Commit 57760c2d authored by CRAIG BENNER's avatar CRAIG BENNER

changes to include admin ou structure and permissions

parent 081690f9
...@@ -114,6 +114,27 @@ try { ...@@ -114,6 +114,27 @@ try {
createOU "PSU-Groups" $baseDN createOU "PSU-Groups" $baseDN
createOU "PSU-AD-Groups" "OU=PSU-Groups,$baseDN" createOU "PSU-AD-Groups" "OU=PSU-Groups,$baseDN"
createOU "PSU-AD-Administration" $baseDN
$ADAdminOU = "OU=PSU-AD-Administration,$baseDN"
createOU "PSU-AD-Domain-Administration" $ADAdminOU
createOU "Service-Admin-Accounts" "OU=PSU-AD-Domain-Administration,$ADAdminOU"
createOU "Service-Admin-Groups" "OU=PSU-AD-Domain-Administration,$ADAdminOU"
createOU "PSU-AD-OU-Administration" $ADAdminOU
createOU "PSU-OU-Admin-Accounts" "OU=PSU-AD-OU-Administration,$ADAdminOU"
createOU "PSU-OU-Admin-Groups" "OU=PSU-AD-OU-Administration,$ADAdminOU"
createOU "PSU-AD-Server-Administration" $ADAdminOU
createOU "PSU-Server-Admin-Accounts" "OU=PSU-AD-Server-Administration,$ADAdminOU"
createOU "PSU-Server-Admin-Groups" "OU=PSU-AD-Server-Administration,$ADAdminOU"
createOU "PSU-AD-Workstation-Administration" $ADAdminOU
createOU "PSU-Workstation-Admin-Accounts" "OU=PSU-AD-Workstation-Administration,$ADAdminOU"
createOU "PSU-Workstation-Admin-Groups" "OU=PSU-AD-Workstation-Administration,$ADAdminOU"
createOU "PSU-Secondary-Account-Administration" $ADAdminOU
#Groups #Groups
$adGroupsDN = "OU=PSU-AD-Groups,OU=PSU-Groups,$baseDN" $adGroupsDN = "OU=PSU-AD-Groups,OU=PSU-Groups,$baseDN"
...@@ -121,6 +142,7 @@ try { ...@@ -121,6 +142,7 @@ try {
createGroup "PSU-Inactive-Users" $adGroupsDN createGroup "PSU-Inactive-Users" $adGroupsDN
createGroup "PSU-Security-Disabled-Users" $adGroupsDN createGroup "PSU-Security-Disabled-Users" $adGroupsDN
createGroup "PSU-Deprovisioned-Users" $adGroupsDN createGroup "PSU-Deprovisioned-Users" $adGroupsDN
createGroup "PSU-NonCPR-Users" $adGroupsDN
#### LOCAL Configuration #### #### LOCAL Configuration ####
createOU "LocalConfig" $baseDN createOU "LocalConfig" $baseDN
...@@ -129,6 +151,7 @@ try { ...@@ -129,6 +151,7 @@ try {
grantUserPermssion $localDevUsername "OU=PSU-Users,$baseDN" "GenericAll" grantUserPermssion $localDevUsername "OU=PSU-Users,$baseDN" "GenericAll"
grantUserPermssion $localDevUsername "OU=PSU-Groups,$baseDN" "GenericAll" grantUserPermssion $localDevUsername "OU=PSU-Groups,$baseDN" "GenericAll"
grantUserPermssion $localDevUserName "OU=PSU-Users,$baseDN" "ExtendedRight" $ADS_EXTENDED_SETPASSWORD grantUserPermssion $localDevUserName "OU=PSU-Users,$baseDN" "ExtendedRight" $ADS_EXTENDED_SETPASSWORD
grantUserPermssion $localDevUserName "OU=PSU-AD-Administration,$baseDN" "ExtendedRight" $ADS_EXTENDED_SETPASSWORD
#### Test Accounts for Local Mirror of Kerb ### #### Test Accounts for Local Mirror of Kerb ###
createUser "bad1" "OU=PSU-Users,$baseDN" $localDevPassword createUser "bad1" "OU=PSU-Users,$baseDN" $localDevPassword
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment