Index: univention-samba4/scripts/setup-s4.sh
===================================================================
--- univention-samba4/scripts/setup-s4.sh	(Revision 31479)
+++ univention-samba4/scripts/setup-s4.sh	(Arbeitskopie)
@@ -57,6 +57,10 @@
 				bindpwd="${!OPTIND}"
 				OPTIND=$((OPTIND+1))
 				;;
+			sitename)
+				sitename="${!OPTIND}"
+				OPTIND=$((OPTIND+1))
+				;;
 			help)
 				usage
 				;;
@@ -146,10 +150,18 @@
 		DOMAIN_SID="$(univention-newsid)"
 	fi
 
-	/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \
-						--function-level="$samba4_function_level" \
-						--adminpass="$adminpw" --server-role='domain controller'	\
-						--machinepass="$(</etc/machine.secret)" 2>&1 | tee -a "$LOGFILE"
+	if [ -z "$sitename" ]; then
+		/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \
+							--function-level="$samba4_function_level" \
+							--adminpass="$adminpw" --server-role='domain controller'	\
+							--machinepass="$(</etc/machine.secret)" 2>&1 | tee -a "$LOGFILE"
+	else
+		/usr/share/samba/setup/provision --realm="$kerberos_realm" --domain="$windows_domain" --domain-sid="$DOMAIN_SID" \
+							--function-level="$samba4_function_level" \
+							--adminpass="$adminpw" --server-role='domain controller'	\
+							--sitename="$sitename" \
+							--machinepass="$(</etc/machine.secret)" 2>&1 | tee -a "$LOGFILE"
+	fi
 
 else
 
Index: univention-samba4/96univention-samba4.inst
===================================================================
--- univention-samba4/96univention-samba4.inst	(Revision 31482)
+++ univention-samba4/96univention-samba4.inst	(Arbeitskopie)
@@ -133,37 +133,6 @@
 			--ignore-exists
 }
 
-create_local_rid_pool() {
-	numberofrids="$1"
-
-	floor=2100
-	ceil="$(($floor + $numberofrids - 1))"
-
-	if [ "$ceil" -ge 5000 ]; then
-		echo "ERROR: RID value must stay below minimum UDM-allocated rid (5002)"
-		ceil=4999
-	fi
-
-	ridrange="$floor-$ceil"
-	ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOF
-		dn: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
-		objectClass: rIDSet
-		cn: RID Set
-		showInAdvancedViewOnly: TRUE
-		name: RID Set
-		rIDAllocationPool: $ridrange
-		rIDPreviousAllocationPool: $ridrange
-		rIDUsedPool: 0
-		rIDNextRID: $floor
-		%EOF
-
-	ldbmodify -H /var/lib/samba/private/sam.ldb <<-%EOF
-		dn: CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
-		changetype: modify
-		replace: rIDSetReferences
-		rIDSetReferences: CN=RID Set,CN=$hostname,OU=Domain Controllers,$samba4_ldap_base
-		%EOF
-}
 ### --- END helper functions ---
 
 extract_binddn_and_bindpwd_from_args "$@"
@@ -283,38 +252,17 @@
 			## site join
 			create_site "$samba4_join_site"
 
-			is_ucr_true samba4/join/essentialonly
+			is_ucr_true samba4/provision/secondary
 			if [ $? -eq 0 ]; then
 
-				## site join with essential DRS replication only
+				## site provision
 
-				samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" \
-									--machinepass="$(cat /etc/machine.secret)" \
-									--site="$samba4_join_site" \
-									--domain-critical-only
-				if [ $? != 0 ]; then
-					# try again with --server
-					if [ -n "$samba4_dc" ]; then
-						samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$samba4_dc" \
-											--machinepass="$(cat /etc/machine.secret)" \
-											--site="$samba4_join_site" \
-											--domain-critical-only
-					else
-						samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" --server "$ldap_master" \
-											--machinepass="$(cat /etc/machine.secret)" \
-											--site="$samba4_join_site" \
-											--domain-critical-only
-					fi
+				if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then
+					## Provision another instance of Samba4
+					/usr/share/univention-samba4/scripts/setup-s4.sh "$@" --sitename "$samba4_join_site"
+
 				fi
 
-				# create MicrosoftDNS container
-				ldbadd -H /var/lib/samba/private/sam.ldb --relax <<-%EOT
-					dn: CN=MicrosoftDNS,CN=System,$samba4_ldap_base
-					objectClass: top
-					objectClass: container
-					cn: MicrosoftDNS
-					%EOT
-
 			else
 
 				samba-tool domain join "$domainname" "$samba4_role" -U"$dcaccount"%"$bindpwd" --realm="$kerberos_realm" \
@@ -336,11 +284,6 @@
 			fi
 		fi
 
-		is_ucr_true samba4/service/drepl
-		if [ $? -eq 1 ]; then
-			create_local_rid_pool 2000
-		fi
-
 		## Adding DNS records is currently necessary, probably this can be avoided with samba_dnsupdate
 		## see https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#A_note_on_DNS_updates
 		if [ -z "$samba4_join_site" ]; then