Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
4.1.29.2.8 GenerateNewKrbTgtAcct

4.1.29.2.8 GenerateNewKrbTgtAcct

 GenerateNewKrbTgtAcct() : DSName

Generates a Kerb Tgt user account in the local DC using the same steps as [MS-ADTS] section 3.1.1.3.4.1.23. The following steps are performed by this abstract procedure:

  • Creates a new user object.

  • Selects a value in the range [1 .. 65535] that is not currently present as a value of the msDS-SecondaryKrbTgtNumber attribute on any object in this domain, and assigns the value to the msDS-SecondaryKrbTgtNumber attribute of the created object. If no such value exists, the result is the error other / ERROR_NO_SYSTEM_RESOURCES.

  • The selected value for msDS-SecondaryKrbTgtNumber is appended (in decimal form) to the string "krbtgt", and the resulting string is assigned to the sAMAccountName attribute on the created object.

  • The userAccountControl bits ADS_UF_ACCOUNT_DISABLE and ADS_UF_DONT_EXPIRE_PASSWD are set on the object's userAccountControl attribute.

  • The object's account password is set to a randomly generated value that satisfies all criteria in [MS-SAMR] section 3.1.1.7.2 and is processed as described in [MS-SAMR] section 3.1.1.8.5.

  • Returns the DSName of the created object.

Show:
© 2015 Microsoft