From ebb73f1c5d577c1d32c5c0519dcf3fb25c578c45 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 23 Jan 2013 15:55:31 +0100
Subject: [PATCH] provision: add
 get_dns_{forest,domain}_microsoft_dns_descriptor()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/scripting/python/samba/provision/__init__.py   |  2 ++
 source4/scripting/python/samba/provision/descriptor.py | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 221b580c46e..390a0929896 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -94,6 +94,8 @@ from samba.provision.descriptor import (
     get_domain_delete_protected1_descriptor,
     get_domain_delete_protected2_descriptor,
     get_dns_partition_descriptor,
+    get_dns_forest_microsoft_dns_descriptor,
+    get_dns_domain_microsoft_dns_descriptor,
     )
 from samba.provision.common import (
     setup_path,
diff --git a/source4/scripting/python/samba/provision/descriptor.py b/source4/scripting/python/samba/provision/descriptor.py
index dfb2a721e63..32e91ed2b57 100644
--- a/source4/scripting/python/samba/provision/descriptor.py
+++ b/source4/scripting/python/samba/provision/descriptor.py
@@ -343,3 +343,17 @@ def get_dns_partition_descriptor(domain_sid, name_map={}):
     "(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)" \
     "(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPWOWD;;;WD)"
     return sddl2binary(sddl, domain_sid, name_map)
+
+def get_dns_forest_microsoft_dns_descriptor(domain_sid, name_map={}):
+    sddl = "O:SYG:SYD:AI" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
+    "(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)"
+    return sddl2binary(sddl, domain_sid, name_map)
+
+def get_dns_domain_microsoft_dns_descriptor(domain_sid, name_map={}):
+    sddl = "O:SYG:SYD:AI" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)" \
+    "(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;DnsAdmins)" \
+    "(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
+    "(A;CI;RPWPCRCCDCLCRCWOWDSDDTSW;;;ED)"
+    return sddl2binary(sddl, domain_sid, name_map)
-- 
2.11.4.GIT