4.1.29.2.8 GenerateNewKrbTgtAcct
-
GenerateNewKrbTgtAcct() : DSName
Generates a Kerb Tgt user account in the local domain controller (local DC) using the same steps as [MS-ADTS] section 3.1.1.3.4.1.23. The following steps are performed by this abstract procedure:
Creates a new user object.
Selects a value in the range [1 .. 65535] that is not currently present as a value of the msDS-SecondaryKrbTgtNumber attribute on any object in this domain, and assigns the value to the msDS-SecondaryKrbTgtNumber attribute of the created object. If no such value exists, the result is the error other / ERROR_NO_SYSTEM_RESOURCES.
The selected value for msDS-SecondaryKrbTgtNumber is appended (in decimal form) to the string "krbtgt", and the resulting string is assigned to the sAMAccountName attribute on the created object.
The userAccountControl bits ADS_UF_ACCOUNT_DISABLE and ADS_UF_DONT_EXPIRE_PASSWD are set on the object's userAccountControl attribute.
The object's account password is set to a randomly generated value that satisfies all criteria in [MS-SAMR] section 3.1.1.7.2 and is processed as described in [MS-SAMR] section 3.1.1.8.5.
Returns the DSName of the created object.