provision: No longer use the wheel group in new AD Domains

The issue here is that if we set S-1-5-32-544 (administrators) to a
GID only, then users cannot force a mandetory profile to be owned by
administrators (which is a requirement).

There is no particularly useful reason for us to enforce this matching
a system group.

Andrew Bartlett

1 files changed, 1 insertions, 4 deletions

diff --git a/source4/scripting/python/samba/netcmd/domain.py b/source4/scripting/python/samba/netcmd/domain.py
index 6e3f35a0afc..4ba305c2713 100644
--- a/source4/scripting/python/samba/netcmd/domain.py
+++ b/source4/scripting/python/samba/netcmd/domain.py
@@ -186,8 +186,6 @@ class cmd_domain_provision(Command):
                 help="choose 'root' unix username"),
          Option("--nobody", type="string", metavar="USERNAME",
                 help="choose 'nobody' user"),
-         Option("--wheel", type="string", metavar="GROUPNAME",
-                help="choose 'wheel' privileged group"),
          Option("--users", type="string", metavar="GROUPNAME",
                 help="choose 'users' group"),
          Option("--quiet", help="Be quiet", action="store_true"),
@@ -237,7 +235,6 @@ class cmd_domain_provision(Command):
             ldapadminpass=None,
             root=None,
             nobody=None,
-            wheel=None,
             users=None,
             quiet=None,
             blank=None,
@@ -393,7 +390,7 @@ class cmd_domain_provision(Command):
                   krbtgtpass=krbtgtpass, machinepass=machinepass,
                   dns_backend=dns_backend, dns_forwarder=dns_forwarder,
                   dnspass=dnspass, root=root, nobody=nobody,
-                  wheel=wheel, users=users,
+                  users=users,
                   serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
                   backend_type=ldap_backend_type,
                   ldapadminpass=ldapadminpass, ol_mmr_urls=ol_mmr_urls,