From 9840ee76fbb2e52b2ddb36c9342eb9a7faeacda6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 11 Dec 2017 12:22:05 +1300 Subject: [PATCH] provision: Fill in validAccesses in extended-rights.ldif for Control Access Rights MS-ATDS 5.1.3.2.1 Control Access Rights specifies the value of RIGHT_DS_CONTROL_ACCESS which is 256 (0x100) per 5.1.3.2 Access Rights. Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam --- source4/setup/extended-rights.ldif | 54 ++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/source4/setup/extended-rights.ldif b/source4/setup/extended-rights.ldif index abf5afc0311..4daa21ac5ca 100644 --- a/source4/setup/extended-rights.ldif +++ b/source4/setup/extended-rights.ldif @@ -123,6 +123,7 @@ objectClass: controlAccessRight displayName: Change-Rid-Master rightsGuid: d58d5f36-0a98-11d1-adbb-00c04fd8d5cd appliesTo: 6617188d-8f3c-11d0-afda-00c04fd930c9 +validAccesses: 256 dn: CN=Do-Garbage-Collection,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -130,6 +131,7 @@ objectClass: controlAccessRight displayName: Do-Garbage-Collection rightsGuid: fec364e0-0a98-11d1-adbb-00c04fd8d5cd appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed +validAccesses: 256 dn: CN=Recalculate-Hierarchy,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -137,6 +139,7 @@ objectClass: controlAccessRight displayName: Recalculate-Hierarchy rightsGuid: 0bc1554e-0a99-11d1-adbb-00c04fd8d5cd appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed +validAccesses: 256 dn: CN=Allocate-Rids,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -144,6 +147,7 @@ objectClass: controlAccessRight displayName: Allocate-Rids rightsGuid: 1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed +validAccesses: 256 dn: CN=Change-PDC,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -151,6 +155,7 @@ objectClass: controlAccessRight displayName: Change-PDC rightsGuid: bae50096-4752-11d1-9052-00c04fc2d4cf appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Add-GUID,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -158,6 +163,7 @@ objectClass: controlAccessRight displayName: Add-GUID rightsGuid: 440820ad-65b4-11d1-a3da-0000f875ae0d appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Change-Domain-Master,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -165,6 +171,7 @@ objectClass: controlAccessRight displayName: Change-Domain-Master rightsGuid: 014bf69c-7b3b-11d1-85f6-08002be74fab appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 +validAccesses: 256 dn: CN=Public-Information,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -182,6 +189,7 @@ objectClass: controlAccessRight displayName: msmq-Receive-Dead-Letter rightsGuid: 4b6e08c0-df3c-11d1-9c86-006008764d0e appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0 +validAccesses: 256 dn: CN=msmq-Peek-Dead-Letter,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -189,6 +197,7 @@ objectClass: controlAccessRight displayName: msmq-Peek-Dead-Letter rightsGuid: 4b6e08c1-df3c-11d1-9c86-006008764d0e appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0 +validAccesses: 256 dn: CN=msmq-Receive-computer-Journal,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -196,6 +205,7 @@ objectClass: controlAccessRight displayName: msmq-Receive-computer-Journal rightsGuid: 4b6e08c2-df3c-11d1-9c86-006008764d0e appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0 +validAccesses: 256 dn: CN=msmq-Peek-computer-Journal,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -203,6 +213,7 @@ objectClass: controlAccessRight displayName: msmq-Peek-computer-Journal rightsGuid: 4b6e08c3-df3c-11d1-9c86-006008764d0e appliesTo: 9a0dc344-c100-11d1-bbc5-0080c76670c0 +validAccesses: 256 dn: CN=msmq-Receive,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -210,6 +221,7 @@ objectClass: controlAccessRight displayName: msmq-Receive rightsGuid: 06bd3200-df3e-11d1-9c86-006008764d0e appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0 +validAccesses: 256 dn: CN=msmq-Peek,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -217,6 +229,7 @@ objectClass: controlAccessRight displayName: msmq-Peek rightsGuid: 06bd3201-df3e-11d1-9c86-006008764d0e appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0 +validAccesses: 256 dn: CN=msmq-Send,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -225,6 +238,7 @@ displayName: msmq-Send rightsGuid: 06bd3202-df3e-11d1-9c86-006008764d0e appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0 appliesTo: 46b27aac-aafa-4ffb-b773-e5bf621ee87b +validAccesses: 256 dn: CN=msmq-Receive-journal,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -232,6 +246,7 @@ objectClass: controlAccessRight displayName: msmq-Receive-journal rightsGuid: 06bd3203-df3e-11d1-9c86-006008764d0e appliesTo: 9a0dc343-c100-11d1-bbc5-0080c76670c0 +validAccesses: 256 dn: CN=msmq-Open-Connector,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -239,6 +254,7 @@ objectClass: controlAccessRight displayName: msmq-Open-Connector rightsGuid: b4e60130-df3f-11d1-9c86-006008764d0e appliesTo: bf967ab3-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=Apply-Group-Policy,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -246,6 +262,7 @@ objectClass: controlAccessRight displayName: Apply-Group-Policy rightsGuid: edacfd8f-ffb3-11d1-b41d-00a0c968f939 appliesTo: f30e3bc2-9ff0-11d1-b603-0000f80367c1 +validAccesses: 256 dn: CN=RAS-Information,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -261,6 +278,7 @@ objectClass: controlAccessRight displayName: DS-Install-Replica rightsGuid: 9923a32a-3607-11d2-b9be-0000f87a36b2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Change-Infrastructure-Master,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -268,6 +286,7 @@ objectClass: controlAccessRight displayName: Change-Infrastructure-Master rightsGuid: cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd appliesTo: 2df90d89-009f-11d2-aa4c-00c04fd7d83a +validAccesses: 256 dn: CN=Update-Schema-Cache,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -275,6 +294,7 @@ objectClass: controlAccessRight displayName: Update-Schema-Cache rightsGuid: be2bb760-7f46-11d2-b9ad-00c04f79f805 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=Recalculate-Security-Inheritance,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -282,6 +302,7 @@ objectClass: controlAccessRight displayName: Recalculate-Security-Inheritance rightsGuid: 62dd28a8-7f46-11d2-b9ad-00c04f79f805 appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed +validAccesses: 256 dn: CN=DS-Check-Stale-Phantoms,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -289,6 +310,7 @@ objectClass: controlAccessRight displayName: DS-Check-Stale-Phantoms rightsGuid: 69ae6200-7f46-11d2-b9ad-00c04f79f805 appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed +validAccesses: 256 dn: CN=Certificate-Enrollment,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -296,6 +318,7 @@ objectClass: controlAccessRight displayName: Certificate-Enrollment rightsGuid: 0e10c968-78fb-11d2-90d4-00c04f79dc55 appliesTo: e5209ca2-3bba-11d2-90cc-00c04fd91ab1 +validAccesses: 256 dn: CN=Self-Membership,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -328,6 +351,7 @@ displayName: Generate-RSoP-Planning rightsGuid: b7b1b3dd-ab09-4242-9e30-9980e5d322f7 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 appliesTo: bf967aa5-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=Refresh-Group-Cache,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -335,6 +359,7 @@ objectClass: controlAccessRight displayName: Refresh-Group-Cache rightsGuid: 9432c620-033c-4db7-8b58-14ef6d0bf477 appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed +validAccesses: 256 dn: CN=Reload-SSL-Certificate,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -342,6 +367,7 @@ objectClass: controlAccessRight displayName: Reload-SSL-Certificate rightsGuid: 1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8 appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed +validAccesses: 256 dn: CN=SAM-Enumerate-Entire-Domain,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -349,6 +375,7 @@ objectClass: controlAccessRight displayName: SAM-Enumerate-Entire-Domain rightsGuid: 91d67418-0135-4acc-8d79-c08e857cfbec appliesTo: bf967aad-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=Generate-RSoP-Logging,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -357,6 +384,7 @@ displayName: Generate-RSoP-Logging rightsGuid: b7b1b3de-ab09-4242-9e30-9980e5d322f7 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 appliesTo: bf967aa5-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=Domain-Other-Parameters,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -380,6 +408,7 @@ objectClass: controlAccessRight displayName: Create-Inbound-Forest-Trust rightsGuid: e2a36dc9-ae17-47c3-b58b-be34c55ba633 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=DS-Replication-Get-Changes-All,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -389,6 +418,7 @@ rightsGuid: 1131f6ad-9c07-11d1-f79f-00c04fc2dcd2 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Migrate-SID-History,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -396,6 +426,7 @@ objectClass: controlAccessRight displayName: Migrate-SID-History rightsGuid: BA33815A-4F93-4c76-87F3-57574BFF8109 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Reanimate-Tombstones,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -405,6 +436,7 @@ rightsGuid: 45EC5156-DB7E-47bb-B53F-DBEB2D03C40F appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Allowed-To-Authenticate,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -415,6 +447,7 @@ appliesTo: 4828cc14-1437-45bc-9b07-ad6f015e5f28 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2 appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64 +validAccesses: 256 dn: CN=DS-Execute-Intentions-Script,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -422,6 +455,7 @@ objectClass: controlAccessRight displayName: DS-Execute-Intentions-Script rightsGuid: 2f16c4a5-b98e-432c-952a-cb388ba33f2e appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 +validAccesses: 256 dn: CN=DS-Replication-Monitor-Topology,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -431,6 +465,7 @@ rightsGuid: f98340fb-7c5b-4cdb-a00b-2ebdfa115a96 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Update-Password-Not-Required-Bit,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -438,6 +473,7 @@ objectClass: controlAccessRight displayName: Update-Password-Not-Required-Bit rightsGuid: 280f369c-67c7-438e-ae98-1d46f3c6f541 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Unexpire-Password,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -445,6 +481,7 @@ objectClass: controlAccessRight displayName: Unexpire-Password rightsGuid: ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Enable-Per-User-Reversibly-Encrypted-Password,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -452,6 +489,7 @@ objectClass: controlAccessRight displayName: Enable-Per-User-Reversibly-Encrypted-Password rightsGuid: 05c74c5e-4deb-43b4-bd9f-86664c2a7fd5 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=DS-Query-Self-Quota,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -459,6 +497,7 @@ objectClass: controlAccessRight displayName: DS-Query-Self-Quota rightsGuid: 4ecc03fe-ffc0-4947-b630-eb672a8a9dbc appliesTo: da83fc4f-076f-4aea-b4dc-8f4dab9b5993 +validAccesses: 256 dn: CN=Private-Information,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -490,6 +529,7 @@ objectClass: controlAccessRight displayName: Domain-Administer-Server rightsGuid: ab721a52-1e2f-11d0-9819-00aa0040529b appliesTo: bf967aad-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=User-Change-Password,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -500,6 +540,7 @@ appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28 appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64 +validAccesses: 256 dn: CN=User-Force-Change-Password,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -510,6 +551,7 @@ appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28 appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64 +validAccesses: 256 dn: CN=Send-As,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -520,6 +562,7 @@ appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28 appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64 +validAccesses: 256 dn: CN=Receive-As,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -530,6 +573,7 @@ appliesTo: bf967a86-0de6-11d0-a285-00aa003049e2 appliesTo: bf967aba-0de6-11d0-a285-00aa003049e2 appliesTo: 4828CC14-1437-45bc-9B07-AD6F015E5F28 appliesTo: ce206244-5827-4a86-ba1c-1c0c386c1b64 +validAccesses: 256 dn: CN=Send-To,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -537,6 +581,7 @@ objectClass: controlAccessRight displayName: Send-To rightsGuid: ab721a55-1e2f-11d0-9819-00aa0040529b appliesTo: bf967a9c-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=Domain-Password,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -587,6 +632,7 @@ objectClass: controlAccessRight displayName: Open-Address-Book rightsGuid: a1990816-4298-11d1-ade2-00c04fd8d5cd appliesTo: 3e74f60f-3e73-11d1-a9c0-0000f80367c1 +validAccesses: 256 dn: CN=Personal-Information,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -626,6 +672,7 @@ rightsGuid: 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=DS-Replication-Synchronize,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -635,6 +682,7 @@ rightsGuid: 1131f6ab-9c07-11d1-f79f-00c04fc2dcd2 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=DS-Replication-Manage-Topology,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -644,6 +692,7 @@ rightsGuid: 1131f6ac-9c07-11d1-f79f-00c04fc2dcd2 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Change-Schema-Master,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -651,6 +700,7 @@ objectClass: controlAccessRight displayName: Change-Schema-Master rightsGuid: e12b56b6-0a95-11d1-adbb-00c04fd8d5cd appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=DS-Replication-Get-Changes-In-Filtered-Set,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -660,6 +710,7 @@ rightsGuid: 89e95b76-444d-4c62-991a-0facbeda640c appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 +validAccesses: 256 dn: CN=Run-Protect-Admin-Groups-Task,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -667,6 +718,7 @@ objectClass: controlAccessRight displayName: Run-Protect-Admin-Groups-Task rightsGuid: 7726b9d5-a4b4-4288-a6b2-dce952e80a7f appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 dn: CN=Manage-Optional-Features,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -674,6 +726,7 @@ objectClass: controlAccessRight displayName: Manage-Optional-Features rightsGuid: 7c0e2a7c-a419-48e4-a995-10180aad54dd appliesTo: ef9e60e0-56f7-11d1-a9c6-0000f80367c1 +validAccesses: 256 dn: CN=Read-Only-Replication-Secret-Synchronization,CN=Extended-Rights,${CONFIGDN} objectClass: top @@ -683,6 +736,7 @@ rightsGuid: 1131f6ae-9c07-11d1-f79f-00c04fc2dcd2 appliesTo: bf967a8f-0de6-11d0-a285-00aa003049e2 appliesTo: bf967a87-0de6-11d0-a285-00aa003049e2 appliesTo: 19195a5b-6da0-11d0-afd3-00c04fd930c9 +validAccesses: 256 ${INC2012} ${INC2012}dn: CN=Validated-MS-DS-Behavior-Version,CN=Extended-Rights,${CONFIGDN} ${INC2012}objectClass: controlAccessRight -- 2.34.1