netcmd: gmsa: create should allow custom SDDL

gMSA update already supported it but not create

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/netcmd/service_account/service_account.py b/python/samba/netcmd/service_account/service_account.py
index ab2abf117b132154979b80783bb692d9469bc2b7..4a3f78786d926c971646261fec21b15e83df65f9 100644 (file)
--- a/python/samba/netcmd/service_account/service_account.py
+++ b/python/samba/netcmd/service_account/service_account.py
@@ -109,13 +109,17 @@ class cmd_service_account_create(Command):
                dest="name", action="store", type=str, required=True),
         Option("--dns-host-name", help="Name of DNS host (required).",
                dest="dns_host_name", action="store", type=str, required=True),
+        Option("--group-msa-membership",
+               help="Provide optional Group MSA Membership SDDL.",
+               dest="group_msa_membership", action="store", type=str),
         Option("--managed-password-interval",
                help="Managed password refresh interval in days.",
                dest="managed_password_interval", action="store", type=int),
     ]
 
     def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
-            dns_host_name=None, managed_password_interval=None):
+            dns_host_name=None, group_msa_membership=None,
+            managed_password_interval=None):
 
         ldb = self.ldb_connect(hostopts, sambaopts, credopts)
 
@@ -123,6 +127,7 @@ class cmd_service_account_create(Command):
             name=name,
             managed_password_interval=managed_password_interval,
             dns_host_name=dns_host_name,
+            group_msa_membership=group_msa_membership,
         )
 
         # Create group managed service account.