GenerateNewKrbTgtAcct

 GenerateNewKrbTgtAcct() : DSName

Generates a Kerb Tgt user account in the local DC using the same steps as [MS-ADTS] section The following steps are performed by this abstract procedure:

  • Creates a new user object.

  • Selects a value in the range [1 .. 65535] that is not currently present as a value of the msDS-SecondaryKrbTgtNumber attribute on any object in this domain, and assigns the value to the msDS-SecondaryKrbTgtNumber attribute of the created object. If no such value exists, the result is the error other / ERROR_NO_SYSTEM_RESOURCES.

  • The selected value for msDS-SecondaryKrbTgtNumber is appended (in decimal form) to the string "krbtgt", and the resulting string is assigned to the sAMAccountName attribute on the created object.

  • The userAccountControl bits ADS_UF_ACCOUNT_DISABLE and ADS_UF_DONT_EXPIRE_PASSWD are set on the object's userAccountControl attribute.

  • The object's account password is set to a randomly generated value that satisfies all criteria in [MS-SAMR] section and is processed as described in [MS-SAMR] section

  • Returns the DSName of the created object.

