1 ###############################
2 # Domain Naming Context
3 ###############################
7 # This should be 0x0001, but the 0 byte is not allowed - therefore encoded
8 replace: auditingPolicy
12 creationTime: ${CREATTIME}
14 # "dSCorePropagationDate" should contain the provision data
16 forceLogoff: -9223372036854775808
18 # "fSMORoleOwner" filled in later
20 gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
22 replace: isCriticalSystemObject
23 isCriticalSystemObject: TRUE
25 replace: lockoutDuration
26 lockoutDuration: -18000000000
28 replace: lockOutObservationWindow
29 lockOutObservationWindow: -18000000000
31 replace: lockoutThreshold
34 # "masteredBy" filled in later
36 maxPwdAge: -36288000000000
39 minPwdAge: -864000000000
42 minPwdLength: ${MIN_PWD_LENGTH}
44 replace: modifiedCount
47 replace: modifiedCountAtLastProm
48 modifiedCountAtLastProm: 0
50 replace: msDS-AllUsersTrustQuota
51 msDS-AllUsersTrustQuota: 1000
53 replace: msDS-Behavior-Version
54 msDS-Behavior-Version: ${DOMAIN_FUNCTIONALITY}
56 replace: ms-DS-MachineAccountQuota
57 ms-DS-MachineAccountQuota: 10
59 # "msDs-masteredBy" filled in later
63 replace: msDS-PerUserTrustQuota
64 msDS-PerUserTrustQuota: 1
66 replace: msDS-PerUserTrustTombstonesQuota
67 msDS-PerUserTrustTombstonesQuota: 10
72 replace: nTMixedDomain
75 # This does only exist in SAMBA
76 replace: oEMInformation
77 oEMInformation: Provisioned by SAMBA ${SAMBA_VERSION_STRING}
79 replace: pwdProperties
82 replace: pwdHistoryLength
89 systemFlags: -1946157056