###############################
# Domain Naming Context
###############################
dn: ${DOMAINDN}
changetype: modify
-
# This should be 0x0001, but the 0 byte is not allowed - therefore encoded
replace: auditingPolicy
auditingPolicy:: AAE=
-
replace: creationTime
creationTime: ${CREATTIME}
-
replace: forceLogoff
forceLogoff: -9223372036854775808
-
# "fSMORoleOwner" filled in later
replace: gPLink
gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
-
replace: lockoutDuration
lockoutDuration: -18000000000
-
replace: lockOutObservationWindow
lockOutObservationWindow: -18000000000
-
replace: lockoutThreshold
lockoutThreshold: 0
-
# "masteredBy" filled in later
replace: maxPwdAge
maxPwdAge: -37108517437440
-
# FIXME: This should be "-864000000000" when we fully comply with passwords pol.
replace: minPwdAge
minPwdAge: 0
-
replace: minPwdLength
minPwdLength: 7
-
replace: modifiedCount
modifiedCount: 1
-
replace: modifiedCountAtLastProm
modifiedCountAtLastProm: 0
-
replace: msDS-AllUsersTrustQuota
msDS-AllUsersTrustQuota: 1000
-
replace: msDS-Behavior-Version
msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY}
-
replace: ms-DS-MachineAccountQuota
ms-DS-MachineAccountQuota: 10
-
# "msDs-masteredBy" filled in later
replace: msDS-PerUserTrustQuota
msDS-PerUserTrustQuota: 1
-
replace: msDS-PerUserTrustTombstonesQuota
msDS-PerUserTrustTombstonesQuota: 10
-
replace: nextRid
nextRid: 1000
-
replace: nTMixedDomain
nTMixedDomain: 0
-
replace: objectSid
objectSid: ${DOMAINSID}
-
# This exists only in SAMBA
replace: oEMInformation
oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}
-
replace: pwdProperties
pwdProperties: 1
-
replace: pwdHistoryLength
pwdHistoryLength: 24
-
replace: rIDManagerReference
rIDManagerReference: CN=RID Manager$,CN=System,${DOMAINDN}
-
replace: serverState
serverState: 1
-
replace: subRefs
subRefs: ${CONFIGDN}
-
replace: systemFlags
systemFlags: -1946157056
-
replace: uASCompat
uASCompat: 1
-