objectSid: ${DOMAINSID}
privateKeytab: ${SECRETS_KEYTAB}
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
-dn: samAccountName=krbtgt,flatname=${DOMAIN},CN=Principals
-objectClass: top
-objectClass: secret
-objectClass: kerberosSecret
-flatname: ${DOMAIN}
-realm: ${REALM}
-sAMAccountName: krbtgt
-objectSid: ${DOMAINSID}
-servicePrincipalName: kadmin/changepw
-krb5Keytab: HDB:ldb:${SAM_LDB}:
-#The trailing : here is a HACK, but it matches the Heimdal format.
-
-# A hook from our credentials system into HDB, as we must be on a KDC,
-# we can look directly into the database.
+#Update a keytab for the external DNS server to use
dn: servicePrincipalName=DNS/${DNSDOMAIN},CN=Principals
objectClass: top
objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
servicePrincipalName: DNS/${DNSDOMAIN}
+msDS-KeyVersionNumber: 1
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}