Introduction

This wiki page will be used to track the integration effort of Samba 4 into SME 9+

Samba 4 Packages

Upstream Centos 6 & 7 do not provide support for the full version of Samba 4. Packages available in the upstream repos are a crippled version of Samba 4, with many of the features associates with Active Directory disabled. The reason for this is detailed here. A solution to provide Samba 4 active directory does not look to be forthcoming by viewing Samba status in the Fedora project.

To further development of support for Samba 4 on the Koozali SME Server, Samba 4 packages from Sernet were selected. These packages will not immediately install cleaning on SME 9 due to the customization of Centos associated with SME 9, so the Sernet packages where re-built for SME 9. Details of this rebuild along with a link to the rebuilt packages are located in bugzilla:8075

After rebuilding, these packages do install cleanly but the services will not start using the init.d scripts provided with the packaged due to changes made during the re-build of the packages for SME 9. A Daemontools run script will need to be developed to start the Samba 4 service.

General Development Notes

Template Fragments

/etc/smb.conf

Complete rewrite of all template fragments

smb.conf Considerations

The smb.conf configuration file can be simplified significantly for Samba 4. Of specific interest are the following new parameters:

Server Services: This parameter is not very well documented, but from what I could find thefollow services can be provided by the Samba daemon: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, ntp_signd, kcc, dnsupdate, dns, smb, nmb, winbind. The default for this parameter is: server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns. Services can be added/remove from the default by a +/- and the service to add/remove. Example server services = -s3fs (remove) +smb (add). Note that the smb, nmb, and windbind services are services equivalent to the older, Samba 3, type services (stand alone daemons). Of specific interest to SME 9 may be the use of the nmb service for WINS support. As we begin testing we may need to enable this service and possibly smb for simple share access.

Server Role: Samba 4 currently only supports the active directory domain controller server role. For now, we'll force Samba config into DC server role, but provide a fragment for expansion later. There is a long explanation behind this, but for now, restriction doesn't hurt us. SME as a DC will provide auth for both domain membership and simple shares by either joining the domain or logging into the server every time.

/etc/raddb/radius.conf

Need to check and/or modify the following existing fragments:

etc/raddb/radiusd.conf/25modules30smbpasswd:    #  An example configuration for using /etc/samba/smbpasswd.
etc/raddb/radiusd.conf/25modules30smbpasswd:}   passwd smbpasswd \{
etc/raddb/radiusd.conf/25modules30smbpasswd:            filename = /etc/samba/smbpasswd
etc/raddb/radiusd.conf/25modules25mschap:               #  reading from /etc/smbpasswd.
etc/raddb/radiusd.conf/25modules25mschap:               #  If you are using /etc/smbpasswd, see the 'passwd'
etc/raddb/radiusd.conf/25modules25mschap:               #  module for an example of how to use /etc/smbpasswd
etc/raddb/radiusd.conf/65authorization40default:        #  If you are using /etc/smbpasswd, and are also doing
etc/raddb/radiusd.conf/65authorization40default:        #  configure the 'smbpasswd' module, above.
etc/raddb/radiusd.conf/65authorization40default:        ( $ldap{Authentication} || 'disabled' ) eq 'enabled' ? 'ldap' : 'smbpasswd';

/etc/krb5.conf

Create based new template fragments for this configuration file

Configuration Database Parameters

SMBD : Delete

NMBD : Delete

SMB : In general, all of the template fragments will be redesigned to allow dbase parameters to override many Samba defaults. Specific parameters that need to be defined or modified are as follows:

• Remove from current default
  • UnixCharSet: Delete

• Default
  • Workgroup: Defaulted to sme-server
  • ServerString: Defaulted to SME Server
  • ServerRole: Redefine with the following:
    • SA: Stand Alone Server Mode
    • BD: Backup Domain Controller/Member
    • DC: Domain Controller (Current default. See server role explanation)
  • OpLocks: Defaulted to enabled
  • KernelOplocks: Add and default to enabled
  • Level2Oplocks: Add and default to enabled
  • AllowDNSUpdates: nonsecure
  • DNSForwarder: New parameter that could be defined to forward DNS requests from the Samba DNS to another DNS.

• Others (optional): These parameters are meant to take smb.conf inputs as defined the man pages. Defaults for these parameters are the same as the corresponding defaults in the smb.conf man page. Template fragments feed these parameters into the smb.conf file with minimal syntax checking, as it is assumed those who manually input them know what they are doing.
  • NameResolveOrder: The order in which name resolution will take place by the Samba daemon.
  • ServerServices: See the server services discussion detailed under smb.conf section
  • SMBPorts:
  • SocketOptions:
  • WideLinks:
  • GuestAccount:
  • GuestOK: y/n
  • LogonDrive: Drive letter to be used to the login drive when users login to a domain
  • RoamingProfiles: y/n
  • LogonPath:
  • BindInterfacesOnly: y/n
  • CaseSensitive: y/n
  • MaxLogSize: Samba log size in kilobytes. Default set to 50.

KRB5 : Create new configuration dbase entry for Kerberos service in Samba

• default_realm: This parameter is built into a template fragment, but we will not define it at default. The template fragment will build the default realm by concatenating the SystemName and DomainName reordered elsewhere in the configuration dbase.
• dns_lookup_realm = false;
• dns_lookup_kdc = true;

Services to Modify

smbd : Remove

• Remove /var/service/smbd
• Remove /services/smbd
• Remove /etc/rc.d/init.d/supervise/smb
• REmove /etc/rc.d/rc7.d/S91smb
• Remove /etc/rc.d/init.d/smbd

nmbd : Remove

• Remove /var/service/smbd
• Remove /services/smbd
• Remove /etc/rc.d/init.d/smbd

smb: Create (Note: I would have liked to have called this "Samba," but that would have meant changing alot of existing code that looks for "smb"

• Create /var/service/smb, using smbd as a template. Samba 4 should be started with /usr/sbin/samba -D
• Create symlink /service/smb -> /var/service/smb
• Create symlink /etc/rc.d/init.d/smb -> /etc/rc.d/init.d/daemontools
• Create symlink /etc/rc.d/rc7.d/S91smb -> /etc/rc.d/init.d/e-smith-service

DNS

Samba 4 includes an builtin DNS server that is required for proper operation of active directory. This internal DNS server is for AD functions only and does not provide caching DNS functions.

SME Server 9.0 includes a caching DNS (djb dnscache) that listens for DNS requests on the LAN IP address and the localhost. This caching DNS then routes DNS requests for domains defined in the server-manager to tinyDNS and other requests to a resolving dns cache (djb dnscache.forwarder).

One approach for DNS architecture with Samba 4 would have samba 4 primary dns requests to LAN clients, forwarding to the dnscache.forwarder service. The primary dnscache instance and tinydns would then be obsoleted.

LDAP

Need to look at the LDAP authentication backend and mechanism on SME. On the surface, it looks like all of the Samba related LDAP code will be dropped and much of the standard authentication code will need to be converted to Active Directory auth. This task should include looking at openldap-proxy.

Local and Samba Authenticaion

1. Local Authentication: Samba 4 provides support for local authentication through PAM. This will need to be looked and and sorted out, especially as it relates to the previous LDAP authentication work.
2. Updates to esmith::util perl module: This perl module contains function for setting and modifying user passwords. We will need to redesign these functions to integrate with AD. Specific changes:
   • setSambaPassword function: This function needs to be completely re-written to set the Active directory password instead of the old samba password in smbpasswd
   • cancelSambaPassword function: Needs to be re-written for active directory instead of old smbpasswd file
   • local password functions: We need to look at these once we decide how we are going to handle local authentication on SME with Active directory.
   • ldapPassword function: Need to look at this and likely deprecate it, as we will likely set active directory passwords differently.

Other Development Tasks to Research and Complete

1. Domain Server-Manager Panel: A new Domain server-manager panel should be developed and the workgroup panel removed. Further discussion will need to take place to determine what needs to go into this new panel. This panel will likely be fairly simple, as much of the configuration parameters associated Samba Active directory will be incorporated into template fragments and database entries.
2. User/Group Server-Manager Panels: These panels will need to be looked at as they relate to template fragments, adjusting services, and updating database entries associated with Samba.
3. Ibay Server-Manager Panel: This panel will need to be looked at as it relates to template fragments, adjusting services, and updating database entries associated with Samba.
4. Events/Actions': Existing events and actions related to samba will need to be reviewed and updated accordingly. A new event/action may need to be developed to provision a new Active Directory Domain using the Samba-Tool utility.
5. e-smith-samba: This package needs to be updated with development pieces detailed in this wiki page, for wider testing and development assistance.

Status

#	Task	Status
1.	Sernet Samba 4 package rebuild	DONE
2.	Create daemontools service for Samba 4	DONE
3.	Re-Write smb.conf template fragments	DONE
4.	Create Kerberos template fragments	DONE
5.	Add/Modify SMB database entries	DONE
6.	Create krb5 configuration dbase key	DONE
7.	Re-configure init.d start-up/shutdown scripts	DONE
8.	Configure Samba DNS Service	DONE
9.	Configure DNS Cache Resolver	DONE
10.	Create Active Directory Provision/Re-Provision SME Event	DONE
11.	Add Active Directory Provisioning to Bootstrap-Console	DONE
12.	Reconfigure SME User Authentication for Active Directory	UNDERWAY

References

1. http://dev.nethserver.org/projects/nethserver/wiki/Samba4 (Thanks Filippo!)
2. https://lists.samba.org/archive/samba/2014-April/180336.html
3. https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
4. http://www.alexwyn.com/computer-tips/centos-samba4-active-directory-domain-controller

Active Directory Schema

Following is a direct dump of the active directory schema from a freshly provisioned SME Server domain. The DNS/Kerberos domain is domain.com, the hostname is virgin, and the windows domain is sme-server. The ipaddress for this test machine is 192.168.0.67. These data is quite long, but I found it very useful; as it is extremely difficult to find these attributes in any documentation about Samba 4 and ADDC:

1. record 1

dn: CN=IIS_IUSRS,CN=Builtin,DC=domain,DC=com

1. record 2

dn: CN=ipsecNegotiationPolicy{59319BF0-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 3

dn: CN=ipsecPolicy{72385230-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 4

dn: CN=10b3ad2a-6883-4fa7-90fc-6377cbdc1b26,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 5

dn: CN=byaddr,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 6

dn: CN=bynumber,CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 7

dn: CN=a3dac986-80e7-4e59-a059-54cb1ab43cb9,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 8

dn: CN=f58300d1-b71a-4DB6-88a1-a8b9538beaca,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 9

dn: CN=ipsecNFA{6A1F5C6F-72B7-11D2-ACF0-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 10

dn: CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 11

dn: CN=d85c0bfd-094f-4cad-a2b5-82ac9268475d,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 12

dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=domain,DC=com

1. record 13

dn: CN=2416c60a-fe15-4d7a-a61e-dffd5df864d3,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 14

dn: CN=6ada9ff7-c9df-45c1-908e-9fef2fab008a,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 15

dn: CN=ipsecNFA{7238523E-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 16

dn: CN=byuser,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 17

dn: CN=byname,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 18

dn: CN=Domain Controllers,CN=Users,DC=domain,DC=com

1. record 19

dn: CN=bygid,CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 20

dn: CN=Meetings,CN=System,DC=domain,DC=com

1. record 21

dn: CN=Policies,CN=System,DC=domain,DC=com

1. record 22

dn: CN=f607fd87-80cf-45e2-890b-6cf97ec0e284,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 23

dn: CN=FileLinks,CN=System,DC=domain,DC=com

1. record 24

dn: CN=Schema Admins,CN=Users,DC=domain,DC=com

1. record 25

dn: CN=Cert Publishers,CN=Users,DC=domain,DC=com

1. record 26

dn: CN=byuid,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 27

dn: CN=Account Operators,CN=Builtin,DC=domain,DC=com

1. record 28

dn: CN=Cryptographic Operators,CN=Builtin,DC=domain,DC=com

1. record 29

dn: CN=Print Operators,CN=Builtin,DC=domain,DC=com

1. record 30

dn: CN=Replicator,CN=Builtin,DC=domain,DC=com

1. record 31

dn: CN=6E157EDF-4E72-4052-A82A-EC3F91021A22,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 32

dn: CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 33

dn: CN=Terminal Server License Servers,CN=Builtin,DC=domain,DC=com

1. record 34

dn: CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

1. record 35

dn: CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 36

dn: CN=Performance Monitor Users,CN=Builtin,DC=domain,DC=com

1. record 37

dn: CN=AppCategories,CN=Default Domain Policy,CN=System,DC=domain,DC=com

1. record 38

dn: CN=ipsecPolicy{72385236-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 39

dn: CN=ComPartitions,CN=System,DC=domain,DC=com

1. record 40

dn: CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 41

dn: CN=Denied RODC Password Replication Group,CN=Users,DC=domain,DC=com

1. record 42

dn: CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 43

dn: CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 44

dn: CN=2951353e-d102-4ea5-906c-54247eeec741,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 45

dn: CN=6bcd5689-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 46

dn: CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 47

dn: CN=0b7fb422-3609-4587-8c2e-94b10f67d1bf,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 48

dn: CN=5c82b233-75fc-41b3-ac71-c69592e6bf15,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 49

dn: CN=Read-only Domain Controllers,CN=Users,DC=domain,DC=com

1. record 50

dn: CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 51

dn: CN=ipsecNegotiationPolicy{59319BDF-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 52

dn: CN=ipsecPolicy{7238523C-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 53

dn: CN=6bcd5680-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 54

dn: CN=byname,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 55

dn: CN=IP Security,CN=System,DC=domain,DC=com

1. record 56

dn: CN=6bcd568c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 57

dn: CN=6bcd5685-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 58

dn: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

1. record 59

dn: CN=WMIPolicy,CN=System,DC=domain,DC=com

1. record 60

dn: CN=ipsecNegotiationPolicy{7238523F-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 61

dn: CN=RID Manager$,CN=System,DC=domain,DC=com

1. record 62

dn: CN=ipsecFilter{7238523A-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 63

dn: CN=Password Settings Container,CN=System,DC=domain,DC=com

1. record 64

dn: CN=Default Domain Policy,CN=System,DC=domain,DC=com

1. record 65

dn: CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=domain,DC=com

1. record 66

dn: CN=byaddr,CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 67

dn: CN=6bcd568d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 68

dn: CN=6bcd567d-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 69

dn: CN=NTDS Quotas,DC=domain,DC=com

1. record 70

dn: CN=ipsecISAKMPPolicy{72385231-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 71

dn: CN=ipsecISAKMPPolicy{7238523D-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 72

dn: CN=Distributed COM Users,CN=Builtin,DC=domain,DC=com

1. record 73

dn: CN=293f0798-ea5c-4455-9f5d-45f33a30703b,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 74

dn: CN=Domain Guests,CN=Users,DC=domain,DC=com

1. record 75

dn: CN=6bcd567e-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 76

dn: CN=RAS and IAS Servers Access Check,CN=System,DC=domain,DC=com

1. record 77

dn: CN=Dfs-Configuration,CN=System,DC=domain,DC=com

1. record 78

dn: CN=RID Set,CN=VIRGIN,OU=Domain Controllers,DC=domain,DC=com

1. record 79

dn: CN=Certificate Service DCOM Access,CN=Builtin,DC=domain,DC=com

1. record 80

dn: CN=Builtin,DC=domain,DC=com

1. record 81

dn: CN=byhost,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 82

dn: CN=Microsoft,CN=Program Data,DC=domain,DC=com

1. record 83

dn: CN=bynumber,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 84

dn: CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 85

dn: CN=Enterprise Read-only Domain Controllers,CN=Users,DC=domain,DC=com

1. record 86

dn: CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=domain,DC=com

1. record 87

dn: CN=dda1d01d-4bd7-4c49-a184-46f9241b560e,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 88

dn: CN=System,DC=domain,DC=com

1. record 89

dn: CN=sme-server,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 90

dn: CN=71482d49-8870-4cb3-a438-b6fc9ec35d70,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 91

dn: CN=Backup Operators,CN=Builtin,DC=domain,DC=com

1. record 92

dn: CN=8ca38317-13a4-4bd4-806f-ebed6acb5d0c,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 93

dn: CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 94

dn: CN=krbtgt,CN=Users,DC=domain,DC=com

1. record 95

dn: CN=Domain Computers,CN=Users,DC=domain,DC=com

1. record 96

dn: CN=Server,CN=System,DC=domain,DC=com

1. record 97

dn: CN=ipsecNFA{59319C04-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 98

dn: CN=Program Data,DC=domain,DC=com

1. record 99

dn: CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

1. record 100

dn: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 101

dn: CN=ipsecNegotiationPolicy{59319C01-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 102

dn: CN=aliases,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 103

dn: OU=Domain Controllers,DC=domain,DC=com

1. record 104

dn: CN=User,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

1. record 105

dn: CN=ipsecFilter{72385235-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 106

dn: CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 107

dn: CN=Guests,CN=Builtin,DC=domain,DC=com

1. record 108

dn: CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 109

dn: CN=ipsecNFA{594272E2-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 110

dn: CN=ipsecNFA{72385232-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 111

dn: CN=PolicyTemplate,CN=WMIPolicy,CN=System,DC=domain,DC=com

1. record 112

dn: CN=61b34cb0-55ee-4be9-b595-97810b92b017,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 113

dn: CN=c88227bc-fcca-4b58-8d8a-cd3d64528a02,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 114

dn: CN=bab5f54d-06c8-48de-9b87-d78b796564e4,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 115

dn: CN=9738c400-7795-4d6e-b19d-c16cd6486166,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 116

dn: CN=byname,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 117

dn: CN=admin,CN=Users,DC=domain,DC=com

1. record 118

dn: CN=b96ed344-545a-4172-aa0c-68118202f125,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 119

dn: CN=byname,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 120

dn: CN=0e660ea3-8a5e-4495-9ad7-ca1bd4638f9e,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 121

dn: CN=bydefaults,CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 122

dn: CN=ComPartitionSets,CN=System,DC=domain,DC=com

1. record 123

dn: CN=File Replication Service,CN=System,DC=domain,DC=com

1. record 124

dn: CN=sme-server,CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 125

dn: CN=51cba88b-99cf-4e16-bef2-c427b38d0767,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 126

dn: CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

1. record 127

dn: CN=4aaabc3a-c416-4b9c-a6bb-4b453ab1c1f0,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 128

dn: CN=57428d75-bef7-43e1-938b-2e749f5a8d56,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 129

dn: CN=4dfbb973-8a62-4310-a90c-776e00f83222,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 130

dn: CN=446f24ea-cfd5-4c52-8346-96e170bcb912,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 131

dn: CN=root,CN=Users,DC=domain,DC=com

1. record 132

dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=domain,DC=com

1. record 133

dn: CN=de10d491-909f-4fb0-9abb-4b7865c0fe80,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 134

dn: CN=4c93ad42-178a-4275-8600-16811d28f3aa,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 135

dn: CN=byname,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 136

dn: CN=ipsecISAKMPPolicy{72385237-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 137

dn: CN=Infrastructure,DC=domain,DC=com

1. record 138

dn: CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

1. record 139

dn: CN=6bcd5681-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 140

dn: CN=ForeignSecurityPrincipals,DC=domain,DC=com

1. record 141

dn: CN=6bcd5686-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 142

dn: CN=aed72870-bf16-4788-8ac7-22299c8207f1,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 143

dn: CN=Users,CN=Builtin,DC=domain,DC=com

1. record 144

dn: CN=netid,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 145

dn: CN=Remote Desktop Users,CN=Builtin,DC=domain,DC=com

1. record 146

dn: CN=Event Log Readers,CN=Builtin,DC=domain,DC=com

1. record 147

dn: CN=byname,CN=services,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 148

dn: CN=Enterprise Admins,CN=Users,DC=domain,DC=com

1. record 149

dn: CN=ipsecNFA{59319BE2-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 150

dn: CN=6bcd5682-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 151

dn: CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 152

dn: CN=6bcd5687-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 153

dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=domain,DC=com

1. record 154

dn: CN=sme-server,CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 155

dn: CN=sme-server,CN=ethers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 156

dn: CN=services,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 157

dn: CN=9cac1f66-2167-47ad-a472-2a13251310e4,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 158

dn: CN=sme-server,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 159

dn: CN=byname,CN=netid,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 160

dn: DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 161

dn: CN=6bcd568a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 162

dn: CN=6bcd567a-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 163

dn: CN=bydefaults,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 164

dn: DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 165

dn: CN=Allowed RODC Password Replication Group,CN=Users,DC=domain,DC=com

1. record 166

dn: CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 167

dn: CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 168

dn: CN=sme-server,CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 169

dn: CN=sme-server,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 170

dn: CN=6bcd5678-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 171

dn: CN=sme-server,CN=passwd,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 172

dn: CN=Machine,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

1. record 173

dn: CN=bydefaults,CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 174

dn: CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 175

dn: DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 176

dn: CN=231fb90b-c92a-40c9-9379-bacfc313a3e3,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 177

dn: CN=PolicyType,CN=WMIPolicy,CN=System,DC=domain,DC=com

1. record 178

dn: CN=sme-server,CN=services,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 179

dn: CN=7868d4c8-ac41-4e05-b401-776280e8e9f1,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 180

dn: DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 181

dn: CN=3051c66f-b332-4a73-9a20-2d6a7d6e6a1c,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 182

dn: CN=Incoming Forest Trust Builders,CN=Builtin,DC=domain,DC=com

1. record 183

dn: CN=ipsecNFA{594272FD-071D-11D3-AD22-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 184

dn: CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 185

dn: CN=Users,DC=domain,DC=com

1. record 186

dn: CN=byaddr,CN=mail,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 187

dn: CN=WinsockServices,CN=System,DC=domain,DC=com

1. record 188

dn: DC=i.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 189

dn: CN=860c36ed-5241-4c62-a18b-cf6ff9994173,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 190

dn: CN=Guest,CN=Users,DC=domain,DC=com

1. record 191

dn: CN=DnsUpdateProxy,CN=Users,DC=domain,DC=com

1. record 192

dn: CN=sme-server,CN=bootparams,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 193

dn: DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 194

dn: CN=8437C3D8-7689-4200-BF38-79E4AC33DFA0,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 195

dn: CN=WMIGPO,CN=WMIPolicy,CN=System,DC=domain,DC=com

1. record 196

dn: CN=AdminSDHolder,CN=System,DC=domain,DC=com

1. record 197

dn: CN=bydefaults,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 198

dn: DC=k.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 199

dn: CN=ipsecNegotiationPolicy{7238523B-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System,DC=domain,DC=com

1. record 200

dn: CN=RAS and IAS Servers,CN=Users,DC=domain,DC=com

1. record 201

dn: CN=Computers,DC=domain,DC=com

1. record 202

dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 203

dn: CN=VIRGIN,OU=Domain Controllers,DC=domain,DC=com

1. record 204

dn: DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 205

dn: CN=rpc,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 206

dn: CN=DnsAdmins,CN=Users,DC=domain,DC=com

1. record 207

dn: CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 208

dn: CN=Administrator,CN=Users,DC=domain,DC=com

1. record 209

dn: DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 210

dn: CN=SOM,CN=WMIPolicy,CN=System,DC=domain,DC=com

1. record 211

dn: CN=Network Configuration Operators,CN=Builtin,DC=domain,DC=com

1. record 212

dn: DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 213

dn: CN=sme-server,CN=netmasks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 214

dn: CN=a1789bfb-e0a2-4739-8cc0-e77d892d080a,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 215

dn: CN=Content,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=domain,DC=com

1. record 216

dn: DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 217

dn: CN=8ddf6913-1c7b-4c59-a5af-b9ca3b3d2c4c,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 218

dn: CN=7ffef925-405b-440a-8d58-35e8cd6e98c3,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 219

dn: CN=LostAndFound,DC=domain,DC=com

1. record 220

dn: CN=Server Operators,CN=Builtin,DC=domain,DC=com

1. record 221

dn: CN=f7ed4553-d82b-49ef-a839-2f38a36bb069,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 222

dn: DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 223

dn: CN=7cfb016c-4f87-4406-8166-bd9df943947f,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 224

dn: CN=f3dd09dd-25e8-4f9c-85df-12d6d2f2f2f5,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 225

dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=domain,DC=com

1. record 226

dn: CN=byaddr,CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 227

dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 228

dn: CN=sme-server,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 229

dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=domain,DC=com

1. record 230

dn: CN=sme-server,CN=shadow,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 231

dn: CN=6bcd5683-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 232

dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 233

dn: CN=6bcd5688-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 234

dn: CN=Domain Users,CN=Users,DC=domain,DC=com

1. record 235

dn: DC=domain,DC=com

1. record 236

dn: CN=98de1d3e-6611-443b-8b4e-f4337f1ded0b,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 237

dn: CN=protocols,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 238

dn: CN=3c784009-1f57-4e2a-9b04-6915c9e71961,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 239

dn: CN=User,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

1. record 240

dn: CN=Administrators,CN=Builtin,DC=domain,DC=com

1. record 241

dn: CN=RpcServices,CN=System,DC=domain,DC=com

1. record 242

dn: CN=byname,CN=group,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 243

dn: CN=6bcd568b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 244

dn: CN=6bcd5684-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 245

dn: CN=6bcd567b-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 246

dn: CN=Domain Admins,CN=Users,DC=domain,DC=com

1. record 247

dn: CN=VolumeTable,CN=FileLinks,CN=System,DC=domain,DC=com

1. record 248

dn: CN=6bcd5679-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 249

dn: CN=Group Policy Creator Owners,CN=Users,DC=domain,DC=com

1. record 250

dn: CN=ebad865a-d649-416f-9922-456b53bbb5b8,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 251

dn: CN=ipsecNFA{59319BF3-5EE3-11D2-ACE8-0060B0ECCA17},CN=IP Security,CN=System,DC=domain,DC=com

1. record 252

dn: CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 253

dn: CN=Performance Log Users,CN=Builtin,DC=domain,DC=com

1. record 254

dn: CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com

1. record 255

dn: CN=Windows Authorization Access Group,CN=Builtin,DC=domain,DC=com

1. record 256

dn: CN=3e4f4182-ac5d-4378-b760-0eab2de593e2,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 257

dn: CN=6bcd567c-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 258

dn: CN=byaddr,CN=hosts,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 259

dn: CN=sme-server,CN=netid,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 260

dn: CN=networks,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. record 261

dn: CN=13d15cf0-e6c8-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 262

dn: CN=c4f17608-e611-11d6-9793-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=domain,DC=com

1. record 263

dn: CN=sme-server,CN=netgroup,CN=ypServ30,CN=RpcServices,CN=System,DC=domain,DC=com

1. Referral

ref: ldap://domain.com/CN=Configuration,DC=domain,DC=com

1. Referral

ref: ldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com

1. Referral

ref: ldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com

1. returned 266 records
2. 263 entries
3. 3 referrals