,${DOMAINDN} objectClass: top objectClass: container +dn: CN=IP Security,CN=System,${DOMAINDN} +objectClass: top +objectClass: container + diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 585b418311..be68ed2b91 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -2249,6 +2249,24 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-ISAKMP-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.626 +attributeSyntax: 2.5.5.1 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-ISAKMP-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-ISAKMP-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecISAKMPReference +schemaIDGUID: b40ff820-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=Application-Name,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -2990,6 +3008,23 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-ID,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.621 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-ID +adminDescription: Ipsec-ID +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: ipsecID +schemaIDGUID: b40ff81d-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=LDAP-Admin-Limits,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -3317,6 +3352,24 @@ systemFlags: 16 isMemberOfPartialAttributeSet: TRUE objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-NFA-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.627 +attributeSyntax: 2.5.5.1 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-NFA-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-NFA-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecNFAReference +schemaIDGUID: b40ff821-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=secretary,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -7279,6 +7332,24 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Owners-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.624 +attributeSyntax: 2.5.5.1 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Owners-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-Owners-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecOwnersReference +schemaIDGUID: b40ff824-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=State-Or-Province-Name,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -7808,6 +7879,24 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Filter-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.629 +attributeSyntax: 2.5.5.1 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Filter-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-Filter-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecFilterReference +schemaIDGUID: b40ff823-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=User-Comment,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -7946,7 +8035,6 @@ searchFlags: 0 lDAPDisplayName: msDRM-IdentityCertificate schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 systemFlags: 16 -isMemberOfPartialAttributeSet: TRUE objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logoff,${SCHEMADN} @@ -8078,6 +8166,40 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Data-Type,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.622 +attributeSyntax: 2.5.5.9 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Data-Type +adminDescription: Ipsec-Data-Type +oMSyntax: 2 +searchFlags: 0 +lDAPDisplayName: ipsecDataType +schemaIDGUID: b40ff81e-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + +dn: CN=Ipsec-Data,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.623 +attributeSyntax: 2.5.5.10 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Data +adminDescription: Ipsec-Data +oMSyntax: 4 +searchFlags: 0 +lDAPDisplayName: ipsecData +schemaIDGUID: b40ff81f-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=RID-Manager-Reference,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -8501,6 +8623,23 @@ systemOnly: FALSE systemFlags: 16 objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Name,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.620 +attributeSyntax: 2.5.5.12 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Name +adminDescription: Ipsec-Name +oMSyntax: 64 +searchFlags: 0 +lDAPDisplayName: ipsecName +schemaIDGUID: b40ff81c-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=CA-Certificate,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -8522,6 +8661,24 @@ systemFlags: 16 isMemberOfPartialAttributeSet: TRUE objectCategory: CN=Attribute-Schema,${SCHEMADN} +dn: CN=Ipsec-Negotiation-Policy-Reference,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +attributeID: 1.2.840.113556.1.4.628 +attributeSyntax: 2.5.5.1 +isSingleValued: TRUE +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Negotiation-Policy-Reference +oMObjectClass:: KwwCh3McAIVK +adminDescription: Ipsec-Negotiation-Policy-Reference +oMSyntax: 127 +searchFlags: 0 +lDAPDisplayName: ipsecNegotiationPolicyReference +schemaIDGUID: b40ff822-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemFlags: 16 +objectCategory: CN=Attribute-Schema,${SCHEMADN} + dn: CN=MHS-OR-Address,${SCHEMADN} objectClass: top objectClass: attributeSchema @@ -9014,6 +9171,28 @@ defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Top,${SCHEMADN} +dn: CN=Ipsec-ISAKMP-Policy,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: ipsecBase +governsID: 1.2.840.113556.1.5.120 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-ISAKMP-Policy +adminDescription: Ipsec-ISAKMP-Policy +objectClassCategory: 1 +lDAPDisplayName: ipsecISAKMPPolicy +schemaIDGUID: b40ff828-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: container +systemPossSuperiors: computer +systemPossSuperiors: organizationalUnit +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,${SCHEMADN} + dn: CN=Domain-DNS,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9246,6 +9425,30 @@ defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Display-Specifier,${SCHEMADN} +dn: CN=Ipsec-Base,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.2.840.113556.1.5.7000.56 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Base +adminDescription: Ipsec-Base +objectClassCategory: 2 +lDAPDisplayName: ipsecBase +schemaIDGUID: b40ff825-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemMayContain: ipsecOwnersReference +systemMayContain: ipsecName +systemMayContain: ipsecID +systemMayContain: ipsecDataType +systemMayContain: ipsecData +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-Base,${SCHEMADN} + dn: CN=ms-DS-Az-Scope,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9546,10 +9749,13 @@ possibleInferiors: user possibleInferiors: container possibleInferiors: groupPolicyContainer possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: locality possibleInferiors: msDS-AzAdminManager possibleInferiors: organizationalUnit +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson +possibleInferiors: ipsecISAKMPPolicy rDNAttID: ou showInAdvancedViewOnly: TRUE adminDisplayName: Organizational-Unit @@ -9600,6 +9806,30 @@ defaultHidingValue: FALSE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Organizational-Unit,${SCHEMADN} +dn: CN=Ipsec-NFA,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: ipsecBase +governsID: 1.2.840.113556.1.5.121 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-NFA +adminDescription: Ipsec-NFA +objectClassCategory: 1 +lDAPDisplayName: ipsecNFA +schemaIDGUID: b40ff829-427a-11d1-a9c2-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: container +systemPossSuperiors: computer +systemPossSuperiors: organizationalUnit +systemMayContain: ipsecNegotiationPolicyReference +systemMayContain: ipsecFilterReference +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-NFA,${SCHEMADN} + dn: CN=Lost-And-Found,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9625,6 +9855,7 @@ possibleInferiors: site possibleInferiors: organization possibleInferiors: domainDNS possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: queryPolicy possibleInferiors: locality possibleInferiors: subnet @@ -9635,8 +9866,10 @@ possibleInferiors: nTDSService possibleInferiors: country possibleInferiors: organizationalUnit possibleInferiors: secret +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson possibleInferiors: server +possibleInferiors: ipsecISAKMPPolicy rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Lost-And-Found @@ -9829,6 +10062,9 @@ objectClass: top objectClass: classSchema subClassOf: user governsID: 1.2.840.113556.1.3.30 +possibleInferiors: ipsecNFA +possibleInferiors: ipsecPolicy +possibleInferiors: ipsecISAKMPPolicy rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Computer @@ -9899,6 +10135,30 @@ defaultHidingValue: TRUE objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Person,${SCHEMADN} +dn: CN=Ipsec-Policy,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: ipsecBase +governsID: 1.2.840.113556.1.5.98 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Ipsec-Policy +adminDescription: Ipsec-Policy +objectClassCategory: 1 +lDAPDisplayName: ipsecPolicy +schemaIDGUID: b7b13121-b82e-11d0-afee-0000f80367c1 +systemOnly: FALSE +systemPossSuperiors: organizationalUnit +systemPossSuperiors: computer +systemPossSuperiors: container +systemMayContain: ipsecNFAReference +systemMayContain: ipsecISAKMPReference +defaultSecurityDescriptor: D: +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Ipsec-Policy,${SCHEMADN} + dn: CN=Container,${SCHEMADN} objectClass: top objectClass: classSchema @@ -9912,12 +10172,15 @@ possibleInferiors: user possibleInferiors: container possibleInferiors: groupPolicyContainer possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: queryPolicy possibleInferiors: msDS-AzAdminManager possibleInferiors: displaySpecifier possibleInferiors: nTDSService possibleInferiors: secret +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson +possibleInferiors: ipsecISAKMPPolicy mayContain: msDS-ObjectReference rDNAttID: cn showInAdvancedViewOnly: TRUE @@ -10624,12 +10887,15 @@ possibleInferiors: user possibleInferiors: container possibleInferiors: groupPolicyContainer possibleInferiors: person +possibleInferiors: ipsecNFA possibleInferiors: queryPolicy possibleInferiors: msDS-AzAdminManager possibleInferiors: displaySpecifier possibleInferiors: nTDSService possibleInferiors: secret +possibleInferiors: ipsecPolicy possibleInferiors: organizationalPerson +possibleInferiors: ipsecISAKMPPolicy rDNAttID: cn showInAdvancedViewOnly: TRUE adminDisplayName: Group-Policy-Container @@ -10656,6 +10922,7 @@ objectClass: top objectClass: subSchema objectCategory: CN=SubSchema,${SCHEMADN} objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) +objectClasses: ( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' SUP ipsecBase STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) objectClasses: ( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY ( msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzApplicationVersion $ msDS-AzClassId $ msDS-AzApplicationName $ description ) ) objectClasses: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' SUP top STRUCTURAL ) @@ -10664,6 +10931,7 @@ objectClasses: ( 1.2.840.113556.1.5.12 NAME 'configuration' SUP top STRUCTURAL M objectClasses: ( 1.2.840.113556.1.3.11 NAME 'crossRef' SUP top STRUCTURAL MUST ( nCName $ dnsRoot $ cn ) MAY ( trustParent $ superiorDNSRoot $ rootTrust $ nTMixedDomain $ nETBIOSName $ Enabled $ msDS-SDReferenceDomain $ msDS-Replication-Notify-Subsequent-DSA-Delay $ msDS-Replication-Notify-First-DSA-Delay $ msDS-NC-Replica-Locations $ msDS-DnsRootAlias $ msDS-Behavior-Version ) ) objectClasses: ( 1.2.840.113556.1.5.83 NAME 'rIDManager' SUP top STRUCTURAL MUST ( rIDAvailablePool ) ) objectClasses: ( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURAL MAY ( treatAsLeaf $ shellPropertyPages $ shellContextMenu $ scopeFlags $ queryFilter $ iconPath $ extraColumns $ creationWizard $ createWizardExt $ createDialog $ contextMenu $ classDisplayName $ attributeDisplayNames $ adminPropertyPages $ adminMultiselectPropertyPages $ adminContextMenu ) ) +objectClasses: ( 1.2.840.113556.1.5.7000.56 NAME 'ipsecBase' SUP top ABSTRACT MAY ( ipsecOwnersReference $ ipsecName $ ipsecID $ ipsecDataType $ ipsecData ) ) objectClasses: ( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST ( msDS-AzScopeName ) MAY ( msDS-AzApplicationData $ description ) ) objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST ( l ) MAY ( street $ st $ seeAlso $ searchGuide ) ) objectClasses: ( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY ( msDS-SPNSuffixes $ uPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-Behavior-Version ) ) @@ -10674,6 +10942,7 @@ objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( t objectClasses: ( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuide ) ) objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) ) +objectClasses: ( 1.2.840.113556.1.5.121 NAME 'ipsecNFA' SUP ipsecBase STRUCTURAL MAY ( ipsecNegotiationPolicyReference $ ipsecFilterReference ) ) objectClasses: ( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY ( moveTreeState ) ) objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) ) objectClasses: ( 1.2.840.113556.1.3.14 NAME 'attributeSchema' SUP top STRUCTURAL MUST ( schemaIDGUID $ oMSyntax $ lDAPDisplayName $ isSingleValued $ cn $ attributeSyntax $ attributeID ) MAY ( systemOnly $ searchFlags $ schemaFlagsEx $ rangeUpper $ rangeLower $ oMObjectClass $ msDs-Schema-Extensions $ msDS-IntId $ mAPIID $ linkID $ isMemberOfPartialAttributeSet $ isEphemeral $ isDefunct $ extendedCharsAllowed $ classDisplayName $ attributeSecurityGUID ) ) @@ -10681,6 +10950,7 @@ objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY ( volumeCount $ siteGUID $ rIDSetReferences $ policyReplicationFlags $ physicalLocationObject $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ operatingSystem $ networkAddress $ netbootSIFFile $ netbootMirrorDataFile $ netbootMachineFilePath $ netbootInitialization $ netbootGUID $ msDS-AdditionalSamAccountName $ msDS-AdditionalDnsHostName $ managedBy $ machineRole $ location $ localPolicyFlags $ dNSHostName $ defaultLocalPolicyObject $ cn $ catalogs ) ) objectClasses: ( 2.5.6.6 NAME 'person' SUP top MUST ( cn ) MAY ( userPassword $ telephoneNumber $ sn $ serialNumber $ seeAlso $ attributeCertificateAttribute ) ) +objectClasses: ( 1.2.840.113556.1.5.98 NAME 'ipsecPolicy' SUP ipsecBase STRUCTURAL MAY ( ipsecNFAReference $ ipsecISAKMPReference ) ) objectClasses: ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaVersion $ defaultClassStore $ msDS-ObjectReference ) ) objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( notificationList $ mSMQSiteID $ mSMQSiteForeign $ mSMQNt4Stub $ mSMQInterval2 $ mSMQInterval1 $ managedBy $ location $ gPOptions $ gPLink ) ) objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) ) @@ -10825,6 +11095,7 @@ attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.1 attributeTypes: ( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.639 NAME 'isMemberOfPartialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.626 NAME 'ipsecISAKMPReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) @@ -10866,6 +11137,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6 attributeTypes: ( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.621 NAME 'ipsecID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.843 NAME 'lDAPAdminLimits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) @@ -10884,6 +11156,7 @@ attributeTypes: ( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.627 NAME 'ipsecNFAReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -11098,6 +11371,7 @@ attributeTypes: ( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6. attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.624 NAME 'ipsecOwnersReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) @@ -11126,6 +11400,7 @@ attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX ' attributeTypes: ( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.629 NAME 'ipsecFilterReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) @@ -11141,6 +11416,8 @@ attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4. attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.622 NAME 'ipsecDataType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) +attributeTypes: ( 1.2.840.113556.1.4.623 NAME 'ipsecData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) attributeTypes: ( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) @@ -11164,7 +11441,9 @@ attributeTypes: ( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1. attributeTypes: ( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) attributeTypes: ( 1.2.840.113556.1.4.615 NAME 'shellContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.610 NAME 'classDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) +attributeTypes: ( 1.2.840.113556.1.4.620 NAME 'ipsecName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributeTypes: ( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) +attributeTypes: ( 1.2.840.113556.1.4.628 NAME 'ipsecNegotiationPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -- cgit From bd0bfe683386f983318b507c5a614f818cdfb38d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 9 Feb 2008 03:09:56 +0100 Subject: Fix provision python test. (This used to be commit b173fa6bd2b24b5a3e7b4fbcb926f6c9771c10ba) --- source4/setup/provision.py | 9 +++------ source4/setup/upgrade.py | 1 - 2 files changed, 3 insertions(+), 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.py b/source4/setup/provision.py index 9f887e8b3b..033d2491f2 100755 --- a/source4/setup/provision.py +++ b/source4/setup/provision.py @@ -26,9 +26,6 @@ import getopt import optparse import os, sys -# Add path to the library for in-tree use -sys.path.append("scripting/python") - import samba from auth import system_session @@ -130,12 +127,12 @@ lp.set("realm", opts.realm) lp.set("workgroup", opts.domain) lp.set("server role", opts.server_role or "domain controller") - if opts.aci is not None: print "set ACI: %s" % opts.aci -paths = provision_paths_from_lp(lp, opts.realm.lower(), private_dir) -paths.smbconf = sambaopts.get_loadparm_path() +paths = provision_paths_from_lp(lp, opts.realm.lower()) +if sambaopts.get_loadparm_path() is not None: + paths.smbconf = sambaopts.get_loadparm_path() creds = credopts.get_credentials() diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 4cf9641ef2..960cd1b9e2 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -7,7 +7,6 @@ import getopt import optparse import os, sys -sys.path.append("scripting/python") import param import samba import samba.getopt as options -- cgit From 0f4c940919de6203595b8eaeb12eb9c2ea887f8c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 12 Feb 2008 01:39:31 +0100 Subject: Add blackbox test for provisioning code to make sure it can be run more than once in a row. (This used to be commit 42466d960c86b692ef5e03c045ba24591c5c6f84) --- source4/setup/tests/blackbox_provision.sh | 39 +++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100755 source4/setup/tests/blackbox_provision.sh (limited to 'source4/setup') diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh new file mode 100755 index 0000000000..57b11eae5f --- /dev/null +++ b/source4/setup/tests/blackbox_provision.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +if [ $# -lt 2 ]; then +cat < Date: Wed, 13 Feb 2008 01:22:09 +0100 Subject: Add python version of newuser.py. (This used to be commit f70aef8e51e1a2f186fe71edaa4c81a39b837573) --- source4/setup/newuser.py | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100755 source4/setup/newuser.py (limited to 'source4/setup') diff --git a/source4/setup/newuser.py b/source4/setup/newuser.py new file mode 100755 index 0000000000..03ae4e5ffb --- /dev/null +++ b/source4/setup/newuser.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# +# add a new user to a Samba4 server +# Copyright Andrew Tridgell 2005 +# Copyright Jelmer Vernooij 2008 +# Released under the GNU GPL v2 or later +# + +import samba.getopt as options +import optparse +import pwd +import sys + +from auth import system_session +from samba.samdb import SamDB + +parser = optparse.OptionParser("newuser [options] []") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--quiet", help="Be quiet", action="store_true") +parser.add_option("--unixname", help="Unix Username", type=str) + +opts, args = parser.parse_args() + +# +# print a message if quiet is not set +# +def message(text): + if not opts.quiet: + print text + +if len(args) == 0: + parser.print_usage() + sys.exit(1) + +username = args[0] +if len(args) > 1: + password = args[1] +else: + random_init(local) + options.password = randpass(12) + print "chose random password %s\n" % password + +if opts.unixname is None: + opts.unixname = username + +try: + pwd.getpwnam(opts.unixname) +except KeyError: + print "ERROR: Unix user '%s' does not exist" % opts.unixname + sys.exit(1) + +creds = credopts.get_credentials() + +lp = sambaopts.get_loadparm() +samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), + credentials=creds, lp=lp) +samdb.newuser(username, opts.unixname, password) -- cgit From 0b1a24681e6b41129e05a9612610fade27aecd4d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Feb 2008 10:43:13 +1100 Subject: Be consistant about --ldap-backend-type Make the EJS provision and the selftest scripts both use the new syntax for speicifying the ldap backend type. Andrew Bartlett (This used to be commit b1d2584277304be3f2a640465cbf6b2a3ec571cc) --- source4/setup/provision | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 9e135cddbb..328754fd9c 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -35,7 +35,7 @@ options = GetOptions(ARGV, 'partitions-only', 'ldap-base', 'ldap-backend=s', - 'ldap-module=s', + 'ldap-backend-type=s', 'aci=s'); if (options == undefined) { @@ -88,7 +88,7 @@ provision [options] --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision - --ldap-module MODULE LDB mapping module to use for the LDAP backend + --ldap-backend-type TYPE OpenLDAP or Fedora DS --aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server You must provide at least a realm and domain @@ -124,7 +124,7 @@ for (r in options) { var blank = (options["blank"] != undefined); var ldapbackend = (options["ldap-backend"] != undefined); -var ldapmodule = (options["ldap-module"] != undefined); +var ldapbackendtype = options["ldap-backend-type"]; var partitions_only = (options["partitions-only"] != undefined); var paths = provision_default_paths(subobj); if (options["aci"] != undefined) { @@ -139,9 +139,13 @@ if (ldapbackend) { if (options["ldap-backend"] == "ldapi") { subobj.LDAPBACKEND = subobj.LDAPI_URI; } - if (!ldapmodule) { + if (ldapbackendtype == undefined) { + + } else if (ldapbackendtype == "openldap") { subobj.LDAPMODULE = "normalise,entryuuid"; subobj.TDB_MODULES_LIST = ""; + } else if (ldapbackendtype == "fedora-ds") { + subobj.LDAPMODULE = "nsuniqueid"; } subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches"; subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; @@ -183,8 +187,8 @@ if (partitions_only) { if (ldapbackend) { message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); } - if (ldapmodule) { - message("--ldap-module='%s' \\\n", + subobj.LDAPMODULE); + if (ldapbackendtype != undefined) { + message("--ldap-backend-type='%s' \\\n", + ldapbackendtype); } message("--aci='" + subobj.ACI + "' \\\n") } -- cgit From ee6f838d3a5aaa54b105249391aae89803901a2e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 21 Feb 2008 01:22:20 +0100 Subject: Make setup/provision the name of the python provision script now that that is the default. (This used to be commit a0a05c5a3d614d0f2936ecfcab5273a2ef7d61a8) --- source4/setup/provision | 368 ++++++++++++++---------------- source4/setup/provision.js | 198 ++++++++++++++++ source4/setup/provision.py | 170 -------------- source4/setup/tests/blackbox_provision.sh | 6 +- 4 files changed, 371 insertions(+), 371 deletions(-) create mode 100755 source4/setup/provision.js delete mode 100755 source4/setup/provision.py (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 328754fd9c..033d2491f2 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -1,198 +1,170 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - provision a Samba4 server - Copyright Andrew Tridgell 2005 - Released under the GNU GPL v2 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'realm=s', - 'domain=s', - 'domain-guid=s', - 'domain-sid=s', - 'policy-guid=s', - 'host-name=s', - 'host-ip=s', - 'host-guid=s', - 'invocationid=s', - 'adminpass=s', - 'krbtgtpass=s', - 'machinepass=s', - 'dnspass=s', - 'root=s', - 'nobody=s', - 'nogroup=s', - 'wheel=s', - 'users=s', - 'quiet', - 'blank', - 'server-role=s', - 'partitions-only', - 'ldap-base', - 'ldap-backend=s', - 'ldap-backend-type=s', - 'aci=s'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 provisioning - -provision [options] - --realm REALM set realm - --domain DOMAIN set domain - --domain-guid GUID set domainguid (otherwise random) - --domain-sid SID set domainsid (otherwise random) - --host-name HOSTNAME set hostname - --host-ip IPADDRESS set ipaddress - --host-guid GUID set hostguid (otherwise random) - --policy-guid GUID set group policy guid (otherwise random) - --invocationid GUID set invocationid (otherwise random) - --adminpass PASSWORD choose admin password (otherwise random) - --krbtgtpass PASSWORD choose krbtgt password (otherwise random) - --machinepass PASSWORD choose machine password (otherwise random) - --root USERNAME choose 'root' unix username - --nobody USERNAME choose 'nobody' user - --nogroup GROUPNAME choose 'nogroup' group - --wheel GROUPNAME choose 'wheel' privileged group - --users GROUPNAME choose 'users' group - --quiet Be quiet - --blank do not add users or groups, just the structure - --server-role ROLE Set server role to provision for (default standalone) - --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) - --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN - --ldap-backend LDAPSERVER LDAP server to use for this provision - --ldap-backend-type TYPE OpenLDAP or Fedora DS - --aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server -You must provide at least a realm and domain - -"); - exit(1); -} - -if (options['host-name'] == undefined) { - options['host-name'] = hostname(); -} - -/* - main program -*/ -if (options["realm"] == undefined || - options["domain"] == undefined || - options["host-name"] == undefined) { - ShowHelp(); -} - -/* cope with an initially blank smb.conf */ -var lp = loadparm_init(); -lp.set("realm", options.realm); -lp.set("workgroup", options.domain); -lp.set("server role", options["server-role"]); -lp.reload(); - -var subobj = provision_guess(); -for (r in options) { - var key = strupper(join("", split("-", r))); - subobj[key] = options[r]; -} - -var blank = (options["blank"] != undefined); -var ldapbackend = (options["ldap-backend"] != undefined); -var ldapbackendtype = options["ldap-backend-type"]; -var partitions_only = (options["partitions-only"] != undefined); -var paths = provision_default_paths(subobj); -if (options["aci"] != undefined) { - message("set ACI: %s\n", subobj["ACI"]); -} - -message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]); - -provision_fix_subobj(subobj, paths); - -if (ldapbackend) { - if (options["ldap-backend"] == "ldapi") { - subobj.LDAPBACKEND = subobj.LDAPI_URI; - } - if (ldapbackendtype == undefined) { - - } else if (ldapbackendtype == "openldap") { - subobj.LDAPMODULE = "normalise,entryuuid"; - subobj.TDB_MODULES_LIST = ""; - } else if (ldapbackendtype == "fedora-ds") { - subobj.LDAPMODULE = "nsuniqueid"; - } - subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches"; - subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; - subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; - subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; - message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); -} - -if (!provision_validate(subobj, message)) { - return -1; -} - -var system_session = system_session(); -var creds = options.get_credentials(); -message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); -message("Using administrator password: %s\n", subobj.ADMINPASS); -if (partitions_only) { - provision_become_dc(subobj, message, false, paths, system_session); -} else { - provision(subobj, message, blank, paths, system_session, creds, ldapbackend); - provision_dns(subobj, message, paths, system_session, creds); - message("To reproduce this provision, run with:\n"); -/* There has to be a better way than this... */ - message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF); - if (subobj.DOMAINGUID != undefined) { - message("--domain-guid='%s' \\\n", subobj.DOMAINGUID); - } - if (subobj.HOSTGUID != undefined) { - message("--host-guid='%s' \\\n", subobj.HOSTGUID); - } - message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP); - if (subobj.INVOCATIONID != undefined) { - message("--invocationid='%s' \\\n", subobj.INVOCATIONID); - } - message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); - message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); - message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); - message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE); - if (ldapbackend) { - message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); - } - if (ldapbackendtype != undefined) { - message("--ldap-backend-type='%s' \\\n", + ldapbackendtype); - } - message("--aci='" + subobj.ACI + "' \\\n") -} - - -message("All OK\n"); -return 0; +#!/usr/bin/python +# +# Unix SMB/CIFS implementation. +# provision a Samba4 server +# Copyright (C) Jelmer Vernooij 2007-2008 +# Copyright (C) Andrew Bartlett 2008 +# +# Based on the original in EJS: +# Copyright (C) Andrew Tridgell 2005 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import getopt +import optparse +import os, sys + +import samba + +from auth import system_session +import samba.getopt as options +import param +from samba.provision import (provision, + provision_paths_from_lp, + FILL_FULL, FILL_NT4SYNC, + FILL_DRS) + +parser = optparse.OptionParser("provision [options]") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--setupdir", type="string", metavar="DIR", + help="directory with setup files") +parser.add_option("--realm", type="string", metavar="REALM", help="set realm") +parser.add_option("--domain", type="string", metavar="DOMAIN", + help="set domain") +parser.add_option("--domain-guid", type="string", metavar="GUID", + help="set domainguid (otherwise random)") +parser.add_option("--domain-sid", type="string", metavar="SID", + help="set domainsid (otherwise random)") +parser.add_option("--policy-guid", type="string", metavar="GUID", + help="set policy guid") +parser.add_option("--host-name", type="string", metavar="HOSTNAME", + help="set hostname") +parser.add_option("--host-ip", type="string", metavar="IPADDRESS", + help="set ipaddress") +parser.add_option("--host-guid", type="string", metavar="GUID", + help="set hostguid (otherwise random)") +parser.add_option("--invocationid", type="string", metavar="GUID", + help="set invocationid (otherwise random)") +parser.add_option("--adminpass", type="string", metavar="PASSWORD", + help="choose admin password (otherwise random)") +parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", + help="choose krbtgt password (otherwise random)") +parser.add_option("--machinepass", type="string", metavar="PASSWORD", + help="choose machine password (otherwise random)") +parser.add_option("--dnspass", type="string", metavar="PASSWORD", + help="choose dns password (otherwise random)") +parser.add_option("--root", type="string", metavar="USERNAME", + help="choose 'root' unix username") +parser.add_option("--nobody", type="string", metavar="USERNAME", + help="choose 'nobody' user") +parser.add_option("--nogroup", type="string", metavar="GROUPNAME", + help="choose 'nogroup' group") +parser.add_option("--wheel", type="string", metavar="GROUPNAME", + help="choose 'wheel' privileged group") +parser.add_option("--users", type="string", metavar="GROUPNAME", + help="choose 'users' group") +parser.add_option("--quiet", help="Be quiet", action="store_true") +parser.add_option("--blank", action="store_true", + help="do not add users or groups, just the structure") +parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", + help="LDAP server to use for this provision") +parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", + help="LDB mapping module to use for the LDAP backend", + choices=["fedora-ds", "openldap"]) +parser.add_option("--aci", type="string", metavar="ACI", + help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain") +parser.add_option("--server-role", type="choice", metavar="ROLE", + choices=["domain controller", "member server"], + help="Set server role to provision for (default standalone)") +parser.add_option("--partitions-only", + help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") +parser.add_option("--targetdir", type="string", metavar="DIR", + help="Set target directory") + +opts = parser.parse_args()[0] + +def message(text): + """print a message if quiet is not set.""" + if not opts.quiet: + print text + +if opts.realm is None or opts.domain is None: + if opts.realm is None: + print >>sys.stderr, "No realm set" + if opts.domain is None: + print >>sys.stderr, "No domain set" + parser.print_usage() + sys.exit(1) + +# cope with an initially blank smb.conf +private_dir = None +lp = sambaopts.get_loadparm() +if opts.targetdir is not None: + if not os.path.exists(opts.targetdir): + os.mkdir(opts.targetdir) + private_dir = os.path.join(opts.targetdir, "private") + if not os.path.exists(private_dir): + os.mkdir(private_dir) + lp.set("private dir", os.path.abspath(private_dir)) + lp.set("lock dir", os.path.abspath(opts.targetdir)) +lp.set("realm", opts.realm) +lp.set("workgroup", opts.domain) +lp.set("server role", opts.server_role or "domain controller") + +if opts.aci is not None: + print "set ACI: %s" % opts.aci + +paths = provision_paths_from_lp(lp, opts.realm.lower()) +if sambaopts.get_loadparm_path() is not None: + paths.smbconf = sambaopts.get_loadparm_path() + +creds = credopts.get_credentials() + +setup_dir = opts.setupdir +if setup_dir is None: + setup_dir = "setup" + +samdb_fill = FILL_FULL +if opts.blank: + samdb_fill = FILL_NT4SYNC +elif opts.partitions_only: + samdb_fill = FILL_DRS + +provision(lp, setup_dir, message, paths, + system_session(), creds, + samdb_fill=samdb_fill, realm=opts.realm, + domainguid=opts.domain_guid, domainsid=opts.domain_sid, + policyguid=opts.policy_guid, hostname=opts.host_name, + hostip=opts.host_ip, hostguid=opts.host_guid, + invocationid=opts.invocationid, adminpass=opts.adminpass, + krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, + dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, + nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, + aci=opts.aci, serverrole=opts.server_role, + ldap_backend=opts.ldap_backend, + ldap_backend_type=opts.ldap_backend_type) + +message("To reproduce this provision, run with:") +def shell_escape(arg): + if " " in arg: + return '"%s"' % arg + return arg +message(" ".join([shell_escape(arg) for arg in sys.argv])) + +message("All OK") diff --git a/source4/setup/provision.js b/source4/setup/provision.js new file mode 100755 index 0000000000..328754fd9c --- /dev/null +++ b/source4/setup/provision.js @@ -0,0 +1,198 @@ +#!/bin/sh +exec smbscript "$0" ${1+"$@"} +/* + provision a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +options = GetOptions(ARGV, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", + 'realm=s', + 'domain=s', + 'domain-guid=s', + 'domain-sid=s', + 'policy-guid=s', + 'host-name=s', + 'host-ip=s', + 'host-guid=s', + 'invocationid=s', + 'adminpass=s', + 'krbtgtpass=s', + 'machinepass=s', + 'dnspass=s', + 'root=s', + 'nobody=s', + 'nogroup=s', + 'wheel=s', + 'users=s', + 'quiet', + 'blank', + 'server-role=s', + 'partitions-only', + 'ldap-base', + 'ldap-backend=s', + 'ldap-backend-type=s', + 'aci=s'); + +if (options == undefined) { + println("Failed to parse options"); + return -1; +} + +libinclude("base.js"); +libinclude("provision.js"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 provisioning + +provision [options] + --realm REALM set realm + --domain DOMAIN set domain + --domain-guid GUID set domainguid (otherwise random) + --domain-sid SID set domainsid (otherwise random) + --host-name HOSTNAME set hostname + --host-ip IPADDRESS set ipaddress + --host-guid GUID set hostguid (otherwise random) + --policy-guid GUID set group policy guid (otherwise random) + --invocationid GUID set invocationid (otherwise random) + --adminpass PASSWORD choose admin password (otherwise random) + --krbtgtpass PASSWORD choose krbtgt password (otherwise random) + --machinepass PASSWORD choose machine password (otherwise random) + --root USERNAME choose 'root' unix username + --nobody USERNAME choose 'nobody' user + --nogroup GROUPNAME choose 'nogroup' group + --wheel GROUPNAME choose 'wheel' privileged group + --users GROUPNAME choose 'users' group + --quiet Be quiet + --blank do not add users or groups, just the structure + --server-role ROLE Set server role to provision for (default standalone) + --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) + --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN + --ldap-backend LDAPSERVER LDAP server to use for this provision + --ldap-backend-type TYPE OpenLDAP or Fedora DS + --aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server +You must provide at least a realm and domain + +"); + exit(1); +} + +if (options['host-name'] == undefined) { + options['host-name'] = hostname(); +} + +/* + main program +*/ +if (options["realm"] == undefined || + options["domain"] == undefined || + options["host-name"] == undefined) { + ShowHelp(); +} + +/* cope with an initially blank smb.conf */ +var lp = loadparm_init(); +lp.set("realm", options.realm); +lp.set("workgroup", options.domain); +lp.set("server role", options["server-role"]); +lp.reload(); + +var subobj = provision_guess(); +for (r in options) { + var key = strupper(join("", split("-", r))); + subobj[key] = options[r]; +} + +var blank = (options["blank"] != undefined); +var ldapbackend = (options["ldap-backend"] != undefined); +var ldapbackendtype = options["ldap-backend-type"]; +var partitions_only = (options["partitions-only"] != undefined); +var paths = provision_default_paths(subobj); +if (options["aci"] != undefined) { + message("set ACI: %s\n", subobj["ACI"]); +} + +message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]); + +provision_fix_subobj(subobj, paths); + +if (ldapbackend) { + if (options["ldap-backend"] == "ldapi") { + subobj.LDAPBACKEND = subobj.LDAPI_URI; + } + if (ldapbackendtype == undefined) { + + } else if (ldapbackendtype == "openldap") { + subobj.LDAPMODULE = "normalise,entryuuid"; + subobj.TDB_MODULES_LIST = ""; + } else if (ldapbackendtype == "fedora-ds") { + subobj.LDAPMODULE = "nsuniqueid"; + } + subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches"; + subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; + subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; + subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; + message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); +} + +if (!provision_validate(subobj, message)) { + return -1; +} + +var system_session = system_session(); +var creds = options.get_credentials(); +message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); +message("Using administrator password: %s\n", subobj.ADMINPASS); +if (partitions_only) { + provision_become_dc(subobj, message, false, paths, system_session); +} else { + provision(subobj, message, blank, paths, system_session, creds, ldapbackend); + provision_dns(subobj, message, paths, system_session, creds); + message("To reproduce this provision, run with:\n"); +/* There has to be a better way than this... */ + message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF); + if (subobj.DOMAINGUID != undefined) { + message("--domain-guid='%s' \\\n", subobj.DOMAINGUID); + } + if (subobj.HOSTGUID != undefined) { + message("--host-guid='%s' \\\n", subobj.HOSTGUID); + } + message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP); + if (subobj.INVOCATIONID != undefined) { + message("--invocationid='%s' \\\n", subobj.INVOCATIONID); + } + message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); + message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); + message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); + message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE); + if (ldapbackend) { + message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); + } + if (ldapbackendtype != undefined) { + message("--ldap-backend-type='%s' \\\n", + ldapbackendtype); + } + message("--aci='" + subobj.ACI + "' \\\n") +} + + +message("All OK\n"); +return 0; diff --git a/source4/setup/provision.py b/source4/setup/provision.py deleted file mode 100755 index 033d2491f2..0000000000 --- a/source4/setup/provision.py +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/python -# -# Unix SMB/CIFS implementation. -# provision a Samba4 server -# Copyright (C) Jelmer Vernooij 2007-2008 -# Copyright (C) Andrew Bartlett 2008 -# -# Based on the original in EJS: -# Copyright (C) Andrew Tridgell 2005 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -import getopt -import optparse -import os, sys - -import samba - -from auth import system_session -import samba.getopt as options -import param -from samba.provision import (provision, - provision_paths_from_lp, - FILL_FULL, FILL_NT4SYNC, - FILL_DRS) - -parser = optparse.OptionParser("provision [options]") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("--setupdir", type="string", metavar="DIR", - help="directory with setup files") -parser.add_option("--realm", type="string", metavar="REALM", help="set realm") -parser.add_option("--domain", type="string", metavar="DOMAIN", - help="set domain") -parser.add_option("--domain-guid", type="string", metavar="GUID", - help="set domainguid (otherwise random)") -parser.add_option("--domain-sid", type="string", metavar="SID", - help="set domainsid (otherwise random)") -parser.add_option("--policy-guid", type="string", metavar="GUID", - help="set policy guid") -parser.add_option("--host-name", type="string", metavar="HOSTNAME", - help="set hostname") -parser.add_option("--host-ip", type="string", metavar="IPADDRESS", - help="set ipaddress") -parser.add_option("--host-guid", type="string", metavar="GUID", - help="set hostguid (otherwise random)") -parser.add_option("--invocationid", type="string", metavar="GUID", - help="set invocationid (otherwise random)") -parser.add_option("--adminpass", type="string", metavar="PASSWORD", - help="choose admin password (otherwise random)") -parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", - help="choose krbtgt password (otherwise random)") -parser.add_option("--machinepass", type="string", metavar="PASSWORD", - help="choose machine password (otherwise random)") -parser.add_option("--dnspass", type="string", metavar="PASSWORD", - help="choose dns password (otherwise random)") -parser.add_option("--root", type="string", metavar="USERNAME", - help="choose 'root' unix username") -parser.add_option("--nobody", type="string", metavar="USERNAME", - help="choose 'nobody' user") -parser.add_option("--nogroup", type="string", metavar="GROUPNAME", - help="choose 'nogroup' group") -parser.add_option("--wheel", type="string", metavar="GROUPNAME", - help="choose 'wheel' privileged group") -parser.add_option("--users", type="string", metavar="GROUPNAME", - help="choose 'users' group") -parser.add_option("--quiet", help="Be quiet", action="store_true") -parser.add_option("--blank", action="store_true", - help="do not add users or groups, just the structure") -parser.add_option("--ldap-backend", type="string", metavar="LDAPSERVER", - help="LDAP server to use for this provision") -parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", - help="LDB mapping module to use for the LDAP backend", - choices=["fedora-ds", "openldap"]) -parser.add_option("--aci", type="string", metavar="ACI", - help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain") -parser.add_option("--server-role", type="choice", metavar="ROLE", - choices=["domain controller", "member server"], - help="Set server role to provision for (default standalone)") -parser.add_option("--partitions-only", - help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") -parser.add_option("--targetdir", type="string", metavar="DIR", - help="Set target directory") - -opts = parser.parse_args()[0] - -def message(text): - """print a message if quiet is not set.""" - if not opts.quiet: - print text - -if opts.realm is None or opts.domain is None: - if opts.realm is None: - print >>sys.stderr, "No realm set" - if opts.domain is None: - print >>sys.stderr, "No domain set" - parser.print_usage() - sys.exit(1) - -# cope with an initially blank smb.conf -private_dir = None -lp = sambaopts.get_loadparm() -if opts.targetdir is not None: - if not os.path.exists(opts.targetdir): - os.mkdir(opts.targetdir) - private_dir = os.path.join(opts.targetdir, "private") - if not os.path.exists(private_dir): - os.mkdir(private_dir) - lp.set("private dir", os.path.abspath(private_dir)) - lp.set("lock dir", os.path.abspath(opts.targetdir)) -lp.set("realm", opts.realm) -lp.set("workgroup", opts.domain) -lp.set("server role", opts.server_role or "domain controller") - -if opts.aci is not None: - print "set ACI: %s" % opts.aci - -paths = provision_paths_from_lp(lp, opts.realm.lower()) -if sambaopts.get_loadparm_path() is not None: - paths.smbconf = sambaopts.get_loadparm_path() - -creds = credopts.get_credentials() - -setup_dir = opts.setupdir -if setup_dir is None: - setup_dir = "setup" - -samdb_fill = FILL_FULL -if opts.blank: - samdb_fill = FILL_NT4SYNC -elif opts.partitions_only: - samdb_fill = FILL_DRS - -provision(lp, setup_dir, message, paths, - system_session(), creds, - samdb_fill=samdb_fill, realm=opts.realm, - domainguid=opts.domain_guid, domainsid=opts.domain_sid, - policyguid=opts.policy_guid, hostname=opts.host_name, - hostip=opts.host_ip, hostguid=opts.host_guid, - invocationid=opts.invocationid, adminpass=opts.adminpass, - krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, - dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, - nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, - aci=opts.aci, serverrole=opts.server_role, - ldap_backend=opts.ldap_backend, - ldap_backend_type=opts.ldap_backend_type) - -message("To reproduce this provision, run with:") -def shell_escape(arg): - if " " in arg: - return '"%s"' % arg - return arg -message(" ".join([shell_escape(arg) for arg in sys.argv])) - -message("All OK") diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh index 57b11eae5f..0aed7bb8b7 100755 --- a/source4/setup/tests/blackbox_provision.sh +++ b/source4/setup/tests/blackbox_provision.sh @@ -27,11 +27,11 @@ testit() { return $status } -testit "simple" $PYTHON ./setup/provision.py $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple +testit "simple" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple reprovision() { - $PYTHON ./setup/provision.py $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" - $PYTHON ./setup/provision.py $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" + $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" + $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" } testit "reprovision" reprovision -- cgit From 895874d9663ccb95883579d145018ec8a8add9c8 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 18 Feb 2008 14:33:58 +0100 Subject: idmap: Handle uid->SID mapping (This used to be commit 6ac6de8476ba036eb041e054bc37e4503dc2fde8) --- source4/setup/idmap_init.ldif | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 source4/setup/idmap_init.ldif (limited to 'source4/setup') diff --git a/source4/setup/idmap_init.ldif b/source4/setup/idmap_init.ldif new file mode 100644 index 0000000000..a397cfd0d2 --- /dev/null +++ b/source4/setup/idmap_init.ldif @@ -0,0 +1,5 @@ +dn: CN=CONFIG +cn: CONFIG +lowerBound: 10000 +upperBound: 20000 + -- cgit From b42e3fb232ca68e869de4b39826da861f48e6771 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Wed, 27 Feb 2008 13:47:34 +0100 Subject: Fix cases, add version number. (#4935) (This used to be commit d2eb404ba1711abf6bb2718f8bb1dbbd104e7d4d) --- source4/setup/provision.reg | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.reg b/source4/setup/provision.reg index 892b5ec50c..b80db09c09 100644 --- a/source4/setup/provision.reg +++ b/source4/setup/provision.reg @@ -2,37 +2,46 @@ REGEDIT4 [HKEY_LOCAL_MACHINE] -[HKEY_LOCAL_MACHINE\System] +[HKEY_LOCAL_MACHINE\SOFTWARE] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet] +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control] +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ProductOptions] +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion] +CurrentVersion=5.2 + +[HKEY_LOCAL_MACHINE\SYSTEM] + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet] + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions] ProductType=LanmanNT -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] -[HKEY_LOCAL_MACHINE\System] +[HKEY_LOCAL_MACHINE\SYSTEM] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] RefusePasswordChange=REG_DWORD:0 -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\REPLICATOR] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\REPLICATOR] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\REPLICATOR\Parameters] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\REPLICATOR\Parameters] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Alerter] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter] -[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Alerter\Parameters] +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Parameters] [HKEY_USERS] -- cgit From 446fb38765c8b3d0e8cf3f74442029cabca3a41b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 28 Feb 2008 08:43:10 +1100 Subject: Users and computers now share the same template. Slowly work away at the samldb module again, it is clear that AD does not use much of a templating system. samAccountType is managed, as far as I can tell, when groupType or userAccountControl changes. Andrew Bartlett (This used to be commit 447d5a795441aa6beab2f057c5ac1bc3c04e08c4) --- source4/setup/provision_self_join.ldif | 2 -- source4/setup/provision_templates.ldif | 26 +------------------------- source4/setup/provision_users.ldif | 20 -------------------- 3 files changed, 1 insertion(+), 47 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 58669660f4..503656a9bf 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -8,7 +8,6 @@ localPolicyFlags: 0 primaryGroupID: 516 accountExpires: 9223372036854775807 sAMAccountName: ${NETBIOSNAME}$ -sAMAccountType: 805306369 operatingSystem: Samba operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} @@ -33,7 +32,6 @@ description: DNS Service Account userAccountControl: 514 accountExpires: 9223372036854775807 sAMAccountName: dns -sAMAccountType: 805306368 servicePrincipalName: DNS/${DNSDOMAIN} isCriticalSystemObject: TRUE sambaPassword:: ${DNSPASS_B64} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index fafedc6966..cc0ab212cd 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -18,7 +18,7 @@ objectClass: container description: Container for SAM account templates dn: CN=TemplateUser,CN=Templates -userAccountControl: 514 +userAccountControl: 546 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -29,21 +29,6 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 805306368 - -dn: CN=TemplateComputer,CN=Templates -userAccountControl: 4098 -badPwdCount: 0 -codePage: 0 -countryCode: 0 -badPasswordTime: 0 -lastLogoff: 0 -lastLogon: 0 -pwdLastSet: 0 -primaryGroupID: 513 -accountExpires: -1 -logonCount: 0 -sAMAccountType: 805306369 dn: CN=TemplateTrustingDomain,CN=Templates userAccountControl: 2080 @@ -56,18 +41,9 @@ lastLogon: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 805306370 dn: CN=TemplateGroup,CN=Templates groupType: -2147483646 -sAMAccountType: 268435456 - -# Currently this isn't used, we don't have a way to detect it different from an incoming alias -# -# dn: CN=TemplateAlias,CN=Templates -# cn: TemplateAlias -# groupType: -2147483644 -# sAMAccountType: 268435456 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 05fde15974..4b053d9166 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -44,7 +44,6 @@ objectSid: ${DOMAINSID}-502 adminCount: 1 accountExpires: 9223372036854775807 sAMAccountName: krbtgt -sAMAccountType: 805306368 servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE sambaPassword:: ${KRBTGTPASS_B64} @@ -85,7 +84,6 @@ objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory groupType: 2147483652 -sAMAccountType: 536870912 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers isCriticalSystemObject: TRUE @@ -136,7 +134,6 @@ cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers -sAMAccountType: 536870912 groupType: 2147483652 isCriticalSystemObject: TRUE @@ -151,7 +148,6 @@ member: CN=Administrator,CN=Users,${DOMAINDN} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -188,7 +184,6 @@ description: Users are prevented from making accidental or intentional system-wi member: CN=Domain Users,CN=Users,${DOMAINDN} objectSid: S-1-5-32-545 sAMAccountName: Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -202,7 +197,6 @@ member: CN=Domain Guests,CN=Users,${DOMAINDN} member: CN=Guest,CN=Users,${DOMAINDN} objectSid: S-1-5-32-546 sAMAccountName: Guests -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -215,7 +209,6 @@ description: Members can administer domain printers objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -231,7 +224,6 @@ description: Backup Operators can override security restrictions for the sole pu objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -248,7 +240,6 @@ description: Supports file replication in a domain objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -260,7 +251,6 @@ cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -272,7 +262,6 @@ cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -284,7 +273,6 @@ cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -296,7 +284,6 @@ cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -309,7 +296,6 @@ description: Members can administer domain servers objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -328,7 +314,6 @@ description: Members can administer domain user and group accounts objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -341,7 +326,6 @@ cn: Pre-Windows 2000 Compatible Access description: A backward compatibility group which allows read access on all users and groups in the domain objectSid: S-1-5-32-554 sAMAccountName: Pre-Windows 2000 Compatible Access -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -355,7 +339,6 @@ cn: Incoming Forest Trust Builders description: Members of this group can create incoming, one-way trusts to this forest objectSid: S-1-5-32-557 sAMAccountName: Incoming Forest Trust Builders -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -367,7 +350,6 @@ cn: Windows Authorization Access Group description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects objectSid: S-1-5-32-560 sAMAccountName: Windows Authorization Access Group -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -379,7 +361,6 @@ cn: Terminal Server License Servers description: Terminal Server License Servers objectSid: S-1-5-32-561 sAMAccountName: Terminal Server License Servers -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE @@ -391,7 +372,6 @@ cn: Distributed COM Users description: Members are allowed to launch, activate and use Distributed COM objects on this machine. objectSid: S-1-5-32-562 sAMAccountName: Distributed COM Users -sAMAccountType: 536870912 systemFlags: 2348810240 groupType: 2147483653 isCriticalSystemObject: TRUE -- cgit From 736ae6a56653a8d20f57a7b8a6221eb45dba720c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Mar 2008 11:27:57 +1100 Subject: Don't hardcode objectCategory into the schema, even in the schema. We now load the schema early enough that we can generate this too! Andrew Bartlett (This used to be commit 1adc74c65a3219fc110964ccdf9a9d60a84831da) --- source4/setup/schema.ldif | 545 ---------------------------------------------- 1 file changed, 545 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index be68ed2b91..e96cf5f5fc 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -14,7 +14,6 @@ schemaIDGUID: c3dbafa6-33df-11d2-98b2-0000f87a57d4 attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-Owner-BL,${SCHEMADN} objectClass: top @@ -33,7 +32,6 @@ lDAPDisplayName: ownerBL schemaIDGUID: bf9679f4-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Member-Of-DL,${SCHEMADN} objectClass: top @@ -54,7 +52,6 @@ schemaIDGUID: bf967991-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: bc0ac240-79a9-11d0-9020-00c04fc2d4cf systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Search-Guide,${SCHEMADN} objectClass: top @@ -72,7 +69,6 @@ lDAPDisplayName: searchGuide schemaIDGUID: bf967a2e-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-ReplicationEpoch,${SCHEMADN} objectClass: top @@ -89,7 +85,6 @@ lDAPDisplayName: msDS-ReplicationEpoch schemaIDGUID: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41 systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Auditing-Policy,${SCHEMADN} objectClass: top @@ -106,7 +101,6 @@ lDAPDisplayName: auditingPolicy schemaIDGUID: 6da8a4fe-0e52-11d0-a286-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Fax-Other,${SCHEMADN} objectClass: top @@ -126,7 +120,6 @@ schemaIDGUID: 0296c11d-40da-11d1-a9c0-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Address,${SCHEMADN} objectClass: top @@ -147,7 +140,6 @@ schemaIDGUID: f0f8ff84-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Security-Identifier,${SCHEMADN} objectClass: top @@ -165,7 +157,6 @@ schemaIDGUID: bf967a2f-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-KeyVersionNumber,${SCHEMADN} objectClass: top @@ -182,7 +173,6 @@ lDAPDisplayName: msDS-KeyVersionNumber schemaIDGUID: c523e9c0-33b5-4ac8-8923-b57b927f42f6 systemOnly: TRUE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Account-Name-History,${SCHEMADN} objectClass: top @@ -199,7 +189,6 @@ lDAPDisplayName: accountNameHistory schemaIDGUID: 031952ec-3b72-11d2-90cc-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=preferredLanguage,${SCHEMADN} objectClass: top @@ -216,7 +205,6 @@ lDAPDisplayName: preferredLanguage schemaIDGUID: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Shared-Folder-Other,${SCHEMADN} objectClass: top @@ -234,7 +222,6 @@ schemaIDGUID: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Shared-Folder,${SCHEMADN} objectClass: top @@ -252,7 +239,6 @@ schemaIDGUID: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Digests-Mig,${SCHEMADN} objectClass: top @@ -270,7 +256,6 @@ schemaIDGUID: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Identifier,${SCHEMADN} objectClass: top @@ -287,7 +272,6 @@ lDAPDisplayName: domainIdentifier schemaIDGUID: 7f561278-5301-11d1-a9c5-0000f80367c1 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Legacy-Exchange-DN,${SCHEMADN} objectClass: top @@ -306,7 +290,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Well-Known-Objects,${SCHEMADN} objectClass: top @@ -327,7 +310,6 @@ schemaIDGUID: 05308983-7688-11d1-aded-00c04fd8d5cd systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RDN,${SCHEMADN} objectClass: top @@ -349,7 +331,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Non-Security-Member-BL,${SCHEMADN} objectClass: top @@ -368,7 +349,6 @@ lDAPDisplayName: nonSecurityMemberBL schemaIDGUID: 52458019-ca6a-11d0-afff-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Repl-Attribute-Meta-Data,${SCHEMADN} objectClass: top @@ -385,7 +365,6 @@ lDAPDisplayName: msDS-ReplAttributeMetaData schemaIDGUID: d7c53242-724e-4c39-9d4c-2df8c9d66c7a systemOnly: FALSE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DN-Reference-Update,${SCHEMADN} objectClass: top @@ -403,7 +382,6 @@ lDAPDisplayName: dNReferenceUpdate schemaIDGUID: 2df90d86-009f-11d2-aa4c-00c04fd7d83a systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GP-Options,${SCHEMADN} objectClass: top @@ -420,7 +398,6 @@ lDAPDisplayName: gPOptions schemaIDGUID: f30e3bbf-9ff0-11d1-b603-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Per-User-Trust-Tombstones-Quota,${SCHEMADN} objectClass: top @@ -437,7 +414,6 @@ lDAPDisplayName: msDS-PerUserTrustTombstonesQuota schemaIDGUID: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Pager-Primary,${SCHEMADN} objectClass: top @@ -458,7 +434,6 @@ schemaIDGUID: f0f8ffa6-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Site-GUID,${SCHEMADN} objectClass: top @@ -477,7 +452,6 @@ lDAPDisplayName: siteGUID schemaIDGUID: 3e978924-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Script-Engine-Cache-Max,${SCHEMADN} objectClass: top @@ -495,7 +469,6 @@ lDAPDisplayName: msDS-AzScriptEngineCacheMax schemaIDGUID: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Token-Groups-No-GC-Acceptable,${SCHEMADN} objectClass: top @@ -513,7 +486,6 @@ schemaIDGUID: 040fc392-33df-11d2-98b2-0000f87a57d4 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Token-Groups-Global-And-Universal,${SCHEMADN} objectClass: top @@ -531,7 +503,6 @@ schemaIDGUID: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Alt-Security-Identities,${SCHEMADN} objectClass: top @@ -550,7 +521,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=labeledURI,${SCHEMADN} objectClass: top @@ -567,7 +537,6 @@ lDAPDisplayName: labeledURI schemaIDGUID: c569bb46-c680-44bc-a273-e6c227d71b45 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pwd-Last-Set,${SCHEMADN} objectClass: top @@ -585,7 +554,6 @@ schemaIDGUID: bf967a0a-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Classes,${SCHEMADN} objectClass: top @@ -602,7 +570,6 @@ lDAPDisplayName: objectClasses schemaIDGUID: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Attributes,${SCHEMADN} objectClass: top @@ -620,7 +587,6 @@ schemaIDGUID: 80a67e5a-9f22-11d0-afdd-00c04fd930c9 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Trust-Forest-Trust-Info,${SCHEMADN} objectClass: top @@ -638,7 +604,6 @@ schemaIDGUID: 29cc866e-49d3-4969-942e-1dbc0925d183 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Site-Object,${SCHEMADN} objectClass: top @@ -657,7 +622,6 @@ lDAPDisplayName: siteObject schemaIDGUID: 3e10944c-c354-11d0-aff8-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Privilege-Holder,${SCHEMADN} objectClass: top @@ -676,7 +640,6 @@ lDAPDisplayName: isPrivilegeHolder schemaIDGUID: 19405b9c-3cfa-11d1-a9c0-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Dns-Root,${SCHEMADN} objectClass: top @@ -695,7 +658,6 @@ lDAPDisplayName: dnsRoot schemaIDGUID: bf967959-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Modified-Count,${SCHEMADN} objectClass: top @@ -713,7 +675,6 @@ schemaIDGUID: bf9679c5-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=International-ISDN-Number,${SCHEMADN} objectClass: top @@ -734,7 +695,6 @@ schemaIDGUID: bf96798d-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Business-Category,${SCHEMADN} objectClass: top @@ -754,7 +714,6 @@ lDAPDisplayName: businessCategory schemaIDGUID: bf967931-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=houseIdentifier,${SCHEMADN} objectClass: top @@ -772,7 +731,6 @@ searchFlags: 0 lDAPDisplayName: houseIdentifier schemaIDGUID: a45398b7-c44a-4eb6-82d3-13c10946dbfe systemOnly: FALSE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Name,${SCHEMADN} objectClass: top @@ -791,7 +749,6 @@ lDAPDisplayName: middleName schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Attribute-ID,${SCHEMADN} objectClass: top @@ -808,7 +765,6 @@ lDAPDisplayName: attributeID schemaIDGUID: bf967922-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Repl-Topology-Stay-Of-Execution,${SCHEMADN} objectClass: top @@ -825,7 +781,6 @@ lDAPDisplayName: replTopologyStayOfExecution schemaIDGUID: 7bfdcb83-4807-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-GUID,${SCHEMADN} objectClass: top @@ -845,7 +800,6 @@ schemaIDGUID: 3e978921-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RDN-Att-ID,${SCHEMADN} objectClass: top @@ -862,7 +816,6 @@ lDAPDisplayName: rDNAttID schemaIDGUID: bf967a0f-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=May-Contain,${SCHEMADN} objectClass: top @@ -879,7 +832,6 @@ lDAPDisplayName: mayContain schemaIDGUID: bf9679bf-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Auth-Outgoing,${SCHEMADN} objectClass: top @@ -898,7 +850,6 @@ lDAPDisplayName: trustAuthOutgoing schemaIDGUID: bf967a5f-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GPC-WQL-Filter,${SCHEMADN} objectClass: top @@ -915,7 +866,6 @@ lDAPDisplayName: gPCWQLFilter schemaIDGUID: 7bd4c7a6-1add-4436-8c04-3999a880154c systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-Reference-BL,${SCHEMADN} objectClass: top @@ -934,7 +884,6 @@ lDAPDisplayName: serverReferenceBL schemaIDGUID: 26d9736e-6070-11d1-a9c6-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Create-Time-Stamp,${SCHEMADN} objectClass: top @@ -951,7 +900,6 @@ lDAPDisplayName: createTimeStamp schemaIDGUID: 2df90d73-009f-11d2-aa4c-00c04fd7d83a systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Attribute-Display-Names,${SCHEMADN} objectClass: top @@ -968,7 +916,6 @@ lDAPDisplayName: attributeDisplayNames schemaIDGUID: cb843f80-48d9-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Context-Menu,${SCHEMADN} objectClass: top @@ -985,7 +932,6 @@ lDAPDisplayName: adminContextMenu schemaIDGUID: 553fd038-f32e-11d0-b0bc-00c04fd8dca6 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LSA-Modified-Count,${SCHEMADN} objectClass: top @@ -1002,7 +948,6 @@ lDAPDisplayName: lSAModifiedCount schemaIDGUID: bf9679ae-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LSA-Creation-Time,${SCHEMADN} objectClass: top @@ -1019,7 +964,6 @@ lDAPDisplayName: lSACreationTime schemaIDGUID: bf9679ad-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-State,${SCHEMADN} objectClass: top @@ -1037,7 +981,6 @@ schemaIDGUID: bf967a34-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LDAP-Display-Name,${SCHEMADN} objectClass: top @@ -1058,7 +1001,6 @@ schemaIDGUID: bf96799a-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Supplemental-Credentials,${SCHEMADN} objectClass: top @@ -1075,7 +1017,6 @@ lDAPDisplayName: supplementalCredentials schemaIDGUID: bf967a3f-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msNPSavedCallingStationID,${SCHEMADN} objectClass: top @@ -1092,7 +1033,6 @@ lDAPDisplayName: msNPSavedCallingStationID schemaIDGUID: db0c908e-c1f2-11d1-bbc5-0080c76670c0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Flags,${SCHEMADN} objectClass: top @@ -1110,7 +1050,6 @@ schemaIDGUID: bf967976-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Create-Wizard-Ext,${SCHEMADN} objectClass: top @@ -1127,7 +1066,6 @@ lDAPDisplayName: createWizardExt schemaIDGUID: 2b09958b-8931-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DMD-Location,${SCHEMADN} objectClass: top @@ -1145,7 +1083,6 @@ lDAPDisplayName: dMDLocation schemaIDGUID: f0f8ff8b-1191-11d0-a060-00aa006c33ed systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-House-Identifier,${SCHEMADN} objectClass: top @@ -1162,7 +1099,6 @@ oMSyntax: 64 searchFlags: 0 lDAPDisplayName: msExchHouseIdentifier schemaIDGUID: a8df7407-c5ea-11d1-bbcb-0080c76670c0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Mobile-Other,${SCHEMADN} objectClass: top @@ -1182,7 +1118,6 @@ schemaIDGUID: 0296c11e-40da-11d1-a9c0-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Generation-Qualifier,${SCHEMADN} objectClass: top @@ -1202,7 +1137,6 @@ lDAPDisplayName: generationQualifier schemaIDGUID: 16775804-47f3-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Attribute-Syntax,${SCHEMADN} objectClass: top @@ -1219,7 +1153,6 @@ lDAPDisplayName: attributeSyntax schemaIDGUID: bf967925-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Attribute-Security-GUID,${SCHEMADN} objectClass: top @@ -1238,7 +1171,6 @@ lDAPDisplayName: attributeSecurityGUID schemaIDGUID: bf967924-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DS-Heuristics,${SCHEMADN} objectClass: top @@ -1255,7 +1187,6 @@ lDAPDisplayName: dSHeuristics schemaIDGUID: f0f8ff86-1191-11d0-a060-00aa006c33ed systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Serial-Number,${SCHEMADN} objectClass: top @@ -1275,7 +1206,6 @@ lDAPDisplayName: serialNumber schemaIDGUID: bf967a32-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Settings,${SCHEMADN} objectClass: top @@ -1293,7 +1223,6 @@ lDAPDisplayName: msDS-Settings schemaIDGUID: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operator-Count,${SCHEMADN} objectClass: top @@ -1310,7 +1239,6 @@ lDAPDisplayName: operatorCount schemaIDGUID: bf9679ee-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSFramedIPAddress,${SCHEMADN} objectClass: top @@ -1328,7 +1256,6 @@ schemaIDGUID: db0c90a4-c1f2-11d1-bbc5-0080c76670c0 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Home-Drive,${SCHEMADN} objectClass: top @@ -1346,7 +1273,6 @@ schemaIDGUID: bf967986-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Attribute-Types,${SCHEMADN} objectClass: top @@ -1363,7 +1289,6 @@ lDAPDisplayName: attributeTypes schemaIDGUID: 9a7ad944-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Initial-Auth-Outgoing,${SCHEMADN} objectClass: top @@ -1380,7 +1305,6 @@ lDAPDisplayName: initialAuthOutgoing schemaIDGUID: 52458024-ca6a-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Version-Number,${SCHEMADN} objectClass: top @@ -1398,7 +1322,6 @@ schemaIDGUID: bf967a76-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Class,${SCHEMADN} objectClass: top @@ -1417,7 +1340,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Possible-Inferiors,${SCHEMADN} objectClass: top @@ -1434,7 +1356,6 @@ lDAPDisplayName: possibleInferiors schemaIDGUID: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Approx-Immed-Subordinates,${SCHEMADN} objectClass: top @@ -1452,7 +1373,6 @@ schemaIDGUID: e185d243-f6ce-4adb-b496-b0c005d7823c attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Replication-Notify-Subsequent-DSA-Delay,${SCHEMADN} objectClass: top @@ -1469,7 +1389,6 @@ lDAPDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay schemaIDGUID: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Create-Dialog,${SCHEMADN} objectClass: top @@ -1486,7 +1405,6 @@ lDAPDisplayName: createDialog schemaIDGUID: 2b09958a-8931-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Query-Policy-Object,${SCHEMADN} objectClass: top @@ -1505,7 +1423,6 @@ lDAPDisplayName: queryPolicyObject schemaIDGUID: e1aea403-cd5b-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=FRS-Root-Path,${SCHEMADN} objectClass: top @@ -1524,7 +1441,6 @@ lDAPDisplayName: fRSRootPath schemaIDGUID: 1be8f174-a9ff-11d0-afe2-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Organizational-Unit-Name,${SCHEMADN} objectClass: top @@ -1546,7 +1462,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Telex-Number,${SCHEMADN} objectClass: top @@ -1567,7 +1482,6 @@ schemaIDGUID: bf967a4b-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Address-Home,${SCHEMADN} objectClass: top @@ -1588,7 +1502,6 @@ schemaIDGUID: 16775781-47f3-11d1-a9c3-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Assistant,${SCHEMADN} objectClass: top @@ -1607,7 +1520,6 @@ schemaIDGUID: 0296c11c-40da-11d1-a9c0-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-Machine-File-Path,${SCHEMADN} objectClass: top @@ -1625,7 +1537,6 @@ schemaIDGUID: 3e978923-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=x500uniqueIdentifier,${SCHEMADN} objectClass: top @@ -1642,7 +1553,6 @@ lDAPDisplayName: x500uniqueIdentifier schemaIDGUID: d07da11f-8a3d-42b6-b0aa-76c962be719a systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DBCS-Pwd,${SCHEMADN} objectClass: top @@ -1659,7 +1569,6 @@ lDAPDisplayName: dBCSPwd schemaIDGUID: bf96799c-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Prefix-Map,${SCHEMADN} objectClass: top @@ -1676,7 +1585,6 @@ lDAPDisplayName: prefixMap schemaIDGUID: 52458022-ca6a-11d0-afff-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Members-For-Az-Role-BL,${SCHEMADN} objectClass: top @@ -1695,7 +1603,6 @@ lDAPDisplayName: msDS-MembersForAzRoleBL schemaIDGUID: ececcd20-a7e0-4688-9ccf-02ece5e287f5 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Known-Parent,${SCHEMADN} objectClass: top @@ -1713,7 +1620,6 @@ lDAPDisplayName: lastKnownParent schemaIDGUID: 52ab8670-5709-11d1-a9c6-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=FSMO-Role-Owner,${SCHEMADN} objectClass: top @@ -1731,7 +1637,6 @@ lDAPDisplayName: fSMORoleOwner schemaIDGUID: 66171887-8f3c-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Retired-Repl-DSA-Signatures,${SCHEMADN} objectClass: top @@ -1748,7 +1653,6 @@ lDAPDisplayName: retiredReplDSASignatures schemaIDGUID: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Network-Address,${SCHEMADN} objectClass: top @@ -1767,7 +1671,6 @@ searchFlags: 0 lDAPDisplayName: networkAddress schemaIDGUID: bf9679d9-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-Version,${SCHEMADN} objectClass: top @@ -1785,7 +1688,6 @@ lDAPDisplayName: schemaVersion schemaIDGUID: bf967a2c-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Poss-Superiors,${SCHEMADN} objectClass: top @@ -1803,7 +1705,6 @@ schemaIDGUID: bf9679fa-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Security-Descriptor,${SCHEMADN} objectClass: top @@ -1822,7 +1723,6 @@ lDAPDisplayName: defaultSecurityDescriptor schemaIDGUID: 807a6d30-1669-11d0-a064-00aa006c33ed systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-SMIME-Certificate,${SCHEMADN} objectClass: top @@ -1843,7 +1743,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 0 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=userPKCS12,${SCHEMADN} objectClass: top @@ -1860,7 +1759,6 @@ lDAPDisplayName: userPKCS12 schemaIDGUID: 23998ab5-70f8-4007-a4c1-a84a38311f9a systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Account-Control,${SCHEMADN} objectClass: top @@ -1879,7 +1777,6 @@ attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Terminal-Server,${SCHEMADN} objectClass: top @@ -1897,7 +1794,6 @@ lDAPDisplayName: terminalServer schemaIDGUID: 6db69a1c-9422-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Account-Expires,${SCHEMADN} objectClass: top @@ -1915,7 +1811,6 @@ schemaIDGUID: bf967915-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Type,${SCHEMADN} objectClass: top @@ -1933,7 +1828,6 @@ schemaIDGUID: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NT-Group-Members,${SCHEMADN} objectClass: top @@ -1950,7 +1844,6 @@ lDAPDisplayName: nTGroupMembers schemaIDGUID: bf9679df-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=WWW-Page-Other,${SCHEMADN} objectClass: top @@ -1969,7 +1862,6 @@ schemaIDGUID: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1 attributeSecurityGUID: e45795b3-9455-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Revision,${SCHEMADN} objectClass: top @@ -1986,7 +1878,6 @@ lDAPDisplayName: revision schemaIDGUID: bf967a21-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Version,${SCHEMADN} objectClass: top @@ -2004,7 +1895,6 @@ lDAPDisplayName: objectVersion schemaIDGUID: 16775848-47f3-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Repl-Inbound-Neighbors,${SCHEMADN} objectClass: top @@ -2021,7 +1911,6 @@ lDAPDisplayName: msDS-NCReplInboundNeighbors schemaIDGUID: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796 systemOnly: FALSE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-COM-UserLink,${SCHEMADN} objectClass: top @@ -2040,7 +1929,6 @@ lDAPDisplayName: msCOM-UserLink schemaIDGUID: 9e6f3a4d-242c-4f37-b068-36b57f9fc852 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Mastered-By,${SCHEMADN} objectClass: top @@ -2059,7 +1947,6 @@ lDAPDisplayName: masteredBy schemaIDGUID: e48e64e0-12c9-11d3-9102-00c04fd91ab1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Canonical-Name,${SCHEMADN} objectClass: top @@ -2076,7 +1963,6 @@ lDAPDisplayName: canonicalName schemaIDGUID: 9a7ad945-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Replica-Locations,${SCHEMADN} objectClass: top @@ -2095,7 +1981,6 @@ lDAPDisplayName: msDS-NC-Replica-Locations schemaIDGUID: 97de9615-b537-46bc-ac0f-10720f3909f3 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-UpdateScript,${SCHEMADN} objectClass: top @@ -2112,7 +1997,6 @@ lDAPDisplayName: msDS-UpdateScript schemaIDGUID: 146eb639-bb9f-4fc1-a825-e29e00c77920 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Next-Rid,${SCHEMADN} objectClass: top @@ -2129,7 +2013,6 @@ lDAPDisplayName: nextRid schemaIDGUID: bf9679db-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=X121-Address,${SCHEMADN} objectClass: top @@ -2150,7 +2033,6 @@ schemaIDGUID: bf967a7b-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Password,${SCHEMADN} objectClass: top @@ -2170,7 +2052,6 @@ lDAPDisplayName: userPassword schemaIDGUID: bf967a6e-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Telephone-Number,${SCHEMADN} objectClass: top @@ -2192,7 +2073,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Department,${SCHEMADN} objectClass: top @@ -2213,7 +2093,6 @@ schemaIDGUID: bf96794f-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Member-Of-Partial-Attribute-Set,${SCHEMADN} objectClass: top @@ -2230,7 +2109,6 @@ lDAPDisplayName: isMemberOfPartialAttributeSet schemaIDGUID: 19405b9d-3cfa-11d1-a9c0-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Policy-Replication-Flags,${SCHEMADN} objectClass: top @@ -2247,7 +2125,6 @@ lDAPDisplayName: policyReplicationFlags schemaIDGUID: 19405b96-3cfa-11d1-a9c0-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-ISAKMP-Reference,${SCHEMADN} objectClass: top @@ -2265,7 +2142,6 @@ lDAPDisplayName: ipsecISAKMPReference schemaIDGUID: b40ff820-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Application-Name,${SCHEMADN} objectClass: top @@ -2284,7 +2160,6 @@ lDAPDisplayName: applicationName schemaIDGUID: dd712226-10e4-11d0-a05f-00aa006c33ed systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-May-Contain,${SCHEMADN} objectClass: top @@ -2301,7 +2176,6 @@ lDAPDisplayName: systemMayContain schemaIDGUID: bf967a44-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRASSavedFramedRoute,${SCHEMADN} objectClass: top @@ -2318,7 +2192,6 @@ lDAPDisplayName: msRASSavedFramedRoute schemaIDGUID: db0c90c7-c1f2-11d1-bbc5-0080c76670c0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRASSavedCallbackNumber,${SCHEMADN} objectClass: top @@ -2335,7 +2208,6 @@ lDAPDisplayName: msRASSavedCallbackNumber schemaIDGUID: db0c90c5-c1f2-11d1-bbc5-0080c76670c0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Type,${SCHEMADN} objectClass: top @@ -2353,7 +2225,6 @@ schemaIDGUID: bf967a60-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Replica,${SCHEMADN} objectClass: top @@ -2373,7 +2244,6 @@ schemaIDGUID: bf96795e-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Personal-Title,${SCHEMADN} objectClass: top @@ -2394,7 +2264,6 @@ schemaIDGUID: 16775858-47f3-11d1-a9c3-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Mailbox,${SCHEMADN} objectClass: top @@ -2411,7 +2280,6 @@ lDAPDisplayName: otherMailbox schemaIDGUID: 0296c123-40da-11d1-a9c0-0000f80367c1 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=E-mail-Addresses,${SCHEMADN} objectClass: top @@ -2433,7 +2301,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=OM-Syntax,${SCHEMADN} objectClass: top @@ -2451,7 +2318,6 @@ lDAPDisplayName: oMSyntax schemaIDGUID: bf9679ed-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Defunct,${SCHEMADN} objectClass: top @@ -2468,7 +2334,6 @@ lDAPDisplayName: isDefunct schemaIDGUID: 28630ebe-41d5-11d1-a9c1-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Other-Settings,${SCHEMADN} objectClass: top @@ -2485,7 +2350,6 @@ lDAPDisplayName: msDS-Other-Settings schemaIDGUID: 79d2f34c-9d7d-42bb-838f-866b3e4400e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Machine-Role,${SCHEMADN} objectClass: top @@ -2502,7 +2366,6 @@ lDAPDisplayName: machineRole schemaIDGUID: bf9679b2-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Domain-Timeout,${SCHEMADN} objectClass: top @@ -2520,7 +2383,6 @@ lDAPDisplayName: msDS-AzDomainTimeout schemaIDGUID: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Auxiliary-Class,${SCHEMADN} objectClass: top @@ -2537,7 +2399,6 @@ lDAPDisplayName: systemAuxiliaryClass schemaIDGUID: bf967a43-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Primary-Group-ID,${SCHEMADN} objectClass: top @@ -2556,7 +2417,6 @@ attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lm-Pwd-History,${SCHEMADN} objectClass: top @@ -2573,7 +2433,6 @@ lDAPDisplayName: lmPwdHistory schemaIDGUID: bf96799d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Membership-SAM,${SCHEMADN} objectClass: top @@ -2590,7 +2449,6 @@ lDAPDisplayName: groupMembershipSAM schemaIDGUID: bf967980-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Partner,${SCHEMADN} objectClass: top @@ -2610,7 +2468,6 @@ schemaIDGUID: bf967a5d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Instance-Type,${SCHEMADN} objectClass: top @@ -2629,7 +2486,6 @@ schemaIDGUID: bf96798c-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Treat-As-Leaf,${SCHEMADN} objectClass: top @@ -2646,7 +2502,6 @@ lDAPDisplayName: treatAsLeaf schemaIDGUID: 8fd044e3-771f-11d1-aeae-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Property-Pages,${SCHEMADN} objectClass: top @@ -2663,7 +2518,6 @@ lDAPDisplayName: adminPropertyPages schemaIDGUID: 52458038-ca6a-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Scope-Name,${SCHEMADN} objectClass: top @@ -2682,7 +2536,6 @@ lDAPDisplayName: msDS-AzScopeName schemaIDGUID: 515a6b06-2617-4173-8099-d5605df043c6 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=See-Also,${SCHEMADN} objectClass: top @@ -2701,7 +2554,6 @@ lDAPDisplayName: seeAlso schemaIDGUID: bf967a31-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LDAP-IPDeny-List,${SCHEMADN} objectClass: top @@ -2718,7 +2570,6 @@ lDAPDisplayName: lDAPIPDenyList schemaIDGUID: 7359a353-90f7-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Retired-Repl-NC-Signatures,${SCHEMADN} objectClass: top @@ -2735,7 +2586,6 @@ lDAPDisplayName: msDS-RetiredReplNCSignatures schemaIDGUID: d5b35506-19d6-4d26-9afb-11357ac99b5e systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Has-Master-NCs,${SCHEMADN} objectClass: top @@ -2755,7 +2605,6 @@ lDAPDisplayName: hasMasterNCs schemaIDGUID: bf967982-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Modified-Count-At-Last-Prom,${SCHEMADN} objectClass: top @@ -2772,7 +2621,6 @@ lDAPDisplayName: modifiedCountAtLastProm schemaIDGUID: bf9679c6-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Min-Pwd-Age,${SCHEMADN} objectClass: top @@ -2790,7 +2638,6 @@ schemaIDGUID: bf9679c2-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Force-Logoff,${SCHEMADN} objectClass: top @@ -2808,7 +2655,6 @@ schemaIDGUID: bf967977-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Move-Tree-State,${SCHEMADN} objectClass: top @@ -2825,7 +2671,6 @@ lDAPDisplayName: moveTreeState schemaIDGUID: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Allowed-To-Delegate-To,${SCHEMADN} objectClass: top @@ -2843,7 +2688,6 @@ schemaIDGUID: 800d94d7-b7a1-42a1-b14d-7cae1423d07f attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Only,${SCHEMADN} objectClass: top @@ -2860,7 +2704,6 @@ lDAPDisplayName: systemOnly schemaIDGUID: bf967a46-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-IntId,${SCHEMADN} objectClass: top @@ -2877,7 +2720,6 @@ lDAPDisplayName: msDS-IntId schemaIDGUID: bc60096a-1b47-4b30-8877-602c93f56532 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DNS-Host-Name,${SCHEMADN} objectClass: top @@ -2898,7 +2740,6 @@ attributeSecurityGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Minor-Version,${SCHEMADN} objectClass: top @@ -2916,7 +2757,6 @@ lDAPDisplayName: msDS-AzMinorVersion schemaIDGUID: ee85ed93-b209-4788-8165-e702f51bfbf3 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bad-Password-Time,${SCHEMADN} objectClass: top @@ -2933,7 +2773,6 @@ lDAPDisplayName: badPasswordTime schemaIDGUID: bf96792d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Primary-Group-Token,${SCHEMADN} objectClass: top @@ -2950,7 +2789,6 @@ lDAPDisplayName: primaryGroupToken schemaIDGUID: c0ed8738-7efd-4481-84d9-66d2db8be369 systemOnly: TRUE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Intersite,${SCHEMADN} objectClass: top @@ -2968,7 +2806,6 @@ lDAPDisplayName: USNIntersite schemaIDGUID: a8df7498-c5ea-11d1-bbcb-0080c76670c0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=FRS-Member-Reference-BL,${SCHEMADN} objectClass: top @@ -2987,7 +2824,6 @@ lDAPDisplayName: fRSMemberReferenceBL schemaIDGUID: 2a13257f-9373-11d1-aebc-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-SD-Reference-Domain,${SCHEMADN} objectClass: top @@ -3006,7 +2842,6 @@ lDAPDisplayName: msDS-SDReferenceDomain schemaIDGUID: 4c51e316-f628-43a5-b06b-ffb695fcb4f3 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-ID,${SCHEMADN} objectClass: top @@ -3023,7 +2858,6 @@ lDAPDisplayName: ipsecID schemaIDGUID: b40ff81d-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=LDAP-Admin-Limits,${SCHEMADN} objectClass: top @@ -3040,7 +2874,6 @@ lDAPDisplayName: lDAPAdminLimits schemaIDGUID: 7359a352-90f7-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Backup-Restoration-Time,${SCHEMADN} objectClass: top @@ -3057,7 +2890,6 @@ lDAPDisplayName: lastBackupRestorationTime schemaIDGUID: 1fbb0be8-ba63-11d0-afef-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Tree-Name,${SCHEMADN} objectClass: top @@ -3074,7 +2906,6 @@ lDAPDisplayName: treeName schemaIDGUID: 28630ebd-41d5-11d1-a9c1-0000f80367c1 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=OEM-Information,${SCHEMADN} objectClass: top @@ -3094,7 +2925,6 @@ schemaIDGUID: bf9679ea-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Given-Name,${SCHEMADN} objectClass: top @@ -3116,7 +2946,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SPN-Mappings,${SCHEMADN} objectClass: top @@ -3133,7 +2962,6 @@ lDAPDisplayName: sPNMappings schemaIDGUID: 2ab0e76c-7041-11d2-9905-0000f87a57d4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operating-System-Version,${SCHEMADN} objectClass: top @@ -3150,7 +2978,6 @@ lDAPDisplayName: operatingSystemVersion schemaIDGUID: 3e978926-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Notification-List,${SCHEMADN} objectClass: top @@ -3168,7 +2995,6 @@ lDAPDisplayName: notificationList schemaIDGUID: 19195a56-6da0-11d0-afd3-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Token-Groups,${SCHEMADN} objectClass: top @@ -3186,7 +3012,6 @@ schemaIDGUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=carLicense,${SCHEMADN} objectClass: top @@ -3203,7 +3028,6 @@ lDAPDisplayName: carLicense schemaIDGUID: d4159c92-957d-4a87-8a67-8d2934e01649 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Preferred-OU,${SCHEMADN} objectClass: top @@ -3221,7 +3045,6 @@ lDAPDisplayName: preferredOU schemaIDGUID: bf9679ff-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Creator-SID,${SCHEMADN} objectClass: top @@ -3238,7 +3061,6 @@ lDAPDisplayName: mS-DS-CreatorSID schemaIDGUID: c5e60132-1480-11d3-91c1-0000f87a57d4 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Non-Members,${SCHEMADN} objectClass: top @@ -3257,7 +3079,6 @@ lDAPDisplayName: msDS-NonMembers schemaIDGUID: cafcb1de-f23c-46b5-adf7-1e64957bd5db systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Tasks-For-Az-Role-BL,${SCHEMADN} objectClass: top @@ -3276,7 +3097,6 @@ lDAPDisplayName: msDS-TasksForAzRoleBL schemaIDGUID: a0dcd536-5158-42fe-8c40-c00a7ad37959 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extension-Name,${SCHEMADN} objectClass: top @@ -3296,7 +3116,6 @@ lDAPDisplayName: extensionName schemaIDGUID: bf967972-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Replication-Notify-First-DSA-Delay,${SCHEMADN} objectClass: top @@ -3313,7 +3132,6 @@ lDAPDisplayName: msDS-Replication-Notify-First-DSA-Delay schemaIDGUID: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Max-Pwd-Age,${SCHEMADN} objectClass: top @@ -3331,7 +3149,6 @@ schemaIDGUID: bf9679bb-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Ip-Other,${SCHEMADN} objectClass: top @@ -3350,7 +3167,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-NFA-Reference,${SCHEMADN} objectClass: top @@ -3368,7 +3184,6 @@ lDAPDisplayName: ipsecNFAReference schemaIDGUID: b40ff821-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=secretary,${SCHEMADN} objectClass: top @@ -3386,7 +3201,6 @@ lDAPDisplayName: secretary schemaIDGUID: 01072d9a-98ad-4a53-9744-e83e287278fb systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Parameters,${SCHEMADN} objectClass: top @@ -3406,7 +3220,6 @@ schemaIDGUID: bf967a6d-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Posix-Offset,${SCHEMADN} objectClass: top @@ -3423,7 +3236,6 @@ lDAPDisplayName: trustPosixOffset schemaIDGUID: bf967a5e-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bridgehead-Server-List-BL,${SCHEMADN} objectClass: top @@ -3442,7 +3254,6 @@ lDAPDisplayName: bridgeheadServerListBL schemaIDGUID: d50c2cdb-8951-11d1-aebc-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Application-Data,${SCHEMADN} objectClass: top @@ -3460,7 +3271,6 @@ lDAPDisplayName: msDS-AzApplicationData schemaIDGUID: 503fc3e8-1cc6-461a-99a3-9eee04f402a7 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pek-Key-Change-Interval,${SCHEMADN} objectClass: top @@ -3477,7 +3287,6 @@ lDAPDisplayName: pekKeyChangeInterval schemaIDGUID: 07383084-91df-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Country-Name,${SCHEMADN} objectClass: top @@ -3499,7 +3308,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Destination-Indicator,${SCHEMADN} objectClass: top @@ -3519,7 +3327,6 @@ lDAPDisplayName: destinationIndicator schemaIDGUID: bf967951-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Country-Code,${SCHEMADN} objectClass: top @@ -3539,7 +3346,6 @@ schemaIDGUID: 5fd42471-1262-11d0-a060-00aa006c33ed attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Mobile-Primary,${SCHEMADN} objectClass: top @@ -3560,7 +3366,6 @@ schemaIDGUID: f0f8ffa3-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-ID-GUID,${SCHEMADN} objectClass: top @@ -3579,7 +3384,6 @@ lDAPDisplayName: schemaIDGUID schemaIDGUID: bf967923-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RID-Set-References,${SCHEMADN} objectClass: top @@ -3597,7 +3401,6 @@ lDAPDisplayName: rIDSetReferences schemaIDGUID: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Auxiliary-Class,${SCHEMADN} objectClass: top @@ -3614,7 +3417,6 @@ lDAPDisplayName: auxiliaryClass schemaIDGUID: bf96792c-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=uid,${SCHEMADN} objectClass: top @@ -3632,7 +3434,6 @@ schemaIDGUID: 0bb0fca0-1e89-429f-901a-1413894d9f59 attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=departmentNumber,${SCHEMADN} objectClass: top @@ -3649,7 +3450,6 @@ lDAPDisplayName: departmentNumber schemaIDGUID: be9ef6ee-cbc7-4f22-b27b-96967e7ee585 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Additional-Trusted-Service-Names,${SCHEMADN} objectClass: top @@ -3666,7 +3466,6 @@ lDAPDisplayName: additionalTrustedServiceNames schemaIDGUID: 032160be-9824-11d1-aec0-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=WWW-Home-Page,${SCHEMADN} objectClass: top @@ -3686,7 +3485,6 @@ schemaIDGUID: bf967a7a-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: e45795b3-9455-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Source,${SCHEMADN} objectClass: top @@ -3704,7 +3502,6 @@ lDAPDisplayName: uSNSource schemaIDGUID: 167758ad-47f3-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Consistency-Guid,${SCHEMADN} objectClass: top @@ -3721,7 +3518,6 @@ lDAPDisplayName: mS-DS-ConsistencyGuid schemaIDGUID: 23773dc2-b63a-11d2-90e1-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Frs-Computer-Reference-BL,${SCHEMADN} objectClass: top @@ -3740,7 +3536,6 @@ lDAPDisplayName: frsComputerReferenceBL schemaIDGUID: 2a132579-9373-11d1-aebc-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Attributes,${SCHEMADN} objectClass: top @@ -3758,7 +3553,6 @@ schemaIDGUID: 9a7ad940-ca53-11d1-bbd0-0080c76670c0 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Application-Name,${SCHEMADN} objectClass: top @@ -3777,7 +3571,6 @@ lDAPDisplayName: msDS-AzApplicationName schemaIDGUID: db5b0728-6208-4876-83b7-95d3e5695275 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=UPN-Suffixes,${SCHEMADN} objectClass: top @@ -3794,7 +3587,6 @@ lDAPDisplayName: uPNSuffixes schemaIDGUID: 032160bf-9824-11d1-aec0-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Per-User-Trust-Quota,${SCHEMADN} objectClass: top @@ -3811,7 +3603,6 @@ lDAPDisplayName: msDS-PerUserTrustQuota schemaIDGUID: d161adf0-ca24-4993-a3aa-8b2c981302e8 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Machine-Account-Quota,${SCHEMADN} objectClass: top @@ -3828,7 +3619,6 @@ lDAPDisplayName: ms-DS-MachineAccountQuota schemaIDGUID: d064fb68-1480-11d3-91c1-0000f87a57d4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-Role,${SCHEMADN} objectClass: top @@ -3846,7 +3636,6 @@ schemaIDGUID: bf967a33-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Home-Primary,${SCHEMADN} objectClass: top @@ -3868,7 +3657,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Range-Lower,${SCHEMADN} objectClass: top @@ -3887,7 +3675,6 @@ schemaIDGUID: bf967a0c-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operating-System-Hotfix,${SCHEMADN} objectClass: top @@ -3904,7 +3691,6 @@ lDAPDisplayName: operatingSystemHotfix schemaIDGUID: bd951b3c-9c96-11d0-afdd-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Additional-Dns-Host-Name,${SCHEMADN} objectClass: top @@ -3924,7 +3710,6 @@ schemaIDGUID: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7 attributeSecurityGUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Script-Timeout,${SCHEMADN} objectClass: top @@ -3942,7 +3727,6 @@ lDAPDisplayName: msDS-AzScriptTimeout schemaIDGUID: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Must-Contain,${SCHEMADN} objectClass: top @@ -3959,7 +3743,6 @@ lDAPDisplayName: mustContain schemaIDGUID: bf9679d3-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=X509-Cert,${SCHEMADN} objectClass: top @@ -3980,7 +3763,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msNPCallingStationID,${SCHEMADN} objectClass: top @@ -3998,7 +3780,6 @@ schemaIDGUID: db0c908a-c1f2-11d1-bbc5-0080c76670c0 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-User-Account-Control-Computed,${SCHEMADN} objectClass: top @@ -4016,7 +3797,6 @@ schemaIDGUID: 2cc4b836-b63f-4940-8d23-ea7acf06af56 attributeSecurityGUID: 4c164200-20c0-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Home-Directory,${SCHEMADN} objectClass: top @@ -4034,7 +3814,6 @@ schemaIDGUID: bf967985-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-LDAP-Query,${SCHEMADN} objectClass: top @@ -4053,7 +3832,6 @@ lDAPDisplayName: msDS-AzLDAPQuery schemaIDGUID: 5e53368b-fc94-45c8-9d7d-daf31ee7112d systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Partial-Attribute-Deletion-List,${SCHEMADN} objectClass: top @@ -4071,7 +3849,6 @@ schemaIDGUID: 28630ec0-41d5-11d1-a9c1-0000f80367c1 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Critical-System-Object,${SCHEMADN} objectClass: top @@ -4088,7 +3865,6 @@ lDAPDisplayName: isCriticalSystemObject schemaIDGUID: 00fbf30d-91fe-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GP-Link,${SCHEMADN} objectClass: top @@ -4106,7 +3882,6 @@ schemaIDGUID: f30e3bbe-9ff0-11d1-b603-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Scope-Flags,${SCHEMADN} objectClass: top @@ -4123,7 +3898,6 @@ lDAPDisplayName: scopeFlags schemaIDGUID: 16f3a4c2-7e79-11d2-9921-0000f87a57d4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lockout-Duration,${SCHEMADN} objectClass: top @@ -4141,7 +3915,6 @@ schemaIDGUID: bf9679a5-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-COM-UserPartitionSetLink,${SCHEMADN} objectClass: top @@ -4160,7 +3933,6 @@ lDAPDisplayName: msCOM-UserPartitionSetLink schemaIDGUID: 8e940c8a-e477-4367-b08d-ff2ff942dcd7 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logo,${SCHEMADN} objectClass: top @@ -4179,7 +3951,6 @@ lDAPDisplayName: thumbnailLogo schemaIDGUID: bf9679a9-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Picture,${SCHEMADN} objectClass: top @@ -4199,7 +3970,6 @@ schemaIDGUID: 8d3bca50-1d7e-11d0-a081-00aa006c33ed attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Location,${SCHEMADN} objectClass: top @@ -4219,7 +3989,6 @@ schemaIDGUID: 09dcb79f-165f-11d0-a064-00aa006c33ed systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Workstations,${SCHEMADN} objectClass: top @@ -4239,7 +4008,6 @@ schemaIDGUID: bf9679d7-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logon-Workstation,${SCHEMADN} objectClass: top @@ -4257,7 +4025,6 @@ schemaIDGUID: bf9679ac-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logon-Timestamp,${SCHEMADN} objectClass: top @@ -4275,7 +4042,6 @@ schemaIDGUID: c0e20a04-0e5a-4ff3-9482-5efeaecd7060 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Prior-Value,${SCHEMADN} objectClass: top @@ -4292,7 +4058,6 @@ lDAPDisplayName: priorValue schemaIDGUID: bf967a02-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Set-Time,${SCHEMADN} objectClass: top @@ -4309,7 +4074,6 @@ lDAPDisplayName: lastSetTime schemaIDGUID: bf967998-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Guid,${SCHEMADN} objectClass: top @@ -4331,7 +4095,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Tasks-For-Az-Task-BL,${SCHEMADN} objectClass: top @@ -4350,7 +4113,6 @@ lDAPDisplayName: msDS-TasksForAzTaskBL schemaIDGUID: df446e52-b5fa-4ca2-a42f-13f98a526c8f systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Managed-By,${SCHEMADN} objectClass: top @@ -4370,7 +4132,6 @@ lDAPDisplayName: managedBy schemaIDGUID: 0296c120-40da-11d1-a9c0-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pwd-Properties,${SCHEMADN} objectClass: top @@ -4388,7 +4149,6 @@ schemaIDGUID: bf967a0b-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Builtin-Creation-Time,${SCHEMADN} objectClass: top @@ -4405,7 +4165,6 @@ lDAPDisplayName: builtinCreationTime schemaIDGUID: bf96792f-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Post-Office-Box,${SCHEMADN} objectClass: top @@ -4426,7 +4185,6 @@ schemaIDGUID: bf9679fb-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Company,${SCHEMADN} objectClass: top @@ -4447,7 +4205,6 @@ schemaIDGUID: f0f8ff88-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Catalogs,${SCHEMADN} objectClass: top @@ -4464,7 +4221,6 @@ lDAPDisplayName: catalogs schemaIDGUID: 7bfdcb81-4807-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Object-Category,${SCHEMADN} objectClass: top @@ -4482,7 +4238,6 @@ lDAPDisplayName: defaultObjectCategory schemaIDGUID: 26d97367-6070-11d1-a9c6-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSFramedRoute,${SCHEMADN} objectClass: top @@ -4500,7 +4255,6 @@ schemaIDGUID: db0c90a9-c1f2-11d1-bbc5-0080c76670c0 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Prior-Set-Time,${SCHEMADN} objectClass: top @@ -4517,7 +4271,6 @@ lDAPDisplayName: priorSetTime schemaIDGUID: bf967a01-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Cert,${SCHEMADN} objectClass: top @@ -4539,7 +4292,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Non-Security-Member,${SCHEMADN} objectClass: top @@ -4558,7 +4310,6 @@ lDAPDisplayName: nonSecurityMember schemaIDGUID: 52458018-ca6a-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Member,${SCHEMADN} objectClass: top @@ -4580,7 +4331,6 @@ attributeSecurityGUID: bc0ac240-79a9-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Attributes,${SCHEMADN} objectClass: top @@ -4597,7 +4347,6 @@ lDAPDisplayName: groupAttributes schemaIDGUID: bf96797e-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Flags,${SCHEMADN} objectClass: top @@ -4615,7 +4364,6 @@ schemaIDGUID: e0fa1e62-9b45-11d0-afdd-00c04fd930c9 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Proxied-Object-Name,${SCHEMADN} objectClass: top @@ -4634,7 +4382,6 @@ schemaIDGUID: e1aea402-cd5b-11d0-afff-0000f80367c1 systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Repl-Value-Meta-Data,${SCHEMADN} objectClass: top @@ -4651,7 +4398,6 @@ lDAPDisplayName: msDS-ReplValueMetaData schemaIDGUID: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd systemOnly: FALSE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Child-Classes-Effective,${SCHEMADN} objectClass: top @@ -4669,7 +4415,6 @@ schemaIDGUID: 9a7ad943-ca53-11d1-bbd0-0080c76670c0 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Generate-Audits,${SCHEMADN} objectClass: top @@ -4686,7 +4431,6 @@ lDAPDisplayName: msDS-AzGenerateAudits schemaIDGUID: f90abab0-186c-4418-bb85-88447c87222a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Application-Version,${SCHEMADN} objectClass: top @@ -4704,7 +4448,6 @@ lDAPDisplayName: msDS-AzApplicationVersion schemaIDGUID: 7184a120-3ac4-47ae-848f-fe0ab20784d4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Icon-Path,${SCHEMADN} objectClass: top @@ -4723,7 +4466,6 @@ lDAPDisplayName: iconPath schemaIDGUID: f0f8ff83-1191-11d0-a060-00aa006c33ed systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Street-Address,${SCHEMADN} objectClass: top @@ -4745,7 +4487,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-ExecuteScriptPassword,${SCHEMADN} objectClass: top @@ -4764,7 +4505,6 @@ lDAPDisplayName: msDS-ExecuteScriptPassword schemaIDGUID: 9d054a5a-d187-46c1-9d85-42dfc44a56dd systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Logon-Time-Sync-Interval,${SCHEMADN} objectClass: top @@ -4782,7 +4522,6 @@ lDAPDisplayName: msDS-LogonTimeSyncInterval schemaIDGUID: ad7940f8-e43a-4a42-83bc-d688e59ea605 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Garbage-Coll-Period,${SCHEMADN} objectClass: top @@ -4800,7 +4539,6 @@ lDAPDisplayName: garbageCollPeriod schemaIDGUID: 5fd424a1-1262-11d0-a060-00aa006c33ed systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Sign-Certificates-Mig,${SCHEMADN} objectClass: top @@ -4819,7 +4557,6 @@ schemaIDGUID: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Cached-Membership-Time-Stamp,${SCHEMADN} objectClass: top @@ -4836,7 +4573,6 @@ lDAPDisplayName: msDS-Cached-Membership-Time-Stamp schemaIDGUID: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1 systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logon-Count,${SCHEMADN} objectClass: top @@ -4854,7 +4590,6 @@ schemaIDGUID: bf9679aa-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Locale-ID,${SCHEMADN} objectClass: top @@ -4871,7 +4606,6 @@ lDAPDisplayName: localeID schemaIDGUID: bf9679a1-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bad-Pwd-Count,${SCHEMADN} objectClass: top @@ -4889,7 +4623,6 @@ schemaIDGUID: bf96792e-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Auth-Incoming,${SCHEMADN} objectClass: top @@ -4908,7 +4641,6 @@ lDAPDisplayName: trustAuthIncoming schemaIDGUID: bf967a59-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SubSchemaSubEntry,${SCHEMADN} objectClass: top @@ -4926,7 +4658,6 @@ lDAPDisplayName: subSchemaSubEntry schemaIDGUID: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Structural-Object-Class,${SCHEMADN} objectClass: top @@ -4943,7 +4674,6 @@ lDAPDisplayName: structuralObjectClass schemaIDGUID: 3860949f-f6a8-4b38-9950-81ecb6bc2982 systemOnly: FALSE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Deleted,${SCHEMADN} objectClass: top @@ -4962,7 +4692,6 @@ schemaIDGUID: bf96798f-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extra-Columns,${SCHEMADN} objectClass: top @@ -4979,7 +4708,6 @@ lDAPDisplayName: extraColumns schemaIDGUID: d24e2846-1dd9-4bcf-99d7-a6227cc86da7 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Multiselect-Property-Pages,${SCHEMADN} objectClass: top @@ -4996,7 +4724,6 @@ lDAPDisplayName: adminMultiselectPropertyPages schemaIDGUID: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Options,${SCHEMADN} objectClass: top @@ -5013,7 +4740,6 @@ lDAPDisplayName: options schemaIDGUID: 19195a53-6da0-11d0-afd3-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lock-Out-Observation-Window,${SCHEMADN} objectClass: top @@ -5031,7 +4757,6 @@ schemaIDGUID: bf9679a4-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Local-Policy-Object,${SCHEMADN} objectClass: top @@ -5049,7 +4774,6 @@ lDAPDisplayName: defaultLocalPolicyObject schemaIDGUID: bf96799f-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Creation-Time,${SCHEMADN} objectClass: top @@ -5066,7 +4790,6 @@ lDAPDisplayName: creationTime schemaIDGUID: bf967946-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Registered-Address,${SCHEMADN} objectClass: top @@ -5086,7 +4809,6 @@ lDAPDisplayName: registeredAddress schemaIDGUID: bf967a10-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Postal-Address,${SCHEMADN} objectClass: top @@ -5107,7 +4829,6 @@ schemaIDGUID: bf9679fc-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Initials,${SCHEMADN} objectClass: top @@ -5128,7 +4849,6 @@ schemaIDGUID: f0f8ff90-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Single-Valued,${SCHEMADN} objectClass: top @@ -5146,7 +4866,6 @@ lDAPDisplayName: isSingleValued schemaIDGUID: bf967992-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-SIF-File,${SCHEMADN} objectClass: top @@ -5163,7 +4882,6 @@ lDAPDisplayName: netbootSIFFile schemaIDGUID: 2df90d84-009f-11d2-aa4c-00c04fd7d83a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Additional-Sam-Account-Name,${SCHEMADN} objectClass: top @@ -5182,7 +4900,6 @@ lDAPDisplayName: msDS-AdditionalSamAccountName schemaIDGUID: 975571df-a4d5-429a-9f59-cdc6581d91e6 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Poss-Superiors,${SCHEMADN} objectClass: top @@ -5200,7 +4917,6 @@ schemaIDGUID: bf967a47-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=photo,${SCHEMADN} objectClass: top @@ -5217,7 +4933,6 @@ lDAPDisplayName: photo schemaIDGUID: 9c979768-ba1a-4c08-9632-c6a5c1ed649a systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Employee-Number,${SCHEMADN} objectClass: top @@ -5237,7 +4952,6 @@ lDAPDisplayName: employeeNumber schemaIDGUID: a8df73ef-c5ea-11d1-bbcb-0080c76670c0 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lockout-Time,${SCHEMADN} objectClass: top @@ -5254,7 +4968,6 @@ lDAPDisplayName: lockoutTime schemaIDGUID: 28630ebf-41d5-11d1-a9c1-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Dynamic-LDAP-Server,${SCHEMADN} objectClass: top @@ -5272,7 +4985,6 @@ lDAPDisplayName: dynamicLDAPServer schemaIDGUID: 52458021-ca6a-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extended-Attribute-Info,${SCHEMADN} objectClass: top @@ -5289,7 +5001,6 @@ lDAPDisplayName: extendedAttributeInfo schemaIDGUID: 9a7ad947-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-Assistant-Name,${SCHEMADN} objectClass: top @@ -5306,7 +5017,6 @@ oMSyntax: 64 searchFlags: 0 lDAPDisplayName: msExchAssistantName schemaIDGUID: a8df7394-c5ea-11d1-bbcb-0080c76670c0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GPC-User-Extension-Names,${SCHEMADN} objectClass: top @@ -5323,7 +5033,6 @@ lDAPDisplayName: gPCUserExtensionNames schemaIDGUID: 42a75fc6-783f-11d2-9916-0000f87a57d4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Non-Members-BL,${SCHEMADN} objectClass: top @@ -5342,7 +5051,6 @@ lDAPDisplayName: msDS-NonMembersBL schemaIDGUID: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Display-Name,${SCHEMADN} objectClass: top @@ -5362,7 +5070,6 @@ lDAPDisplayName: adminDisplayName schemaIDGUID: bf96791a-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Context-Menu,${SCHEMADN} objectClass: top @@ -5379,7 +5086,6 @@ lDAPDisplayName: contextMenu schemaIDGUID: 4d8601ee-ac85-11d0-afe3-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Link-ID,${SCHEMADN} objectClass: top @@ -5397,7 +5103,6 @@ lDAPDisplayName: linkID schemaIDGUID: bf96799b-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=attributeCertificateAttribute,${SCHEMADN} objectClass: top @@ -5414,7 +5119,6 @@ lDAPDisplayName: attributeCertificateAttribute schemaIDGUID: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Surname,${SCHEMADN} objectClass: top @@ -5436,7 +5140,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SAM-Account-Name,${SCHEMADN} objectClass: top @@ -5457,7 +5160,6 @@ attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Governs-ID,${SCHEMADN} objectClass: top @@ -5474,7 +5176,6 @@ lDAPDisplayName: governsID schemaIDGUID: bf96797d-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=jpegPhoto,${SCHEMADN} objectClass: top @@ -5491,7 +5192,6 @@ lDAPDisplayName: jpegPhoto schemaIDGUID: bac80572-09c4-4fa9-9ae6-7628d7adbe0e systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Sign-Certificates,${SCHEMADN} objectClass: top @@ -5511,7 +5211,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Initial-Auth-Incoming,${SCHEMADN} objectClass: top @@ -5528,7 +5227,6 @@ lDAPDisplayName: initialAuthIncoming schemaIDGUID: 52458023-ca6a-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Cross-Ref,${SCHEMADN} objectClass: top @@ -5546,7 +5244,6 @@ lDAPDisplayName: domainCrossRef schemaIDGUID: b000ea7b-a086-11d0-afdd-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Text-Encoded-OR-Address,${SCHEMADN} objectClass: top @@ -5565,7 +5262,6 @@ searchFlags: 0 lDAPDisplayName: textEncodedORAddress schemaIDGUID: a8df7489-c5ea-11d1-bbcb-0080c76670c0 systemOnly: FALSE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GPC-Functionality-Version,${SCHEMADN} objectClass: top @@ -5582,7 +5278,6 @@ lDAPDisplayName: gPCFunctionalityVersion schemaIDGUID: f30e3bc0-9ff0-11d1-b603-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-DSA-Last-Obj-Removed,${SCHEMADN} objectClass: top @@ -5600,7 +5295,6 @@ lDAPDisplayName: uSNDSALastObjRemoved schemaIDGUID: bf967a71-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Operations-For-Az-Role-BL,${SCHEMADN} objectClass: top @@ -5619,7 +5313,6 @@ lDAPDisplayName: msDS-OperationsForAzRoleBL schemaIDGUID: f85b6228-3734-4525-b6b7-3f3bb220902c systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-Consistency-Child-Count,${SCHEMADN} objectClass: top @@ -5636,7 +5329,6 @@ lDAPDisplayName: mS-DS-ConsistencyChildCount schemaIDGUID: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DSA-Signature,${SCHEMADN} objectClass: top @@ -5654,7 +5346,6 @@ lDAPDisplayName: dSASignature schemaIDGUID: 167757bc-47f3-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Child-Classes,${SCHEMADN} objectClass: top @@ -5672,7 +5363,6 @@ schemaIDGUID: 9a7ad942-ca53-11d1-bbd0-0080c76670c0 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Allowed-Attributes-Effective,${SCHEMADN} objectClass: top @@ -5690,7 +5380,6 @@ schemaIDGUID: 9a7ad941-ca53-11d1-bbd0-0080c76670c0 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NT-Mixed-Domain,${SCHEMADN} objectClass: top @@ -5707,7 +5396,6 @@ lDAPDisplayName: nTMixedDomain schemaIDGUID: 3e97891f-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Has-Instantiated-NCs,${SCHEMADN} objectClass: top @@ -5728,7 +5416,6 @@ lDAPDisplayName: msDS-HasInstantiatedNCs schemaIDGUID: 11e9a5bc-4517-4049-af9c-51554fb0fc09 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Min-Pwd-Length,${SCHEMADN} objectClass: top @@ -5746,7 +5433,6 @@ schemaIDGUID: bf9679c3-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Policy-Object,${SCHEMADN} objectClass: top @@ -5764,7 +5450,6 @@ lDAPDisplayName: domainPolicyObject schemaIDGUID: bf96795d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Physical-Delivery-Office-Name,${SCHEMADN} objectClass: top @@ -5785,7 +5470,6 @@ schemaIDGUID: bf9679f7-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Volume-Count,${SCHEMADN} objectClass: top @@ -5802,7 +5486,6 @@ lDAPDisplayName: volumeCount schemaIDGUID: 34aaa217-b699-11d0-afee-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSServiceType,${SCHEMADN} objectClass: top @@ -5820,7 +5503,6 @@ schemaIDGUID: db0c90b6-c1f2-11d1-bbc5-0080c76670c0 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logon,${SCHEMADN} objectClass: top @@ -5838,7 +5520,6 @@ schemaIDGUID: bf967997-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Groups-to-Ignore,${SCHEMADN} objectClass: top @@ -5855,7 +5536,6 @@ lDAPDisplayName: groupsToIgnore schemaIDGUID: eea65904-8ac6-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-Info,${SCHEMADN} objectClass: top @@ -5872,7 +5552,6 @@ lDAPDisplayName: schemaInfo schemaIDGUID: f9fb64ae-93b4-11d2-9945-0000f87a57d4 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Domain-Component,${SCHEMADN} objectClass: top @@ -5892,7 +5571,6 @@ schemaIDGUID: 19195a55-6da0-11d0-afd3-00c04fd930c9 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Category,${SCHEMADN} objectClass: top @@ -5912,7 +5590,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Modify-Time-Stamp,${SCHEMADN} objectClass: top @@ -5929,7 +5606,6 @@ lDAPDisplayName: modifyTimeStamp schemaIDGUID: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Display-Name,${SCHEMADN} objectClass: top @@ -5950,7 +5626,6 @@ attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Description,${SCHEMADN} objectClass: top @@ -5971,7 +5646,6 @@ schemaIDGUID: bf967919-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-DnsRootAlias,${SCHEMADN} objectClass: top @@ -5990,7 +5664,6 @@ lDAPDisplayName: msDS-DnsRootAlias schemaIDGUID: 2143acca-eead-4d29-b591-85fa49ce9173 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Creation-Wizard,${SCHEMADN} objectClass: top @@ -6007,7 +5680,6 @@ lDAPDisplayName: creationWizard schemaIDGUID: 4d8601ed-ac85-11d0-afe3-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Has-Partial-Replica-NCs,${SCHEMADN} objectClass: top @@ -6027,7 +5699,6 @@ lDAPDisplayName: hasPartialReplicaNCs schemaIDGUID: bf967981-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Control-Access-Rights,${SCHEMADN} objectClass: top @@ -6046,7 +5717,6 @@ lDAPDisplayName: controlAccessRights schemaIDGUID: 6da8a4fc-0e52-11d0-a286-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=UAS-Compat,${SCHEMADN} objectClass: top @@ -6064,7 +5734,6 @@ schemaIDGUID: bf967a61-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: b8119fd0-04f6-4762-ab7a-4986c76b3f9a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Sid,${SCHEMADN} objectClass: top @@ -6086,7 +5755,6 @@ attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Title,${SCHEMADN} objectClass: top @@ -6107,7 +5775,6 @@ schemaIDGUID: bf967a55-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Pager-Other,${SCHEMADN} objectClass: top @@ -6128,7 +5795,6 @@ schemaIDGUID: f0f8ffa4-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Division,${SCHEMADN} objectClass: top @@ -6148,7 +5814,6 @@ schemaIDGUID: fe6136a0-2073-11d0-a9c2-00aa006c33ed attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Range-Upper,${SCHEMADN} objectClass: top @@ -6167,7 +5832,6 @@ schemaIDGUID: bf967a0d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=OM-Object-Class,${SCHEMADN} objectClass: top @@ -6185,7 +5849,6 @@ lDAPDisplayName: oMObjectClass schemaIDGUID: bf9679ec-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MAPI-ID,${SCHEMADN} objectClass: top @@ -6203,7 +5866,6 @@ lDAPDisplayName: mAPIID schemaIDGUID: bf9679b7-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SAM-Account-Type,${SCHEMADN} objectClass: top @@ -6222,7 +5884,6 @@ attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Object-Class-Category,${SCHEMADN} objectClass: top @@ -6242,7 +5903,6 @@ lDAPDisplayName: objectClassCategory schemaIDGUID: bf9679e6-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Hiding-Value,${SCHEMADN} objectClass: top @@ -6259,7 +5919,6 @@ lDAPDisplayName: defaultHidingValue schemaIDGUID: b7b13116-b82e-11d0-afee-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msNPAllowDialin,${SCHEMADN} objectClass: top @@ -6277,7 +5936,6 @@ schemaIDGUID: db0c9085-c1f2-11d1-bbc5-0080c76670c0 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Code-Page,${SCHEMADN} objectClass: top @@ -6297,7 +5955,6 @@ schemaIDGUID: bf967938-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Admin-Count,${SCHEMADN} objectClass: top @@ -6314,7 +5971,6 @@ lDAPDisplayName: adminCount schemaIDGUID: bf967918-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-Update,${SCHEMADN} objectClass: top @@ -6331,7 +5987,6 @@ lDAPDisplayName: schemaUpdate schemaIDGUID: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9 systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Direction,${SCHEMADN} objectClass: top @@ -6349,7 +6004,6 @@ schemaIDGUID: bf967a5c-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Enabled,${SCHEMADN} objectClass: top @@ -6367,7 +6021,6 @@ lDAPDisplayName: Enabled schemaIDGUID: a8df73f2-c5ea-11d1-bbcb-0080c76670c0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Locality-Name,${SCHEMADN} objectClass: top @@ -6389,7 +6042,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=EFSPolicy,${SCHEMADN} objectClass: top @@ -6407,7 +6059,6 @@ schemaIDGUID: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9 attributeSecurityGUID: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Builtin-Modified-Count,${SCHEMADN} objectClass: top @@ -6424,7 +6075,6 @@ lDAPDisplayName: builtinModifiedCount schemaIDGUID: bf967930-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Office-Other,${SCHEMADN} objectClass: top @@ -6445,7 +6095,6 @@ schemaIDGUID: f0f8ffa5-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-ISDN-Primary,${SCHEMADN} objectClass: top @@ -6465,7 +6114,6 @@ schemaIDGUID: 0296c11f-40da-11d1-a9c0-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Employee-ID,${SCHEMADN} objectClass: top @@ -6484,7 +6132,6 @@ lDAPDisplayName: employeeID schemaIDGUID: bf967962-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Tombstone-Lifetime,${SCHEMADN} objectClass: top @@ -6502,7 +6149,6 @@ lDAPDisplayName: tombstoneLifetime schemaIDGUID: 16c3a860-1273-11d0-a060-00aa006c33ed systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operating-System-Service-Pack,${SCHEMADN} objectClass: top @@ -6519,7 +6165,6 @@ lDAPDisplayName: operatingSystemServicePack schemaIDGUID: 3e978927-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-Initialization,${SCHEMADN} objectClass: top @@ -6536,7 +6181,6 @@ lDAPDisplayName: netbootInitialization schemaIDGUID: 3e978920-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Principal-Name,${SCHEMADN} objectClass: top @@ -6556,7 +6200,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Service-Principal-Name,${SCHEMADN} objectClass: top @@ -6575,7 +6218,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Login-Workstations,${SCHEMADN} objectClass: top @@ -6594,7 +6236,6 @@ lDAPDisplayName: otherLoginWorkstations schemaIDGUID: bf9679f1-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-IIS-FTP-Dir,${SCHEMADN} objectClass: top @@ -6613,7 +6254,6 @@ lDAPDisplayName: msIIS-FTPDir schemaIDGUID: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Site-Affinity,${SCHEMADN} objectClass: top @@ -6630,7 +6270,6 @@ lDAPDisplayName: msDS-Site-Affinity schemaIDGUID: c17c5602-bcb7-46f0-9656-6370ca884b72 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Max-Storage,${SCHEMADN} objectClass: top @@ -6647,7 +6286,6 @@ lDAPDisplayName: maxStorage schemaIDGUID: bf9679bd-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NT-Security-Descriptor,${SCHEMADN} objectClass: top @@ -6668,7 +6306,6 @@ schemaIDGUID: bf9679e3-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 26 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Site-Object-BL,${SCHEMADN} objectClass: top @@ -6687,7 +6324,6 @@ lDAPDisplayName: siteObjectBL schemaIDGUID: 3e10944d-c354-11d0-aff8-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Query-Policy-BL,${SCHEMADN} objectClass: top @@ -6706,7 +6342,6 @@ lDAPDisplayName: queryPolicyBL schemaIDGUID: e1aea404-cd5b-11d0-afff-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Partial-Attribute-Set,${SCHEMADN} objectClass: top @@ -6724,7 +6359,6 @@ schemaIDGUID: 19405b9e-3cfa-11d1-a9c0-0000f80367c1 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Obj-Dist-Name,${SCHEMADN} objectClass: top @@ -6745,7 +6379,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Description,${SCHEMADN} objectClass: top @@ -6767,7 +6400,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Class-ID,${SCHEMADN} objectClass: top @@ -6786,7 +6418,6 @@ lDAPDisplayName: msDS-AzClassId schemaIDGUID: 013a7277-5c2d-49ef-a7de-b765b36a3f6f systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RID-Available-Pool,${SCHEMADN} objectClass: top @@ -6803,7 +6434,6 @@ lDAPDisplayName: rIDAvailablePool schemaIDGUID: 66171888-8f3c-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Shell-Property-Pages,${SCHEMADN} objectClass: top @@ -6820,7 +6450,6 @@ lDAPDisplayName: shellPropertyPages schemaIDGUID: 52458039-ca6a-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-SPN-Suffixes,${SCHEMADN} objectClass: top @@ -6838,7 +6467,6 @@ lDAPDisplayName: msDS-SPNSuffixes schemaIDGUID: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Private-Key,${SCHEMADN} objectClass: top @@ -6855,7 +6483,6 @@ lDAPDisplayName: privateKey schemaIDGUID: bf967a03-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Facsimile-Telephone-Number,${SCHEMADN} objectClass: top @@ -6876,7 +6503,6 @@ schemaIDGUID: bf967974-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Search-Flags,${SCHEMADN} objectClass: top @@ -6895,7 +6521,6 @@ lDAPDisplayName: searchFlags schemaIDGUID: bf967a2d-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Schema-Flags-Ex,${SCHEMADN} objectClass: top @@ -6912,7 +6537,6 @@ lDAPDisplayName: schemaFlagsEx schemaIDGUID: bf967a2b-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Is-Ephemeral,${SCHEMADN} objectClass: top @@ -6929,7 +6553,6 @@ lDAPDisplayName: isEphemeral schemaIDGUID: f4c453f0-c5f1-11d1-bbcb-0080c76670c0 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Nt4-Stub,${SCHEMADN} objectClass: top @@ -6946,7 +6569,6 @@ lDAPDisplayName: mSMQNt4Stub schemaIDGUID: 6f914be6-d57e-11d1-90a2-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-IIS-FTP-Root,${SCHEMADN} objectClass: top @@ -6965,7 +6587,6 @@ lDAPDisplayName: msIIS-FTPRoot schemaIDGUID: 2a7827a4-1483-49a5-9d84-52e3812156b4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Group-Priority,${SCHEMADN} objectClass: top @@ -6982,7 +6603,6 @@ lDAPDisplayName: groupPriority schemaIDGUID: eea65905-8ac6-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Bridgehead-Transport-List,${SCHEMADN} objectClass: top @@ -7001,7 +6621,6 @@ lDAPDisplayName: bridgeheadTransportList schemaIDGUID: d50c2cda-8951-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extended-Class-Info,${SCHEMADN} objectClass: top @@ -7018,7 +6637,6 @@ lDAPDisplayName: extendedClassInfo schemaIDGUID: 9a7ad948-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Flat-Name,${SCHEMADN} objectClass: top @@ -7035,7 +6653,6 @@ lDAPDisplayName: flatName schemaIDGUID: b7b13117-b82e-11d0-afee-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Wbem-Path,${SCHEMADN} objectClass: top @@ -7052,7 +6669,6 @@ lDAPDisplayName: wbemPath schemaIDGUID: 244b2970-5abd-11d0-afd2-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Repl-Outbound-Neighbors,${SCHEMADN} objectClass: top @@ -7069,7 +6685,6 @@ lDAPDisplayName: msDS-NCReplOutboundNeighbors schemaIDGUID: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f systemOnly: FALSE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Operations-For-Az-Task-BL,${SCHEMADN} objectClass: top @@ -7088,7 +6703,6 @@ lDAPDisplayName: msDS-OperationsForAzTaskBL schemaIDGUID: a637d211-5739-4ed1-89b2-88974548bc59 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Show-In-Advanced-View-Only,${SCHEMADN} objectClass: top @@ -7106,7 +6720,6 @@ schemaIDGUID: bf967984-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Behavior-Version,${SCHEMADN} objectClass: top @@ -7124,7 +6737,6 @@ lDAPDisplayName: msDS-Behavior-Version schemaIDGUID: d31a8757-2447-4545-8081-3bb610cacbf2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Has-Master-NCs,${SCHEMADN} objectClass: top @@ -7143,7 +6755,6 @@ lDAPDisplayName: msDS-hasMasterNCs schemaIDGUID: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pwd-History-Length,${SCHEMADN} objectClass: top @@ -7163,7 +6774,6 @@ schemaIDGUID: bf967a09-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Pek-List,${SCHEMADN} objectClass: top @@ -7180,7 +6790,6 @@ lDAPDisplayName: pekList schemaIDGUID: 07383083-91df-11d1-aebc-0000f80367c1 systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Postal-Code,${SCHEMADN} objectClass: top @@ -7201,7 +6810,6 @@ schemaIDGUID: bf9679fd-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Netboot-Mirror-Data-File,${SCHEMADN} objectClass: top @@ -7218,7 +6826,6 @@ lDAPDisplayName: netbootMirrorDataFile schemaIDGUID: 2df90d85-009f-11d2-aa4c-00c04fd7d83a systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Class-Store,${SCHEMADN} objectClass: top @@ -7236,7 +6843,6 @@ lDAPDisplayName: defaultClassStore schemaIDGUID: bf967948-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Site-ID,${SCHEMADN} objectClass: top @@ -7253,7 +6859,6 @@ lDAPDisplayName: mSMQSiteID schemaIDGUID: 9a0dc340-c100-11d1-bbc5-0080c76670c0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Show-In-Address-Book,${SCHEMADN} objectClass: top @@ -7272,7 +6877,6 @@ schemaIDGUID: 3e74f60e-3e73-11d1-a9c0-0000f80367c1 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=When-Created,${SCHEMADN} objectClass: top @@ -7291,7 +6895,6 @@ schemaIDGUID: bf967a78-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DS-Core-Propagation-Data,${SCHEMADN} objectClass: top @@ -7309,7 +6912,6 @@ schemaIDGUID: d167aa4b-8b08-11d2-9939-0000f87a57d4 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Display-Name-Printable,${SCHEMADN} objectClass: top @@ -7330,7 +6932,6 @@ schemaIDGUID: bf967954-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-Owners-Reference,${SCHEMADN} objectClass: top @@ -7348,7 +6949,6 @@ lDAPDisplayName: ipsecOwnersReference schemaIDGUID: b40ff824-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=State-Or-Province-Name,${SCHEMADN} objectClass: top @@ -7370,7 +6970,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Server-Reference,${SCHEMADN} objectClass: top @@ -7389,7 +6988,6 @@ lDAPDisplayName: serverReference schemaIDGUID: 26d9736d-6070-11d1-a9c6-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Has-Domain-NCs,${SCHEMADN} objectClass: top @@ -7410,7 +7008,6 @@ lDAPDisplayName: msDS-HasDomainNCs schemaIDGUID: 6f17e347-a842-4498-b8b3-15e007da4fed systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Invocation-Id,${SCHEMADN} objectClass: top @@ -7428,7 +7025,6 @@ lDAPDisplayName: invocationId schemaIDGUID: bf96798e-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Replica-Source,${SCHEMADN} objectClass: top @@ -7445,7 +7041,6 @@ lDAPDisplayName: replicaSource schemaIDGUID: bf967a18-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Ip-Primary,${SCHEMADN} objectClass: top @@ -7465,7 +7060,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Phone-Home-Other,${SCHEMADN} objectClass: top @@ -7486,7 +7080,6 @@ schemaIDGUID: f0f8ffa2-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Organization-Name,${SCHEMADN} objectClass: top @@ -7508,7 +7101,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Extended-Chars-Allowed,${SCHEMADN} objectClass: top @@ -7526,7 +7118,6 @@ lDAPDisplayName: extendedCharsAllowed schemaIDGUID: bf967966-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Operating-System,${SCHEMADN} objectClass: top @@ -7543,7 +7134,6 @@ lDAPDisplayName: operatingSystem schemaIDGUID: 3e978925-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Object-Reference,${SCHEMADN} objectClass: top @@ -7561,7 +7151,6 @@ searchFlags: 0 lDAPDisplayName: msDS-ObjectReference schemaIDGUID: 638ec2e8-22e7-409c-85d2-11b21bee72de systemOnly: FALSE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Interval1,${SCHEMADN} objectClass: top @@ -7578,7 +7167,6 @@ lDAPDisplayName: mSMQInterval1 schemaIDGUID: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Rid,${SCHEMADN} objectClass: top @@ -7595,7 +7183,6 @@ lDAPDisplayName: rid schemaIDGUID: bf967a22-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Profile-Path,${SCHEMADN} objectClass: top @@ -7613,7 +7200,6 @@ schemaIDGUID: bf967a05-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRADIUSCallbackNumber,${SCHEMADN} objectClass: top @@ -7631,7 +7217,6 @@ schemaIDGUID: db0c909c-c1f2-11d1-bbc5-0080c76670c0 attributeSecurityGUID: 037088f8-0ae1-11d2-b422-00a0c968f939 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ACS-Policy-Name,${SCHEMADN} objectClass: top @@ -7648,7 +7233,6 @@ lDAPDisplayName: aCSPolicyName schemaIDGUID: 1cb3559a-56d0-11d1-a9c6-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Comment,${SCHEMADN} objectClass: top @@ -7669,7 +7253,6 @@ schemaIDGUID: bf96793e-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Object-Reference-BL,${SCHEMADN} objectClass: top @@ -7688,7 +7271,6 @@ lDAPDisplayName: msDS-ObjectReferenceBL schemaIDGUID: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4 systemOnly: TRUE systemFlags: 1 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=When-Changed,${SCHEMADN} objectClass: top @@ -7707,7 +7289,6 @@ schemaIDGUID: bf967a77-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Last-Obj-Rem,${SCHEMADN} objectClass: top @@ -7726,7 +7307,6 @@ schemaIDGUID: bf967a73-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Reps-To,${SCHEMADN} objectClass: top @@ -7745,7 +7325,6 @@ schemaIDGUID: bf967a1e-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Repl-UpToDate-Vector,${SCHEMADN} objectClass: top @@ -7763,7 +7342,6 @@ schemaIDGUID: bf967a16-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=netboot-SCP-BL,${SCHEMADN} objectClass: top @@ -7782,7 +7360,6 @@ lDAPDisplayName: netbootSCPBL schemaIDGUID: 07383082-91df-11d1-aebc-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Mastered-By,${SCHEMADN} objectClass: top @@ -7801,7 +7378,6 @@ lDAPDisplayName: msDs-masteredBy schemaIDGUID: 60234769-4819-4615-a1b2-49d2f119acb5 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-COM-PartitionSetLink,${SCHEMADN} objectClass: top @@ -7820,7 +7396,6 @@ lDAPDisplayName: msCOM-PartitionSetLink schemaIDGUID: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Common-Name,${SCHEMADN} objectClass: top @@ -7842,7 +7417,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DS-All-Users-Trust-Quota,${SCHEMADN} objectClass: top @@ -7859,7 +7433,6 @@ lDAPDisplayName: msDS-AllUsersTrustQuota schemaIDGUID: d3aa4a5c-4e03-4810-97aa-2b339e7a434b systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Default-Group,${SCHEMADN} objectClass: top @@ -7877,7 +7450,6 @@ lDAPDisplayName: defaultGroup schemaIDGUID: 720bc4e2-a54a-11d0-afdf-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-Filter-Reference,${SCHEMADN} objectClass: top @@ -7895,7 +7467,6 @@ lDAPDisplayName: ipsecFilterReference schemaIDGUID: b40ff823-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=User-Comment,${SCHEMADN} objectClass: top @@ -7913,7 +7484,6 @@ schemaIDGUID: bf967a6a-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-ds-Schema-Extensions,${SCHEMADN} objectClass: top @@ -7930,7 +7500,6 @@ lDAPDisplayName: msDs-Schema-Extensions schemaIDGUID: b39a61be-ed07-4cab-9a4a-4963ed0141e1 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Local-Policy-Flags,${SCHEMADN} objectClass: top @@ -7947,7 +7516,6 @@ lDAPDisplayName: localPolicyFlags schemaIDGUID: bf96799e-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Interval2,${SCHEMADN} objectClass: top @@ -7964,7 +7532,6 @@ lDAPDisplayName: mSMQInterval2 schemaIDGUID: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SID-History,${SCHEMADN} objectClass: top @@ -7983,7 +7550,6 @@ attributeSecurityGUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf systemOnly: FALSE systemFlags: 18 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Unicode-Pwd,${SCHEMADN} objectClass: top @@ -8000,7 +7566,6 @@ lDAPDisplayName: unicodePwd schemaIDGUID: bf9679e1-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=msRASSavedFramedIPAddress,${SCHEMADN} objectClass: top @@ -8017,7 +7582,6 @@ lDAPDisplayName: msRASSavedFramedIPAddress schemaIDGUID: db0c90c6-c1f2-11d1-bbc5-0080c76670c0 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MS-DRM-Identity-Certificate,${SCHEMADN} objectClass: top @@ -8035,7 +7599,6 @@ searchFlags: 0 lDAPDisplayName: msDRM-IdentityCertificate schemaIDGUID: e85e1204-3434-41ad-9b56-e2901228fff0 systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Last-Logoff,${SCHEMADN} objectClass: top @@ -8053,7 +7616,6 @@ schemaIDGUID: bf967996-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DMD-Name,${SCHEMADN} objectClass: top @@ -8073,7 +7635,6 @@ lDAPDisplayName: dmdName schemaIDGUID: 167757b9-47f3-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-Exch-LabeledURI,${SCHEMADN} objectClass: top @@ -8090,7 +7651,6 @@ oMSyntax: 64 searchFlags: 0 lDAPDisplayName: msExchLabeledURI schemaIDGUID: 16775820-47f3-11d1-a9c3-0000f80367c1 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Reports,${SCHEMADN} objectClass: top @@ -8111,7 +7671,6 @@ schemaIDGUID: bf967a1c-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Repl-Property-Meta-Data,${SCHEMADN} objectClass: top @@ -8129,7 +7688,6 @@ schemaIDGUID: 281416c0-1968-11d0-a28f-00aa003049e2 systemOnly: TRUE systemFlags: 27 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=From-Entry,${SCHEMADN} objectClass: top @@ -8146,7 +7704,6 @@ lDAPDisplayName: fromEntry schemaIDGUID: 9a7ad949-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Trust-Parent,${SCHEMADN} objectClass: top @@ -8164,7 +7721,6 @@ lDAPDisplayName: trustParent schemaIDGUID: b000ea7a-a086-11d0-afdd-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-Data-Type,${SCHEMADN} objectClass: top @@ -8181,7 +7737,6 @@ lDAPDisplayName: ipsecDataType schemaIDGUID: b40ff81e-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-Data,${SCHEMADN} objectClass: top @@ -8198,7 +7753,6 @@ lDAPDisplayName: ipsecData schemaIDGUID: b40ff81f-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=RID-Manager-Reference,${SCHEMADN} objectClass: top @@ -8216,7 +7770,6 @@ lDAPDisplayName: rIDManagerReference schemaIDGUID: 66171886-8f3c-11d0-afda-00c04fd930c9 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Lockout-Threshold,${SCHEMADN} objectClass: top @@ -8235,7 +7788,6 @@ schemaIDGUID: bf9679a6-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: c7407360-20bf-11d0-a768-00aa006e0529 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Desktop-Profile,${SCHEMADN} objectClass: top @@ -8252,7 +7804,6 @@ lDAPDisplayName: desktopProfile schemaIDGUID: eea65906-8ac6-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Text-Country,${SCHEMADN} objectClass: top @@ -8273,7 +7824,6 @@ schemaIDGUID: f0f8ffa7-1191-11d0-a060-00aa006c33ed attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Teletex-Terminal-Identifier,${SCHEMADN} objectClass: top @@ -8292,7 +7842,6 @@ schemaIDGUID: bf967a4a-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Telex-Primary,${SCHEMADN} objectClass: top @@ -8312,7 +7861,6 @@ schemaIDGUID: 0296c121-40da-11d1-a9c0-0000f80367c1 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Manager,${SCHEMADN} objectClass: top @@ -8334,7 +7882,6 @@ attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Physical-Location-Object,${SCHEMADN} objectClass: top @@ -8352,7 +7899,6 @@ lDAPDisplayName: physicalLocationObject schemaIDGUID: b7b13119-b82e-11d0-afee-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Az-Major-Version,${SCHEMADN} objectClass: top @@ -8370,7 +7916,6 @@ lDAPDisplayName: msDS-AzMajorVersion schemaIDGUID: cfb9adb7-c4b7-4059-9568-1ed9db6b7248 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Sub-Class-Of,${SCHEMADN} objectClass: top @@ -8387,7 +7932,6 @@ lDAPDisplayName: subClassOf schemaIDGUID: bf967a3b-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=System-Must-Contain,${SCHEMADN} objectClass: top @@ -8404,7 +7948,6 @@ lDAPDisplayName: systemMustContain schemaIDGUID: bf967a45-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=roomNumber,${SCHEMADN} objectClass: top @@ -8421,7 +7964,6 @@ lDAPDisplayName: roomNumber schemaIDGUID: 81d7f8c2-e327-4a0d-91c6-b42d4009115f systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Employee-Type,${SCHEMADN} objectClass: top @@ -8441,7 +7983,6 @@ lDAPDisplayName: employeeType schemaIDGUID: a8df73f0-c5ea-11d1-bbcb-0080c76670c0 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Current-Value,${SCHEMADN} objectClass: top @@ -8458,7 +7999,6 @@ lDAPDisplayName: currentValue schemaIDGUID: bf967947-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=DIT-Content-Rules,${SCHEMADN} objectClass: top @@ -8475,7 +8015,6 @@ lDAPDisplayName: dITContentRules schemaIDGUID: 9a7ad946-ca53-11d1-bbd0-0080c76670c0 systemOnly: TRUE systemFlags: 134217748 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GPC-Machine-Extension-Names,${SCHEMADN} objectClass: top @@ -8492,7 +8031,6 @@ lDAPDisplayName: gPCMachineExtensionNames schemaIDGUID: 32ff8ecc-783f-11d2-9916-0000f87a57d4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Created,${SCHEMADN} objectClass: top @@ -8511,7 +8049,6 @@ schemaIDGUID: bf967a70-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Sub-Refs,${SCHEMADN} objectClass: top @@ -8531,7 +8068,6 @@ schemaIDGUID: bf967a3c-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Proxy-Addresses,${SCHEMADN} objectClass: top @@ -8552,7 +8088,6 @@ schemaIDGUID: bf967a06-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: e48d0154-bcf8-11d1-8702-00c04fb96050 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Superior-DNS-Root,${SCHEMADN} objectClass: top @@ -8569,7 +8104,6 @@ lDAPDisplayName: superiorDNSRoot schemaIDGUID: 5245801d-ca6a-11d0-afff-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Root-Trust,${SCHEMADN} objectClass: top @@ -8587,7 +8121,6 @@ lDAPDisplayName: rootTrust schemaIDGUID: 7bfdcb80-4807-11d1-a9c3-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Shell-Context-Menu,${SCHEMADN} objectClass: top @@ -8604,7 +8137,6 @@ lDAPDisplayName: shellContextMenu schemaIDGUID: 553fd039-f32e-11d0-b0bc-00c04fd8dca6 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Class-Display-Name,${SCHEMADN} objectClass: top @@ -8621,7 +8153,6 @@ lDAPDisplayName: classDisplayName schemaIDGUID: 548e1c22-dea6-11d0-b010-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-Name,${SCHEMADN} objectClass: top @@ -8638,7 +8169,6 @@ lDAPDisplayName: ipsecName schemaIDGUID: b40ff81c-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=CA-Certificate,${SCHEMADN} objectClass: top @@ -8659,7 +8189,6 @@ schemaIDGUID: bf967932-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Ipsec-Negotiation-Policy-Reference,${SCHEMADN} objectClass: top @@ -8677,7 +8206,6 @@ lDAPDisplayName: ipsecNegotiationPolicyReference schemaIDGUID: b40ff822-427a-11d1-a9c2-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MHS-OR-Address,${SCHEMADN} objectClass: top @@ -8694,7 +8222,6 @@ lDAPDisplayName: mhsORAddress schemaIDGUID: 0296c122-40da-11d1-a9c0-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Nt-Pwd-History,${SCHEMADN} objectClass: top @@ -8711,7 +8238,6 @@ lDAPDisplayName: ntPwdHistory schemaIDGUID: bf9679e2-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=SMTP-Mail-Address,${SCHEMADN} objectClass: top @@ -8728,7 +8254,6 @@ lDAPDisplayName: mailAddress schemaIDGUID: 26d9736f-6070-11d1-a9c6-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Foreign-Identifier,${SCHEMADN} objectClass: top @@ -8745,7 +8270,6 @@ lDAPDisplayName: foreignIdentifier schemaIDGUID: 3e97891e-8c01-11d0-afda-00c04fd930c9 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=USN-Changed,${SCHEMADN} objectClass: top @@ -8764,7 +8288,6 @@ schemaIDGUID: bf967a6f-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Reps-From,${SCHEMADN} objectClass: top @@ -8783,7 +8306,6 @@ schemaIDGUID: bf967a1d-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Other-Well-Known-Objects,${SCHEMADN} objectClass: top @@ -8803,7 +8325,6 @@ lDAPDisplayName: otherWellKnownObjects schemaIDGUID: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-NC-Repl-Cursors,${SCHEMADN} objectClass: top @@ -8820,7 +8341,6 @@ lDAPDisplayName: msDS-NCReplCursors schemaIDGUID: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc systemOnly: FALSE systemFlags: 20 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Managed-Objects,${SCHEMADN} objectClass: top @@ -8840,7 +8360,6 @@ lDAPDisplayName: managedObjects schemaIDGUID: 0296c124-40da-11d1-a9c0-0000f80367c1 systemOnly: TRUE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Allowed-DNS-Suffixes,${SCHEMADN} objectClass: top @@ -8859,7 +8378,6 @@ lDAPDisplayName: msDS-AllowedDNSSuffixes schemaIDGUID: 8469441b-9ac4-4e45-8205-bd219dbf672d systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NC-Name,${SCHEMADN} objectClass: top @@ -8877,7 +8395,6 @@ lDAPDisplayName: nCName schemaIDGUID: bf9679d6-0de6-11d0-a285-00aa003049e2 systemOnly: TRUE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NETBIOS-Name,${SCHEMADN} objectClass: top @@ -8896,7 +8413,6 @@ lDAPDisplayName: nETBIOSName schemaIDGUID: bf9679d8-0de6-11d0-a285-00aa003049e2 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Query-Filter,${SCHEMADN} objectClass: top @@ -8913,7 +8429,6 @@ lDAPDisplayName: queryFilter schemaIDGUID: cbf70a26-7e78-11d2-9921-0000f87a57d4 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Preferred-Delivery-Method,${SCHEMADN} objectClass: top @@ -8932,7 +8447,6 @@ schemaIDGUID: bf9679fe-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Site-Foreign,${SCHEMADN} objectClass: top @@ -8949,7 +8463,6 @@ lDAPDisplayName: mSMQSiteForeign schemaIDGUID: fd129d8a-d57e-11d1-90a2-00c04fd91ab1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=audio,${SCHEMADN} objectClass: top @@ -8967,7 +8480,6 @@ lDAPDisplayName: audio schemaIDGUID: d0e1d224-e1a0-42ce-a2da-793ba5244f35 systemOnly: FALSE systemFlags: 0 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Script-Path,${SCHEMADN} objectClass: top @@ -8985,7 +8497,6 @@ schemaIDGUID: bf9679a8-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=MSMQ-Digests,${SCHEMADN} objectClass: top @@ -9006,7 +8517,6 @@ attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1 systemOnly: FALSE systemFlags: 16 isMemberOfPartialAttributeSet: TRUE -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=ms-DS-Cached-Membership,${SCHEMADN} objectClass: top @@ -9023,7 +8533,6 @@ lDAPDisplayName: msDS-Cached-Membership schemaIDGUID: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20 systemOnly: FALSE systemFlags: 17 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Logon-Hours,${SCHEMADN} objectClass: top @@ -9041,7 +8550,6 @@ schemaIDGUID: bf9679ab-0de6-11d0-a285-00aa003049e2 attributeSecurityGUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=GPC-File-Sys-Path,${SCHEMADN} objectClass: top @@ -9058,7 +8566,6 @@ lDAPDisplayName: gPCFileSysPath schemaIDGUID: f30e3bc1-9ff0-11d1-b603-0000f80367c1 systemOnly: FALSE systemFlags: 16 -objectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=Top,${SCHEMADN} objectClass: top @@ -9168,7 +8675,6 @@ systemMustContain: instanceType defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Top,${SCHEMADN} dn: CN=Ipsec-ISAKMP-Policy,${SCHEMADN} @@ -9190,7 +8696,6 @@ systemPossSuperiors: organizationalUnit defaultSecurityDescriptor: D: systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,${SCHEMADN} dn: CN=Domain-DNS,${SCHEMADN} @@ -9227,7 +8732,6 @@ systemAuxiliaryClass: samDomain defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} dn: CN=ms-DS-Az-Application,${SCHEMADN} @@ -9257,7 +8761,6 @@ systemMayContain: description defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=ms-DS-Az-Application,${SCHEMADN} dn: CN=Builtin-Domain,${SCHEMADN} @@ -9281,7 +8784,6 @@ systemAuxiliaryClass: samDomainBase defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN} dn: CN=Infrastructure-Update,${SCHEMADN} @@ -9303,7 +8805,6 @@ systemMayContain: dNReferenceUpdate defaultSecurityDescriptor: D:(A;;GA;;;SY) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Infrastructure-Update,${SCHEMADN} dn: CN=Configuration,${SCHEMADN} @@ -9330,7 +8831,6 @@ systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Configuration,${SCHEMADN} dn: CN=Cross-Ref,${SCHEMADN} @@ -9365,7 +8865,6 @@ systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Cross-Ref,${SCHEMADN} dn: CN=RID-Manager,${SCHEMADN} @@ -9386,7 +8885,6 @@ systemMustContain: rIDAvailablePool defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=RID-Manager,${SCHEMADN} dn: CN=Display-Specifier,${SCHEMADN} @@ -9422,7 +8920,6 @@ systemMayContain: adminContextMenu defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Display-Specifier,${SCHEMADN} dn: CN=Ipsec-Base,${SCHEMADN} @@ -9446,7 +8943,6 @@ systemMayContain: ipsecData defaultSecurityDescriptor: D: systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Ipsec-Base,${SCHEMADN} dn: CN=ms-DS-Az-Scope,${SCHEMADN} @@ -9472,7 +8968,6 @@ systemMustContain: msDS-AzScopeName defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=ms-DS-Az-Scope,${SCHEMADN} dn: CN=Locality,${SCHEMADN} @@ -9503,7 +8998,6 @@ systemMustContain: l defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Locality,${SCHEMADN} dn: CN=Cross-Ref-Container,${SCHEMADN} @@ -9529,7 +9023,6 @@ systemMayContain: msDS-Behavior-Version defaultSecurityDescriptor: D:(A;;GA;;;SY) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Cross-Ref-Container,${SCHEMADN} dn: CN=Query-Policy,${SCHEMADN} @@ -9551,7 +9044,6 @@ systemMayContain: lDAPAdminLimits defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Query-Policy,${SCHEMADN} dn: CN=Subnet-Container,${SCHEMADN} @@ -9572,7 +9064,6 @@ systemPossSuperiors: sitesContainer defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Subnet-Container,${SCHEMADN} dn: CN=NTDS-DSA,${SCHEMADN} @@ -9611,7 +9102,6 @@ systemMayContain: dMDLocation defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=NTDS-DSA,${SCHEMADN} dn: CN=Sam-Domain,${SCHEMADN} @@ -9669,7 +9159,6 @@ systemAuxiliaryClass: samDomainBase defaultSecurityDescriptor: D:(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Sam-Domain,${SCHEMADN} dn: CN=Sam-Domain-Base,${SCHEMADN} @@ -9708,7 +9197,6 @@ systemMayContain: domainReplica systemMayContain: creationTime systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Sam-Domain-Base,${SCHEMADN} dn: CN=Country,${SCHEMADN} @@ -9735,7 +9223,6 @@ systemMustContain: c defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Country,${SCHEMADN} dn: CN=Organizational-Unit,${SCHEMADN} @@ -9803,7 +9290,6 @@ systemMustContain: ou defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Organizational-Unit,${SCHEMADN} dn: CN=Ipsec-NFA,${SCHEMADN} @@ -9827,7 +9313,6 @@ systemMayContain: ipsecFilterReference defaultSecurityDescriptor: D: systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Ipsec-NFA,${SCHEMADN} dn: CN=Lost-And-Found,${SCHEMADN} @@ -9885,7 +9370,6 @@ systemMayContain: moveTreeState defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Lost-And-Found,${SCHEMADN} dn: CN=Organizational-Person,${SCHEMADN} @@ -9962,7 +9446,6 @@ systemMayContain: streetAddress defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Person,${SCHEMADN} dn: CN=Attribute-Schema,${SCHEMADN} @@ -10005,7 +9488,6 @@ systemMustContain: attributeID defaultSecurityDescriptor: D:S: systemFlags: 134217744 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Attribute-Schema,${SCHEMADN} dn: CN=NTDS-Service,${SCHEMADN} @@ -10033,7 +9515,6 @@ systemMayContain: dSHeuristics defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=NTDS-Service,${SCHEMADN} dn: CN=Servers-Container,${SCHEMADN} @@ -10054,7 +9535,6 @@ systemPossSuperiors: site defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Servers-Container,${SCHEMADN} dn: CN=Computer,${SCHEMADN} @@ -10104,7 +9584,6 @@ systemMayContain: catalogs defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Computer,${SCHEMADN} dn: CN=Person,${SCHEMADN} @@ -10132,7 +9611,6 @@ systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Person,${SCHEMADN} dn: CN=Ipsec-Policy,${SCHEMADN} @@ -10156,7 +9634,6 @@ systemMayContain: ipsecISAKMPReference defaultSecurityDescriptor: D: systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Ipsec-Policy,${SCHEMADN} dn: CN=Container,${SCHEMADN} @@ -10207,7 +9684,6 @@ systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Container,${SCHEMADN} dn: CN=Site,${SCHEMADN} @@ -10238,7 +9714,6 @@ systemMayContain: gPLink defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Site,${SCHEMADN} dn: CN=Organization,${SCHEMADN} @@ -10290,7 +9765,6 @@ systemMustContain: o defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Organization,${SCHEMADN} dn: CN=ms-DS-Az-Admin-Manager,${SCHEMADN} @@ -10324,7 +9798,6 @@ systemMayContain: description defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,${SCHEMADN} dn: CN=Security-Principal,${SCHEMADN} @@ -10356,7 +9829,6 @@ systemMustContain: sAMAccountName systemMustContain: objectSid systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Security-Principal,${SCHEMADN} dn: CN=Application-Settings,${SCHEMADN} @@ -10378,7 +9850,6 @@ systemMayContain: msDS-Settings systemMayContain: applicationName systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Application-Settings,${SCHEMADN} dn: CN=Class-Schema,${SCHEMADN} @@ -10422,7 +9893,6 @@ systemMustContain: cn defaultSecurityDescriptor: D:S: systemFlags: 134217744 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Class-Schema,${SCHEMADN} dn: CN=User,${SCHEMADN} @@ -10540,7 +10010,6 @@ systemAuxiliaryClass: mailRecipient defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Person,${SCHEMADN} dn: CN=DMD,${SCHEMADN} @@ -10570,7 +10039,6 @@ systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=DMD,${SCHEMADN} dn: CN=Leaf,${SCHEMADN} @@ -10589,7 +10057,6 @@ systemOnly: FALSE defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Leaf,${SCHEMADN} dn: CN=Secret,${SCHEMADN} @@ -10613,7 +10080,6 @@ systemMayContain: currentValue defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Secret,${SCHEMADN} dn: CN=Sites-Container,${SCHEMADN} @@ -10635,7 +10101,6 @@ systemPossSuperiors: configuration defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Sites-Container,${SCHEMADN} dn: CN=Server,${SCHEMADN} @@ -10663,7 +10128,6 @@ systemMayContain: bridgeheadTransportList defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Server,${SCHEMADN} dn: CN=SubSchema,${SCHEMADN} @@ -10689,7 +10153,6 @@ systemMayContain: attributeTypes defaultSecurityDescriptor: D:S: systemFlags: 134217744 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=SubSchema,${SCHEMADN} dn: CN=Trusted-Domain,${SCHEMADN} @@ -10725,7 +10188,6 @@ systemMayContain: additionalTrustedServiceNames defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Trusted-Domain,${SCHEMADN} dn: CN=Domain,${SCHEMADN} @@ -10747,7 +10209,6 @@ systemPossSuperiors: organization systemMustContain: dc systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Domain-DNS,${SCHEMADN} dn: CN=Foreign-Security-Principal,${SCHEMADN} @@ -10769,7 +10230,6 @@ systemMustContain: objectSid defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Foreign-Security-Principal,${SCHEMADN} dn: CN=Subnet,${SCHEMADN} @@ -10794,7 +10254,6 @@ systemMayContain: location defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Subnet,${SCHEMADN} dn: CN=Mail-Recipient,${SCHEMADN} @@ -10828,7 +10287,6 @@ systemMustContain: cn defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Mail-Recipient,${SCHEMADN} dn: CN=Group,${SCHEMADN} @@ -10871,7 +10329,6 @@ systemAuxiliaryClass: securityPrincipal defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560) systemFlags: 16 defaultHidingValue: FALSE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Group,${SCHEMADN} dn: CN=Group-Policy-Container,${SCHEMADN} @@ -10914,13 +10371,11 @@ systemMayContain: flags defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED) systemFlags: 16 defaultHidingValue: TRUE -objectCategory: CN=Class-Schema,${SCHEMADN} defaultObjectCategory: CN=Group-Policy-Container,${SCHEMADN} dn: CN=Aggregate,${SCHEMADN} objectClass: top objectClass: subSchema -objectCategory: CN=SubSchema,${SCHEMADN} objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) objectClasses: ( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' SUP ipsecBase STRUCTURAL ) objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) -- cgit From 7e0ef3fd0ef4dba827f331cbe43fa0524be91130 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 6 Mar 2008 21:55:26 +1100 Subject: Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again). To make Samba4, using the python provision system, pass this test required some major rework. Untested code is broken code, and some of the refactoring for a seperate provision test (which also now passes) broke things. Similarly, the iconv work has compiled, but these codepaths have never been run (NULL pointer de-reference). In working to use a local, rather than global, loadparm context, and to support using a target directory, a few things needed to be reworked, particularly around path handling. Andrew Bartlett (This used to be commit 1169e8d7bee20477b0efbfea3534ac63c83fb3d6) --- source4/setup/provision | 26 +++++--------------------- source4/setup/provision.smb.conf.dc | 2 ++ source4/setup/provision.smb.conf.member | 2 ++ source4/setup/provision.smb.conf.standalone | 2 ++ 4 files changed, 11 insertions(+), 21 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 033d2491f2..606443a6ed 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -30,9 +30,7 @@ import samba from auth import system_session import samba.getopt as options -import param from samba.provision import (provision, - provision_paths_from_lp, FILL_FULL, FILL_NT4SYNC, FILL_DRS) @@ -113,27 +111,13 @@ if opts.realm is None or opts.domain is None: sys.exit(1) # cope with an initially blank smb.conf -private_dir = None -lp = sambaopts.get_loadparm() -if opts.targetdir is not None: - if not os.path.exists(opts.targetdir): - os.mkdir(opts.targetdir) - private_dir = os.path.join(opts.targetdir, "private") - if not os.path.exists(private_dir): - os.mkdir(private_dir) - lp.set("private dir", os.path.abspath(private_dir)) - lp.set("lock dir", os.path.abspath(opts.targetdir)) -lp.set("realm", opts.realm) -lp.set("workgroup", opts.domain) -lp.set("server role", opts.server_role or "domain controller") + +if sambaopts.get_loadparm_path() is not None: + smbconf = sambaopts.get_loadparm_path() if opts.aci is not None: print "set ACI: %s" % opts.aci -paths = provision_paths_from_lp(lp, opts.realm.lower()) -if sambaopts.get_loadparm_path() is not None: - paths.smbconf = sambaopts.get_loadparm_path() - creds = credopts.get_credentials() setup_dir = opts.setupdir @@ -146,8 +130,8 @@ if opts.blank: elif opts.partitions_only: samdb_fill = FILL_DRS -provision(lp, setup_dir, message, paths, - system_session(), creds, +provision(setup_dir, message, + system_session(), creds, smbconf=smbconf, samdb_fill=samdb_fill, realm=opts.realm, domainguid=opts.domain_guid, domainsid=opts.domain_sid, policyguid=opts.policy_guid, hostname=opts.host_name, diff --git a/source4/setup/provision.smb.conf.dc b/source4/setup/provision.smb.conf.dc index 5b8e141cbf..e77e699028 100644 --- a/source4/setup/provision.smb.conf.dc +++ b/source4/setup/provision.smb.conf.dc @@ -3,6 +3,8 @@ workgroup = ${DOMAIN_CONF} realm = ${REALM_CONF} server role = ${SERVERROLE} + ${PRIVATEDIR_LINE} + ${LOCKDIR_LINE} [netlogon] path = ${NETLOGONPATH} diff --git a/source4/setup/provision.smb.conf.member b/source4/setup/provision.smb.conf.member index bc37d4f3d3..1d9191d8c2 100644 --- a/source4/setup/provision.smb.conf.member +++ b/source4/setup/provision.smb.conf.member @@ -3,3 +3,5 @@ workgroup = ${DOMAIN_CONF} realm = ${REALM_CONF} server role = ${SERVERROLE} + ${PRIVATEDIR_LINE} + ${LOCKDIR_LINE} diff --git a/source4/setup/provision.smb.conf.standalone b/source4/setup/provision.smb.conf.standalone index bc37d4f3d3..1d9191d8c2 100644 --- a/source4/setup/provision.smb.conf.standalone +++ b/source4/setup/provision.smb.conf.standalone @@ -3,3 +3,5 @@ workgroup = ${DOMAIN_CONF} realm = ${REALM_CONF} server role = ${SERVERROLE} + ${PRIVATEDIR_LINE} + ${LOCKDIR_LINE} -- cgit From 14c5f968e1f99ceabc5a42d9a38a00ea137b00ea Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Mar 2008 10:57:52 +1100 Subject: Rework provision scripts for more testing This fixes up some issues with testdir (was not honoured) and increases test coverage. We now check all the major provision modes. In doing so, to make it possible to call from the multiple layers of 'sh', I have allowed 'dc' to alias 'domain controller' and 'member' to alias 'member server'. Fighting shell quoting in the test system was just too hard... Also fix upgrade.py Andrew Bartlett (This used to be commit 0923de12282b0e063dd73bc3e056dd5c3663c190) --- source4/setup/provision | 20 ++++++++++++-------- source4/setup/provision.smb.conf.dc | 4 ++-- source4/setup/provision.smb.conf.member | 4 ++-- source4/setup/provision.smb.conf.standalone | 4 ++-- source4/setup/tests/blackbox_provision.sh | 5 ++++- 5 files changed, 22 insertions(+), 15 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 606443a6ed..629bfa10e0 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -88,7 +88,7 @@ parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TY parser.add_option("--aci", type="string", metavar="ACI", help="An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server. You must provide at least a realm and domain") parser.add_option("--server-role", type="choice", metavar="ROLE", - choices=["domain controller", "member server"], + choices=["domain controller", "dc", "member server", "member", "standalone"], help="Set server role to provision for (default standalone)") parser.add_option("--partitions-only", help="Configure Samba's partitions, but do not modify them (ie, join a BDC)", action="store_true") @@ -110,14 +110,18 @@ if opts.realm is None or opts.domain is None: parser.print_usage() sys.exit(1) -# cope with an initially blank smb.conf - -if sambaopts.get_loadparm_path() is not None: - smbconf = sambaopts.get_loadparm_path() +smbconf = sambaopts.get_loadparm_path() if opts.aci is not None: print "set ACI: %s" % opts.aci +if opts.server_role == "dc": + server_role = "domain controller" +elif opts.server_role == "member": + server_role = "member server" +else: + server_role = opts.server_role + creds = credopts.get_credentials() setup_dir = opts.setupdir @@ -131,8 +135,8 @@ elif opts.partitions_only: samdb_fill = FILL_DRS provision(setup_dir, message, - system_session(), creds, smbconf=smbconf, - samdb_fill=samdb_fill, realm=opts.realm, + system_session(), creds, smbconf=smbconf, targetdir=opts.targetdir, + samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, domainguid=opts.domain_guid, domainsid=opts.domain_sid, policyguid=opts.policy_guid, hostname=opts.host_name, hostip=opts.host_ip, hostguid=opts.host_guid, @@ -140,7 +144,7 @@ provision(setup_dir, message, krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, nogroup=opts.nogroup, wheel=opts.wheel, users=opts.users, - aci=opts.aci, serverrole=opts.server_role, + aci=opts.aci, serverrole=server_role, ldap_backend=opts.ldap_backend, ldap_backend_type=opts.ldap_backend_type) diff --git a/source4/setup/provision.smb.conf.dc b/source4/setup/provision.smb.conf.dc index e77e699028..ad06be4301 100644 --- a/source4/setup/provision.smb.conf.dc +++ b/source4/setup/provision.smb.conf.dc @@ -1,7 +1,7 @@ [globals] netbios name = ${HOSTNAME} - workgroup = ${DOMAIN_CONF} - realm = ${REALM_CONF} + workgroup = ${DOMAIN} + realm = ${REALM} server role = ${SERVERROLE} ${PRIVATEDIR_LINE} ${LOCKDIR_LINE} diff --git a/source4/setup/provision.smb.conf.member b/source4/setup/provision.smb.conf.member index 1d9191d8c2..0d742fb903 100644 --- a/source4/setup/provision.smb.conf.member +++ b/source4/setup/provision.smb.conf.member @@ -1,7 +1,7 @@ [globals] netbios name = ${HOSTNAME} - workgroup = ${DOMAIN_CONF} - realm = ${REALM_CONF} + workgroup = ${DOMAIN} + realm = ${REALM} server role = ${SERVERROLE} ${PRIVATEDIR_LINE} ${LOCKDIR_LINE} diff --git a/source4/setup/provision.smb.conf.standalone b/source4/setup/provision.smb.conf.standalone index 1d9191d8c2..0d742fb903 100644 --- a/source4/setup/provision.smb.conf.standalone +++ b/source4/setup/provision.smb.conf.standalone @@ -1,7 +1,7 @@ [globals] netbios name = ${HOSTNAME} - workgroup = ${DOMAIN_CONF} - realm = ${REALM_CONF} + workgroup = ${DOMAIN} + realm = ${REALM} server role = ${SERVERROLE} ${PRIVATEDIR_LINE} ${LOCKDIR_LINE} diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh index 0aed7bb8b7..83c045e40d 100755 --- a/source4/setup/tests/blackbox_provision.sh +++ b/source4/setup/tests/blackbox_provision.sh @@ -27,7 +27,10 @@ testit() { return $status } -testit "simple" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple +testit "simple-default" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-default +testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc +testit "simple-member" $PYTHON ./setup/provision $CONFIGURATION --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member +testit "simple-standalone" $PYTHON ./setup/provision $CONFIGURATION --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone reprovision() { $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" -- cgit From a7e1fa0bef17ecc46f642b23ef635acfb09fea04 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Mar 2008 19:20:39 +1100 Subject: Try to fix up part of the upgrade test. There are still problems with the upgrade test, but these are not related to the provision system. Andrew Bartlett (This used to be commit d331bc400fb138bc43be88d0ca8ab3bcd590d2cd) --- source4/setup/upgrade.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 960cd1b9e2..569b179544 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -50,7 +50,6 @@ else: samba3 = Samba3(libdir, smbconf) from samba.upgrade import upgrade_provision -from samba.provision import provision_paths_from_lp message("Provisioning\n") @@ -59,13 +58,6 @@ if setup_dir is None: setup_dir = "setup" creds = credopts.get_credentials() -lp = sambaopts.get_loadparm() -if opts.targetdir is not None: - if not os.path.exists(opts.targetdir): - os.mkdir(opts.targetdir) - lp.set("private dir", os.path.abspath(opts.targetdir)) - lp.set("lock dir", os.path.abspath(opts.targetdir)) -paths = provision_paths_from_lp(lp, "") -paths.smbconf = sambaopts.get_loadparm_path() + upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), - lp=lp, paths=paths) + smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir) -- cgit From 07cb435d40245fc199e67c3cc869cf1f654e9a94 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Thu, 6 Mar 2008 05:56:49 -0600 Subject: accountExpires: Windows default is 9223372036854775807, not -1. (This used to be commit be47cc7fdfa3cae0508e564f38b793aa27b6eb92) --- source4/setup/provision_templates.ldif | 4 ++-- source4/setup/provision_users.ldif | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index cc0ab212cd..8f4ed08252 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -27,7 +27,7 @@ lastLogoff: 0 lastLogon: 0 pwdLastSet: 0 primaryGroupID: 513 -accountExpires: -1 +accountExpires: 9223372036854775807 logonCount: 0 dn: CN=TemplateTrustingDomain,CN=Templates @@ -39,7 +39,7 @@ badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 -accountExpires: -1 +accountExpires: 9223372036854775807 logonCount: 0 dn: CN=TemplateGroup,CN=Templates diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 4b053d9166..5a24e07492 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -5,7 +5,7 @@ description: Built-in account for administering the computer/domain userAccountControl: 66048 objectSid: ${DOMAINSID}-500 adminCount: 1 -accountExpires: -1 +accountExpires: 9223372036854775807 sAMAccountName: Administrator isCriticalSystemObject: TRUE sambaPassword:: ${ADMINPASS_B64} -- cgit From b5a5fcdc62f56b38f8f141bb4b5377239f07a25f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 11 Mar 2008 14:21:53 +1100 Subject: Extend testsuite to cover specifying a domain SID. Andrew Bartlett (This used to be commit edb7af0685983543c321e3d8b90f6ae07af2e4e3) --- source4/setup/tests/blackbox_provision.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh index 83c045e40d..75d4fcfcb4 100755 --- a/source4/setup/tests/blackbox_provision.sh +++ b/source4/setup/tests/blackbox_provision.sh @@ -28,7 +28,7 @@ testit() { } testit "simple-default" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-default -testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-dc +testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc testit "simple-member" $PYTHON ./setup/provision $CONFIGURATION --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member testit "simple-standalone" $PYTHON ./setup/provision $CONFIGURATION --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone -- cgit From 9703948850fb6febb237d701ce6b6300e9df8e1f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 11 Mar 2008 14:41:10 +1100 Subject: Fix provision script to work without smb.conf location specified. Andrew Bartlett (This used to be commit b4da374a998caac18c288a0a6e3fcd2c50cbffa7) --- source4/setup/provision | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 629bfa10e0..b0363d8a8f 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -27,6 +27,7 @@ import optparse import os, sys import samba +import param from auth import system_session import samba.getopt as options @@ -110,7 +111,7 @@ if opts.realm is None or opts.domain is None: parser.print_usage() sys.exit(1) -smbconf = sambaopts.get_loadparm_path() +smbconf = sambaopts.get_loadparm().configfile() if opts.aci is not None: print "set ACI: %s" % opts.aci -- cgit From 69d66e6fb09b2449dec9bf0af49408b9a6c3cc65 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 08:08:05 +1100 Subject: Upgrade provision-backend to python. This required a large rework of the provision code, so as to move much of the 'guess' logic into subprocedures, rather than just inline in the provision code. Andrew Bartlett (This used to be commit a0754c2a857217ca831c2295b17255d8f38dfbc2) --- source4/setup/provision-backend | 287 +++++++++++++------------------------ source4/setup/provision-backend.js | 188 ++++++++++++++++++++++++ 2 files changed, 286 insertions(+), 189 deletions(-) create mode 100644 source4/setup/provision-backend.js (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index abd1b9a875..91d7bdcb0a 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -1,189 +1,98 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - provision a Samba4 server - Copyright Andrew Tridgell 2005 - Released under the GNU GPL v2 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'realm=s', - 'host-name=s', - 'ldap-manager-pass=s', - 'root=s', - 'quiet', - 'ldap-backend-type=s', - 'ldap-backend-port=i'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -sys = sys_init(); - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 provisioning - -provision [options] - --realm REALM set realm - --host-name HOSTNAME set hostname - --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) - --root USERNAME choose 'root' unix username - --quiet Be quiet - --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure - --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only) -You must provide at least a realm and ldap-backend-type - -"); - exit(1); -} - -if (options['host-name'] == undefined) { - options['host-name'] = hostname(); -} - -/* - main program -*/ -if (options["realm"] == undefined || - options["ldap-backend-type"] == undefined || - options["host-name"] == undefined) { - ShowHelp(); -} - -/* cope with an initially blank smb.conf */ -var lp = loadparm_init(); -lp.set("realm", options.realm); -lp.reload(); - -var subobj = provision_guess(); -for (r in options) { - var key = strupper(join("", split("-", r))); - subobj[key] = options[r]; -} - - - -var paths = provision_default_paths(subobj); -provision_fix_subobj(subobj, paths); -message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); -message("Using %s password: %s\n", subobj.LDAPMANAGERDN, subobj.LDAPMANAGERPASS); -var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; -sys.mkdir(subobj.LDAPDIR, 0700); - -provision_schema(subobj, message, tmp_schema_ldb, paths); - -var mapping; -var backend_schema; -var slapd_command; -if (options["ldap-backend-type"] == "fedora-ds") { - mapping = "schema-map-fedora-ds-1.0"; - backend_schema = "99_ad.ldif"; - if (options["ldap-backend-port"] != undefined) { - message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); - subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; - } else { - message("Will listen on LDAPI only\n"); - subobj.SERVERPORT=""; - } - setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); - setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); - - slapd_command = "(see documentation)"; -} else if (options["ldap-backend-type"] == "openldap") { - mapping = "schema-map-openldap-2.3"; - backend_schema = "backend-schema.schema"; - setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); - setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); - sys.mkdir(subobj.LDAPDIR + "/db", 0700); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - if (options["ldap-backend-port"] != undefined) { - message("\nStart slapd with: \n"); - slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h \"ldap://0.0.0.0:" + options["ldap-backend-port"] + " " + subobj.LDAPI_URI "\""; - } else { - slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; - } - - var ldb = ldb_init(); - ldb.filename = tmp_schema_ldb; - - var connect_ok = ldb.connect(ldb.filename); - assert(connect_ok); - var attrs = new Array("linkID", "lDAPDisplayName"); - var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); - assert(res.error == 0); - var memberof_config = ""; - var refint_attributes = ""; - for (i=0; i < res.msgs.length; i++) { -searchone(ldb, subobj.DOMAINDN, "(&(objectClass=computer)(cn=" + subobj.NETBIOSNAME + "))", "objectGUID"); - var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); - if (target != undefined) { - refint_attributes = refint_attributes + " " + target + " " + res.msgs[i].lDAPDisplayName; - memberof_config = memberof_config + "overlay memberof -memberof-dangling error -memberof-refint TRUE -memberof-group-oc top -memberof-member-ad " + res.msgs[i].lDAPDisplayName + " -memberof-memberof-ad " + target + " -memberof-dangling-error 32 - -"; - } - } - - memberof_config = memberof_config + " -overlay refint -refint_attributes" + refint_attributes + " -"; - - ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); - if (!ok) { - message("failed to create file: " + f + "\n"); - assert(ok); - } - -} -var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; - -message("\nCreate a suitable schema file with:\n%s\n", schema_command); -message("\nStart slapd with: \n%s\n", slapd_command); - -message("All OK\n"); -return 0; +#!/usr/bin/python +# +# Unix SMB/CIFS implementation. +# provision a Samba4 server +# Copyright (C) Jelmer Vernooij 2007-2008 +# Copyright (C) Andrew Bartlett 2008 +# +# Based on the original in EJS: +# Copyright (C) Andrew Tridgell 2005 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import getopt +import optparse +import os, sys + +import samba +import param + +from auth import system_session +import samba.getopt as options +from samba.provision import (provision_backend) + +parser = optparse.OptionParser("provision [options]") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--setupdir", type="string", metavar="DIR", + help="directory with setup files") +parser.add_option("--realm", type="string", metavar="REALM", help="set realm") +parser.add_option("--domain", type="string", metavar="DOMAIN", + help="set domain") +parser.add_option("--host-name", type="string", metavar="HOSTNAME", + help="set hostname") +parser.add_option("--adminpass", type="string", metavar="PASSWORD", + help="choose admin password (otherwise random)") +parser.add_option("--root", type="string", metavar="USERNAME", + help="choose 'root' unix username") +parser.add_option("--quiet", help="Be quiet", action="store_true") +parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", + help="LDB mapping module to use for the LDAP backend", + choices=["fedora-ds", "openldap"]) +parser.add_option("--server-role", type="choice", metavar="ROLE", + choices=["domain controller", "dc", "member server", "member", "standalone"], + help="Set server role to provision for (default standalone)") +parser.add_option("--targetdir", type="string", metavar="DIR", + help="Set target directory") + +opts = parser.parse_args()[0] + +def message(text): + """print a message if quiet is not set.""" + if not opts.quiet: + print text + +if opts.realm is None or opts.domain is None: + if opts.realm is None: + print >>sys.stderr, "No realm set" + if opts.domain is None: + print >>sys.stderr, "No domain set" + parser.print_usage() + sys.exit(1) + +smbconf = sambaopts.get_loadparm().configfile() + +if opts.server_role == "dc": + server_role = "domain controller" +elif opts.server_role == "member": + server_role = "member server" +else: + server_role = opts.server_role + +setup_dir = opts.setupdir +if setup_dir is None: + setup_dir = "setup" + +provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir, + realm=opts.realm, domain=opts.domain, + hostname=opts.host_name, + adminpass=opts.adminpass, + root=opts.root, serverrole=server_role, + ldap_backend_type=opts.ldap_backend_type) + +message("All OK") diff --git a/source4/setup/provision-backend.js b/source4/setup/provision-backend.js new file mode 100644 index 0000000000..edc09907a8 --- /dev/null +++ b/source4/setup/provision-backend.js @@ -0,0 +1,188 @@ +#!/bin/sh +exec smbscript "$0" ${1+"$@"} +/* + provision a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +options = GetOptions(ARGV, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + "POPT_COMMON_CREDENTIALS", + 'realm=s', + 'host-name=s', + 'ldap-manager-pass=s', + 'root=s', + 'quiet', + 'ldap-backend-type=s', + 'ldap-backend-port=i'); + +if (options == undefined) { + println("Failed to parse options"); + return -1; +} + +sys = sys_init(); + +libinclude("base.js"); +libinclude("provision.js"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 provisioning + +provision [options] + --realm REALM set realm + --host-name HOSTNAME set hostname + --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) + --root USERNAME choose 'root' unix username + --quiet Be quiet + --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure + --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only) +You must provide at least a realm and ldap-backend-type + +"); + exit(1); +} + +if (options['host-name'] == undefined) { + options['host-name'] = hostname(); +} + +/* + main program +*/ +if (options["realm"] == undefined || + options["ldap-backend-type"] == undefined || + options["host-name"] == undefined) { + ShowHelp(); +} + +/* cope with an initially blank smb.conf */ +var lp = loadparm_init(); +lp.set("realm", options.realm); +lp.reload(); + +var subobj = provision_guess(); +for (r in options) { + var key = strupper(join("", split("-", r))); + subobj[key] = options[r]; +} + + + +var paths = provision_default_paths(subobj); +provision_fix_subobj(subobj, paths); +message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); +message("Using %s password: %s\n", subobj.LDAPMANAGERDN, subobj.LDAPMANAGERPASS); +var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; +sys.mkdir(subobj.LDAPDIR, 0700); + +provision_schema(subobj, message, tmp_schema_ldb, paths); + +var mapping; +var backend_schema; +var slapd_command; +if (options["ldap-backend-type"] == "fedora-ds") { + mapping = "schema-map-fedora-ds-1.0"; + backend_schema = "99_ad.ldif"; + if (options["ldap-backend-port"] != undefined) { + message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); + subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; + } else { + message("Will listen on LDAPI only\n"); + subobj.SERVERPORT=""; + } + setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); + setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); + + slapd_command = "(see documentation)"; +} else if (options["ldap-backend-type"] == "openldap") { + mapping = "schema-map-openldap-2.3"; + backend_schema = "backend-schema.schema"; + setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); + setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); + sys.mkdir(subobj.LDAPDIR + "/db", 0700); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema"; + sys.mkdir(subobj.LDAPDBDIR, 0700); + sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); + sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); + setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); + if (options["ldap-backend-port"] != undefined) { + message("\nStart slapd with: \n"); + slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h \"ldap://0.0.0.0:" + options["ldap-backend-port"] + " " + subobj.LDAPI_URI "\""; + } else { + slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; + } + + var ldb = ldb_init(); + ldb.filename = tmp_schema_ldb; + + var connect_ok = ldb.connect(ldb.filename); + assert(connect_ok); + var attrs = new Array("linkID", "lDAPDisplayName"); + var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); + assert(res.error == 0); + var memberof_config = ""; + var refint_attributes = ""; + for (i=0; i < res.msgs.length; i++) { + var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); + if (target != undefined) { + refint_attributes = refint_attributes + " " + target + " " + res.msgs[i].lDAPDisplayName; + memberof_config = memberof_config + "overlay memberof +memberof-dangling error +memberof-refint TRUE +memberof-group-oc top +memberof-member-ad " + res.msgs[i].lDAPDisplayName + " +memberof-memberof-ad " + target + " +memberof-dangling-error 32 + +"; + } + } + + memberof_config = memberof_config + " +overlay refint +refint_attributes" + refint_attributes + " +"; + + ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); + if (!ok) { + message("failed to create file: " + f + "\n"); + assert(ok); + } + +} +var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; + +message("\nCreate a suitable schema file with:\n%s\n", schema_command); +message("\nStart slapd with: \n%s\n", slapd_command); + +message("All OK\n"); +return 0; -- cgit From 07a7c8fa0d76cb7cb10cc88fb5bbe5439b746d01 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 09:55:06 +1100 Subject: Update the provision scripts and selftest for LDAP This should allow us to provision onto an OpenLDAP backend again. Also ensure we always have a sysvol and netlogon share in the selftest environment. Andrew Bartlett (This used to be commit b2d9b03ba3434e76d4d476233a198728523d17f9) --- source4/setup/provision-backend | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 91d7bdcb0a..ada6dcef8d 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -46,8 +46,8 @@ parser.add_option("--domain", type="string", metavar="DOMAIN", help="set domain") parser.add_option("--host-name", type="string", metavar="HOSTNAME", help="set hostname") -parser.add_option("--adminpass", type="string", metavar="PASSWORD", - help="choose admin password (otherwise random)") +parser.add_option("--ldap-manager-pass", type="string", metavar="PASSWORD", + help="choose LDAP manager password (otherwise random)") parser.add_option("--root", type="string", metavar="USERNAME", help="choose 'root' unix username") parser.add_option("--quiet", help="Be quiet", action="store_true") @@ -91,7 +91,7 @@ if setup_dir is None: provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir, realm=opts.realm, domain=opts.domain, hostname=opts.host_name, - adminpass=opts.adminpass, + adminpass=opts.ldap_manager_pass, root=opts.root, serverrole=server_role, ldap_backend_type=opts.ldap_backend_type) -- cgit From 0c882402360a10b19a038bce9f87e241051c9ba8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Mar 2008 11:36:58 +1100 Subject: Rework to have member server 'domains' be CN=NETBIOSNAME This reworks quite a few parts of our provision system to use CN=NETBIOSNAME as the domain for member servers. This makes it clear that these domains are not in the DNS structure, while complying with our own schema (found by OpenLDAP's schema validation). Andrew Bartlett (This used to be commit bda6a38b055fed2394e65cdc0b308a1442116402) --- source4/setup/provision_basedn.ldif | 3 +-- source4/setup/schema_samba4.ldif | 38 +++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index 11eb0593e8..7fdecfa3c0 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -3,7 +3,6 @@ ################################ dn: ${DOMAINDN} objectClass: top -objectClass: domain -objectClass: domainDNS +objectClass: ${DOMAIN_OC} ${ACI} diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 8bd1705468..7146091c8e 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -194,3 +194,41 @@ attributeID: 1.3.6.1.4.1.7165.4.1.11 attributeSyntax: 2.5.5.4 oMSyntax: 20 +# +# Based on domainDNS, but without the DNS bits. +# + +dn: CN=Samba4-Local-Domain,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.3.6.1.4.1.7165.4.2.2 +possibleInferiors: group +possibleInferiors: lostAndFound +possibleInferiors: builtinDomain +possibleInferiors: computer +possibleInferiors: user +possibleInferiors: container +possibleInferiors: groupPolicyContainer +possibleInferiors: organization +possibleInferiors: domainDNS +possibleInferiors: locality +possibleInferiors: msDS-AzAdminManager +possibleInferiors: country +possibleInferiors: organizationalUnit +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Samba4-Local-Domain +adminDescription: Samba4-Local-Domain +systemMayContain: msDS-Behavior-Version +systemMayContain: managedBy +objectClassCategory: 1 +lDAPDisplayName: samba4LocalDomain +schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293 +systemOnly: FALSE +systemAuxiliaryClass: samDomainBase +defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE +defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN} + -- cgit From d7299d82c31f08750d5d378b0e1f0226dbff5d05 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 15 Mar 2008 19:03:04 +1100 Subject: Rework memberof handling in slapd.conf (used for OpenLDAP backend) Instead of using an include file, put the generated configurationd directly into slapd.conf. Andrew Bartlett (This used to be commit 95ac786136aebfe5ededeb3fb81cbd4e296e3988) --- source4/setup/slapd.conf | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 83f4da3359..cdf9ff79a9 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -21,7 +21,7 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} -include ${LDAPDIR}/memberof.conf +${MEMBEROF_CONFIG} database hdb suffix ${SCHEMADN} @@ -62,8 +62,6 @@ syncprov-sessionlog 100 database hdb suffix ${DOMAINDN} -rootdn ${LDAPMANAGERDN} -rootpw ${LDAPMANAGERPASS} directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq @@ -82,8 +80,12 @@ index dnsRoot eq index nETBIOSName eq index cn eq +rootdn ${LDAPMANAGERDN} +rootpw ${LDAPMANAGERPASS} + #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 + -- cgit From 89870f2d9a7296b51d53934450ea5253a66145e5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 20 Mar 2008 15:14:49 +1100 Subject: Explain why this attribute should be skipped. Andrew Bartlett (This used to be commit 7503f93f2f07f81ada1b5d9ec8fdd3d5509376ae) --- source4/setup/schema-map-openldap-2.3 | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index 0bce95afba..3f07a9d50f 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -11,6 +11,7 @@ distinguishedName description cn top +#The memberOf plugin provides this attribute memberOf #This shouldn't make it to the ldap server sambaPassword -- cgit From d5a71ed633ab9086f56a9bf0812044d0cfa9df96 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Mar 2008 15:42:20 +1100 Subject: Remove old js versions of newuser and provision. Andrew Bartlett (This used to be commit 861a85985d2d27f58cb8fa2fef0d445c7dac94c6) --- source4/setup/newuser | 141 ++++++++++++++------------------ source4/setup/newuser.py | 61 -------------- source4/setup/provision.js | 198 --------------------------------------------- 3 files changed, 61 insertions(+), 339 deletions(-) delete mode 100755 source4/setup/newuser.py delete mode 100755 source4/setup/provision.js (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 7c80e9e8de..03ae4e5ffb 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -1,80 +1,61 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - add a new user to a Samba4 server - Copyright Andrew Tridgell 2005 - Released under the GNU GPL v2 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - 'username=s', - 'unixname=s', - 'password=s', - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'quiet'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 newuser - -newuser [options] - --username USERNAME choose new username - --unixname USERNAME choose unix name of new user - --password PASSWORD set password - -You must provide at least a username -"); - exit(1); -} - -if (options['username'] == undefined) { - ShowHelp(); -} - -if (options['password'] == undefined) { - random_init(local); - options.password = randpass(12); - printf("chose random password %s\n", options.password); -} -if (options['unixname'] == undefined) { - options.unixname = options.username; -} - -var nss = nss_init(); -if (nss.getpwnam(options.unixname) == undefined) { - printf("ERROR: Unix user '%s' does not exist\n", options.unixname); - exit(1); -} - -var creds = options.get_credentials(); -var system_session = system_session(); - - -newuser(options.username, options.unixname, options.password, message, system_session, creds); - -return 0; +#!/usr/bin/python +# +# add a new user to a Samba4 server +# Copyright Andrew Tridgell 2005 +# Copyright Jelmer Vernooij 2008 +# Released under the GNU GPL v2 or later +# + +import samba.getopt as options +import optparse +import pwd +import sys + +from auth import system_session +from samba.samdb import SamDB + +parser = optparse.OptionParser("newuser [options] []") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--quiet", help="Be quiet", action="store_true") +parser.add_option("--unixname", help="Unix Username", type=str) + +opts, args = parser.parse_args() + +# +# print a message if quiet is not set +# +def message(text): + if not opts.quiet: + print text + +if len(args) == 0: + parser.print_usage() + sys.exit(1) + +username = args[0] +if len(args) > 1: + password = args[1] +else: + random_init(local) + options.password = randpass(12) + print "chose random password %s\n" % password + +if opts.unixname is None: + opts.unixname = username + +try: + pwd.getpwnam(opts.unixname) +except KeyError: + print "ERROR: Unix user '%s' does not exist" % opts.unixname + sys.exit(1) + +creds = credopts.get_credentials() + +lp = sambaopts.get_loadparm() +samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), + credentials=creds, lp=lp) +samdb.newuser(username, opts.unixname, password) diff --git a/source4/setup/newuser.py b/source4/setup/newuser.py deleted file mode 100755 index 03ae4e5ffb..0000000000 --- a/source4/setup/newuser.py +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/python -# -# add a new user to a Samba4 server -# Copyright Andrew Tridgell 2005 -# Copyright Jelmer Vernooij 2008 -# Released under the GNU GPL v2 or later -# - -import samba.getopt as options -import optparse -import pwd -import sys - -from auth import system_session -from samba.samdb import SamDB - -parser = optparse.OptionParser("newuser [options] []") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("--quiet", help="Be quiet", action="store_true") -parser.add_option("--unixname", help="Unix Username", type=str) - -opts, args = parser.parse_args() - -# -# print a message if quiet is not set -# -def message(text): - if not opts.quiet: - print text - -if len(args) == 0: - parser.print_usage() - sys.exit(1) - -username = args[0] -if len(args) > 1: - password = args[1] -else: - random_init(local) - options.password = randpass(12) - print "chose random password %s\n" % password - -if opts.unixname is None: - opts.unixname = username - -try: - pwd.getpwnam(opts.unixname) -except KeyError: - print "ERROR: Unix user '%s' does not exist" % opts.unixname - sys.exit(1) - -creds = credopts.get_credentials() - -lp = sambaopts.get_loadparm() -samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), - credentials=creds, lp=lp) -samdb.newuser(username, opts.unixname, password) diff --git a/source4/setup/provision.js b/source4/setup/provision.js deleted file mode 100755 index 328754fd9c..0000000000 --- a/source4/setup/provision.js +++ /dev/null @@ -1,198 +0,0 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - provision a Samba4 server - Copyright Andrew Tridgell 2005 - Released under the GNU GPL v2 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'realm=s', - 'domain=s', - 'domain-guid=s', - 'domain-sid=s', - 'policy-guid=s', - 'host-name=s', - 'host-ip=s', - 'host-guid=s', - 'invocationid=s', - 'adminpass=s', - 'krbtgtpass=s', - 'machinepass=s', - 'dnspass=s', - 'root=s', - 'nobody=s', - 'nogroup=s', - 'wheel=s', - 'users=s', - 'quiet', - 'blank', - 'server-role=s', - 'partitions-only', - 'ldap-base', - 'ldap-backend=s', - 'ldap-backend-type=s', - 'aci=s'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 provisioning - -provision [options] - --realm REALM set realm - --domain DOMAIN set domain - --domain-guid GUID set domainguid (otherwise random) - --domain-sid SID set domainsid (otherwise random) - --host-name HOSTNAME set hostname - --host-ip IPADDRESS set ipaddress - --host-guid GUID set hostguid (otherwise random) - --policy-guid GUID set group policy guid (otherwise random) - --invocationid GUID set invocationid (otherwise random) - --adminpass PASSWORD choose admin password (otherwise random) - --krbtgtpass PASSWORD choose krbtgt password (otherwise random) - --machinepass PASSWORD choose machine password (otherwise random) - --root USERNAME choose 'root' unix username - --nobody USERNAME choose 'nobody' user - --nogroup GROUPNAME choose 'nogroup' group - --wheel GROUPNAME choose 'wheel' privileged group - --users GROUPNAME choose 'users' group - --quiet Be quiet - --blank do not add users or groups, just the structure - --server-role ROLE Set server role to provision for (default standalone) - --partitions-only Configure Samba's partitions, but do not modify them (ie, join a BDC) - --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN - --ldap-backend LDAPSERVER LDAP server to use for this provision - --ldap-backend-type TYPE OpenLDAP or Fedora DS - --aci ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server -You must provide at least a realm and domain - -"); - exit(1); -} - -if (options['host-name'] == undefined) { - options['host-name'] = hostname(); -} - -/* - main program -*/ -if (options["realm"] == undefined || - options["domain"] == undefined || - options["host-name"] == undefined) { - ShowHelp(); -} - -/* cope with an initially blank smb.conf */ -var lp = loadparm_init(); -lp.set("realm", options.realm); -lp.set("workgroup", options.domain); -lp.set("server role", options["server-role"]); -lp.reload(); - -var subobj = provision_guess(); -for (r in options) { - var key = strupper(join("", split("-", r))); - subobj[key] = options[r]; -} - -var blank = (options["blank"] != undefined); -var ldapbackend = (options["ldap-backend"] != undefined); -var ldapbackendtype = options["ldap-backend-type"]; -var partitions_only = (options["partitions-only"] != undefined); -var paths = provision_default_paths(subobj); -if (options["aci"] != undefined) { - message("set ACI: %s\n", subobj["ACI"]); -} - -message("set DOMAIN SID: %s\n", subobj["DOMAINSID"]); - -provision_fix_subobj(subobj, paths); - -if (ldapbackend) { - if (options["ldap-backend"] == "ldapi") { - subobj.LDAPBACKEND = subobj.LDAPI_URI; - } - if (ldapbackendtype == undefined) { - - } else if (ldapbackendtype == "openldap") { - subobj.LDAPMODULE = "normalise,entryuuid"; - subobj.TDB_MODULES_LIST = ""; - } else if (ldapbackendtype == "fedora-ds") { - subobj.LDAPMODULE = "nsuniqueid"; - } - subobj.BACKEND_MOD = subobj.LDAPMODULE + ",paged_searches"; - subobj.DOMAINDN_LDB = subobj.LDAPBACKEND; - subobj.CONFIGDN_LDB = subobj.LDAPBACKEND; - subobj.SCHEMADN_LDB = subobj.LDAPBACKEND; - message("LDAP module: %s on backend: %s\n", subobj.LDAPMODULE, subobj.LDAPBACKEND); -} - -if (!provision_validate(subobj, message)) { - return -1; -} - -var system_session = system_session(); -var creds = options.get_credentials(); -message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM); -message("Using administrator password: %s\n", subobj.ADMINPASS); -if (partitions_only) { - provision_become_dc(subobj, message, false, paths, system_session); -} else { - provision(subobj, message, blank, paths, system_session, creds, ldapbackend); - provision_dns(subobj, message, paths, system_session, creds); - message("To reproduce this provision, run with:\n"); -/* There has to be a better way than this... */ - message("--realm='%s' --domain='%s' \\\n", subobj.REALM_CONF, subobj.DOMAIN_CONF); - if (subobj.DOMAINGUID != undefined) { - message("--domain-guid='%s' \\\n", subobj.DOMAINGUID); - } - if (subobj.HOSTGUID != undefined) { - message("--host-guid='%s' \\\n", subobj.HOSTGUID); - } - message("--policy-guid='%s' --host-name='%s' --host-ip='%s' \\\n", subobj.POLICYGUID, subobj.HOSTNAME, subobj.HOSTIP); - if (subobj.INVOCATIONID != undefined) { - message("--invocationid='%s' \\\n", subobj.INVOCATIONID); - } - message("--adminpass='%s' --krbtgtpass='%s' \\\n", subobj.ADMINPASS, subobj.KRBTGTPASS); - message("--machinepass='%s' --dnspass='%s' \\\n", subobj.MACHINEPASS, subobj.DNSPASS); - message("--root='%s' --nobody='%s' --nogroup='%s' \\\n", subobj.ROOT, subobj.NOBODY, subobj.NOGROUP); - message("--wheel='%s' --users='%s' --server-role='%s' \\\n", subobj.WHEEL, subobj.USERS, subobj.SERVERROLE); - if (ldapbackend) { - message("--ldap-backend='%s' \\\n", subobj.LDAPBACKEND); - } - if (ldapbackendtype != undefined) { - message("--ldap-backend-type='%s' \\\n", + ldapbackendtype); - } - message("--aci='" + subobj.ACI + "' \\\n") -} - - -message("All OK\n"); -return 0; -- cgit From 786deaf9288c77b40892d6639113e580a7be6904 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Mar 2008 12:08:54 +1100 Subject: Make the setup/newuser and setup/setpassword scripts actually work... These need a testsuite, but this will come soon. Andrew Bartlett (This used to be commit fbcaa622bd1929399e32326349e96b6676a49b96) --- source4/setup/newuser | 6 +- source4/setup/setpassword | 181 +++++++++++++++------------------------------- 2 files changed, 60 insertions(+), 127 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 03ae4e5ffb..5f53aad9c6 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -10,7 +10,7 @@ import samba.getopt as options import optparse import pwd import sys - +from getpass import getpass from auth import system_session from samba.samdb import SamDB @@ -40,9 +40,7 @@ username = args[0] if len(args) > 1: password = args[1] else: - random_init(local) - options.password = randpass(12) - print "chose random password %s\n" % password + password = getpass("New Password: ") if opts.unixname is None: opts.unixname = username diff --git a/source4/setup/setpassword b/source4/setup/setpassword index 618e304077..1c87f4b1c8 100644 --- a/source4/setup/setpassword +++ b/source4/setup/setpassword @@ -1,123 +1,58 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - set a user's password on a Samba4 server - Copyright Andrew Tridgell 2005 - Copyright Andrew Bartlett 2006 - Released under the GNU GPL v2 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - 'username=s', - 'filter=s', - 'newpassword=s', - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'quiet'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 newuser - -newuser [options] - --username USERNAME username - --filter LDAPFILTER LDAP Filter to set password on - --newpassword PASSWORD set password - -You must provide either a filter or a username, as well as password -"); - exit(1); -} - -if (options['username'] == undefined && options['filter'] == undefined) { - ShowHelp(); -} - -if (options['newpassword'] == undefined) { - ShowHelp(); -} - - var lp = loadparm_init(); - var samdb = lp.get("sam database"); - var ldb = ldb_init(); - random_init(local); - ldb.session_info = system_session(); - ldb.credentials = options.get_credentials(); - - /* connect to the sam */ - var ok = ldb.connect(samdb); - assert(ok); - - ldb.transaction_start(); - -/* find the DNs for the domain and the domain users group */ -var attrs = new Array("defaultNamingContext"); -var attrs2 = new Array("cn"); -res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs); -assert(res.error == 0); -assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined); -var domain_dn = res.msgs[0].defaultNamingContext; -assert(domain_dn != undefined); - -if (options['filter'] != undefined) { - var res = ldb.search(options['filter'], - domain_dn, ldb.SCOPE_SUBTREE, attrs2); - if (res.error != 0 || res.msgs.length != 1) { - message("Failed to find record for filter %s\n", options['filter']); - exit(1); - } -} else { - var res = ldb.search(sprintf("samAccountName=%s", options['username']), - domain_dn, ldb.SCOPE_SUBTREE, attrs2); - if (res.error != 0 || res.msgs.length != 1) { - message("Failed to find record for user %s\n", options['username']); - exit(1); - } -} - -var mod = sprintf(" -dn: %s -changetype: modify -replace: sambaPassword -sambaPassword: %s -", - res[0].dn, options['newpassword']); -var ok = ldb.modify(mod); -if (ok.error != 0) { - message("set password for %s failed - %s\n", - res[0].dn, ok.errstr); - ldb.transaction_cancel(); - exit(1); -} else { - message("set password for %s (%s) succeded\n", - res[0].dn, res[0].cn); - - ldb.transaction_commit(); -} - - -return 0; +#!/usr/bin/python +# +# add a new user to a Samba4 server +# Copyright Andrew Tridgell 2005 +# Copyright Jelmer Vernooij 2008 +# Released under the GNU GPL v2 or later +# + +import samba.getopt as options +import optparse +import pwd +import sys +from getpass import getpass +from auth import system_session +from samba.samdb import SamDB + +parser = optparse.OptionParser("setpassword [username] [options]") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--filter", help="LDAP Filter to set password on", type=str) +parser.add_option("--newpassword", help="Set password", type=str) + +opts, args = parser.parse_args() + +# +# print a message if quiet is not set +# +def message(text): + if not opts.quiet: + print text + +if len(args) == 0: + parser.print_usage() + sys.exit(1) + +password = opts.password; +if password is None: + password = getpass("New Password: ") + +filter = opts.filter + +if filter is None: + username = args[0] + if username is None: + print "Either username or --filter must be specified" + + filter = "(&(objectclass=user)(samAccountName=" + username + "))" + + +creds = credopts.get_credentials() + +lp = sambaopts.get_loadparm() +samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), + credentials=creds, lp=lp) +samdb.setpassword(filter, password) -- cgit From 71e79728ec6542981b8921a49155936a65d332f4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Mar 2008 03:46:23 +1100 Subject: Add tool for enabling accounts (This used to be commit 2e14b4ea64ba7e223f29b5b535b1b1be326f711c) --- source4/setup/enableaccount | 74 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 source4/setup/enableaccount (limited to 'source4/setup') diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount new file mode 100644 index 0000000000..0c9937fc44 --- /dev/null +++ b/source4/setup/enableaccount @@ -0,0 +1,74 @@ +#!/usr/bin/python +# +# add a new user to a Samba4 server +# Copyright Andrew Tridgell 2005 +# Copyright Jelmer Vernooij 2008 +# Released under the GNU GPL v2 or later +# + +import samba.getopt as options +import optparse +import pwd +import sys +import ldb + +from auth import system_session +from samba.samdb import SamDB + +parser = optparse.OptionParser("setpassword [username] [options]") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("-H", help="LDB URL for database or target server", type=str) +parser.add_option("--base", help="Base DN to search for user under", type=str) + +opts, args = parser.parse_args() + +# +# print a message if quiet is not set +# +def message(text): + if not opts.quiet: + print text + +if len(args) == 0: + parser.print_usage() + sys.exit(1) + +username = args[0] + +if username is None: + print "username must be specified" + +creds = credopts.get_credentials() + +lp = sambaopts.get_loadparm() +if opts.H is not None: + url = opts.H +else: + url = lp.get("sam database") + +samdb = SamDB(url=url, session_info=system_session(), + credentials=creds, lp=lp) + +domain_dn = opts.base +if opts.base is None: + res = samdb.search("", scope=ldb.SCOPE_BASE, + expression="(defaultNamingContext=*)", + attrs=["defaultNamingContext"]) + assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None) + domain_dn = res[0]["defaultNamingContext"][0] +else: + domain_dn = opts.base + +filter = "(&(objectClass=user)(samAccountName=%s))" % username + +res = samdb.search(domain_dn, scope=ldb.SCOPE_SUBTREE, + expression=filter, + attrs=[]) +assert(len(res) == 1) +user_dn = res[0].dn + +samdb.enable_account(user_dn) -- cgit From 8f8c56bfbcbfe8f80afb09eb1d481a108b252bee Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Fri, 28 Mar 2008 01:08:49 -0500 Subject: Convert some more files to GPLv3. (This used to be commit ebe5e8399422eb7e2ff4deb546338823e2718907) --- source4/setup/enableaccount | 2 +- source4/setup/newuser | 2 +- source4/setup/provision-backend.js | 2 +- source4/setup/setpassword | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount index 0c9937fc44..144b6c6494 100644 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -3,7 +3,7 @@ # add a new user to a Samba4 server # Copyright Andrew Tridgell 2005 # Copyright Jelmer Vernooij 2008 -# Released under the GNU GPL v2 or later +# Released under the GNU GPL version 3 or later # import samba.getopt as options diff --git a/source4/setup/newuser b/source4/setup/newuser index 5f53aad9c6..f622058a5d 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -3,7 +3,7 @@ # add a new user to a Samba4 server # Copyright Andrew Tridgell 2005 # Copyright Jelmer Vernooij 2008 -# Released under the GNU GPL v2 or later +# Released under the GNU GPL version 3 or later # import samba.getopt as options diff --git a/source4/setup/provision-backend.js b/source4/setup/provision-backend.js index edc09907a8..9482d8c435 100644 --- a/source4/setup/provision-backend.js +++ b/source4/setup/provision-backend.js @@ -3,7 +3,7 @@ exec smbscript "$0" ${1+"$@"} /* provision a Samba4 server Copyright Andrew Tridgell 2005 - Released under the GNU GPL v2 or later + Released under the GNU GPL version 3 or later */ options = GetOptions(ARGV, diff --git a/source4/setup/setpassword b/source4/setup/setpassword index 1c87f4b1c8..31b2f73a25 100644 --- a/source4/setup/setpassword +++ b/source4/setup/setpassword @@ -3,7 +3,7 @@ # add a new user to a Samba4 server # Copyright Andrew Tridgell 2005 # Copyright Jelmer Vernooij 2008 -# Released under the GNU GPL v2 or later +# Released under the GNU GPL version 3 or later # import samba.getopt as options -- cgit From 142fbfb3c1f9f8cda7f0edaa801f8345f23d805f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 28 Mar 2008 21:57:15 +1100 Subject: Fix and test python scripts and kerberos This fixes up the python credentials interface in a number of areas, with the aim of supporting '-k yes' as a command line option. (This enables the use of kerberos). As such, I've had to change the get_credentials call to take a loadparm context, so that the credentials can be initialised correctly. The test_kinit script has been modified to prove that this continues to work, as well as to provide greater code coverage of the kerberos paths. Andrew Bartlett (This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63) --- source4/setup/enableaccount | 5 +++-- source4/setup/provision | 5 +++-- source4/setup/upgrade.py | 6 ++++-- 3 files changed, 10 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount index 144b6c6494..849b515675 100644 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -42,9 +42,10 @@ username = args[0] if username is None: print "username must be specified" -creds = credopts.get_credentials() - lp = sambaopts.get_loadparm() + +creds = credopts.get_credentials(lp) + if opts.H is not None: url = opts.H else: diff --git a/source4/setup/provision b/source4/setup/provision index b0363d8a8f..cf08036f90 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None: parser.print_usage() sys.exit(1) -smbconf = sambaopts.get_loadparm().configfile() +lp = sambaopts.get_loadparm() +smbconf = lp.configfile() if opts.aci is not None: print "set ACI: %s" % opts.aci @@ -123,7 +124,7 @@ elif opts.server_role == "member": else: server_role = opts.server_role -creds = credopts.get_credentials() +creds = credopts.get_credentials(lp) setup_dir = opts.setupdir if setup_dir is None: diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 569b179544..3bcc57ab64 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -57,7 +57,9 @@ setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -creds = credopts.get_credentials() +lp = sambaopts.get_loadparm() +smbconf = lp.configfile() +creds = credopts.get_credentials(lp) upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), - smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir) + smbconf=smbconf, targetdir=opts.targetdir) -- cgit From 238a1a52f1fd3cce0a0fd980c1717c8540a1c7a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 29 Mar 2008 17:17:56 +1100 Subject: Rework 'compleated' message in provision to be more useful. In particular, this should draw attention to accidential 'standalone' server provisions and therefore cause less frustration. Andrew Bartlett (This used to be commit e906ae041a2b589ffceff97b74f7c4b01386382a) --- source4/setup/provision | 9 --------- 1 file changed, 9 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index cf08036f90..e354f4d0bb 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -149,12 +149,3 @@ provision(setup_dir, message, aci=opts.aci, serverrole=server_role, ldap_backend=opts.ldap_backend, ldap_backend_type=opts.ldap_backend_type) - -message("To reproduce this provision, run with:") -def shell_escape(arg): - if " " in arg: - return '"%s"' % arg - return arg -message(" ".join([shell_escape(arg) for arg in sys.argv])) - -message("All OK") -- cgit From 2ab6dd9ea58c7f09791f45077df084447fc7de69 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Apr 2008 11:38:58 +1100 Subject: Remove references to setting the host GUID, as the repl_meta_data module prohibits it anyway. Andrew Bartlett (This used to be commit c5b287c056855892f30fbbf32efe7d65da31ce91) --- source4/setup/provision | 8 +++----- source4/setup/provision_self_join.ldif | 1 - 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index e354f4d0bb..30067f5592 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -52,14 +52,12 @@ parser.add_option("--domain-sid", type="string", metavar="SID", help="set domainsid (otherwise random)") parser.add_option("--policy-guid", type="string", metavar="GUID", help="set policy guid") +parser.add_option("--invocationid", type="string", metavar="GUID", + help="set invocationid (otherwise random)") parser.add_option("--host-name", type="string", metavar="HOSTNAME", help="set hostname") parser.add_option("--host-ip", type="string", metavar="IPADDRESS", help="set ipaddress") -parser.add_option("--host-guid", type="string", metavar="GUID", - help="set hostguid (otherwise random)") -parser.add_option("--invocationid", type="string", metavar="GUID", - help="set invocationid (otherwise random)") parser.add_option("--adminpass", type="string", metavar="PASSWORD", help="choose admin password (otherwise random)") parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", @@ -141,7 +139,7 @@ provision(setup_dir, message, samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, domainguid=opts.domain_guid, domainsid=opts.domain_sid, policyguid=opts.policy_guid, hostname=opts.host_name, - hostip=opts.host_ip, hostguid=opts.host_guid, + hostip=opts.host_ip, invocationid=opts.invocationid, adminpass=opts.adminpass, krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index 503656a9bf..a0cfa7eb23 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -19,7 +19,6 @@ servicePrincipalName: HOST/${DNSNAME}/${REALM} servicePrincipalName: HOST/${NETBIOSNAME}/${REALM} servicePrincipalName: HOST/${DNSNAME}/${DOMAIN} servicePrincipalName: HOST/${NETBIOSNAME}/${DOMAIN} -${HOSTGUID_ADD} #Provide a account for DNS keytab export dn: CN=dns,CN=Users,${DOMAINDN} -- cgit From 3c0c6acc594fba1f1d28e49cb105c99fa1649a18 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Tue, 1 Apr 2008 19:51:24 -0500 Subject: provision: Add support for IPv6 (bz #4593). (This used to be commit 8585a3c77d5dfe97bca3f08716fc06ac2819f578) --- source4/setup/provision | 6 ++++-- source4/setup/provision.zone | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index e354f4d0bb..f940b30744 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -55,7 +55,9 @@ parser.add_option("--policy-guid", type="string", metavar="GUID", parser.add_option("--host-name", type="string", metavar="HOSTNAME", help="set hostname") parser.add_option("--host-ip", type="string", metavar="IPADDRESS", - help="set ipaddress") + help="set IPv4 ipaddress") +parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS", + help="set IPv6 ipaddress") parser.add_option("--host-guid", type="string", metavar="GUID", help="set hostguid (otherwise random)") parser.add_option("--invocationid", type="string", metavar="GUID", @@ -141,7 +143,7 @@ provision(setup_dir, message, samdb_fill=samdb_fill, realm=opts.realm, domain=opts.domain, domainguid=opts.domain_guid, domainsid=opts.domain_sid, policyguid=opts.policy_guid, hostname=opts.host_name, - hostip=opts.host_ip, hostguid=opts.host_guid, + hostip=opts.host_ip, hostip6=opts.host_ip6, hostguid=opts.host_guid, invocationid=opts.invocationid, adminpass=opts.adminpass, krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index 371dfd9e72..28c1c29762 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -9,8 +9,10 @@ $TTL 1W 6W ; expiry 1W ) ; minimum IN NS ${HOSTNAME} +${HOSTIP6_BASE_LINE} IN A ${HOSTIP} ; +${HOSTIP6_HOST_LINE} ${HOSTNAME} IN A ${HOSTIP} ${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} ; -- cgit From 67bf4bab3ddaf8d1dfaee92007700d8f05a1c191 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Apr 2008 12:31:24 +1100 Subject: Fix conflicts in setup/provision script. (This used to be commit 696b58f5dd8370b7ee0670c7a3e5db10234b41ff) --- source4/setup/provision | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index afda9eeade..259bd814a4 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -57,17 +57,9 @@ parser.add_option("--invocationid", type="string", metavar="GUID", parser.add_option("--host-name", type="string", metavar="HOSTNAME", help="set hostname") parser.add_option("--host-ip", type="string", metavar="IPADDRESS", -<<<<<<< HEAD:source/setup/provision - help="set ipaddress") -======= help="set IPv4 ipaddress") parser.add_option("--host-ip6", type="string", metavar="IP6ADDRESS", help="set IPv6 ipaddress") -parser.add_option("--host-guid", type="string", metavar="GUID", - help="set hostguid (otherwise random)") -parser.add_option("--invocationid", type="string", metavar="GUID", - help="set invocationid (otherwise random)") ->>>>>>> 8585a3c77d5dfe97bca3f08716fc06ac2819f578:source/setup/provision parser.add_option("--adminpass", type="string", metavar="PASSWORD", help="choose admin password (otherwise random)") parser.add_option("--krbtgtpass", type="string", metavar="PASSWORD", -- cgit From c764791100079ed447c07ca6b99d33f9695255c3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 4 Apr 2008 12:25:19 +1100 Subject: Clean up provision and rootdse module to hard-code less stuff. In particular, allow for the server DN to be in a different site (possible outcome of a DRS replication). Andrew Bartlett (This used to be commit 9ee4e39fe178317f42fd9a0adceea24b55dfe0f1) --- source4/setup/provision_rootdse_add.ldif | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_rootdse_add.ldif b/source4/setup/provision_rootdse_add.ldif index 9f19796ec6..14e0d71df6 100644 --- a/source4/setup/provision_rootdse_add.ldif +++ b/source4/setup/provision_rootdse_add.ldif @@ -1,7 +1,7 @@ # the rootDSE module looks in this record for its base data dn: @ROOTDSE subschemaSubentry: CN=Aggregate,${SCHEMADN} -dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +dsServiceName: CN=NTDS Settings,${SERVERDN} defaultNamingContext: ${DOMAINDN} rootDomainNamingContext: ${ROOTDN} configurationNamingContext: ${CONFIGDN} @@ -9,10 +9,9 @@ schemaNamingContext: ${SCHEMADN} supportedLDAPVersion: 3 dnsHostName: ${DNSNAME} ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM} -serverName: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +serverName: ${SERVERDN} domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 isSynchronized: FALSE vendorName: Samba Team (http://samba.org) -vendorVersion: ${VERSION} -- cgit From b2805c50eecddfa4cbd0945e713567eddce05895 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 8 Apr 2008 17:28:25 +1000 Subject: Re-add support for the --ldap-backend-port option to provision-backend This option allows Fedora DS multi-master replication to work. I've tried to update the wiki and scripts to the largely consistant with each other. Andrew Bartlett (This used to be commit 42393c830733b2cc99ebccdafe944fcf3d82734f) --- source4/setup/provision-backend | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index ada6dcef8d..4f222c467a 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -54,6 +54,8 @@ parser.add_option("--quiet", help="Be quiet", action="store_true") parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE", help="LDB mapping module to use for the LDAP backend", choices=["fedora-ds", "openldap"]) +parser.add_option("--ldap-backend-port", type="int", metavar="PORT", + help="TCP Port LDAP server should listen to (default ldapi only)") parser.add_option("--server-role", type="choice", metavar="ROLE", choices=["domain controller", "dc", "member server", "member", "standalone"], help="Set server role to provision for (default standalone)") @@ -89,10 +91,9 @@ if setup_dir is None: setup_dir = "setup" provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir, - realm=opts.realm, domain=opts.domain, - hostname=opts.host_name, - adminpass=opts.ldap_manager_pass, - root=opts.root, serverrole=server_role, - ldap_backend_type=opts.ldap_backend_type) - -message("All OK") + realm=opts.realm, domain=opts.domain, + hostname=opts.host_name, + adminpass=opts.ldap_manager_pass, + root=opts.root, serverrole=server_role, + ldap_backend_type=opts.ldap_backend_type, + ldap_backend_port=opts.ldap_backend_port) -- cgit From e8a3621a8fdf4b76dc64edcd391b71eb4e63adfd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 9 Apr 2008 14:51:22 +1000 Subject: Be consistant in using ${SEVERDN}. This ensures we don't fall out of sync with the provision scripts. Andrew Bartlett (This used to be commit 566c60b4649e2b94bf467993acd4bf72c7368e5a) --- source4/setup/provision.ldif | 4 ++-- source4/setup/provision_basedn_modify.ldif | 2 +- source4/setup/provision_configuration.ldif | 2 +- source4/setup/provision_schema_basedn_modify.ldif | 2 +- source4/setup/provision_self_join.ldif | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index 37b6bdaa60..2f734e83b2 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -30,7 +30,7 @@ objectclass: rIDManager cn: RID Manager$ systemFlags: 2348810240 isCriticalSystemObject: TRUE -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +fSMORoleOwner: CN=NTDS Settings,${SERVERDN} rIDAvailablePool: 4611686014132423217 dn: CN=DomainUpdates,CN=System,${DOMAINDN} @@ -50,7 +50,7 @@ objectclass: infrastructureUpdate cn: Infrastructure systemFlags: 2348810240 isCriticalSystemObject: TRUE -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +fSMORoleOwner: CN=NTDS Settings,${SERVERDN} dn: CN=Builtin,${DOMAINDN} objectClass: top diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index dadfda720e..f5e1bb5add 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -65,7 +65,7 @@ replace: objectCategory objectCategory: CN=Domain-DNS,${SCHEMADN} - replace: fSMORoleOwner -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +fSMORoleOwner: CN=NTDS Settings,${SERVERDN} - replace: isCriticalSystemObject isCriticalSystemObject: TRUE diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif index 0fe90b0739..2a7357d7ad 100644 --- a/source4/setup/provision_configuration.ldif +++ b/source4/setup/provision_configuration.ldif @@ -7,7 +7,7 @@ objectClass: crossRefContainer cn: Partitions systemFlags: 2147483648 msDS-Behavior-Version: 0 -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +fSMORoleOwner: CN=NTDS Settings,${SERVERDN} dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN} objectClass: top diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 4e690376d7..4e8267a303 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -4,7 +4,7 @@ dn: ${SCHEMADN} changetype: modify replace: fSMORoleOwner -fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +fSMORoleOwner: CN=NTDS Settings,${SERVERDN} - replace: objectVersion objectVersion: 30 diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index a0cfa7eb23..c91e2f4c19 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -36,7 +36,7 @@ isCriticalSystemObject: TRUE sambaPassword:: ${DNSPASS_B64} showInAdvancedViewOnly: TRUE -dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +dn: ${SERVERDN} objectClass: top objectClass: server cn: ${NETBIOSNAME} @@ -44,7 +44,7 @@ systemFlags: 1375731712 dNSHostName: ${DNSNAME} serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${DOMAINDN} -dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN} +dn: CN=NTDS Settings,${SERVERDN} objectClass: top objectClass: applicationSettings objectClass: nTDSDSA -- cgit From 6b013c90fda01974ac0c27ac035ce78958276aad Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Apr 2008 19:38:36 +1000 Subject: Actually test the different 'fill levels' in the provision process. This should cover a few more codepaths in the provision script. Andrew Bartlett (This used to be commit 75c8dc6c6f3134bb78356630f24617aaeb869344) --- source4/setup/tests/blackbox_provision.sh | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh index 75d4fcfcb4..4db226778c 100755 --- a/source4/setup/tests/blackbox_provision.sh +++ b/source4/setup/tests/blackbox_provision.sh @@ -31,6 +31,8 @@ testit "simple-default" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO -- testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc testit "simple-member" $PYTHON ./setup/provision $CONFIGURATION --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member testit "simple-standalone" $PYTHON ./setup/provision $CONFIGURATION --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone +testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --blank +testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --partitions-only reprovision() { $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" -- cgit From 5a37b3fc5d42beffaf4bdca70b1f0c5f80f92280 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 Apr 2008 11:51:02 +0200 Subject: Fix newuser and setpassword scripts, and port to idmap. The new idmap world does not use the unixUser any more, so we need to set up the entry (if wanted) in the idmap database. Users without a backing unix user will get an allocated uid by idmap later. Andrew Bartlett (This used to be commit 8bd8bc1475ddf22d4702dcd17028a9043a5e629f) --- source4/setup/newuser | 10 ++-------- source4/setup/setpassword | 8 ++++---- source4/setup/tests/blackbox_provision.sh | 7 +++++-- 3 files changed, 11 insertions(+), 14 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index f622058a5d..04a5440ee1 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -45,15 +45,9 @@ else: if opts.unixname is None: opts.unixname = username -try: - pwd.getpwnam(opts.unixname) -except KeyError: - print "ERROR: Unix user '%s' does not exist" % opts.unixname - sys.exit(1) - -creds = credopts.get_credentials() - lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) + samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=creds, lp=lp) samdb.newuser(username, opts.unixname, password) diff --git a/source4/setup/setpassword b/source4/setup/setpassword index 31b2f73a25..977a6a5ee8 100644 --- a/source4/setup/setpassword +++ b/source4/setup/setpassword @@ -36,7 +36,7 @@ if len(args) == 0: parser.print_usage() sys.exit(1) -password = opts.password; +password = opts.newpassword; if password is None: password = getpass("New Password: ") @@ -47,12 +47,12 @@ if filter is None: if username is None: print "Either username or --filter must be specified" - filter = "(&(objectclass=user)(samAccountName=" + username + "))" + filter = "(&(objectclass=user)(samAccountName=%s))" % (username) -creds = credopts.get_credentials() - lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) + samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=creds, lp=lp) samdb.setpassword(filter, password) diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh index 4db226778c..19f37cef2d 100755 --- a/source4/setup/tests/blackbox_provision.sh +++ b/source4/setup/tests/blackbox_provision.sh @@ -31,8 +31,11 @@ testit "simple-default" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO -- testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc testit "simple-member" $PYTHON ./setup/provision $CONFIGURATION --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member testit "simple-standalone" $PYTHON ./setup/provision $CONFIGURATION --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone -testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --blank -testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --partitions-only +testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank +testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/partitions-only-dc --partitions-only + +testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass +testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass reprovision() { $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" -- cgit From 9cd04363f56ba5ee4f8b1ffaf662fe81cc995e99 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 14 Apr 2008 19:09:57 +0200 Subject: make the SMB2 negotiated read and write size settable in smb.conf parametic options: smb2:max read size = NNN smb2:max write size = NNN The defaults are 65536, which is what Vista sets, and what we previously set (This used to be commit 9e60164cae42b5dd95720e48301a2ac57e95482a) --- source4/setup/provision | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 259bd814a4..b748dab339 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -35,6 +35,8 @@ from samba.provision import (provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS) +# how do we make this case insensitive?? + parser = optparse.OptionParser("provision [options]") sambaopts = options.SambaOptions(parser) parser.add_option_group(sambaopts) -- cgit From 6a40411fcc7af4c93443b6c55360e22d18bcb236 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 18 Apr 2008 15:41:54 +0200 Subject: change the default idmap range to 3M -> 4M This gives us a lot more headroom, and means that we have a lower chance of running into real local users (This used to be commit b2dac6645c3bce45ab2178b9f5b4e017486b5b8e) --- source4/setup/idmap_init.ldif | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/idmap_init.ldif b/source4/setup/idmap_init.ldif index a397cfd0d2..43e5b65562 100644 --- a/source4/setup/idmap_init.ldif +++ b/source4/setup/idmap_init.ldif @@ -1,5 +1,4 @@ dn: CN=CONFIG cn: CONFIG -lowerBound: 10000 -upperBound: 20000 - +lowerBound: 3000000 +upperBound: 4000000 -- cgit From 0d1fe706e347ddb03f58da5f67853090f6d2ae72 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Apr 2008 09:25:14 +0100 Subject: Remove vampire.py as the 'net' binary is the right interface. As some future point we might get these scripting interfaces into better shape, and provide a python interface to this functionality again. Andrew Bartlett (This used to be commit 717dcb2c54b1e22b7c8efb322deec55abb7689c2) --- source4/setup/vampire.py | 53 ------------------------------------------------ 1 file changed, 53 deletions(-) delete mode 100755 source4/setup/vampire.py (limited to 'source4/setup') diff --git a/source4/setup/vampire.py b/source4/setup/vampire.py deleted file mode 100755 index 728c53146a..0000000000 --- a/source4/setup/vampire.py +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/python - -# Unix SMB/CIFS implementation. -# Vampire a remote domain -# Copyright (C) Jelmer Vernooij 2007 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -from net import libnet -import optparse -import samba.getopt as options -import param -from auth import system_session -import sys - -parser = optparse.OptionParser("vampire [options] ") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) - -opts, args = parser.parse_args() - -if len(args) < 1: - parser.print_usage() - sys.exit(1) - -def vampire(domain, session_info, credentials, lp): - ctx = libnet(lp_ctx=lp) - ctx.cred = credentials - machine_creds = Credentials(); - machine_creds.set_domain(domain); - if not machine_creds.set_machine_account(): - raise Exception("Failed to access domain join information!") - ctx.samsync_ldb(vampire_ctx, machine_creds=machine_creds, - session_info=session_info) - -lp = sambaopts.get_loadparm() -vampire(args[0], session_info=system_session(), - credentials=credopts.get_credentials(), lp=lp) -- cgit From babdcc6135e6d3a91a9ddeae0555652026f09344 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 11 May 2008 05:29:20 +0200 Subject: Use system python rather than smbpython. (This used to be commit d3df51cd01e53383dcc05923d248db03bc6f62e9) --- source4/setup/provision | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index b748dab339..ad289aaaa3 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -26,6 +26,8 @@ import getopt import optparse import os, sys +sys.path.append("bin/python") + import samba import param -- cgit From 47d22189227c0dd6f2f370ade2cfb878eef0f240 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 11 May 2008 05:45:49 +0200 Subject: Set sys.path for running inside source tree. (This used to be commit b507109bb676715f7d9616e13b0e19305e9c2559) --- source4/setup/newuser | 6 +++++- source4/setup/provision | 3 ++- source4/setup/upgrade.py | 4 ++++ 3 files changed, 11 insertions(+), 2 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 04a5440ee1..26bac76f02 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -6,10 +6,14 @@ # Released under the GNU GPL version 3 or later # +import sys + +# Find right directory when running from source tree +sys.path.insert(0, "bin/python") + import samba.getopt as options import optparse import pwd -import sys from getpass import getpass from auth import system_session from samba.samdb import SamDB diff --git a/source4/setup/provision b/source4/setup/provision index ad289aaaa3..2579bc4f19 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -26,7 +26,8 @@ import getopt import optparse import os, sys -sys.path.append("bin/python") +# Find right directory when running from source tree +sys.path.insert(0, "bin/python") import samba import param diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 3bcc57ab64..b1d9ffa37c 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -7,6 +7,10 @@ import getopt import optparse import os, sys + +# Find right directory when running from source tree +sys.path.insert(0, "bin/python") + import param import samba import samba.getopt as options -- cgit From 0be941a3839c26b5fe7d6a0bc5315958bab45410 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 11 May 2008 14:32:06 +0200 Subject: Remove python extension from upgrade script. (This used to be commit 5268649b7ef60a2caae9cdf66dfeaf6d2037aba3) --- source4/setup/upgrade | 65 ++++++++++++++++++++++++++++++++++++++++++++++++ source4/setup/upgrade.py | 65 ------------------------------------------------ 2 files changed, 65 insertions(+), 65 deletions(-) create mode 100755 source4/setup/upgrade delete mode 100755 source4/setup/upgrade.py (limited to 'source4/setup') diff --git a/source4/setup/upgrade b/source4/setup/upgrade new file mode 100755 index 0000000000..3bcc57ab64 --- /dev/null +++ b/source4/setup/upgrade @@ -0,0 +1,65 @@ +#!/usr/bin/python +# +# Upgrade from Samba3 +# Copyright Jelmer Vernooij 2005-2007 +# Released under the GNU GPL v3 or later +# +import getopt +import optparse +import os, sys +import param +import samba +import samba.getopt as options +from auth import system_session + +parser = optparse.OptionParser("upgrade [options] ") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--setupdir", type="string", metavar="DIR", + help="directory with setup files") +parser.add_option("--realm", type="string", metavar="REALM", help="set realm") +parser.add_option("--quiet", help="Be quiet") +parser.add_option("--blank", + help="do not add users or groups, just the structure") +parser.add_option("--targetdir", type="string", metavar="DIR", + help="Set target directory") + +opts, args = parser.parse_args() + +def message(text): + """Print a message if quiet is not set.""" + if opts.quiet: + print text + +if len(args) < 1: + parser.print_usage() + sys.exit(1) +from samba.samba3 import Samba3 +message("Reading Samba3 databases and smb.conf\n") +libdir = args[0] +if not os.path.isdir(libdir): + print "error: %s is not a directory" + sys.exit(1) +if len(args) > 1: + smbconf = args[1] +else: + smbconf = os.path.join(libdir, "smb.conf") +samba3 = Samba3(libdir, smbconf) + +from samba.upgrade import upgrade_provision + +message("Provisioning\n") + +setup_dir = opts.setupdir +if setup_dir is None: + setup_dir = "setup" + +lp = sambaopts.get_loadparm() +smbconf = lp.configfile() +creds = credopts.get_credentials(lp) + +upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), + smbconf=smbconf, targetdir=opts.targetdir) diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py deleted file mode 100755 index 3bcc57ab64..0000000000 --- a/source4/setup/upgrade.py +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/python -# -# Upgrade from Samba3 -# Copyright Jelmer Vernooij 2005-2007 -# Released under the GNU GPL v3 or later -# -import getopt -import optparse -import os, sys -import param -import samba -import samba.getopt as options -from auth import system_session - -parser = optparse.OptionParser("upgrade [options] ") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("--setupdir", type="string", metavar="DIR", - help="directory with setup files") -parser.add_option("--realm", type="string", metavar="REALM", help="set realm") -parser.add_option("--quiet", help="Be quiet") -parser.add_option("--blank", - help="do not add users or groups, just the structure") -parser.add_option("--targetdir", type="string", metavar="DIR", - help="Set target directory") - -opts, args = parser.parse_args() - -def message(text): - """Print a message if quiet is not set.""" - if opts.quiet: - print text - -if len(args) < 1: - parser.print_usage() - sys.exit(1) -from samba.samba3 import Samba3 -message("Reading Samba3 databases and smb.conf\n") -libdir = args[0] -if not os.path.isdir(libdir): - print "error: %s is not a directory" - sys.exit(1) -if len(args) > 1: - smbconf = args[1] -else: - smbconf = os.path.join(libdir, "smb.conf") -samba3 = Samba3(libdir, smbconf) - -from samba.upgrade import upgrade_provision - -message("Provisioning\n") - -setup_dir = opts.setupdir -if setup_dir is None: - setup_dir = "setup" - -lp = sambaopts.get_loadparm() -smbconf = lp.configfile() -creds = credopts.get_credentials(lp) - -upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), - smbconf=smbconf, targetdir=opts.targetdir) -- cgit From ff7c537e278194453311ce9a310a8e24cb410d32 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 12 May 2008 09:46:50 +1000 Subject: Remove JavaScript provision-backend script The library it relied on has already been removed. Andrew Bartlett (This used to be commit 97427731a520283fdd3c8e582ac1f8be7699013e) --- source4/setup/provision-backend.js | 188 ------------------------------------- 1 file changed, 188 deletions(-) delete mode 100644 source4/setup/provision-backend.js (limited to 'source4/setup') diff --git a/source4/setup/provision-backend.js b/source4/setup/provision-backend.js deleted file mode 100644 index 9482d8c435..0000000000 --- a/source4/setup/provision-backend.js +++ /dev/null @@ -1,188 +0,0 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - provision a Samba4 server - Copyright Andrew Tridgell 2005 - Released under the GNU GPL version 3 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'realm=s', - 'host-name=s', - 'ldap-manager-pass=s', - 'root=s', - 'quiet', - 'ldap-backend-type=s', - 'ldap-backend-port=i'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -sys = sys_init(); - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 provisioning - -provision [options] - --realm REALM set realm - --host-name HOSTNAME set hostname - --ldap-manager-pass PASSWORD choose LDAP Manager password (otherwise random) - --root USERNAME choose 'root' unix username - --quiet Be quiet - --ldap-backend-type LDAPSERVER Select either \"openldap\" or \"fedora-ds\" as a target to configure - --ldap-backend-port PORT Select the TCP port (if any) that the LDAP backend should listen on (Fedora DS only) -You must provide at least a realm and ldap-backend-type - -"); - exit(1); -} - -if (options['host-name'] == undefined) { - options['host-name'] = hostname(); -} - -/* - main program -*/ -if (options["realm"] == undefined || - options["ldap-backend-type"] == undefined || - options["host-name"] == undefined) { - ShowHelp(); -} - -/* cope with an initially blank smb.conf */ -var lp = loadparm_init(); -lp.set("realm", options.realm); -lp.reload(); - -var subobj = provision_guess(); -for (r in options) { - var key = strupper(join("", split("-", r))); - subobj[key] = options[r]; -} - - - -var paths = provision_default_paths(subobj); -provision_fix_subobj(subobj, paths); -message("Provisioning LDAP backend for %s in realm %s into %s\n", subobj.HOSTNAME, subobj.REALM, subobj.LDAPDIR); -message("Using %s password: %s\n", subobj.LDAPMANAGERDN, subobj.LDAPMANAGERPASS); -var tmp_schema_ldb = subobj.LDAPDIR + "/schema-tmp.ldb"; -sys.mkdir(subobj.LDAPDIR, 0700); - -provision_schema(subobj, message, tmp_schema_ldb, paths); - -var mapping; -var backend_schema; -var slapd_command; -if (options["ldap-backend-type"] == "fedora-ds") { - mapping = "schema-map-fedora-ds-1.0"; - backend_schema = "99_ad.ldif"; - if (options["ldap-backend-port"] != undefined) { - message("Will listen on TCP port " + options["ldap-backend-port"] + "\n"); - subobj.SERVERPORT="ServerPort = " + options["ldap-backend-port"]; - } else { - message("Will listen on LDAPI only\n"); - subobj.SERVERPORT=""; - } - setup_file("fedorads.inf", message, subobj.LDAPDIR + "/fedorads.inf", subobj); - setup_file("fedorads-partitions.ldif", message, subobj.LDAPDIR + "/fedorads-partitions.ldif", subobj); - - slapd_command = "(see documentation)"; -} else if (options["ldap-backend-type"] == "openldap") { - mapping = "schema-map-openldap-2.3"; - backend_schema = "backend-schema.schema"; - setup_file("slapd.conf", message, subobj.LDAPDIR + "/slapd.conf", subobj); - setup_file("modules.conf", message, subobj.LDAPDIR + "/modules.conf", subobj); - sys.mkdir(subobj.LDAPDIR + "/db", 0700); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/user"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/config"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - subobj.LDAPDBDIR = subobj.LDAPDIR + "/db/schema"; - sys.mkdir(subobj.LDAPDBDIR, 0700); - sys.mkdir(subobj.LDAPDBDIR + "/tmp", 0700); - sys.mkdir(subobj.LDAPDBDIR + "/bdb-logs", 0700); - setup_file("DB_CONFIG", message, subobj.LDAPDBDIR + "/DB_CONFIG", subobj); - if (options["ldap-backend-port"] != undefined) { - message("\nStart slapd with: \n"); - slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h \"ldap://0.0.0.0:" + options["ldap-backend-port"] + " " + subobj.LDAPI_URI "\""; - } else { - slapd_command = "slapd -f " + subobj.LDAPDIR + "/slapd.conf -h " + subobj.LDAPI_URI; - } - - var ldb = ldb_init(); - ldb.filename = tmp_schema_ldb; - - var connect_ok = ldb.connect(ldb.filename); - assert(connect_ok); - var attrs = new Array("linkID", "lDAPDisplayName"); - var res = ldb.search("(&(&(linkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema))", subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs); - assert(res.error == 0); - var memberof_config = ""; - var refint_attributes = ""; - for (i=0; i < res.msgs.length; i++) { - var target = searchone(ldb, subobj.SCHEMADN, "(&(objectclass=attributeSchema)(linkID=" + (res.msgs[i].linkID + 1) + "))", "lDAPDisplayName"); - if (target != undefined) { - refint_attributes = refint_attributes + " " + target + " " + res.msgs[i].lDAPDisplayName; - memberof_config = memberof_config + "overlay memberof -memberof-dangling error -memberof-refint TRUE -memberof-group-oc top -memberof-member-ad " + res.msgs[i].lDAPDisplayName + " -memberof-memberof-ad " + target + " -memberof-dangling-error 32 - -"; - } - } - - memberof_config = memberof_config + " -overlay refint -refint_attributes" + refint_attributes + " -"; - - ok = sys.file_save(subobj.LDAPDIR + "/memberof.conf", memberof_config); - if (!ok) { - message("failed to create file: " + f + "\n"); - assert(ok); - } - -} -var schema_command = "ad2oLschema --option=convert:target=" + options["ldap-backend-type"] + " -I " + lp.get("setup directory") + "/" + mapping + " -H tdb://" + tmp_schema_ldb + " -O " + subobj.LDAPDIR + "/" + backend_schema; - -message("\nCreate a suitable schema file with:\n%s\n", schema_command); -message("\nStart slapd with: \n%s\n", slapd_command); - -message("All OK\n"); -return 0; -- cgit From 18aa2d58ed684bd091084b87f7e93c4656ffaabe Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Sat, 17 May 2008 23:20:35 -0500 Subject: provision: Allow DNS GSS-TSIG updates to work. This change ensures the KVNO of the principal in secrets.ldb (which is also exported to the dns.keytab) matches the KVNO associated with the "dns" user. Without explicitly setting msDS-KeyVersionNumber, the KVNO exported into the dns.keytab was 0. KVNO needs to be > 0, as the client libs (at least MIT libs on Fedora) consider KVNO == 0 as a sign to ignore that particular key. (This used to be commit 572efc8e65457a982a8cbb04d3b10e3aae22d574) --- source4/setup/secrets_dc.ldif | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/setup') diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index 71c7fc2f5b..abc5860cf7 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -33,6 +33,7 @@ objectClass: secret objectClass: kerberosSecret realm: ${REALM} servicePrincipalName: DNS/${DNSDOMAIN} +msDS-KeyVersionNumber: 1 privateKeytab: ${DNS_KEYTAB} secret:: ${DNSPASS_B64} -- cgit From 25ea110c3814abcb824adb3619a44622ba8d2936 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Sat, 17 May 2008 23:24:48 -0500 Subject: provision: Create instructions for enabling DNS GSS-TSIG updates. Added code to the python provisioning to create the named.conf file that was previously generated by the EJS provisioning. Updated the named.conf template to provide the additional details necessary to get things working. (This used to be commit 0b7a6bfcba1b906dc4d461882b4c3fe3c91c44e0) --- source4/setup/named.conf | 135 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 108 insertions(+), 27 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 025788093e..9cf0b48a7c 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -3,35 +3,116 @@ # the BIND nameserver. # -# If you have a very recent BIND, supporting GSS-TSIG, -# insert this into options {} (otherwise omit, it is not required if we don't accept updates) -tkey-gssapi-credential "DNS/${DNSDOMAIN}"; -tkey-domain "${REALM}"; - -# You should always include the actual zone configuration reference: +# You should always include the actual forward zone configuration: zone "${DNSDOMAIN}." IN { - type master; - file "${DNSDOMAIN}.zone"; + type master; + file "${DNSDOMAIN}.zone"; update-policy { - /* use ANY only for Domain controllers for now */ - /* for normal machines A AAAA PTR is probbaly all is needed */ - grant ${HOSTNAME}.${DNSDOMAIN}@${REALM} name ${HOSTNAME}.${DNSDOMAIN} ANY; + /* + * A rather long description here, as the "ms-self" option does + * not appear in any docs yet (it can only be found in the + * source code). + * + * The short of it is that each host is allowed to update its + * own A and AAAA records, when the update request is properly + * signed by the host itself. + * + * The long description is (look at the + * dst_gssapi_identitymatchesrealmms() call in lib/dns/ssu.c and + * its definition in lib/dns/gssapictx.c for details): + * + * A GSS-TSIG update request will be signed by a given signer + * (e.g. machine-name$@${REALM}). The signer name is split into + * the machine component (e.g. "machine-name") and the realm + * component (e.g. "${REALM}"). The update is allowed if the + * following conditions are met: + * + * 1) The machine component of the signer name matches the first + * (host) component of the FQDN that is being updated. + * + * 2) The realm component of the signer name matches the realm + * in the grant statement below (${REALM}). + * + * 3) The domain component of the FQDN that is being updated + * matches the realm in the grant statement below. + * + * If the 3 conditions above are satisfied, the update succeeds. + */ + grant ${REALM} ms-self * A AAAA; }; }; -# Also, you need to change your init scripts to set this environment variable -# for named: KRB5_KTNAME so that it points to the keytab generated. -# In RedHat derived systems such RHEL/CentOS/Fedora you can add the following -# line to the /etc/sysconfig/named file: -# export KRB5_KTNAME=${DNS_KEYTAB_ABS} -# -# Please note that most distributions have BIND configured to run under -# a non-root user account. For example, Fedora Core 6 (FC6) runs BIND as -# the user "named" once the daemon relinquishes its rights. Therefore, -# the file "${DNS_KEYTAB}" must be readable by the user that BIND run as. -# If BIND is running as a non-root user, the "${DNS_KEYTAB}" file must have its -# permissions altered to allow the daemon to read it. In the FC6 -# example, execute the commands: -# -# chgrp named ${DNS_KEYTAB_ABS} -# chmod g+r ${DNS_KEYTAB_ABS} +# The reverse zone configuration is optional. The following example assumes a +# subnet of 192.168.123.0/24: +zone "123.168.192.in-addr.arpa" in { + type master; + file "123.168.192.in-addr.arpa.zone"; + update-policy { + grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR; + }; +}; +# Note that the reverse zone file is not created during the provision process. + +# The most recent BIND version (9.5.0a5 or later) supports secure GSS-TSIG +# updates. If you are running an earlier version of BIND, or if you do not wish +# to use secure GSS-TSIG updates, you may remove the update-policy sections in +# both examples above. + +# If you are running a capable version of BIND and you wish to support secure +# GSS-TSIG updates, you must make the following configuration changes: + +# - Insert the following lines into the options {} section of your named.conf +# file: +tkey-gssapi-credential "DNS/${DNSDOMAIN}"; +tkey-domain "${REALM}"; + +# - Add settings for the ${REALM} realm to the Kerberos configuration on the DNS +# server. The easiest way is to add the following blocks to the appropriate +# sections in /etc/krb5.conf: +[realms] + ${REALM} = { + kdc = ${HOSTNAME}.${DNSDOMAIN}:88 + admin_server = ${HOSTNAME}.${DNSDOMAIN}:749 + default_domain = ${DNSDOMAIN} + } + +[domain_realm] + .${DNSDOMAIN} = ${REALM} + ${DNSDOMAIN} = ${REALM} + +# - Modify BIND init scripts to pass the location of the generated keytab file. +# Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named +# for this purpose: +KEYTAB_FILE="${DNS_KEYTAB_ABS}" +# Note that the Fedora scripts translate KEYTAB_FILE behind the scenes into a +# variable named KRB5_KTNAME, which is ultimately passed to the BIND daemon. If +# your distribution does not provide a variable like KEYTAB_FILE to pass a +# keytab file to the BIND daemon, a workaround is to place the following line in +# BIND's sysconfig file or in the init script for BIND: +export KRB5_KTNAME="${DNS_KEYTAB_ABS}" + +# - Set appropriate ownership and permissions on the ${DNS_KEYTAB} file. Note +# that most distributions have BIND configured to run under a non-root user +# account. For example, Fedora 9 runs BIND as the user "named" once the daemon +# relinquishes its rights. Therefore, the file ${DNS_KEYTAB} must be readable +# by the user that BIND run as. If BIND is running as a non-root user, the +# "${DNS_KEYTAB}" file must have its permissions altered to allow the daemon to +# read it. Under Fedora 9, execute the following commands: +chgrp named ${DNS_KEYTAB_ABS} +chmod g+r ${DNS_KEYTAB_ABS} + +# - Ensure the BIND zone file(s) that will be dynamically updated are in a +# directory where the BIND daemon can write. When BIND performs dynamic +# updates, it not only needs to update the zone file itself but it must also +# create a journal (.jnl) file to track the dynamic updates as they occur. +# Under Fedora 9, the /var/named directory can not be written to by the "named" +# user. However, the directory /var/named/dynamic directory does provide write +# access. Therefore the zone files were placed under the /var/named/dynamic +# directory. The file directives in both example zone statements at the +# beginning of this file were changed by prepending the directory "dynamic/". + +# - If SELinux is enabled, ensure that all files have the appropriate SELinux +# file contexts. The ${DNS_KEYTAB} file must be accessible by the BIND daemon +# and should have a SELinux type of named_conf_t. This can be set with the +# following command: +chcon -t named_conf_t ${DNS_KEYTAB_ABS} -- cgit From 19296758132dbc823911c4658df8fce183de2a86 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 21 May 2008 15:39:00 +0200 Subject: Fix reference to removed smbpython. (This used to be commit 58f956dc4591137489cba16f360f2d24d91dadc1) --- source4/setup/enableaccount | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) mode change 100644 => 100755 source4/setup/enableaccount (limited to 'source4/setup') diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount old mode 100644 new mode 100755 index 849b515675..ad81042998 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -5,11 +5,13 @@ # Copyright Jelmer Vernooij 2008 # Released under the GNU GPL version 3 or later # +import os, sys + +sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python")) import samba.getopt as options import optparse import pwd -import sys import ldb from auth import system_session -- cgit From 49706ab19bd3ffd6125639e6a7753b2350cf54e1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 21 May 2008 23:59:34 +0200 Subject: Move more modules inside of the samba package. (This used to be commit 9b39e99f48266a54ed0b8890c2efde218b4b118a) --- source4/setup/provision | 4 ++-- source4/setup/upgrade | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision b/source4/setup/provision index 2579bc4f19..c1d6cd157a 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -30,10 +30,10 @@ import os, sys sys.path.insert(0, "bin/python") import samba -import param -from auth import system_session +from samba.auth import system_session import samba.getopt as options +from samba import param from samba.provision import (provision, FILL_FULL, FILL_NT4SYNC, FILL_DRS) diff --git a/source4/setup/upgrade b/source4/setup/upgrade index b1d9ffa37c..03c6747d4e 100755 --- a/source4/setup/upgrade +++ b/source4/setup/upgrade @@ -11,10 +11,10 @@ import os, sys # Find right directory when running from source tree sys.path.insert(0, "bin/python") -import param import samba import samba.getopt as options -from auth import system_session +from samba import param +from samba.auth import system_session parser = optparse.OptionParser("upgrade [options] ") sambaopts = options.SambaOptions(parser) -- cgit From 7e3367704799a2279f125104c762886a1c257535 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 22 May 2008 01:47:22 +0200 Subject: use one blackbox script per executable. (This used to be commit cd8c8226784c96d7f1dbae006a4853eb50c7b2e2) --- source4/setup/tests/blackbox_newuser.sh | 21 +++++++++++++++++++++ source4/setup/tests/blackbox_provision.sh | 19 +------------------ source4/setup/tests/blackbox_setpassword.sh | 22 ++++++++++++++++++++++ 3 files changed, 44 insertions(+), 18 deletions(-) create mode 100755 source4/setup/tests/blackbox_newuser.sh create mode 100755 source4/setup/tests/blackbox_setpassword.sh (limited to 'source4/setup') diff --git a/source4/setup/tests/blackbox_newuser.sh b/source4/setup/tests/blackbox_newuser.sh new file mode 100755 index 0000000000..fed5f7d263 --- /dev/null +++ b/source4/setup/tests/blackbox_newuser.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +if [ $# -lt 2 ]; then +cat < Date: Thu, 22 May 2008 01:47:36 +0200 Subject: Fix python imports. (This used to be commit 453206665677821b254c18cc67192e007b892f04) --- source4/setup/enableaccount | 2 +- source4/setup/newuser | 2 +- source4/setup/setpassword | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount index ad81042998..c2321606a6 100755 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -14,7 +14,7 @@ import optparse import pwd import ldb -from auth import system_session +from samba.auth import system_session from samba.samdb import SamDB parser = optparse.OptionParser("setpassword [username] [options]") diff --git a/source4/setup/newuser b/source4/setup/newuser index 26bac76f02..991afa36d8 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -15,7 +15,7 @@ import samba.getopt as options import optparse import pwd from getpass import getpass -from auth import system_session +from samba.auth import system_session from samba.samdb import SamDB parser = optparse.OptionParser("newuser [options] []") diff --git a/source4/setup/setpassword b/source4/setup/setpassword index 977a6a5ee8..65770e1f4d 100644 --- a/source4/setup/setpassword +++ b/source4/setup/setpassword @@ -6,12 +6,17 @@ # Released under the GNU GPL version 3 or later # +import os, sys + +# Find right directory when running from source tree +sys.path.insert(0, "bin/python") + import samba.getopt as options import optparse import pwd import sys from getpass import getpass -from auth import system_session +from samba.auth import system_session from samba.samdb import SamDB parser = optparse.OptionParser("setpassword [username] [options]") -- cgit From bf3f3af92677bce8f03b0dd2be552d6c8c730ca1 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Wed, 21 May 2008 18:12:36 -0500 Subject: provision: Generate krb5.conf template separate from named.conf template. (This used to be commit ebf130e9e57b640129cf0d05dbd7d210b71ea371) --- source4/setup/krb5.conf | 17 +++++++++++++++++ source4/setup/named.conf | 14 -------------- 2 files changed, 17 insertions(+), 14 deletions(-) create mode 100644 source4/setup/krb5.conf (limited to 'source4/setup') diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf new file mode 100644 index 0000000000..7dad63de73 --- /dev/null +++ b/source4/setup/krb5.conf @@ -0,0 +1,17 @@ +[libdefaults] + default_realm = ${REALM} + dns_lookup_realm = false + dns_lookup_kdc = false + ticket_lifetime = 24h + forwardable = yes + +[realms] + ${REALM} = { + kdc = ${HOSTNAME}.${DNSDOMAIN}:88 + admin_server = ${HOSTNAME}.${DNSDOMAIN}:749 + default_domain = ${DNSDOMAIN} + } + +[domain_realm] + .${DNSDOMAIN} = ${REALM} + ${DNSDOMAIN} = ${REALM} diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 9cf0b48a7c..4f98bbd914 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -66,20 +66,6 @@ zone "123.168.192.in-addr.arpa" in { tkey-gssapi-credential "DNS/${DNSDOMAIN}"; tkey-domain "${REALM}"; -# - Add settings for the ${REALM} realm to the Kerberos configuration on the DNS -# server. The easiest way is to add the following blocks to the appropriate -# sections in /etc/krb5.conf: -[realms] - ${REALM} = { - kdc = ${HOSTNAME}.${DNSDOMAIN}:88 - admin_server = ${HOSTNAME}.${DNSDOMAIN}:749 - default_domain = ${DNSDOMAIN} - } - -[domain_realm] - .${DNSDOMAIN} = ${REALM} - ${DNSDOMAIN} = ${REALM} - # - Modify BIND init scripts to pass the location of the generated keytab file. # Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named # for this purpose: -- cgit From 6576a022b87c128d20164b4543f3d59c48c459ea Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Wed, 21 May 2008 18:54:15 -0500 Subject: enableaccount: Use correct command name in usage output. (This used to be commit 4ca8f32a37196c81547679b2ee8d00cb77a01269) --- source4/setup/enableaccount | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount index c2321606a6..061997b804 100755 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -17,7 +17,7 @@ import ldb from samba.auth import system_session from samba.samdb import SamDB -parser = optparse.OptionParser("setpassword [username] [options]") +parser = optparse.OptionParser("enableaccount [username] [options]") sambaopts = options.SambaOptions(parser) parser.add_option_group(sambaopts) parser.add_option_group(options.VersionOptions(parser)) -- cgit From 8172f3eb220575d40f9ab5129d36e4e0003dee56 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Wed, 21 May 2008 21:14:06 -0500 Subject: GPO: Do not provision Default Domain Policy as initially enforced. (bz #5480) This only solves part of bz #5480. The settings for Enforced & Link Enabled now match the default settings of a Windows DC, but they are still "locked" and cannot be changed via the GUI. (This used to be commit 761e667e45475d3a7d5a41558b400ba4c94c4650) --- source4/setup/provision_basedn_modify.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index f5e1bb5add..63332e937b 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -75,6 +75,6 @@ subRefs: ${CONFIGDN} subRefs: ${SCHEMADN} - replace: gPLink -gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2] +gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0] - ${DOMAINGUID_MOD} -- cgit From 4b701a265fa99f5490382168d369e8a9d994ed35 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 23 May 2008 04:31:10 +0200 Subject: Fix imports for provision-backend. This needs a blackbox test... (This used to be commit 268c1de095411991ffb22ee835bfb88f8bce235a) --- source4/setup/provision-backend | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 4f222c467a..54dc5839bf 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -22,14 +22,17 @@ # along with this program. If not, see . # +import os, sys + +sys.path.insert(0, "bin/python") + import getopt import optparse -import os, sys import samba -import param +from samba import param -from auth import system_session +from samba.auth import system_session import samba.getopt as options from samba.provision import (provision_backend) -- cgit From b7c8e020a6f7221d6d10f2dd7610a232edeedf83 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 May 2008 18:38:17 +1000 Subject: Print prefixMap in a human-readable format. This should allow the prefixMap to be edited, until we find the right way to autogenerate it. Andrew Bartlett (This used to be commit 24ae9a55ec326807afd8d5bfa0a422a6668bd7c3) --- source4/setup/prefixMap.txt | 34 +++++++++++++++++++++++ source4/setup/provision_schema_basedn_modify.ldif | 18 ++---------- 2 files changed, 36 insertions(+), 16 deletions(-) create mode 100644 source4/setup/prefixMap.txt (limited to 'source4/setup') diff --git a/source4/setup/prefixMap.txt b/source4/setup/prefixMap.txt new file mode 100644 index 0000000000..34a913c990 --- /dev/null +++ b/source4/setup/prefixMap.txt @@ -0,0 +1,34 @@ +0: 2.5.4 +1: 2.5.6 +2: 1.2.840.113556.1.2 +3: 1.2.840.113556.1.3 +4: 2.16.840.1.101.2.2.1 +5: 2.16.840.1.101.2.2.3 +6: 2.16.840.1.101.2.1.5 +7: 2.16.840.1.101.2.1.4 +8: 2.5.5 +9: 1.2.840.113556.1.4 +10: 1.2.840.113556.1.5 +19: 0.9.2342.19200300.100 +20: 2.16.840.1.113730.3 +21: 0.9.2342.19200300.100.1 +22: 2.16.840.1.113730.3.1 +23: 1.2.840.113556.1.5.7000 +24: 2.5.21 +25: 2.5.18 +26: 2.5.20 +11: 1.2.840.113556.1.4.260 +12: 1.2.840.113556.1.5.56 +13: 1.2.840.113556.1.4.262 +14: 1.2.840.113556.1.5.57 +15: 1.2.840.113556.1.4.263 +16: 1.2.840.113556.1.5.58 +17: 1.2.840.113556.1.5.73 +18: 1.2.840.113556.1.4.305 +27: 1.3.6.1.4.1.1466.101.119 +28: 2.16.840.1.113730.3.2 +29: 1.3.6.1.4.1.250.1 +30: 1.2.840.113549.1.9 +31: 0.9.2342.19200300.100.4 +32: 1.3.6.1.4.1.7165.4.1 +33: 1.3.6.1.4.1.7165.4.2 diff --git a/source4/setup/provision_schema_basedn_modify.ldif b/source4/setup/provision_schema_basedn_modify.ldif index 4e8267a303..d6c458904e 100644 --- a/source4/setup/provision_schema_basedn_modify.ldif +++ b/source4/setup/provision_schema_basedn_modify.ldif @@ -10,19 +10,5 @@ replace: objectVersion objectVersion: 30 - replace: prefixMap -prefixMap:: QkRTRAAAAAAiAAAAAAACACIAAAAAAAAAAgAAAAQAAgABAAAAAgAAAAgAAgACAAAACA - AAAAwAAgADAAAACAAAABAAAgAEAAAACAAAABQAAgAFAAAACAAAABgAAgAGAAAACAAAABwAAgAHAAA - ACAAAACAAAgAIAAAAAgAAACQAAgAJAAAACAAAACgAAgAKAAAACAAAACwAAgATAAAACAAAADAAAgAU - AAAACAAAADQAAgAVAAAACQAAADgAAgAWAAAACQAAADwAAgAXAAAACgAAAEAAAgAYAAAAAgAAAEQAA - gAZAAAAAgAAAEgAAgAaAAAAAgAAAEwAAgALAAAACgAAAFAAAgAMAAAACQAAAFQAAgANAAAACgAAAF - gAAgAOAAAACQAAAFwAAgAPAAAACgAAAGAAAgAQAAAACQAAAGQAAgARAAAACQAAAGgAAgASAAAACgA - AAGwAAgAbAAAACQAAAHAAAgAcAAAACQAAAHQAAgAdAAAACAAAAHgAAgAeAAAACAAAAHwAAgAfAAAA - CQAAAIAAAgAgAAAACQAAAIQAAgAhAAAACQAAAIgAAgACAAAAVQQAAAIAAABVBgAACAAAACqGSIb3F - AECCAAAACqGSIb3FAEDCAAAAGCGSAFlAgIBCAAAAGCGSAFlAgIDCAAAAGCGSAFlAgEFCAAAAGCGSA - FlAgEEAgAAAFUFAAAIAAAAKoZIhvcUAQQIAAAAKoZIhvcUAQUIAAAACZImiZPyLGQIAAAAYIZIAYb - 4QgMJAAAACZImiZPyLGQBAAAACQAAAGCGSAGG+EIDAQAAAAoAAAAqhkiG9xQBBbZYAAACAAAAVRUA - AAIAAABVEgAAAgAAAFUUAAAKAAAAKoZIhvcUAQSCBAAACQAAACqGSIb3FAEFOAAAAAoAAAAqhkiG9 - xQBBIIGAAAJAAAAKoZIhvcUAQU5AAAACgAAACqGSIb3FAEEggcAAAkAAAAqhkiG9xQBBToAAAAJAA - AAKoZIhvcUAQVJAAAACgAAACqGSIb3FAEEgjEAAAkAAAArBgEEAYs6ZXcAAAAJAAAAYIZIAYb4QgM - CAAAACAAAACsGAQQBgXoBCAAAACqGSIb3DQEJCQAAAAmSJomT8ixkBAAAAAkAAAArBgEEAbd9BAEA - AAAJAAAAKwYBBAG3fQQC +prefixMap:: ${PREFIXMAP_B64} + -- cgit From 617ef56aa3378c384026b72871af5a7253b8df33 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 29 May 2008 20:16:18 +1000 Subject: Remove extra spaces on prefixMap input and output. Metze requested that the format not include spaces, and the input parser already expects this. Andrew Bartlett (This used to be commit 3b1f5d10360ed1b26980d748a7c9be6db5977bd3) --- source4/setup/prefixMap.txt | 68 ++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 34 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/prefixMap.txt b/source4/setup/prefixMap.txt index 34a913c990..8ba9b9531c 100644 --- a/source4/setup/prefixMap.txt +++ b/source4/setup/prefixMap.txt @@ -1,34 +1,34 @@ -0: 2.5.4 -1: 2.5.6 -2: 1.2.840.113556.1.2 -3: 1.2.840.113556.1.3 -4: 2.16.840.1.101.2.2.1 -5: 2.16.840.1.101.2.2.3 -6: 2.16.840.1.101.2.1.5 -7: 2.16.840.1.101.2.1.4 -8: 2.5.5 -9: 1.2.840.113556.1.4 -10: 1.2.840.113556.1.5 -19: 0.9.2342.19200300.100 -20: 2.16.840.1.113730.3 -21: 0.9.2342.19200300.100.1 -22: 2.16.840.1.113730.3.1 -23: 1.2.840.113556.1.5.7000 -24: 2.5.21 -25: 2.5.18 -26: 2.5.20 -11: 1.2.840.113556.1.4.260 -12: 1.2.840.113556.1.5.56 -13: 1.2.840.113556.1.4.262 -14: 1.2.840.113556.1.5.57 -15: 1.2.840.113556.1.4.263 -16: 1.2.840.113556.1.5.58 -17: 1.2.840.113556.1.5.73 -18: 1.2.840.113556.1.4.305 -27: 1.3.6.1.4.1.1466.101.119 -28: 2.16.840.1.113730.3.2 -29: 1.3.6.1.4.1.250.1 -30: 1.2.840.113549.1.9 -31: 0.9.2342.19200300.100.4 -32: 1.3.6.1.4.1.7165.4.1 -33: 1.3.6.1.4.1.7165.4.2 +0:2.5.4 +1:2.5.6 +2:1.2.840.113556.1.2 +3:1.2.840.113556.1.3 +4:2.16.840.1.101.2.2.1 +5:2.16.840.1.101.2.2.3 +6:2.16.840.1.101.2.1.5 +7:2.16.840.1.101.2.1.4 +8:2.5.5 +9:1.2.840.113556.1.4 +10:1.2.840.113556.1.5 +19:0.9.2342.19200300.100 +20:2.16.840.1.113730.3 +21:0.9.2342.19200300.100.1 +22:2.16.840.1.113730.3.1 +23:1.2.840.113556.1.5.7000 +24:2.5.21 +25:2.5.18 +26:2.5.20 +11:1.2.840.113556.1.4.260 +12:1.2.840.113556.1.5.56 +13:1.2.840.113556.1.4.262 +14:1.2.840.113556.1.5.57 +15:1.2.840.113556.1.4.263 +16:1.2.840.113556.1.5.58 +17:1.2.840.113556.1.5.73 +18:1.2.840.113556.1.4.305 +27:1.3.6.1.4.1.1466.101.119 +28:2.16.840.1.113730.3.2 +29:1.3.6.1.4.1.250.1 +30:1.2.840.113549.1.9 +31:0.9.2342.19200300.100.4 +32:1.3.6.1.4.1.7165.4.1 +33:1.3.6.1.4.1.7165.4.2 -- cgit From b34bc408e741919b893a325616de432e8a630e10 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 May 2008 14:36:24 +1000 Subject: Don't pass an smb.conf to provision tests. These tests will create their own smb.conf in their prefix anyway. Andrew Bartlett (This used to be commit c0322e8e27d67655b7498b27df0829aa5682a345) --- source4/setup/tests/blackbox_newuser.sh | 9 ++++----- source4/setup/tests/blackbox_provision.sh | 23 +++++++++++------------ source4/setup/tests/blackbox_setpassword.sh | 9 ++++----- 3 files changed, 19 insertions(+), 22 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/tests/blackbox_newuser.sh b/source4/setup/tests/blackbox_newuser.sh index fed5f7d263..3e534f2b52 100755 --- a/source4/setup/tests/blackbox_newuser.sh +++ b/source4/setup/tests/blackbox_newuser.sh @@ -1,20 +1,19 @@ #!/bin/sh -if [ $# -lt 2 ]; then +if [ $# -lt 1 ]; then cat < Date: Tue, 3 Jun 2008 09:36:46 +1000 Subject: setpassword should be executable (This used to be commit b8f2e6321dd06508f9cc48e8d76d20232cb7d60e) --- source4/setup/setpassword | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 source4/setup/setpassword (limited to 'source4/setup') diff --git a/source4/setup/setpassword b/source4/setup/setpassword old mode 100644 new mode 100755 -- cgit From 31a2a98d83685a866052ce1aa08072d785c506b7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 11 Jun 2008 00:10:43 +0200 Subject: Remove unused import, function. (This used to be commit f134a701e7c2d64a684d55691fd66e2aaeb15812) --- source4/setup/newuser | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index 991afa36d8..e6ab4eda2b 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -13,7 +13,6 @@ sys.path.insert(0, "bin/python") import samba.getopt as options import optparse -import pwd from getpass import getpass from samba.auth import system_session from samba.samdb import SamDB @@ -29,13 +28,6 @@ parser.add_option("--unixname", help="Unix Username", type=str) opts, args = parser.parse_args() -# -# print a message if quiet is not set -# -def message(text): - if not opts.quiet: - print text - if len(args) == 0: parser.print_usage() sys.exit(1) -- cgit From 9ea25cacf1c564a485897432b73beebf2e634f55 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 19 Jun 2008 11:05:20 +1000 Subject: Add a blackbox test for the provision-backend script. This test (as most tests do :-) found a few bugs, also fixed in this commit. Andrew Bartlett (This used to be commit d96a6482dad54d1d27a87107865e833a9c32cf53) --- source4/setup/tests/blackbox_provision-backend.sh | 25 +++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100755 source4/setup/tests/blackbox_provision-backend.sh (limited to 'source4/setup') diff --git a/source4/setup/tests/blackbox_provision-backend.sh b/source4/setup/tests/blackbox_provision-backend.sh new file mode 100755 index 0000000000..312ca5c70e --- /dev/null +++ b/source4/setup/tests/blackbox_provision-backend.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +if [ $# -lt 1 ]; then +cat < Date: Thu, 10 Jul 2008 17:54:43 +1000 Subject: Avoid the use of extensibleObject in ldap mapping backend. Instead of extensibleObject, we use the new (more correct) ad2oLschema tool, and a new objectClass called 'samba4Top', which we add and remove in the same way we did extensibleObject. Andrew Bartlett (This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db) --- source4/setup/schema_samba4.ldif | 158 ++++++++++++++++++++++++++++++++++----- source4/setup/slapd.conf | 2 - 2 files changed, 141 insertions(+), 19 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 7146091c8e..8128c43ac4 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -125,21 +125,23 @@ attributeID: 1.3.6.1.4.1.7165.4.1.7 attributeSyntax: 2.5.5.4 oMSyntax: 20 - -dn: CN=unixName,${SCHEMADN} -cn: unixName -name: unixName -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: unixName -isSingleValued: TRUE -systemFlags: 16 -systemOnly: FALSE -schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 -adminDisplayName: Unix-Name -attributeID: 1.3.6.1.4.1.7165.4.1.9 -attributeSyntax: 2.5.5.4 -oMSyntax: 20 +# +# Not used anymore +# +#dn: CN=unixName,${SCHEMADN} +#cn: unixName +#name: unixName +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: unixName +#isSingleValued: TRUE +#systemFlags: 16 +#systemOnly: FALSE +#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2 +#adminDisplayName: Unix-Name +#attributeID: 1.3.6.1.4.1.7165.4.1.9 +#attributeSyntax: 2.5.5.4 +#oMSyntax: 20 # # Not used anymore @@ -175,7 +177,6 @@ oMSyntax: 20 #Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6 #Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7 - # # Fedora DS uses this attribute, and we need to set it via our module stack # @@ -226,9 +227,132 @@ objectClassCategory: 1 lDAPDisplayName: samba4LocalDomain schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293 systemOnly: FALSE -systemAuxiliaryClass: samDomainBase +systemAuxiliaryClass: samDomain defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) systemFlags: 16 defaultHidingValue: TRUE defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN} + +dn: CN=Samba4Top,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.3.6.1.4.1.7165.4.2.1 +mayContain: msDS-ObjectReferenceBL +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Samba4TopTop +adminDescription: Attributes used in top in Samba4 that OpenLDAP does not +objectClassCategory: 3 +lDAPDisplayName: samba4Top +schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e +systemOnly: TRUE +systemPossSuperiors: lostAndFound +systemMayContain: url +systemMayContain: wWWHomePage +systemMayContain: wellKnownObjects +systemMayContain: wbemPath +systemMayContain: uSNSource +systemMayContain: uSNLastObjRem +systemMayContain: USNIntersite +systemMayContain: uSNDSALastObjRemoved +systemMayContain: systemFlags +systemMayContain: subRefs +systemMayContain: siteObjectBL +systemMayContain: serverReferenceBL +systemMayContain: sDRightsEffective +systemMayContain: revision +systemMayContain: repsTo +systemMayContain: repsFrom +systemMayContain: directReports +systemMayContain: replUpToDateVector +systemMayContain: replPropertyMetaData +systemMayContain: name +systemMayContain: queryPolicyBL +systemMayContain: proxyAddresses +systemMayContain: proxiedObjectName +systemMayContain: possibleInferiors +systemMayContain: partialAttributeSet +systemMayContain: partialAttributeDeletionList +systemMayContain: otherWellKnownObjects +systemMayContain: objectVersion +systemMayContain: nonSecurityMemberBL +systemMayContain: netbootSCPBL +systemMayContain: ownerBL +systemMayContain: msDS-ReplValueMetaData +systemMayContain: msDS-ReplAttributeMetaData +systemMayContain: msDS-NonMembersBL +systemMayContain: msDS-NCReplOutboundNeighbors +systemMayContain: msDS-NCReplInboundNeighbors +systemMayContain: msDS-NCReplCursors +systemMayContain: msDS-TasksForAzRoleBL +systemMayContain: msDS-TasksForAzTaskBL +systemMayContain: msDS-OperationsForAzRoleBL +systemMayContain: msDS-OperationsForAzTaskBL +systemMayContain: msDS-MembersForAzRoleBL +systemMayContain: msDs-masteredBy +systemMayContain: mS-DS-ConsistencyGuid +systemMayContain: mS-DS-ConsistencyChildCount +systemMayContain: msDS-Approx-Immed-Subordinates +systemMayContain: msCOM-PartitionSetLink +systemMayContain: msCOM-UserLink +systemMayContain: masteredBy +systemMayContain: managedObjects +systemMayContain: lastKnownParent +systemMayContain: isPrivilegeHolder +systemMayContain: isDeleted +systemMayContain: isCriticalSystemObject +systemMayContain: showInAdvancedViewOnly +systemMayContain: fSMORoleOwner +systemMayContain: fRSMemberReferenceBL +systemMayContain: frsComputerReferenceBL +systemMayContain: fromEntry +systemMayContain: flags +systemMayContain: extensionName +systemMayContain: dSASignature +systemMayContain: dSCorePropagationData +systemMayContain: displayNamePrintable +systemMayContain: displayName +systemMayContain: description +systemMayContain: cn +systemMayContain: canonicalName +systemMayContain: bridgeheadServerListBL +systemMayContain: allowedChildClassesEffective +systemMayContain: allowedChildClasses +systemMayContain: allowedAttributesEffective +systemMayContain: allowedAttributes +systemMayContain: adminDisplayName +systemMayContain: adminDescription +systemMustContain: objectCategory +systemMustContain: nTSecurityDescriptor +systemMustContain: instanceType +systemAuxiliaryClass: samba4TopExtra +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Samba4Top,${SCHEMADN} + + +dn: CN=Samba4TopExtra,${SCHEMADN} +objectClass: top +objectClass: classSchema +subClassOf: top +governsID: 1.3.6.1.4.1.7165.4.2.3 +rDNAttID: cn +showInAdvancedViewOnly: TRUE +adminDisplayName: Samba4TopExtra +adminDescription: Attributes used in top in Samba4 that OpenLDAP does not +objectClassCategory: 2 +lDAPDisplayName: samba4TopExtra +schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e +systemOnly: TRUE +mayContain: privilege +systemPossSuperiors: lostAndFound +defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) +systemFlags: 16 +defaultHidingValue: TRUE +objectCategory: CN=Class-Schema,${SCHEMADN} +defaultObjectCategory: CN=Samba4TopExtra,${SCHEMADN} + diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index cdf9ff79a9..15b9d3104e 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -71,8 +71,6 @@ index objectCategory eq index member eq index uidNumber eq index gidNumber eq -index unixName eq -index privilege eq index nCName eq index lDAPDisplayName eq index subClassOf eq -- cgit From 44ea6a26fd088f0f8c86817510ebe5a6cddf9158 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 12 Jul 2008 15:26:42 +1000 Subject: rename sambaPassword -> userPassword. This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3) --- source4/setup/provision_init.ldif | 4 ++-- source4/setup/provision_self_join.ldif | 4 ++-- source4/setup/provision_users.ldif | 4 ++-- source4/setup/schema-map-fedora-ds-1.0 | 2 -- source4/setup/schema-map-openldap-2.3 | 2 -- source4/setup/schema_samba4.ldif | 27 +++++++++++++++------------ 6 files changed, 21 insertions(+), 22 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index c922fa0bd2..65a12f1afa 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -10,7 +10,7 @@ name: CASE_INSENSITIVE dn: CASE_INSENSITIVE sAMAccountName: CASE_INSENSITIVE objectClass: CASE_INSENSITIVE -sambaPassword: HIDDEN +userPassword: HIDDEN krb5Key: HIDDEN ntPwdHash: HIDDEN sambaNTPwdHistory: HIDDEN @@ -27,7 +27,7 @@ dn: @OPTIONS checkBaseOnSearch: TRUE dn: @KLUDGEACL -passwordAttribute: sambaPassword +passwordAttribute: userPassword passwordAttribute: ntPwdHash passwordAttribute: sambaNTPwdHistory passwordAttribute: lmPwdHash diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif index c91e2f4c19..77a2e49865 100644 --- a/source4/setup/provision_self_join.ldif +++ b/source4/setup/provision_self_join.ldif @@ -12,7 +12,7 @@ operatingSystem: Samba operatingSystemVersion: 4.0 dNSHostName: ${DNSNAME} isCriticalSystemObject: TRUE -sambaPassword:: ${MACHINEPASS_B64} +userPassword:: ${MACHINEPASS_B64} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} servicePrincipalName: HOST/${DNSNAME}/${REALM} @@ -33,7 +33,7 @@ accountExpires: 9223372036854775807 sAMAccountName: dns servicePrincipalName: DNS/${DNSDOMAIN} isCriticalSystemObject: TRUE -sambaPassword:: ${DNSPASS_B64} +userPassword:: ${DNSPASS_B64} showInAdvancedViewOnly: TRUE dn: ${SERVERDN} diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 5a24e07492..641247cf22 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -8,7 +8,7 @@ adminCount: 1 accountExpires: 9223372036854775807 sAMAccountName: Administrator isCriticalSystemObject: TRUE -sambaPassword:: ${ADMINPASS_B64} +userPassword:: ${ADMINPASS_B64} dn: CN=Guest,CN=Users,${DOMAINDN} objectClass: user @@ -46,7 +46,7 @@ accountExpires: 9223372036854775807 sAMAccountName: krbtgt servicePrincipalName: kadmin/changepw isCriticalSystemObject: TRUE -sambaPassword:: ${KRBTGTPASS_B64} +userPassword:: ${KRBTGTPASS_B64} dn: CN=Domain Computers,CN=Users,${DOMAINDN} objectClass: top diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index 86f8c0b726..e55ef0a9e7 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -12,8 +12,6 @@ description cn dITContentRules top -#This shouldn't make it to the ldap server -sambaPassword #This should be provided by the LDAP server, only in our schema to permit provision aci #Skip ObjectClasses diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index 3f07a9d50f..f5279616d1 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -13,8 +13,6 @@ cn top #The memberOf plugin provides this attribute memberOf -#This shouldn't make it to the ldap server -sambaPassword #These conflict with OpenLDAP builtins attributeTypes:samba4AttributeTypes 2.5.21.5:1.3.6.1.4.1.7165.4.255.7 diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 8128c43ac4..21d17c5caa 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -83,18 +83,21 @@ #attributeSyntax: 2.5.5.10 #oMSyntax: 4 -dn: CN=sambaPassword,${SCHEMADN} -objectClass: top -objectClass: attributeSchema -lDAPDisplayName: sambaPassword -isSingleValued: FALSE -systemFlags: 17 -systemOnly: TRUE -schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A -adminDisplayName: SAMBA-Password -attributeID: 1.3.6.1.4.1.7165.4.1.5 -attributeSyntax: 2.5.5.5 -oMSyntax: 22 +# +# Not used anymore +# +#dn: CN=sambaPassword,${SCHEMADN} +#objectClass: top +#objectClass: attributeSchema +#lDAPDisplayName: sambaPassword +#isSingleValued: FALSE +#systemFlags: 17 +#systemOnly: TRUE +#schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A +#adminDisplayName: SAMBA-Password +#attributeID: 1.3.6.1.4.1.7165.4.1.5 +#attributeSyntax: 2.5.5.5 +#oMSyntax: 22 # # Not used anymore -- cgit From a6b842f9634cbeb4075c2bbaf7e49c19104602be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 15:15:12 +1000 Subject: Connect to the LDAP backend with SASL credentials. This reworks our LDAP backend code to move from anonymous access to a shared-secret SASL-protected connection. (SASL selects NTLM or DIGEST-MD5 on my system). To get this working, we must pre-populate the LDAP backend with a DN to store ths SASL secret on, and we use back-ldif for this. This gives us a reasonable basis to deploy a replicated OpenLDAP backend solution. Andrew Bartlett (This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa) --- source4/setup/cn=samba-admin.ldif | 12 +++++++++++ source4/setup/cn=samba.ldif | 11 ++++++++++ source4/setup/provision | 4 +++- source4/setup/secrets_init.ldif | 2 +- source4/setup/secrets_sasl_ldap.ldif | 9 ++++++++ source4/setup/secrets_simple_ldap.ldif | 6 ++++++ source4/setup/slapd.conf | 39 ++++++++++++++++++++++++++-------- 7 files changed, 72 insertions(+), 11 deletions(-) create mode 100644 source4/setup/cn=samba-admin.ldif create mode 100644 source4/setup/cn=samba.ldif create mode 100644 source4/setup/secrets_sasl_ldap.ldif create mode 100644 source4/setup/secrets_simple_ldap.ldif (limited to 'source4/setup') diff --git a/source4/setup/cn=samba-admin.ldif b/source4/setup/cn=samba-admin.ldif new file mode 100644 index 0000000000..c59ffd9ab6 --- /dev/null +++ b/source4/setup/cn=samba-admin.ldif @@ -0,0 +1,12 @@ +dn: cn=samba-admin +objectClass: top +objectClass: person +cn: samba-admin +userPassword:: ${LDAPADMINPASS_B64} +structuralObjectClass: person +entryUUID: ${UUID} +creatorsName: +createTimestamp: ${LDAPTIME} +entryCSN: 20080714010529.241038Z#000000#000#000000 +modifiersName: +modifyTimestamp: ${LDAPTIME} diff --git a/source4/setup/cn=samba.ldif b/source4/setup/cn=samba.ldif new file mode 100644 index 0000000000..3be6242fe3 --- /dev/null +++ b/source4/setup/cn=samba.ldif @@ -0,0 +1,11 @@ +dn: cn=Samba +objectClass: top +objectClass: container +cn: Samba +structuralObjectClass: container +entryUUID: b1d4823a-e58c-102c-9f74-51b6d59a1b68 +creatorsName: +createTimestamp: 20080714010529Z +entryCSN: 20080714010529.194412Z#000000#000#000000 +modifiersName: +modifyTimestamp: 20080714010529Z diff --git a/source4/setup/provision b/source4/setup/provision index c1d6cd157a..7bd61fc1d8 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -30,7 +30,7 @@ import os, sys sys.path.insert(0, "bin/python") import samba - +from samba.credentials import DONT_USE_KERBEROS from samba.auth import system_session import samba.getopt as options from samba import param @@ -131,6 +131,8 @@ else: creds = credopts.get_credentials(lp) +creds.set_kerberos_state(DONT_USE_KERBEROS) + setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" diff --git a/source4/setup/secrets_init.ldif b/source4/setup/secrets_init.ldif index 9eda47e463..eb423a5122 100644 --- a/source4/setup/secrets_init.ldif +++ b/source4/setup/secrets_init.ldif @@ -11,5 +11,5 @@ sAMAccountName: CASE_INSENSITIVE #Add modules to the list to activate them by default #beware often order is important dn: @MODULES -@LIST: update_keytab,operational,objectguid +@LIST: update_keytab,operational,objectguid,rdn_name diff --git a/source4/setup/secrets_sasl_ldap.ldif b/source4/setup/secrets_sasl_ldap.ldif new file mode 100644 index 0000000000..81ccfee209 --- /dev/null +++ b/source4/setup/secrets_sasl_ldap.ldif @@ -0,0 +1,9 @@ +dn: CN=SAMDB Credentials +objectClass: top +objectClass: ldapSecret +cn: SAMDB Credentials +secret:: ${LDAPADMINPASS_B64} +samAccountName: ${LDAPADMINUSER} +realm: ${LDAPADMINREALM} + + diff --git a/source4/setup/secrets_simple_ldap.ldif b/source4/setup/secrets_simple_ldap.ldif new file mode 100644 index 0000000000..3f5ccd2df1 --- /dev/null +++ b/source4/setup/secrets_simple_ldap.ldif @@ -0,0 +1,6 @@ +dn: CN=SAMDB Credentials +objectClass: top +objectClass: ldapSecret +cn: SAMDB Credentials +secret:: ${LDAPMANAGERPASS_B64} +ldapBindDn: ${LDAPMANAGERDN} diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 15b9d3104e..b1ce6f6492 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -5,17 +5,36 @@ include ${LDAPDIR}/backend-schema.schema pidfile ${LDAPDIR}/slapd.pid argsfile ${LDAPDIR}/slapd.args sasl-realm ${DNSDOMAIN} -access to * by * write -allow update_anon +#authz-regexp +# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth +# ldap:///${DOMAINDN}??sub?(samAccountName=\$1) -authz-regexp - uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth - ldap:///${DOMAINDN}??sub?(samAccountName=\$1) +#authz-regexp +# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth +# ldap:///${DOMAINDN}??sub?(samAccountName=\$1) authz-regexp uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth - ldap:///${DOMAINDN}??sub?(samAccountName=\$1) + ldap:///cn=samba??one?(cn=\$1) + +authz-regexp + uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth + ldap:///cn=samba??one?(cn=\$1) + +access to dn.base="" + by dn=cn=samba-admin,cn=samba manage + by anonymous read + by * read + +access to dn.subtree="cn=samba" + by anonymous auth + +access to dn.subtree="${DOMAINDN}" + by dn=cn=samba-admin,cn=samba manage + by * read + +password-hash {CLEARTEXT} include ${LDAPDIR}/modules.conf @@ -23,6 +42,11 @@ defaultsearchbase ${DOMAINDN} ${MEMBEROF_CONFIG} +database ldif +suffix cn=Samba +directory ${LDAPDIR}/db/samba + + database hdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema @@ -78,9 +102,6 @@ index dnsRoot eq index nETBIOSName eq index cn eq -rootdn ${LDAPMANAGERDN} -rootpw ${LDAPMANAGERPASS} - #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov -- cgit From 0f1eea267257eff0d75a702ee0793a86834fb76a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 15:46:32 +1000 Subject: Rework provision to handle both simple and SASL binds. Fedora DS is still setup for simple binds only, at this point. (it also fails on other issues). Andrew Bartlett (This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510) --- source4/setup/provision-backend | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 54dc5839bf..845dc8679a 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -49,8 +49,8 @@ parser.add_option("--domain", type="string", metavar="DOMAIN", help="set domain") parser.add_option("--host-name", type="string", metavar="HOSTNAME", help="set hostname") -parser.add_option("--ldap-manager-pass", type="string", metavar="PASSWORD", - help="choose LDAP manager password (otherwise random)") +parser.add_option("--ldap-admin-pass", type="string", metavar="PASSWORD", + help="choose LDAP admin password (otherwise random)") parser.add_option("--root", type="string", metavar="USERNAME", help="choose 'root' unix username") parser.add_option("--quiet", help="Be quiet", action="store_true") @@ -96,7 +96,7 @@ if setup_dir is None: provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetdir=opts.targetdir, realm=opts.realm, domain=opts.domain, hostname=opts.host_name, - adminpass=opts.ldap_manager_pass, + adminpass=opts.ldap_admin_pass, root=opts.root, serverrole=server_role, ldap_backend_type=opts.ldap_backend_type, ldap_backend_port=opts.ldap_backend_port) -- cgit From 831bd55fb071186c8a62e7048ca621f61a825e4e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 15 Jul 2008 22:07:45 +1000 Subject: Lock down the LDAP backend - only samba may read or write (This used to be commit a3912801fb25f715725c06402d4bdff9a926f15d) --- source4/setup/slapd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index b1ce6f6492..1dda752af0 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -32,7 +32,7 @@ access to dn.subtree="cn=samba" access to dn.subtree="${DOMAINDN}" by dn=cn=samba-admin,cn=samba manage - by * read + by * none password-hash {CLEARTEXT} -- cgit From cfc2063f230491865edb8f73174e0b12ab4dc158 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jul 2008 18:44:07 +1000 Subject: Put the memberof template into a seperate setup/ file. Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm having with OpenLDAP Andrew Bartlett (This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3) --- source4/setup/memberof.conf | 9 +++++++++ source4/setup/slapd.conf | 3 +++ 2 files changed, 12 insertions(+) create mode 100644 source4/setup/memberof.conf (limited to 'source4/setup') diff --git a/source4/setup/memberof.conf b/source4/setup/memberof.conf new file mode 100644 index 0000000000..77e57c86d4 --- /dev/null +++ b/source4/setup/memberof.conf @@ -0,0 +1,9 @@ +overlay memberof +memberof-dn cn=samba-admin,cn=samba +memberof-dangling error +memberof-refint TRUE +memberof-group-oc top +memberof-member-ad ${MEMBER_ATTR} +memberof-memberof-ad ${MEMBEROF_ATTR} +memberof-dangling-error 32 + diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 1dda752af0..68e494c27d 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -49,6 +49,7 @@ directory ${LDAPDIR}/db/samba database hdb suffix ${SCHEMADN} +rootdn cn=Manager,${SCHEMADN} directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -66,6 +67,7 @@ syncprov-sessionlog 100 database hdb suffix ${CONFIGDN} +rootdn cn=Manager,${CONFIGDN} directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -86,6 +88,7 @@ syncprov-sessionlog 100 database hdb suffix ${DOMAINDN} +rootdn cn=Manager,${DOMAINDN} directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq -- cgit From 3408a2d18fa61e2a7e3b3e05cc3c454e5e15f2ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Jul 2008 18:58:56 +1000 Subject: Make a seperate template for the refint configuration too (This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619) --- source4/setup/refint.conf | 3 +++ source4/setup/slapd.conf | 2 ++ 2 files changed, 5 insertions(+) create mode 100644 source4/setup/refint.conf (limited to 'source4/setup') diff --git a/source4/setup/refint.conf b/source4/setup/refint.conf new file mode 100644 index 0000000000..a3a7d3e0ad --- /dev/null +++ b/source4/setup/refint.conf @@ -0,0 +1,3 @@ +overlay refint +refint_modifiersName cn=samba-admin,cn=samba +refint_attributes ${LINK_ATTRS} diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 68e494c27d..495847f7fe 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -40,6 +40,8 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} +${REFINT_CONFIG} + ${MEMBEROF_CONFIG} database ldif -- cgit From 706140a1dcc5220739bde0f17afcb32ebc0c130a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Jul 2008 09:36:24 +1000 Subject: Make invalid 'member' detection work again. This defines a rootdn globally, and due to OpenLDAP bugs, gives it manage access to the whole database. This makes the memberOf module able to validate the links again, now we have database ACLs. Andrew Bartlett (This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec) --- source4/setup/slapd.conf | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 495847f7fe..4dcfd2aba7 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -32,6 +32,7 @@ access to dn.subtree="cn=samba" access to dn.subtree="${DOMAINDN}" by dn=cn=samba-admin,cn=samba manage + by dn=cn=manager manage by * none password-hash {CLEARTEXT} @@ -40,6 +41,8 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} +rootdn cn=Manager + ${REFINT_CONFIG} ${MEMBEROF_CONFIG} @@ -47,6 +50,7 @@ ${MEMBEROF_CONFIG} database ldif suffix cn=Samba directory ${LDAPDIR}/db/samba +rootdn cn=Manager,cn=Samba database hdb -- cgit From fb3e663678be412df4668b05e76480908da2c080 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 22 Jul 2008 11:06:47 +1000 Subject: Improve DNS and Group poicy configurations. - fixes bug #4813 (simplify DNS setup) - This reworks the named.conf to be a fully fledged include - This also moves the documentation into named.txt - improves bug #4900 (Group policy support in Samba) - by creating an empty GPT.INI - fixes bug #5582 (DNS: Enhanced zone file) - This is now closer to the zone file AD creates committed by Andrew Bartlett (This used to be commit 74d684f6b329d7dd573cdc55e16bb8e629474b02) --- source4/setup/named.conf | 63 +++++++++----------------------------------- source4/setup/named.txt | 46 ++++++++++++++++++++++++++++++++ source4/setup/provision.zone | 7 ++++- 3 files changed, 65 insertions(+), 51 deletions(-) create mode 100644 source4/setup/named.txt (limited to 'source4/setup') diff --git a/source4/setup/named.conf b/source4/setup/named.conf index 4f98bbd914..0b087069c7 100644 --- a/source4/setup/named.conf +++ b/source4/setup/named.conf @@ -1,12 +1,15 @@ +# This file should be included in your main BIND configuration file # -# Insert these snippets into your named.conf or bind.conf to configure -# the BIND nameserver. -# +# For example with +# include "${PRIVATE_DIR}/named.conf"; -# You should always include the actual forward zone configuration: zone "${DNSDOMAIN}." IN { type master; - file "${DNSDOMAIN}.zone"; + file "${PRIVATE_DIR}/${DNSDOMAIN}.zone"; + /* + * Attention: Not all BIND versions support "ms-self". The instead use + * of allow-update { any; }; is another, but less secure possibility. + */ update-policy { /* * A rather long description here, as the "ms-self" option does @@ -44,6 +47,8 @@ zone "${DNSDOMAIN}." IN { # The reverse zone configuration is optional. The following example assumes a # subnet of 192.168.123.0/24: + +/* zone "123.168.192.in-addr.arpa" in { type master; file "123.168.192.in-addr.arpa.zone"; @@ -51,54 +56,12 @@ zone "123.168.192.in-addr.arpa" in { grant ${REALM_WC} wildcard *.123.168.192.in-addr.arpa. PTR; }; }; +*/ + # Note that the reverse zone file is not created during the provision process. -# The most recent BIND version (9.5.0a5 or later) supports secure GSS-TSIG +# The most recent BIND versions (9.5.0a5 or later) support secure GSS-TSIG # updates. If you are running an earlier version of BIND, or if you do not wish # to use secure GSS-TSIG updates, you may remove the update-policy sections in # both examples above. -# If you are running a capable version of BIND and you wish to support secure -# GSS-TSIG updates, you must make the following configuration changes: - -# - Insert the following lines into the options {} section of your named.conf -# file: -tkey-gssapi-credential "DNS/${DNSDOMAIN}"; -tkey-domain "${REALM}"; - -# - Modify BIND init scripts to pass the location of the generated keytab file. -# Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named -# for this purpose: -KEYTAB_FILE="${DNS_KEYTAB_ABS}" -# Note that the Fedora scripts translate KEYTAB_FILE behind the scenes into a -# variable named KRB5_KTNAME, which is ultimately passed to the BIND daemon. If -# your distribution does not provide a variable like KEYTAB_FILE to pass a -# keytab file to the BIND daemon, a workaround is to place the following line in -# BIND's sysconfig file or in the init script for BIND: -export KRB5_KTNAME="${DNS_KEYTAB_ABS}" - -# - Set appropriate ownership and permissions on the ${DNS_KEYTAB} file. Note -# that most distributions have BIND configured to run under a non-root user -# account. For example, Fedora 9 runs BIND as the user "named" once the daemon -# relinquishes its rights. Therefore, the file ${DNS_KEYTAB} must be readable -# by the user that BIND run as. If BIND is running as a non-root user, the -# "${DNS_KEYTAB}" file must have its permissions altered to allow the daemon to -# read it. Under Fedora 9, execute the following commands: -chgrp named ${DNS_KEYTAB_ABS} -chmod g+r ${DNS_KEYTAB_ABS} - -# - Ensure the BIND zone file(s) that will be dynamically updated are in a -# directory where the BIND daemon can write. When BIND performs dynamic -# updates, it not only needs to update the zone file itself but it must also -# create a journal (.jnl) file to track the dynamic updates as they occur. -# Under Fedora 9, the /var/named directory can not be written to by the "named" -# user. However, the directory /var/named/dynamic directory does provide write -# access. Therefore the zone files were placed under the /var/named/dynamic -# directory. The file directives in both example zone statements at the -# beginning of this file were changed by prepending the directory "dynamic/". - -# - If SELinux is enabled, ensure that all files have the appropriate SELinux -# file contexts. The ${DNS_KEYTAB} file must be accessible by the BIND daemon -# and should have a SELinux type of named_conf_t. This can be set with the -# following command: -chcon -t named_conf_t ${DNS_KEYTAB_ABS} diff --git a/source4/setup/named.txt b/source4/setup/named.txt new file mode 100644 index 0000000000..c1e6b3a9ee --- /dev/null +++ b/source4/setup/named.txt @@ -0,0 +1,46 @@ +# Additional informations for DNS setup using BIND + +# If you are running a capable version of BIND and you wish to support secure +# GSS-TSIG updates, you must make the following configuration changes: + +# - Insert the following lines into the options {} section of your named.conf +# file: +tkey-gssapi-credential "DNS/${DNSDOMAIN}"; +tkey-domain "${REALM}"; + +# - Modify BIND init scripts to pass the location of the generated keytab file. +# Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named +# for this purpose: +KEYTAB_FILE="${DNS_KEYTAB_ABS}" +# Note that the Fedora scripts translate KEYTAB_FILE behind the scenes into a +# variable named KRB5_KTNAME, which is ultimately passed to the BIND daemon. If +# your distribution does not provide a variable like KEYTAB_FILE to pass a +# keytab file to the BIND daemon, a workaround is to place the following line in +# BIND's sysconfig file or in the init script for BIND: +export KRB5_KTNAME="${DNS_KEYTAB_ABS}" + +# - Set appropriate ownership and permissions on the ${DNS_KEYTAB} file. Note +# that most distributions have BIND configured to run under a non-root user +# account. For example, Fedora 9 runs BIND as the user "named" once the daemon +# relinquishes its rights. Therefore, the file ${DNS_KEYTAB} must be readable +# by the user that BIND run as. If BIND is running as a non-root user, the +# "${DNS_KEYTAB}" file must have its permissions altered to allow the daemon to +# read it. Under Fedora 9, execute the following commands: +chgrp named ${DNS_KEYTAB_ABS} +chmod g+r ${DNS_KEYTAB_ABS} + +# - Ensure the BIND zone file(s) that will be dynamically updated are in a +# directory where the BIND daemon can write. When BIND performs dynamic +# updates, it not only needs to update the zone file itself but it must also +# create a journal (.jnl) file to track the dynamic updates as they occur. +# Under Fedora 9, the /var/named directory can not be written to by the "named" +# user. However, the directory /var/named/dynamic directory does provide write +# access. Therefore the zone files were placed under the /var/named/dynamic +# directory. The file directives in both example zone statements at the +# beginning of this file were changed by prepending the directory "dynamic/". + +# - If SELinux is enabled, ensure that all files have the appropriate SELinux +# file contexts. The ${DNS_KEYTAB} file must be accessible by the BIND daemon +# and should have a SELinux type of named_conf_t. This can be set with the +# following command: +chcon -t named_conf_t ${DNS_KEYTAB_ABS} diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone index 28c1c29762..17ae3bb47a 100644 --- a/source4/setup/provision.zone +++ b/source4/setup/provision.zone @@ -14,10 +14,12 @@ ${HOSTIP6_BASE_LINE} ; ${HOSTIP6_HOST_LINE} ${HOSTNAME} IN A ${HOSTIP} -${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} +gc._msdcs IN CNAME ${HOSTNAME} +${HOSTGUID}._msdcs IN CNAME ${HOSTNAME} ; ; global catalog servers _gc._tcp IN SRV 0 100 3268 ${HOSTNAME} +_gc._tcp.${DEFAULTSITE}._sites IN SRV 0 100 3268 ${HOSTNAME} _ldap._tcp.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} ; @@ -25,12 +27,15 @@ _ldap._tcp.${DEFAULTSITE}._sites.gc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.pdc._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DOMAINGUID} IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DOMAINGUID}.domains._msdcs IN SRV 0 100 389 ${HOSTNAME} +_ldap._tcp.${DEFAULTSITE}._sites IN SRV 0 100 389 ${HOSTNAME} _ldap._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 389 ${HOSTNAME} ; ; krb5 servers _kerberos._tcp IN SRV 0 100 88 ${HOSTNAME} _kerberos._tcp.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} +_kerberos._tcp.${DEFAULTSITE}._sites IN SRV 0 100 88 ${HOSTNAME} _kerberos._tcp.${DEFAULTSITE}._sites.dc._msdcs IN SRV 0 100 88 ${HOSTNAME} _kerberos._udp IN SRV 0 100 88 ${HOSTNAME} ; MIT kpasswd likes to lookup this name on password change -- cgit From e0bd9e82eae6dc3623a247b4294659faeb23a20d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 23 Jul 2008 13:49:00 +1000 Subject: Explain where some other OIDs are allocated. This is an odd place for an OID registry - we perhaps need a central wiki page. Andrew Bartlett (This used to be commit 1c909973977ae117703c1ccf7589acc4625e76e5) --- source4/setup/schema_samba4.ldif | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 21d17c5caa..3e129e4f6b 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -3,9 +3,15 @@ # ## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema ## 1.3.6.1.4.1.7165.4.1.x - attributetypes + ## 1.3.6.1.4.1.7165.4.2.x - objectclasses + ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls +### see dsdb/samdb/samdb.h + ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations +### see dsdb/samdb/samdb.h + ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track # # -- cgit From 47124efe420f4f4f08494cbb2255eacdc9625c8d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 1 Aug 2008 21:12:37 +0200 Subject: Add helper object Hostconfig to make it easier to get to e.g. the SAM database. (This used to be commit be75b2a36ee49f66ada3ec3ababa82d74085d559) --- source4/setup/newuser | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/newuser b/source4/setup/newuser index e6ab4eda2b..5b677af142 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -15,7 +15,6 @@ import samba.getopt as options import optparse from getpass import getpass from samba.auth import system_session -from samba.samdb import SamDB parser = optparse.OptionParser("newuser [options] []") sambaopts = options.SambaOptions(parser) @@ -44,6 +43,6 @@ if opts.unixname is None: lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) -samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), - credentials=creds, lp=lp) +samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(), + credentials=creds) samdb.newuser(username, opts.unixname, password) -- cgit From 16112762e70879b50f1dfc49452d6d278bd256cf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Aug 2008 20:40:57 +1000 Subject: Generate the subSchema in cn=Aggregate This reads the schema from the in-memory structure, when the magic attributes are requested. The code is a modified version of that used in the ad2oLschema tool (now shared). The schema_fsmo module handles the insertion of the generated result. As such, this commit also removes these entries from the setup/schema.ldif Metze's previous stub of this functionality is also removed. Andrew Bartlett (This used to be commit c7c32ec7b42bdf0f7b669644516438c71b364e60) --- source4/setup/schema.ldif | 549 ---------------------------------------------- 1 file changed, 549 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index e96cf5f5fc..40ef709ac3 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -10376,552 +10376,3 @@ defaultObjectCategory: CN=Group-Policy-Container,${SCHEMADN} dn: CN=Aggregate,${SCHEMADN} objectClass: top objectClass: subSchema -objectClasses: ( 2.5.6.0 NAME 'top' SUP top ABSTRACT MUST ( objectClass $ objectCategory $ nTSecurityDescriptor $ instanceType ) MAY ( url $ wWWHomePage $ whenCreated $ whenChanged $ wellKnownObjects $ wbemPath $ uSNSource $ uSNLastObjRem $ USNIntersite $ uSNDSALastObjRemoved $ uSNCreated $ uSNChanged $ systemFlags $ subSchemaSubEntry $ subRefs $ structuralObjectClass $ siteObjectBL $ serverReferenceBL $ sDRightsEffective $ revision $ repsTo $ repsFrom $ directReports $ replUpToDateVector $ replPropertyMetaData $ name $ queryPolicyBL $ proxyAddresses $ proxiedObjectName $ possibleInferiors $ partialAttributeSet $ partialAttributeDeletionList $ otherWellKnownObjects $ objectVersion $ objectGUID $ distinguishedName $ nonSecurityMemberBL $ netbootSCPBL $ ownerBL $ msDS-ReplValueMetaData $ msDS-ReplAttributeMetaData $ msDS-NonMembersBL $ msDS-NCReplOutboundNeighbors $ msDS-NCReplInboundNeighbors $ msDS-NCReplCursors $ msDS-TasksForAzRoleBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-MembersForAzRoleBL $ msDs-masteredBy $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ msDS-Approx-Immed-Subordinates $ msCOM-PartitionSetLink $ msCOM-UserLink $ modifyTimeStamp $ masteredBy $ managedObjects $ lastKnownParent $ isPrivilegeHolder $ memberOf $ isDeleted $ isCriticalSystemObject $ showInAdvancedViewOnly $ fSMORoleOwner $ fRSMemberReferenceBL $ frsComputerReferenceBL $ fromEntry $ flags $ extensionName $ dSASignature $ dSCorePropagationData $ displayNamePrintable $ displayName $ description $ createTimeStamp $ cn $ canonicalName $ bridgeheadServerListBL $ allowedChildClassesEffective $ allowedChildClasses $ allowedAttributesEffective $ allowedAttributes $ adminDisplayName $ adminDescription $ msDS-ObjectReferenceBL ) ) -objectClasses: ( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' SUP ipsecBase STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY ( msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ managedBy ) ) -objectClasses: ( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY ( msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzApplicationVersion $ msDS-AzClassId $ msDS-AzApplicationName $ description ) ) -objectClasses: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.175 NAME 'infrastructureUpdate' SUP top STRUCTURAL MAY ( dNReferenceUpdate ) ) -objectClasses: ( 1.2.840.113556.1.5.12 NAME 'configuration' SUP top STRUCTURAL MUST ( cn ) MAY ( gPOptions $ gPLink ) ) -objectClasses: ( 1.2.840.113556.1.3.11 NAME 'crossRef' SUP top STRUCTURAL MUST ( nCName $ dnsRoot $ cn ) MAY ( trustParent $ superiorDNSRoot $ rootTrust $ nTMixedDomain $ nETBIOSName $ Enabled $ msDS-SDReferenceDomain $ msDS-Replication-Notify-Subsequent-DSA-Delay $ msDS-Replication-Notify-First-DSA-Delay $ msDS-NC-Replica-Locations $ msDS-DnsRootAlias $ msDS-Behavior-Version ) ) -objectClasses: ( 1.2.840.113556.1.5.83 NAME 'rIDManager' SUP top STRUCTURAL MUST ( rIDAvailablePool ) ) -objectClasses: ( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURAL MAY ( treatAsLeaf $ shellPropertyPages $ shellContextMenu $ scopeFlags $ queryFilter $ iconPath $ extraColumns $ creationWizard $ createWizardExt $ createDialog $ contextMenu $ classDisplayName $ attributeDisplayNames $ adminPropertyPages $ adminMultiselectPropertyPages $ adminContextMenu ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.56 NAME 'ipsecBase' SUP top ABSTRACT MAY ( ipsecOwnersReference $ ipsecName $ ipsecID $ ipsecDataType $ ipsecData ) ) -objectClasses: ( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST ( msDS-AzScopeName ) MAY ( msDS-AzApplicationData $ description ) ) -objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST ( l ) MAY ( street $ st $ seeAlso $ searchGuide ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY ( msDS-SPNSuffixes $ uPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-Behavior-Version ) ) -objectClasses: ( 1.2.840.113556.1.5.106 NAME 'queryPolicy' SUP top STRUCTURAL MAY ( lDAPIPDenyList $ lDAPAdminLimits ) ) -objectClasses: ( 1.2.840.113556.1.5.95 NAME 'subnetContainer' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.7000.47 NAME 'nTDSDSA' SUP applicationSettings STRUCTURAL MAY ( serverReference $ msDS-RetiredReplNCSignatures $ retiredReplDSASignatures $ queryPolicyObject $ options $ networkAddress $ msDS-ReplicationEpoch $ msDS-HasInstantiatedNCs $ msDS-hasMasterNCs $ msDS-HasDomainNCs $ msDS-Behavior-Version $ managedBy $ lastBackupRestorationTime $ invocationId $ hasPartialReplicaNCs $ hasMasterNCs $ fRSRootPath $ dMDLocation ) ) -objectClasses: ( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) -objectClasses: ( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) -objectClasses: ( 2.5.6.2 NAME 'country' SUP top MUST ( c ) MAY ( co $ searchGuide ) ) -objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ( ou ) MAY ( x121Address $ userPassword $ uPNSuffixes $ co $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ msCOM-UserPartitionSetLink $ managedBy $ thumbnailLogo $ l $ internationalISDNNumber $ gPOptions $ gPLink $ facsimileTelephoneNumber $ destinationIndicator $ desktopProfile $ defaultGroup $ countryCode $ c $ businessCategory ) ) -objectClasses: ( 1.2.840.113556.1.5.121 NAME 'ipsecNFA' SUP ipsecBase STRUCTURAL MAY ( ipsecNegotiationPolicyReference $ ipsecFilterReference ) ) -objectClasses: ( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY ( moveTreeState ) ) -objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' SUP person MAY ( x121Address $ comment $ title $ co $ primaryTelexNumber $ telexNumber $ teletexTerminalIdentifier $ street $ st $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ thumbnailPhoto $ physicalDeliveryOfficeName $ pager $ otherPager $ otherTelephone $ mobile $ otherMobile $ primaryInternationalISDNNumber $ ipPhone $ otherIpPhone $ otherHomePhone $ homePhone $ otherFacsimileTelephoneNumber $ personalTitle $ middleName $ otherMailbox $ ou $ o $ mhsORAddress $ msDS-AllowedToDelegateTo $ manager $ thumbnailLogo $ l $ internationalISDNNumber $ initials $ givenName $ generationQualifier $ facsimileTelephoneNumber $ employeeID $ mail $ division $ destinationIndicator $ department $ c $ countryCode $ company $ assistant $ streetAddress $ houseIdentifier $ msExchHouseIdentifier $ homePostalAddress ) ) -objectClasses: ( 1.2.840.113556.1.3.14 NAME 'attributeSchema' SUP top STRUCTURAL MUST ( schemaIDGUID $ oMSyntax $ lDAPDisplayName $ isSingleValued $ cn $ attributeSyntax $ attributeID ) MAY ( systemOnly $ searchFlags $ schemaFlagsEx $ rangeUpper $ rangeLower $ oMObjectClass $ msDs-Schema-Extensions $ msDS-IntId $ mAPIID $ linkID $ isMemberOfPartialAttributeSet $ isEphemeral $ isDefunct $ extendedCharsAllowed $ classDisplayName $ attributeSecurityGUID ) ) -objectClasses: ( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY ( tombstoneLifetime $ sPNMappings $ replTopologyStayOfExecution $ msDS-Other-Settings $ garbageCollPeriod $ dSHeuristics ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY ( volumeCount $ siteGUID $ rIDSetReferences $ policyReplicationFlags $ physicalLocationObject $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ operatingSystem $ networkAddress $ netbootSIFFile $ netbootMirrorDataFile $ netbootMachineFilePath $ netbootInitialization $ netbootGUID $ msDS-AdditionalSamAccountName $ msDS-AdditionalDnsHostName $ managedBy $ machineRole $ location $ localPolicyFlags $ dNSHostName $ defaultLocalPolicyObject $ cn $ catalogs ) ) -objectClasses: ( 2.5.6.6 NAME 'person' SUP top MUST ( cn ) MAY ( userPassword $ telephoneNumber $ sn $ serialNumber $ seeAlso $ attributeCertificateAttribute ) ) -objectClasses: ( 1.2.840.113556.1.5.98 NAME 'ipsecPolicy' SUP ipsecBase STRUCTURAL MAY ( ipsecNFAReference $ ipsecISAKMPReference ) ) -objectClasses: ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaVersion $ defaultClassStore $ msDS-ObjectReference ) ) -objectClasses: ( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY ( notificationList $ mSMQSiteID $ mSMQSiteForeign $ mSMQNt4Stub $ mSMQInterval2 $ mSMQInterval1 $ managedBy $ location $ gPOptions $ gPLink ) ) -objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST ( o ) MAY ( x121Address $ userPassword $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ street $ st $ seeAlso $ searchGuide $ registeredAddress $ preferredDeliveryMethod $ postalCode $ postalAddress $ postOfficeBox $ physicalDeliveryOfficeName $ l $ internationalISDNNumber $ facsimileTelephoneNumber $ destinationIndicator $ businessCategory ) ) -objectClasses: ( 1.2.840.113556.1.5.234 NAME 'msDS-AzAdminManager' SUP top STRUCTURAL MAY ( msDS-AzMinorVersion $ msDS-AzMajorVersion $ msDS-AzApplicationData $ msDS-AzGenerateAudits $ msDS-AzScriptTimeout $ msDS-AzScriptEngineCacheMax $ msDS-AzDomainTimeout $ description ) ) -objectClasses: ( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' SUP top AUXILIARY MUST ( sAMAccountName $ objectSid ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory ) ) -objectClasses: ( 1.2.840.113556.1.5.7000.49 NAME 'applicationSettings' SUP top ABSTRACT MAY ( notificationList $ msDS-Settings $ applicationName ) ) -objectClasses: ( 1.2.840.113556.1.3.13 NAME 'classSchema' SUP top STRUCTURAL MUST ( subClassOf $ schemaIDGUID $ objectClassCategory $ governsID $ defaultObjectCategory $ cn ) MAY ( systemPossSuperiors $ systemOnly $ systemMustContain $ systemMayContain $ systemAuxiliaryClass $ schemaFlagsEx $ rDNAttID $ possSuperiors $ mustContain $ msDs-Schema-Extensions $ msDS-IntId $ mayContain $ lDAPDisplayName $ isDefunct $ defaultSecurityDescriptor $ defaultHidingValue $ classDisplayName $ auxiliaryClass ) ) -objectClasses: ( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson STRUCTURAL MAY ( pager $ o $ mobile $ manager $ mail $ initials $ homePhone $ businessCategory $ userCertificate $ userWorkstations $ userSharedFolderOther $ userSharedFolder $ userPrincipalName $ userParameters $ userAccountControl $ unicodePwd $ terminalServer $ servicePrincipalName $ scriptPath $ pwdLastSet $ profilePath $ primaryGroupID $ preferredOU $ otherLoginWorkstations $ operatorCount $ ntPwdHistory $ networkAddress $ msRASSavedFramedRoute $ msRASSavedFramedIPAddress $ msRASSavedCallbackNumber $ msRADIUSServiceType $ msRADIUSFramedRoute $ msRADIUSFramedIPAddress $ msRADIUSCallbackNumber $ msNPSavedCallingStationID $ msNPCallingStationID $ msNPAllowDialin $ mSMQSignCertificatesMig $ mSMQSignCertificates $ mSMQDigestsMig $ mSMQDigests $ msIIS-FTPRoot $ msIIS-FTPDir $ msDS-User-Account-Control-Computed $ msDS-Site-Affinity $ mS-DS-CreatorSID $ msDS-Cached-Membership-Time-Stamp $ msDS-Cached-Membership $ msDRM-IdentityCertificate $ msCOM-UserPartitionSetLink $ maxStorage $ logonWorkstation $ logonHours $ logonCount $ lockoutTime $ localeID $ lmPwdHistory $ lastLogonTimestamp $ lastLogon $ lastLogoff $ homeDrive $ homeDirectory $ groupsToIgnore $ groupPriority $ groupMembershipSAM $ dynamicLDAPServer $ desktopProfile $ defaultClassStore $ dBCSPwd $ controlAccessRights $ codePage $ badPwdCount $ badPasswordTime $ adminCount $ aCSPolicyName $ accountExpires $ x500uniqueIdentifier $ userSMIMECertificate $ userPKCS12 $ uid $ secretary $ roomNumber $ preferredLanguage $ photo $ labeledURI $ jpegPhoto $ homePostalAddress $ givenName $ employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $ audio ) ) -objectClasses: ( 1.2.840.113556.1.3.9 NAME 'dMD' SUP top STRUCTURAL MUST ( cn ) MAY ( schemaUpdate $ schemaInfo $ prefixMap $ msDs-Schema-Extensions $ msDS-IntId $ dmdName ) ) -objectClasses: ( 1.2.840.113556.1.5.20 NAME 'leaf' SUP top ABSTRACT ) -objectClasses: ( 1.2.840.113556.1.5.28 NAME 'secret' SUP leaf STRUCTURAL MAY ( priorValue $ priorSetTime $ lastSetTime $ currentValue ) ) -objectClasses: ( 1.2.840.113556.1.5.107 NAME 'sitesContainer' SUP top STRUCTURAL ) -objectClasses: ( 1.2.840.113556.1.5.17 NAME 'server' SUP top STRUCTURAL MAY ( mailAddress $ serverReference $ serialNumber $ managedBy $ dNSHostName $ bridgeheadTransportList ) ) -objectClasses: ( 2.5.20.1 NAME 'subSchema' SUP top STRUCTURAL MAY ( objectClasses $ modifyTimeStamp $ extendedClassInfo $ extendedAttributeInfo $ dITContentRules $ attributeTypes ) ) -objectClasses: ( 1.2.840.113556.1.5.34 NAME 'trustedDomain' SUP leaf STRUCTURAL MAY ( trustType $ trustPosixOffset $ trustPartner $ trustDirection $ trustAuthOutgoing $ trustAuthIncoming $ trustAttributes $ securityIdentifier $ msDS-TrustForestTrustInfo $ mS-DS-CreatorSID $ initialAuthOutgoing $ initialAuthIncoming $ flatName $ domainIdentifier $ domainCrossRef $ additionalTrustedServiceNames ) ) -objectClasses: ( 1.2.840.113556.1.5.66 NAME 'domain' SUP top ABSTRACT MUST ( dc ) ) -objectClasses: ( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top STRUCTURAL MUST ( objectSid ) MAY ( foreignIdentifier ) ) -objectClasses: ( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY ( siteObject $ physicalLocationObject $ location ) ) -objectClasses: ( 1.2.840.113556.1.3.46 NAME 'mailRecipient' SUP top AUXILIARY MUST ( cn ) MAY ( userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) -objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST ( groupType ) MAY ( primaryGroupToken $ operatorCount $ nTGroupMembers $ nonSecurityMember $ msDS-NonMembers $ msDS-AzLDAPQuery $ member $ managedBy $ groupMembershipSAM $ groupAttributes $ mail $ desktopProfile $ controlAccessRights $ adminCount ) ) -objectClasses: ( 1.2.840.113556.1.5.157 NAME 'groupPolicyContainer' SUP container STRUCTURAL MAY ( versionNumber $ gPCWQLFilter $ gPCUserExtensionNames $ gPCMachineExtensionNames $ gPCFunctionalityVersion $ gPCFileSysPath $ flags ) ) -attributeTypes: ( 1.2.840.113556.1.4.1304 NAME 'sDRightsEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.104 NAME 'ownerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.14 NAME 'searchGuide' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1720 NAME 'msDS-ReplicationEpoch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.202 NAME 'auditingPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.646 NAME 'otherFacsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.256 NAME 'streetAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.121 NAME 'securityIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1782 NAME 'msDS-KeyVersionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1307 NAME 'accountNameHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.752 NAME 'userSharedFolderOther' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.751 NAME 'userSharedFolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.966 NAME 'mSMQDigestsMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.755 NAME 'domainIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.655 NAME 'legacyExchangeDN' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.618 NAME 'wellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1 NAME 'name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.531 NAME 'nonSecurityMemberBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1707 NAME 'msDS-ReplAttributeMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1242 NAME 'dNReferenceUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.892 NAME 'gPOptions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1790 NAME 'msDS-PerUserTrustTombstonesQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.42 NAME 'pager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.362 NAME 'siteGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1796 NAME 'msDS-AzScriptEngineCacheMax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1303 NAME 'tokenGroupsNoGCAcceptable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1418 NAME 'tokenGroupsGlobalAndUniversal' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.96 NAME 'pwdLastSet' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.6 NAME 'objectClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.470 NAME 'trustAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1702 NAME 'msDS-TrustForestTrustInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.512 NAME 'siteObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.638 NAME 'isPrivilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.28 NAME 'dnsRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.168 NAME 'modifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.25 NAME 'internationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' ) -attributeTypes: ( 2.5.4.15 NAME 'businessCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'middleName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.30 NAME 'attributeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.677 NAME 'replTopologyStayOfExecution' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.359 NAME 'netbootGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.25 NAME 'mayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.135 NAME 'trustAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1694 NAME 'gPCWQLFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.748 NAME 'attributeDisplayNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.614 NAME 'adminContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.67 NAME 'lSAModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.66 NAME 'lSACreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.154 NAME 'serverState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.460 NAME 'lDAPDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.125 NAME 'supplementalCredentials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1130 NAME 'msNPSavedCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.38 NAME 'flags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.812 NAME 'createWizardExt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.36 NAME 'dMDLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.596 NAME 'msExchHouseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.647 NAME 'otherMobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.44 NAME 'generationQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.32 NAME 'attributeSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.149 NAME 'attributeSecurityGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.212 NAME 'dSHeuristics' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.5 NAME 'serialNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.1697 NAME 'msDS-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.144 NAME 'operatorCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1153 NAME 'msRADIUSFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.45 NAME 'homeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.540 NAME 'initialAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.141 NAME 'versionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1664 NAME 'msDS-Replication-Notify-Subsequent-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.810 NAME 'createDialog' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.607 NAME 'queryPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.487 NAME 'fRSRootPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.11 NAME 'ou' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.21 NAME 'telexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.2.617 NAME 'homePostalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.652 NAME 'assistant' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.361 NAME 'netbootMachineFilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.45 NAME 'x500uniqueIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.55 NAME 'dBCSPwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.538 NAME 'prefixMap' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1807 NAME 'msDS-MembersForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.781 NAME 'lastKnownParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.369 NAME 'fSMORoleOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.673 NAME 'retiredReplDSASignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.459 NAME 'networkAddress' SYNTAX '1.2.840.113556.1.4.905' ) -attributeTypes: ( 1.2.840.113556.1.2.471 NAME 'schemaVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.2.8 NAME 'possSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.4.224 NAME 'defaultSecurityDescriptor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.16.840.1.113730.3.140 NAME 'userSMIMECertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.8 NAME 'userAccountControl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.885 NAME 'terminalServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.159 NAME 'accountExpires' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.89 NAME 'nTGroupMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.749 NAME 'url' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.145 NAME 'revision' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.76 NAME 'objectVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1705 NAME 'msDS-NCReplInboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1425 NAME 'msCOM-UserLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1409 NAME 'masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.916 NAME 'canonicalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1661 NAME 'msDS-NC-Replica-Locations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1721 NAME 'msDS-UpdateScript' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.88 NAME 'nextRid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.24 NAME 'x121Address' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' ) -attributeTypes: ( 2.5.4.35 NAME 'userPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.639 NAME 'isMemberOfPartialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.626 NAME 'ipsecISAKMPReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.1189 NAME 'msRASSavedCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.136 NAME 'trustType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.158 NAME 'domainReplica' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.615 NAME 'personalTitle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.651 NAME 'otherMailbox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 0.9.2342.19200300.100.1.3 NAME 'mail' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.231 NAME 'oMSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.661 NAME 'isDefunct' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1621 NAME 'msDS-Other-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.71 NAME 'machineRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1795 NAME 'msDS-AzDomainTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.198 NAME 'systemAuxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.160 NAME 'lmPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.166 NAME 'groupMembershipSAM' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.133 NAME 'trustPartner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.1 NAME 'instanceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.806 NAME 'treatAsLeaf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.562 NAME 'adminPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1799 NAME 'msDS-AzScopeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.34 NAME 'seeAlso' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.844 NAME 'lDAPIPDenyList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1826 NAME 'msDS-RetiredReplNCSignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.14 NAME 'hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.81 NAME 'modifiedCountAtLastProm' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.78 NAME 'minPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.39 NAME 'forceLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1305 NAME 'moveTreeState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1787 NAME 'msDS-AllowedToDelegateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.170 NAME 'systemOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1716 NAME 'msDS-IntId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.619 NAME 'dNSHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1825 NAME 'msDS-AzMinorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.49 NAME 'badPasswordTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.621 NAME 'ipsecID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.843 NAME 'lDAPAdminLimits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.151 NAME 'oEMInformation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.42 NAME 'givenName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1347 NAME 'sPNMappings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.364 NAME 'operatingSystemVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.303 NAME 'notificationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1301 NAME 'tokenGroups' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.97 NAME 'preferredOU' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1410 NAME 'mS-DS-CreatorSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1793 NAME 'msDS-NonMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1815 NAME 'msDS-TasksForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.627 NAME 'ipsecNFAReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.820 NAME 'bridgeheadServerListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1819 NAME 'msDS-AzApplicationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.866 NAME 'pekKeyChangeInterval' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.6 NAME 'c' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.25 NAME 'countryCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.41 NAME 'mobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.148 NAME 'schemaIDGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.669 NAME 'rIDSetReferences' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.351 NAME 'auxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 0.9.2342.19200300.100.1.1 NAME 'uid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.889 NAME 'additionalTrustedServiceNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.464 NAME 'wWWHomePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.896 NAME 'uSNSource' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1360 NAME 'mS-DS-ConsistencyGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.870 NAME 'frsComputerReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.913 NAME 'allowedAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1798 NAME 'msDS-AzApplicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.890 NAME 'uPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1788 NAME 'msDS-PerUserTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1411 NAME 'ms-DS-MachineAccountQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.157 NAME 'serverRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.20 NAME 'homePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.34 NAME 'rangeLower' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.415 NAME 'operatingSystemHotfix' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1717 NAME 'msDS-AdditionalDnsHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1797 NAME 'msDS-AzScriptTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.24 NAME 'mustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 2.5.4.36 NAME 'userCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1124 NAME 'msNPCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.1460 NAME 'msDS-User-Account-Control-Computed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.44 NAME 'homeDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1792 NAME 'msDS-AzLDAPQuery' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.663 NAME 'partialAttributeDeletionList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.868 NAME 'isCriticalSystemObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.891 NAME 'gPLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1354 NAME 'scopeFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.60 NAME 'lockoutDuration' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1426 NAME 'msCOM-UserPartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 2.16.840.1.113730.3.1.36 NAME 'thumbnailLogo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.16.840.1.113730.3.1.35 NAME 'thumbnailPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.222 NAME 'location' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.86 NAME 'userWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.65 NAME 'logonWorkstation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1696 NAME 'lastLogonTimestamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.100 NAME 'priorValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.53 NAME 'lastSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.2 NAME 'objectGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1811 NAME 'msDS-TasksForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.653 NAME 'managedBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.93 NAME 'pwdProperties' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.13 NAME 'builtinCreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.146 NAME 'company' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.675 NAME 'catalogs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.783 NAME 'defaultObjectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1158 NAME 'msRADIUSFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) -attributeTypes: ( 1.2.840.113556.1.4.99 NAME 'priorSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.645 NAME 'userCert' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.530 NAME 'nonSecurityMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 2.5.4.31 NAME 'member' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.152 NAME 'groupAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.375 NAME 'systemFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1249 NAME 'proxiedObjectName' SYNTAX '1.2.840.113556.1.4.903' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1708 NAME 'msDS-ReplValueMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.912 NAME 'allowedChildClassesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1805 NAME 'msDS-AzGenerateAudits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1817 NAME 'msDS-AzApplicationVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.219 NAME 'iconPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.9 NAME 'street' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1783 NAME 'msDS-ExecuteScriptPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1784 NAME 'msDS-LogonTimeSyncInterval' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.301 NAME 'garbageCollPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.967 NAME 'mSMQSignCertificatesMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1442 NAME 'msDS-Cached-Membership-Time-Stamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.169 NAME 'logonCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.58 NAME 'localeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.4.12 NAME 'badPwdCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.129 NAME 'trustAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.18.10 NAME 'subSchemaSubEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ) -attributeTypes: ( 1.2.840.113556.1.2.48 NAME 'isDeleted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1687 NAME 'extraColumns' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1690 NAME 'adminMultiselectPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.307 NAME 'options' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.61 NAME 'lockOutObservationWindow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.57 NAME 'defaultLocalPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.26 NAME 'creationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.26 NAME 'registeredAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.5.4.16 NAME 'postalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.43 NAME 'initials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.33 NAME 'isSingleValued' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1240 NAME 'netbootSIFFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1718 NAME 'msDS-AdditionalSamAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.195 NAME 'systemPossSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.2.610 NAME 'employeeNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.662 NAME 'lockoutTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.537 NAME 'dynamicLDAPServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.444 NAME 'msExchAssistantName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1349 NAME 'gPCUserExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1794 NAME 'msDS-NonMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.194 NAME 'adminDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.499 NAME 'contextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.50 NAME 'linkID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.58 NAME 'attributeCertificateAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 2.5.4.4 NAME 'sn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.22 NAME 'governsID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.947 NAME 'mSMQSignCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.539 NAME 'initialAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.472 NAME 'domainCrossRef' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.893 NAME 'gPCFunctionalityVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1361 NAME 'mS-DS-ConsistencyChildCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.74 NAME 'dSASignature' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.911 NAME 'allowedChildClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.914 NAME 'allowedAttributesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.357 NAME 'nTMixedDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1709 NAME 'msDS-HasInstantiatedNCs' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.79 NAME 'minPwdLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.32 NAME 'domainPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.507 NAME 'volumeCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1171 NAME 'msRADIUSServiceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.52 NAME 'lastLogon' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.344 NAME 'groupsToIgnore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1358 NAME 'schemaInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME 'dc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.782 NAME 'objectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 2.5.18.2 NAME 'modifyTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.13 NAME 'displayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.226 NAME 'adminDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1719 NAME 'msDS-DnsRootAlias' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.498 NAME 'creationWizard' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.15 NAME 'hasPartialReplicaNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.200 NAME 'controlAccessRights' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.155 NAME 'uASCompat' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.146 NAME 'objectSid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.12 NAME 'title' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.118 NAME 'otherPager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.261 NAME 'division' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.35 NAME 'rangeUpper' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.218 NAME 'oMObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.49 NAME 'mAPIID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.370 NAME 'objectClassCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.518 NAME 'defaultHidingValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1119 NAME 'msNPAllowDialin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.16 NAME 'codePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.150 NAME 'adminCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'schemaUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.132 NAME 'trustDirection' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.557 NAME 'Enabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.7 NAME 'l' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.268 NAME 'eFSPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.14 NAME 'builtinModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.18 NAME 'otherTelephone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.649 NAME 'primaryInternationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.35 NAME 'employeeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.54 NAME 'tombstoneLifetime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.365 NAME 'operatingSystemServicePack' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.358 NAME 'netbootInitialization' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.771 NAME 'servicePrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.91 NAME 'otherLoginWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1786 NAME 'msIIS-FTPDir' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1443 NAME 'msDS-Site-Affinity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.76 NAME 'maxStorage' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.281 NAME 'nTSecurityDescriptor' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.513 NAME 'siteObjectBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.608 NAME 'queryPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.640 NAME 'partialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.49 NAME 'distinguishedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.13 NAME 'description' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1816 NAME 'msDS-AzClassId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.370 NAME 'rIDAvailablePool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.563 NAME 'shellPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1715 NAME 'msDS-SPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.101 NAME 'privateKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.23 NAME 'facsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.334 NAME 'searchFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.120 NAME 'schemaFlagsEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1212 NAME 'isEphemeral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.960 NAME 'mSMQNt4Stub' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.4.1785 NAME 'msIIS-FTPRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.345 NAME 'groupPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.819 NAME 'bridgeheadTransportList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.511 NAME 'flatName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.301 NAME 'wbemPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1706 NAME 'msDS-NCReplOutboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.1809 NAME 'msDS-OperationsForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.169 NAME 'showInAdvancedViewOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1459 NAME 'msDS-Behavior-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1836 NAME 'msDS-hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.95 NAME 'pwdHistoryLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.865 NAME 'pekList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.17 NAME 'postalCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1241 NAME 'netbootMirrorDataFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.213 NAME 'defaultClassStore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.953 NAME 'mSMQSiteID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.624 NAME 'ipsecOwnersReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.115 NAME 'invocationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.109 NAME 'replicaSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.721 NAME 'ipPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.277 NAME 'otherHomePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 2.5.4.10 NAME 'o' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.380 NAME 'extendedCharsAllowed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.363 NAME 'operatingSystem' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1840 NAME 'msDS-ObjectReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.1308 NAME 'mSMQInterval1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.153 NAME 'rid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.139 NAME 'profilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1145 NAME 'msRADIUSCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.772 NAME 'aCSPolicyName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.81 NAME 'info' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1841 NAME 'msDS-ObjectReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.3 NAME 'whenChanged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.121 NAME 'uSNLastObjRem' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.83 NAME 'repsTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.4 NAME 'replUpToDateVector' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.864 NAME 'netbootSCPBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1837 NAME 'msDs-masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.629 NAME 'ipsecFilterReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1309 NAME 'mSMQInterval2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.609 NAME 'sIDHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.90 NAME 'unicodePwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1190 NAME 'msRASSavedFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1843 NAME 'msDRM-IdentityCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.51 NAME 'lastLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.598 NAME 'dmdName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.593 NAME 'msExchLabeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.622 NAME 'ipsecDataType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.623 NAME 'ipsecData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.131 NAME 'co' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.648 NAME 'primaryTelexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 0.9.2342.19200300.100.1.10 NAME 'manager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.514 NAME 'physicalLocationObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1824 NAME 'msDS-AzMajorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.21 NAME 'subClassOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.197 NAME 'systemMustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION ) -attributeTypes: ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.613 NAME 'employeeType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.27 NAME 'currentValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 2.5.21.2 NAME 'dITContentRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1348 NAME 'gPCMachineExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.19 NAME 'uSNCreated' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.7 NAME 'subRefs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.210 NAME 'proxyAddresses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' ) -attributeTypes: ( 1.2.840.113556.1.4.615 NAME 'shellContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.610 NAME 'classDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.620 NAME 'ipsecName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.628 NAME 'ipsecNegotiationPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.356 NAME 'foreignIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.2.120 NAME 'uSNChanged' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.2.91 NAME 'repsFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1359 NAME 'otherWellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' ) -attributeTypes: ( 1.2.840.113556.1.4.1704 NAME 'msDS-NCReplCursors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.4.654 NAME 'managedObjects' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.1710 NAME 'msDS-AllowedDNSSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) -attributeTypes: ( 1.2.840.113556.1.2.16 NAME 'nCName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION ) -attributeTypes: ( 1.2.840.113556.1.4.87 NAME 'nETBIOSName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.1355 NAME 'queryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' ) -attributeTypes: ( 1.2.840.113556.1.4.961 NAME 'mSMQSiteForeign' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' ) -attributeTypes: ( 0.9.2342.19200300.100.1.55 NAME 'audio' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.62 NAME 'scriptPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.948 NAME 'mSMQDigests' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) -attributeTypes: ( 1.2.840.113556.1.4.1441 NAME 'msDS-Cached-Membership' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.64 NAME 'logonHours' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) -attributeTypes: ( 1.2.840.113556.1.4.894 NAME 'gPCFileSysPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) -dITContentRules: ( 1.2.840.113556.1.5.67 NAME 'domainDNS' AUX ( samDomain ) MAY ( treeName $ rIDManagerReference $ replicaSource $ pwdProperties $ pwdHistoryLength $ privateKey $ pekList $ pekKeyChangeInterval $ nTMixedDomain $ nextRid $ nETBIOSName $ msDS-PerUserTrustTombstonesQuota $ msDS-PerUserTrustQuota $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-AllUsersTrustQuota $ modifiedCountAtLastProm $ minPwdLength $ minPwdAge $ maxPwdAge $ lSAModifiedCount $ lSACreationTime $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ gPOptions $ gPLink $ eFSPolicy $ domainPolicyObject $ desktopProfile $ description $ defaultLocalPolicyObject $ creationTime $ controlAccessRights $ cACertificate $ builtinModifiedCount $ builtinCreationTime $ auditingPolicy ) ) -dITContentRules: ( 1.2.840.113556.1.5.4 NAME 'builtinDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) -dITContentRules: ( 1.2.840.113556.1.5.3 NAME 'samDomain' AUX ( samDomainBase ) MAY ( uASCompat $ serverState $ serverRole $ revision $ pwdProperties $ pwdHistoryLength $ oEMInformation $ objectSid $ nTSecurityDescriptor $ nextRid $ modifiedCountAtLastProm $ modifiedCount $ minPwdLength $ minPwdAge $ maxPwdAge $ lockoutThreshold $ lockoutDuration $ lockOutObservationWindow $ forceLogoff $ domainReplica $ creationTime ) ) -dITContentRules: ( 1.2.840.113556.1.5.9 NAME 'user' AUX ( securityPrincipal $ mailRecipient ) MUST ( sAMAccountName $ objectSid $ cn ) MAY ( supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) -dITContentRules: ( 1.2.840.113556.1.5.8 NAME 'group' AUX ( mailRecipient $ securityPrincipal ) MUST ( cn $ sAMAccountName $ objectSid $ cn ) MAY ( userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ supplementalCredentials $ sIDHistory $ securityIdentifier $ sAMAccountType $ rid $ tokenGroupsNoGCAcceptable $ tokenGroupsGlobalAndUniversal $ tokenGroups $ nTSecurityDescriptor $ msDS-KeyVersionNumber $ altSecurityIdentities $ accountNameHistory $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI $ userCertificate $ userCert $ textEncodedORAddress $ telephoneNumber $ showInAddressBook $ legacyExchangeDN $ garbageCollPeriod $ info $ userSMIMECertificate $ secretary $ msExchLabeledURI $ msExchAssistantName $ labeledURI ) ) -- cgit From 46c94dd8b28cbb6fca28f4884b65be034e135fbb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Aug 2008 10:16:45 +1000 Subject: Merge the two attribute syntax tables. This merges the table once found in the oLschema2ldif tool (and moved many times) with the table used for DRSUAPI. The OpenLDAP schema map has been updated, to ensure that despite a number of attributes being declared as OIDs, they are actually used as strings (as they are actually LDAP class/attribute names). Andrew Bartlett (This used to be commit 61f2958c84beeedcf369ccdc02afed0c8055b108) --- source4/setup/schema-map-openldap-2.3 | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index f5279616d1..7de2e67b5e 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -39,3 +39,6 @@ modifyTimeStamp:samba4ModifyTimestamp 1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12 #Treat Security Descriptors as binary 1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 +#Treat OIDs as case insensitive strings (as otherwise ldap class and +#attribute names, declared at OIDs fail +1.3.6.1.4.1.1466.115.121.1.38:1.3.6.1.4.1.1466.115.121.1.44 -- cgit From 47d80366bef5e62b6727a574b2300cc94a2e18f7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Aug 2008 11:43:41 +1000 Subject: Fix templates.ldb reprovision handling. This sets the attributes in a seperate transaction, and allows a forced delete of the whole file. Andrew Bartlett (This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b) --- source4/setup/provision_templates.ldif | 10 ---------- source4/setup/provision_templates_init.ldif | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 source4/setup/provision_templates_init.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 8f4ed08252..04257549d5 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -2,16 +2,6 @@ # Templates to be put in templates.ldb. Not part of main samdb any more. ### -dn: @OPTIONS -checkBaseOnSearch: TRUE - -dn: @INDEXLIST -@IDXATTR: cn - -dn: @ATTRIBUTES -cn: CASE_INSENSITIVE -dn: CASE_INSENSITIVE - dn: CN=Templates objectClass: top objectClass: container diff --git a/source4/setup/provision_templates_init.ldif b/source4/setup/provision_templates_init.ldif new file mode 100644 index 0000000000..6d6a3c228c --- /dev/null +++ b/source4/setup/provision_templates_init.ldif @@ -0,0 +1,10 @@ +dn: @OPTIONS +checkBaseOnSearch: TRUE + +dn: @INDEXLIST +@IDXATTR: cn + +dn: @ATTRIBUTES +cn: CASE_INSENSITIVE +dn: CASE_INSENSITIVE + -- cgit From 805dd85291fa55695ee7ae2b8f6d3c168d9186e8 Mon Sep 17 00:00:00 2001 From: Oliver Liebel Date: Tue, 19 Aug 2008 12:03:04 +1000 Subject: Generate Multi-Master Replication configuration for OpenLDAP This patches provision-backend and the related scripts to generate the correct configuration blobs for N-way multi-master replication using OpenLDAP. Signed-off-by: Andrew Bartlett (This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52) --- source4/setup/mmr_serverids.conf | 1 + source4/setup/mmr_syncrepl.conf | 10 ++++++++++ source4/setup/provision-backend | 7 ++++++- source4/setup/slapd.conf | 36 ++++++++++++++++++++++++++++++++---- 4 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 source4/setup/mmr_serverids.conf create mode 100644 source4/setup/mmr_syncrepl.conf (limited to 'source4/setup') diff --git a/source4/setup/mmr_serverids.conf b/source4/setup/mmr_serverids.conf new file mode 100644 index 0000000000..863508d0d6 --- /dev/null +++ b/source4/setup/mmr_serverids.conf @@ -0,0 +1 @@ +ServerID ${SERVERID} "${LDAPSERVER}:9000" diff --git a/source4/setup/mmr_syncrepl.conf b/source4/setup/mmr_syncrepl.conf new file mode 100644 index 0000000000..857f044ccd --- /dev/null +++ b/source4/setup/mmr_syncrepl.conf @@ -0,0 +1,10 @@ +syncrepl rid=${RID} + provider="${LDAPSERVER}:9000" + searchbase="${MMRDN}" + type=refreshAndPersist + retry="10 +" + bindmethod=simple + binddn="CN=Manager,${MMRDN}" + credentials="linux" + + diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 845dc8679a..049b8752a6 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -64,6 +64,9 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", help="Set server role to provision for (default standalone)") parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") +parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", + help="List of LDAP-URLS separated with whitespaces for Use with OpenLDAP-MMR") + opts = parser.parse_args()[0] @@ -99,4 +102,6 @@ provision_backend(setup_dir=setup_dir, message=message, smbconf=smbconf, targetd adminpass=opts.ldap_admin_pass, root=opts.root, serverrole=server_role, ldap_backend_type=opts.ldap_backend_type, - ldap_backend_port=opts.ldap_backend_port) + ldap_backend_port=opts.ldap_backend_port, + ol_mmr_urls=opts.ol_mmr_urls) + diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 4dcfd2aba7..be68ec2588 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -1,5 +1,10 @@ loglevel 0 +### Multimaster-ServerIDs and URLs ### + +${MMR_SERVERIDS_CONFIG} + + include ${LDAPDIR}/backend-schema.schema pidfile ${LDAPDIR}/slapd.pid @@ -52,10 +57,12 @@ suffix cn=Samba directory ${LDAPDIR}/db/samba rootdn cn=Manager,cn=Samba - +######################################## +### cn=schema ### database hdb suffix ${SCHEMADN} rootdn cn=Manager,${SCHEMADN} +rootpw linux directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -64,16 +71,25 @@ index objectCategory eq index lDAPDisplayName eq index subClassOf eq index cn eq +index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov -syncprov-checkpoint 100 10 syncprov-sessionlog 100 +# syncprov-checkpoint 100 10 + +### Multimaster-Replication of cn=schema Subcontext ### +${MMR_SYNCREPL_SCHEMA_CONFIG} +${MIRRORMODE} + +######################################### +### cn=config ### database hdb suffix ${CONFIGDN} rootdn cn=Manager,${CONFIGDN} +rootpw linux directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -85,16 +101,24 @@ index subClassOf eq index dnsRoot eq index nETBIOSName eq index cn eq +index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov -syncprov-checkpoint 100 10 syncprov-sessionlog 100 +# syncprov-checkpoint 100 10 + +### Multimaster-Replication of cn=config Subcontext ### +${MMR_SYNCREPL_CONFIG_CONFIG} +${MIRRORMODE} +######################################## +### cn=users /base-dn ### database hdb suffix ${DOMAINDN} rootdn cn=Manager,${DOMAINDN} +rootpw linux directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq @@ -110,10 +134,14 @@ index subClassOf eq index dnsRoot eq index nETBIOSName eq index cn eq +index entryUUID,entryCSN eq #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov -syncprov-checkpoint 100 10 syncprov-sessionlog 100 +# syncprov-checkpoint 100 10 +### Multimaster-Replication of cn=user/base-dn context ### +${MMR_SYNCREPL_USER_CONFIG} +${MIRRORMODE} -- cgit From 7ef21658fbb519859aa7d23a614e1fdbcae95693 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 19 Aug 2008 14:10:14 +1000 Subject: Fix up new OpenLDAP MMR code. This changes the MMR password from hard-coded value of 'linux', adds tests and fixes the Fedora DS backend. Currently the MMR password matches the admin password, but we can change this to be another random value if required. Also require the port to be specified on the command line, so we don't hard-code a port of 9000. Andrew Bartlett (This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce) --- source4/setup/mmr_serverids.conf | 3 ++- source4/setup/mmr_syncrepl.conf | 6 ++++-- source4/setup/slapd.conf | 6 +++--- source4/setup/tests/blackbox_provision-backend.sh | 1 + 4 files changed, 10 insertions(+), 6 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/mmr_serverids.conf b/source4/setup/mmr_serverids.conf index 863508d0d6..c6d14010b4 100644 --- a/source4/setup/mmr_serverids.conf +++ b/source4/setup/mmr_serverids.conf @@ -1 +1,2 @@ -ServerID ${SERVERID} "${LDAPSERVER}:9000" +# Generated from template mmr_serverids.conf +ServerID ${SERVERID} "${LDAPSERVER}" diff --git a/source4/setup/mmr_syncrepl.conf b/source4/setup/mmr_syncrepl.conf index 857f044ccd..5fa8b8f8a0 100644 --- a/source4/setup/mmr_syncrepl.conf +++ b/source4/setup/mmr_syncrepl.conf @@ -1,10 +1,12 @@ +# Generated from template mmr_syncrepl.conf + syncrepl rid=${RID} - provider="${LDAPSERVER}:9000" + provider="${LDAPSERVER}" searchbase="${MMRDN}" type=refreshAndPersist retry="10 +" bindmethod=simple binddn="CN=Manager,${MMRDN}" - credentials="linux" + credentials="${MMR_PASSWORD}" diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index be68ec2588..141c0cd27a 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -62,7 +62,7 @@ rootdn cn=Manager,cn=Samba database hdb suffix ${SCHEMADN} rootdn cn=Manager,${SCHEMADN} -rootpw linux +rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -89,7 +89,7 @@ ${MIRRORMODE} database hdb suffix ${CONFIGDN} rootdn cn=Manager,${CONFIGDN} -rootpw linux +rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -118,7 +118,7 @@ ${MIRRORMODE} database hdb suffix ${DOMAINDN} rootdn cn=Manager,${DOMAINDN} -rootpw linux +rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq diff --git a/source4/setup/tests/blackbox_provision-backend.sh b/source4/setup/tests/blackbox_provision-backend.sh index 312ca5c70e..04f22dbf1d 100755 --- a/source4/setup/tests/blackbox_provision-backend.sh +++ b/source4/setup/tests/blackbox_provision-backend.sh @@ -13,6 +13,7 @@ shift 1 . `dirname $0`/../../../testprogs/blackbox/subunit.sh testit "openldap-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend +testit "openldap-mmr-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls='ldap://localdc1:9000,ldap://localdc2:9000,ldap://localdc3:9000' testit "fedora-ds-backend" $PYTHON ./setup/provision-backend --domain=FOO --realm=foo.example.com --host-name=samba --ldap-backend-type=fedora-ds --targetdir=$PREFIX/fedora-ds-backend reprovision() { -- cgit From 41493cbe680e0b8dff3b84937b3005c72c39dec6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 20 Aug 2008 12:21:36 +1000 Subject: Update OpenLDAP MMR configuration per comments by Oliver Liebel This changes the RIDs to be , to ease later debugging. The need to specify the port on the MMR URLs is now included in the help. Andrew Bartlett (This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695) --- source4/setup/provision-backend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/provision-backend b/source4/setup/provision-backend index 049b8752a6..0943da29b6 100755 --- a/source4/setup/provision-backend +++ b/source4/setup/provision-backend @@ -65,7 +65,7 @@ parser.add_option("--server-role", type="choice", metavar="ROLE", parser.add_option("--targetdir", type="string", metavar="DIR", help="Set target directory") parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER", - help="List of LDAP-URLS separated with whitespaces for Use with OpenLDAP-MMR") + help="List of LDAP-URLS [ ldap://:port/ (where port != 389) ] separated with whitespaces for use with OpenLDAP-MMR") opts = parser.parse_args()[0] -- cgit From 6e5f2454acb6ad11e799faed834fb4937651737d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 20 Aug 2008 15:46:46 +1000 Subject: Apply attributes (and their syntax) from the schema into ldb This changes the @ATTRIBUTES record to be for bootstrapping only, before we find the schema. Andrew Bartlett (This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69) --- source4/setup/provision_init.ldif | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source4/setup') diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif index 65a12f1afa..a6c591dd51 100644 --- a/source4/setup/provision_init.ldif +++ b/source4/setup/provision_init.ldif @@ -1,3 +1,8 @@ +#These attributes are only used as far as the bootstrapping of the +# schema. After that, the attributes from the schema are used. +# +# Therefore, they must strictly match the schema + dn: @ATTRIBUTES userPrincipalName: CASE_INSENSITIVE servicePrincipalName: CASE_INSENSITIVE @@ -7,6 +12,8 @@ nETBIOSName: CASE_INSENSITIVE cn: CASE_INSENSITIVE dc: CASE_INSENSITIVE name: CASE_INSENSITIVE +lDAPDisplayName: CASE_INSENSITIVE +subClassOf: CASE_INSENSITIVE dn: CASE_INSENSITIVE sAMAccountName: CASE_INSENSITIVE objectClass: CASE_INSENSITIVE -- cgit From 8237c0ba83e2b47bb7879ba68d3a50da887397b6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 12:59:16 +1000 Subject: The index handling is now configured from the schema load, not by a template. Andrew Bartlett (This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e) --- source4/setup/provision_index.ldif | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 source4/setup/provision_index.ldif (limited to 'source4/setup') diff --git a/source4/setup/provision_index.ldif b/source4/setup/provision_index.ldif deleted file mode 100644 index 95970817f3..0000000000 --- a/source4/setup/provision_index.ldif +++ /dev/null @@ -1,19 +0,0 @@ -dn: @INDEXLIST -@IDXATTR: name -@IDXATTR: cn -@IDXATTR: userPrincipalName -@IDXATTR: servicePrincipalName -@IDXATTR: sAMAccountName -@IDXATTR: objectSid -@IDXATTR: objectCategory -@IDXATTR: member -@IDXATTR: uidNumber -@IDXATTR: gidNumber -@IDXATTR: unixName -@IDXATTR: privilege -@IDXATTR: nCName -@IDXATTR: lDAPDisplayName -@IDXATTR: subClassOf -@IDXATTR: dnsRoot -@IDXATTR: nETBIOSName -@IDXATTR: objectGUID -- cgit From 91d6cdd89aad251e7f6fb44c976f1e5a6fbcfd3e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 22 Aug 2008 21:26:32 +1000 Subject: now that ldap integers are 32 bit, we need to put the right 32 bit value in for group type to avoid sign extension, otherwise we don't find the builtin groups (This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4) --- source4/setup/provision_users.ldif | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source4/setup') diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 641247cf22..854c42d07c 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -83,7 +83,7 @@ objectClass: top objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory -groupType: 2147483652 +groupType: -2147483644 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers isCriticalSystemObject: TRUE @@ -134,7 +134,7 @@ cn: RAS and IAS Servers description: Servers in this group can access remote access properties of users objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers -groupType: 2147483652 +groupType: -2147483644 isCriticalSystemObject: TRUE dn: CN=Administrators,CN=Builtin,${DOMAINDN} @@ -149,7 +149,7 @@ objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeSecurityPrivilege privilege: SeBackupPrivilege @@ -185,7 +185,7 @@ member: CN=Domain Users,CN=Users,${DOMAINDN} objectSid: S-1-5-32-545 sAMAccountName: Users systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Guests,CN=Builtin,${DOMAINDN} @@ -198,7 +198,7 @@ member: CN=Guest,CN=Users,${DOMAINDN} objectSid: S-1-5-32-546 sAMAccountName: Guests systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Print Operators,CN=Builtin,${DOMAINDN} @@ -210,7 +210,7 @@ objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeLoadDriverPrivilege privilege: SeShutdownPrivilege @@ -225,7 +225,7 @@ objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeBackupPrivilege privilege: SeRestorePrivilege @@ -241,7 +241,7 @@ objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} @@ -252,7 +252,7 @@ description: Members in this group are granted the right to logon remotely objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN} @@ -263,7 +263,7 @@ description: Members in this group can have some administrative privileges to ma objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} @@ -274,7 +274,7 @@ description: Members of this group have remote access to monitor this computer objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN} @@ -285,7 +285,7 @@ description: Members of this group have remote access to schedule logging of per objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Server Operators,CN=Builtin,${DOMAINDN} @@ -297,7 +297,7 @@ objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeBackupPrivilege privilege: SeSystemtimePrivilege @@ -315,7 +315,7 @@ objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight @@ -327,7 +327,7 @@ description: A backward compatibility group which allows read access on all user objectSid: S-1-5-32-554 sAMAccountName: Pre-Windows 2000 Compatible Access systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE privilege: SeRemoteInteractiveLogonRight privilege: SeChangeNotifyPrivilege @@ -340,7 +340,7 @@ description: Members of this group can create incoming, one-way trusts to this f objectSid: S-1-5-32-557 sAMAccountName: Incoming Forest Trust Builders systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} @@ -351,7 +351,7 @@ description: Members of this group have access to the computed tokenGroupsGlobal objectSid: S-1-5-32-560 sAMAccountName: Windows Authorization Access Group systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} @@ -362,7 +362,7 @@ description: Terminal Server License Servers objectSid: S-1-5-32-561 sAMAccountName: Terminal Server License Servers systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} @@ -373,7 +373,7 @@ description: Members are allowed to launch, activate and use Distributed COM obj objectSid: S-1-5-32-562 sAMAccountName: Distributed COM Users systemFlags: 2348810240 -groupType: 2147483653 +groupType: -2147483643 isCriticalSystemObject: TRUE dn: CN=WellKnown Security Principals,${CONFIGDN} -- cgit From a5f4ffe04205819dd65807bde30a5ce0056f1417 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 30 Aug 2008 07:23:06 +1000 Subject: added a simple script for setting password expiry (This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c) --- source4/setup/setexpiry | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 source4/setup/setexpiry (limited to 'source4/setup') diff --git a/source4/setup/setexpiry b/source4/setup/setexpiry new file mode 100755 index 0000000000..e47330510c --- /dev/null +++ b/source4/setup/setexpiry @@ -0,0 +1,44 @@ +#!/usr/bin/python +# +# set the password expiry for a user +# Copyright Andrew Tridgell 2005 +# Copyright Jelmer Vernooij 2008 +# Released under the GNU GPL version 3 or later +# + +import sys + +# Find right directory when running from source tree +sys.path.insert(0, "bin/python") + +import samba.getopt as options +import optparse +from getpass import getpass +from samba.auth import system_session + +parser = optparse.OptionParser("setexpiry [options] ") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--days", help="Days to expiry", type=int) +parser.add_option("--noexpiry", help="Never expire", action="store_true") + +opts, args = parser.parse_args() + +if len(args) == 0: + parser.print_usage() + sys.exit(1) + +username = args[0] + +lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) + +samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(), + credentials=creds) +days = opts.days +if days is None: + days = 0 +samdb.setexpiry(username, days*24*3600, opts.noexpiry) -- cgit From 9817f3d785ceb67819a9def0e8030272e4ba9e14 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 30 Aug 2008 07:32:44 +1000 Subject: Add a setexpiry operation in samdb.py This makes it easy to set the expiry (or no expiry) for a samdb user (This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74) --- source4/setup/tests/blackbox_newuser.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/tests/blackbox_newuser.sh b/source4/setup/tests/blackbox_newuser.sh index 3e534f2b52..d25c70669b 100755 --- a/source4/setup/tests/blackbox_newuser.sh +++ b/source4/setup/tests/blackbox_newuser.sh @@ -15,6 +15,18 @@ shift 1 testit "simple-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc -testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass +CONFIG="--configfile=$PREFIX/simple-dc/etc/smb.conf" + +testit "newuser" $PYTHON ./setup/newuser $CONFIG testuser testpass + +# check the enable account script +testit "enableaccount" $PYTHON ./setup/enableaccount $CONFIG testuser + +# check the enable account script +testit "setpassword" $PYTHON ./setup/setpassword $CONFIG testuser --newpassword=testpass2 + +# check the setexpiry script +testit "noexpiry" $PYTHON ./setup/setexpiry $CONFIG testuser --noexpiry +testit "expiry" $PYTHON ./setup/setexpiry $CONFIG testuser --days=7 exit $failed -- cgit From 86d5c3b069f176f580db422f5a1d37bcd11b02c8 Mon Sep 17 00:00:00 2001 From: Oliver Liebel Date: Sat, 6 Sep 2008 13:12:19 +1000 Subject: Remove in OpenLDAP MMR config Signed-of-by: Andrew Bartlett (This used to be commit 80f31c3272b8bc803629c27357033fd325529db1) --- source4/setup/mmr_syncrepl.conf | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/mmr_syncrepl.conf b/source4/setup/mmr_syncrepl.conf index 5fa8b8f8a0..3a207b2d13 100644 --- a/source4/setup/mmr_syncrepl.conf +++ b/source4/setup/mmr_syncrepl.conf @@ -9,4 +9,3 @@ syncrepl rid=${RID} binddn="CN=Manager,${MMRDN}" credentials="${MMR_PASSWORD}" - -- cgit From b76f383eefe961e8a2f42ac782031e3e09ff7192 Mon Sep 17 00:00:00 2001 From: Oliver Liebel Date: Mon, 8 Sep 2008 14:39:54 +1000 Subject: Use DIGEST-MD5 authentication for OpenLDAP replication This avoids passing rootdn passwords or replicated data in cleartext across the network. Signed-of-by: Andrew Bartlett (This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f) --- source4/setup/cn=replicator.ldif | 12 ++++++++++++ source4/setup/mmr_syncrepl.conf | 5 +++-- source4/setup/slapd.conf | 8 ++++---- 3 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 source4/setup/cn=replicator.ldif (limited to 'source4/setup') diff --git a/source4/setup/cn=replicator.ldif b/source4/setup/cn=replicator.ldif new file mode 100644 index 0000000000..e7c5a2408c --- /dev/null +++ b/source4/setup/cn=replicator.ldif @@ -0,0 +1,12 @@ +dn: cn=replicator +objectClass: top +objectClass: person +cn: replicator +userPassword:: ${LDAPADMINPASS_B64} +structuralObjectClass: person +entryUUID: ${UUID} +creatorsName: +createTimestamp: ${LDAPTIME} +entryCSN: 20080714010529.241039Z#000000#000#000000 +modifiersName: +modifyTimestamp: ${LDAPTIME} diff --git a/source4/setup/mmr_syncrepl.conf b/source4/setup/mmr_syncrepl.conf index 3a207b2d13..1373858c4e 100644 --- a/source4/setup/mmr_syncrepl.conf +++ b/source4/setup/mmr_syncrepl.conf @@ -5,7 +5,8 @@ syncrepl rid=${RID} searchbase="${MMRDN}" type=refreshAndPersist retry="10 +" - bindmethod=simple - binddn="CN=Manager,${MMRDN}" + bindmethod=sasl + saslmech=DIGEST-MD5 + authcid="replicator" credentials="${MMR_PASSWORD}" diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 141c0cd27a..b64d581e0d 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -1,5 +1,8 @@ loglevel 0 +### needed for initial content load ### +sizelimit unlimited + ### Multimaster-ServerIDs and URLs ### ${MMR_SERVERIDS_CONFIG} @@ -36,7 +39,7 @@ access to dn.subtree="cn=samba" by anonymous auth access to dn.subtree="${DOMAINDN}" - by dn=cn=samba-admin,cn=samba manage + by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL} by dn=cn=manager manage by * none @@ -62,7 +65,6 @@ rootdn cn=Manager,cn=Samba database hdb suffix ${SCHEMADN} rootdn cn=Manager,${SCHEMADN} -rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/schema index objectClass eq index samAccountName eq @@ -89,7 +91,6 @@ ${MIRRORMODE} database hdb suffix ${CONFIGDN} rootdn cn=Manager,${CONFIGDN} -rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/config index objectClass eq index samAccountName eq @@ -118,7 +119,6 @@ ${MIRRORMODE} database hdb suffix ${DOMAINDN} rootdn cn=Manager,${DOMAINDN} -rootpw "${MMR_PASSWORD}" directory ${LDAPDIR}/db/user index objectClass eq index samAccountName eq -- cgit From ef9169bfa6fcaa682ff5baf729301dd63f6bb029 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 8 Sep 2008 15:09:06 +1000 Subject: Make it clear that the MMR password can differ from the admin passsword In the future, we might simply randomly generate this, or allow the admin to specify it seperate to the admin password. However, both are highly sensitive, as they imply read access to the krbtgt. Andrew Bartlett (This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec) --- source4/setup/cn=replicator.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/setup') diff --git a/source4/setup/cn=replicator.ldif b/source4/setup/cn=replicator.ldif index e7c5a2408c..6001456b4d 100644 --- a/source4/setup/cn=replicator.ldif +++ b/source4/setup/cn=replicator.ldif @@ -2,7 +2,7 @@ dn: cn=replicator objectClass: top objectClass: person cn: replicator -userPassword:: ${LDAPADMINPASS_B64} +userPassword:: ${MMR_PASSWORD_B64} structuralObjectClass: person entryUUID: ${UUID} creatorsName: -- cgit