1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
###############################
# Domain Naming Context
###############################
dn: ${DOMAINDN}
changetype: modify
-
replace: auditingPolicy
auditingPolicy:
-
replace: creationTime
creationTime: ${CREATTIME}
-
replace: forceLogoff
forceLogoff: -9223372036854775808
-
# "fSMORoleOwner" filled in later
replace: gPLink
gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
-
replace: lockoutDuration
lockoutDuration: -18000000000
-
replace: lockOutObservationWindow
lockOutObservationWindow: -18000000000
-
replace: lockoutThreshold
lockoutThreshold: 0
-
# "masteredBy" filled in later
replace: maxPwdAge
maxPwdAge: -37108517437440
-
# FIXME: This should be "-864000000000" when we fully comply with passwords pol.
replace: minPwdAge
minPwdAge: 0
-
replace: minPwdLength
minPwdLength: 7
-
replace: modifiedCount
modifiedCount: 1
-
replace: modifiedCountAtLastProm
modifiedCountAtLastProm: 0
-
replace: msDS-AllUsersTrustQuota
msDS-AllUsersTrustQuota: 1000
-
replace: msDS-Behavior-Version
msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY}
-
replace: ms-DS-MachineAccountQuota
ms-DS-MachineAccountQuota: 10
-
# "msDs-masteredBy" filled in later
replace: msDS-PerUserTrustQuota
msDS-PerUserTrustQuota: 1
-
replace: msDS-PerUserTrustTombstonesQuota
msDS-PerUserTrustTombstonesQuota: 10
-
replace: nextRid
nextRid: 1000
-
replace: nTMixedDomain
nTMixedDomain: 0
-
replace: objectSid
objectSid: ${DOMAINSID}
-
# This exists only in SAMBA
replace: oEMInformation
oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}
-
replace: pwdProperties
pwdProperties: 1
-
replace: pwdHistoryLength
pwdHistoryLength: 24
-
replace: rIDManagerReference
rIDManagerReference: CN=RID Manager$,CN=System,${DOMAINDN}
-
replace: serverState
serverState: 1
-
replace: subRefs
subRefs: ${CONFIGDN}
-
replace: systemFlags
systemFlags: -1946157056
-
replace: uASCompat
uASCompat: 1
-
replace: wellKnownObjects
wellKnownObjects: B:32:6227f0af1fc2410d8e3bb10615bb5b0f:CN=NTDS Quotas,${DOMAINDN}
wellKnownObjects: B:32:f4be92a4c777485e878e9421d53087db:CN=Microsoft,CN=Program Data,${DOMAINDN}
wellKnownObjects: B:32:09460c08ae1e4a4ea0f64aee7daa1e5a:CN=Program Data,${DOMAINDN}
wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN}
wellKnownObjects: B:32:18e2ea80684f11d2b9aa00c04f79f805:CN=Deleted Objects,${DOMAINDN}
wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN}
wellKnownObjects: B:32:ab8153b7768811d1aded00c04fd8d5cd:CN=LostAndFound,${DOMAINDN}
wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN}
wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN}
wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN}
wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN}
-
${DOMAINGUID_MOD}
|