1 dn: CN=Administrator,CN=Users,${DOMAINDN}
4 description: Built-in account for administering the computer/domain
5 userAccountControl: 66048
6 objectSid: ${DOMAINSID}-500
8 accountExpires: 9223372036854775807
9 sAMAccountName: Administrator
10 isCriticalSystemObject: TRUE
11 sambaPassword:: ${ADMINPASS_B64}
13 dn: CN=Guest,CN=Users,${DOMAINDN}
16 description: Built-in account for guest access to the computer/domain
17 userAccountControl: 66082
19 objectSid: ${DOMAINSID}-501
21 isCriticalSystemObject: TRUE
23 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
27 description: Designated administrators of the enterprise
28 member: CN=Administrator,CN=Users,${DOMAINDN}
29 objectSid: ${DOMAINSID}-519
31 sAMAccountName: Enterprise Admins
32 isCriticalSystemObject: TRUE
34 dn: CN=krbtgt,CN=Users,${DOMAINDN}
37 objectClass: organizationalPerson
40 description: Key Distribution Center Service Account
41 showInAdvancedViewOnly: TRUE
42 userAccountControl: 514
43 objectSid: ${DOMAINSID}-502
45 accountExpires: 9223372036854775807
46 sAMAccountName: krbtgt
47 servicePrincipalName: kadmin/changepw
48 isCriticalSystemObject: TRUE
49 sambaPassword:: ${KRBTGTPASS_B64}
51 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
55 description: All workstations and servers joined to the domain
56 objectSid: ${DOMAINSID}-515
57 sAMAccountName: Domain Computers
58 isCriticalSystemObject: TRUE
60 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
63 cn: Domain Controllers
64 description: All domain controllers in the domain
65 objectSid: ${DOMAINSID}-516
67 sAMAccountName: Domain Controllers
68 isCriticalSystemObject: TRUE
70 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
74 description: Designated administrators of the schema
75 member: CN=Administrator,CN=Users,${DOMAINDN}
76 objectSid: ${DOMAINSID}-518
78 sAMAccountName: Schema Admins
79 isCriticalSystemObject: TRUE
81 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
85 description: Members of this group are permitted to publish certificates to the Active Directory
87 objectSid: ${DOMAINSID}-517
88 sAMAccountName: Cert Publishers
89 isCriticalSystemObject: TRUE
91 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
95 description: Designated administrators of the domain
96 member: CN=Administrator,CN=Users,${DOMAINDN}
97 objectSid: ${DOMAINSID}-512
99 sAMAccountName: Domain Admins
100 isCriticalSystemObject: TRUE
102 dn: CN=Domain Users,CN=Users,${DOMAINDN}
106 description: All domain users
107 objectSid: ${DOMAINSID}-513
108 sAMAccountName: Domain Users
109 isCriticalSystemObject: TRUE
111 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
115 description: All domain guests
116 objectSid: ${DOMAINSID}-514
117 sAMAccountName: Domain Guests
118 isCriticalSystemObject: TRUE
120 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
123 cn: Group Policy Creator Owners
124 description: Members in this group can modify group policy for the domain
125 member: CN=Administrator,CN=Users,${DOMAINDN}
126 objectSid: ${DOMAINSID}-520
127 sAMAccountName: Group Policy Creator Owners
128 isCriticalSystemObject: TRUE
130 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
133 cn: RAS and IAS Servers
134 description: Servers in this group can access remote access properties of users
135 objectSid: ${DOMAINSID}-553
136 sAMAccountName: RAS and IAS Servers
137 groupType: 2147483652
138 isCriticalSystemObject: TRUE
140 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
144 description: Administrators have complete and unrestricted access to the computer/domain
145 member: CN=Domain Admins,CN=Users,${DOMAINDN}
146 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
147 member: CN=Administrator,CN=Users,${DOMAINDN}
148 objectSid: S-1-5-32-544
150 sAMAccountName: Administrators
151 systemFlags: 2348810240
152 groupType: 2147483653
153 isCriticalSystemObject: TRUE
154 privilege: SeSecurityPrivilege
155 privilege: SeBackupPrivilege
156 privilege: SeRestorePrivilege
157 privilege: SeSystemtimePrivilege
158 privilege: SeShutdownPrivilege
159 privilege: SeRemoteShutdownPrivilege
160 privilege: SeTakeOwnershipPrivilege
161 privilege: SeDebugPrivilege
162 privilege: SeSystemEnvironmentPrivilege
163 privilege: SeSystemProfilePrivilege
164 privilege: SeProfileSingleProcessPrivilege
165 privilege: SeIncreaseBasePriorityPrivilege
166 privilege: SeLoadDriverPrivilege
167 privilege: SeCreatePagefilePrivilege
168 privilege: SeIncreaseQuotaPrivilege
169 privilege: SeChangeNotifyPrivilege
170 privilege: SeUndockPrivilege
171 privilege: SeManageVolumePrivilege
172 privilege: SeImpersonatePrivilege
173 privilege: SeCreateGlobalPrivilege
174 privilege: SeEnableDelegationPrivilege
175 privilege: SeInteractiveLogonRight
176 privilege: SeNetworkLogonRight
177 privilege: SeRemoteInteractiveLogonRight
179 dn: CN=Users,CN=Builtin,${DOMAINDN}
183 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
184 member: CN=Domain Users,CN=Users,${DOMAINDN}
185 objectSid: S-1-5-32-545
186 sAMAccountName: Users
187 systemFlags: 2348810240
188 groupType: 2147483653
189 isCriticalSystemObject: TRUE
191 dn: CN=Guests,CN=Builtin,${DOMAINDN}
195 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
196 member: CN=Domain Guests,CN=Users,${DOMAINDN}
197 member: CN=Guest,CN=Users,${DOMAINDN}
198 objectSid: S-1-5-32-546
199 sAMAccountName: Guests
200 systemFlags: 2348810240
201 groupType: 2147483653
202 isCriticalSystemObject: TRUE
204 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
208 description: Members can administer domain printers
209 objectSid: S-1-5-32-550
211 sAMAccountName: Print Operators
212 systemFlags: 2348810240
213 groupType: 2147483653
214 isCriticalSystemObject: TRUE
215 privilege: SeLoadDriverPrivilege
216 privilege: SeShutdownPrivilege
217 privilege: SeInteractiveLogonRight
219 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
223 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
224 objectSid: S-1-5-32-551
226 sAMAccountName: Backup Operators
227 systemFlags: 2348810240
228 groupType: 2147483653
229 isCriticalSystemObject: TRUE
230 privilege: SeBackupPrivilege
231 privilege: SeRestorePrivilege
232 privilege: SeShutdownPrivilege
233 privilege: SeInteractiveLogonRight
235 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
239 description: Supports file replication in a domain
240 objectSid: S-1-5-32-552
242 sAMAccountName: Replicator
243 systemFlags: 2348810240
244 groupType: 2147483653
245 isCriticalSystemObject: TRUE
247 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
250 cn: Remote Desktop Users
251 description: Members in this group are granted the right to logon remotely
252 objectSid: S-1-5-32-555
253 sAMAccountName: Remote Desktop Users
254 systemFlags: 2348810240
255 groupType: 2147483653
256 isCriticalSystemObject: TRUE
258 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
261 cn: Network Configuration Operators
262 description: Members in this group can have some administrative privileges to manage configuration of networking features
263 objectSid: S-1-5-32-556
264 sAMAccountName: Network Configuration Operators
265 systemFlags: 2348810240
266 groupType: 2147483653
267 isCriticalSystemObject: TRUE
269 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
272 cn: Performance Monitor Users
273 description: Members of this group have remote access to monitor this computer
274 objectSid: S-1-5-32-558
275 sAMAccountName: Performance Monitor Users
276 systemFlags: 2348810240
277 groupType: 2147483653
278 isCriticalSystemObject: TRUE
280 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
283 cn: Performance Log Users
284 description: Members of this group have remote access to schedule logging of performance counters on this computer
285 objectSid: S-1-5-32-559
286 sAMAccountName: Performance Log Users
287 systemFlags: 2348810240
288 groupType: 2147483653
289 isCriticalSystemObject: TRUE
291 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
295 description: Members can administer domain servers
296 objectSid: S-1-5-32-549
298 sAMAccountName: Server Operators
299 systemFlags: 2348810240
300 groupType: 2147483653
301 isCriticalSystemObject: TRUE
302 privilege: SeBackupPrivilege
303 privilege: SeSystemtimePrivilege
304 privilege: SeRemoteShutdownPrivilege
305 privilege: SeRestorePrivilege
306 privilege: SeShutdownPrivilege
307 privilege: SeInteractiveLogonRight
309 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
312 cn: Account Operators
313 description: Members can administer domain user and group accounts
314 objectSid: S-1-5-32-548
316 sAMAccountName: Account Operators
317 systemFlags: 2348810240
318 groupType: 2147483653
319 isCriticalSystemObject: TRUE
320 privilege: SeInteractiveLogonRight
322 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
325 cn: Pre-Windows 2000 Compatible Access
326 description: A backward compatibility group which allows read access on all users and groups in the domain
327 objectSid: S-1-5-32-554
328 sAMAccountName: Pre-Windows 2000 Compatible Access
329 systemFlags: 2348810240
330 groupType: 2147483653
331 isCriticalSystemObject: TRUE
332 privilege: SeRemoteInteractiveLogonRight
333 privilege: SeChangeNotifyPrivilege
335 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
338 cn: Incoming Forest Trust Builders
339 description: Members of this group can create incoming, one-way trusts to this forest
340 objectSid: S-1-5-32-557
341 sAMAccountName: Incoming Forest Trust Builders
342 systemFlags: 2348810240
343 groupType: 2147483653
344 isCriticalSystemObject: TRUE
346 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
349 cn: Windows Authorization Access Group
350 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
351 objectSid: S-1-5-32-560
352 sAMAccountName: Windows Authorization Access Group
353 systemFlags: 2348810240
354 groupType: 2147483653
355 isCriticalSystemObject: TRUE
357 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
360 cn: Terminal Server License Servers
361 description: Terminal Server License Servers
362 objectSid: S-1-5-32-561
363 sAMAccountName: Terminal Server License Servers
364 systemFlags: 2348810240
365 groupType: 2147483653
366 isCriticalSystemObject: TRUE
368 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
371 cn: Distributed COM Users
372 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
373 objectSid: S-1-5-32-562
374 sAMAccountName: Distributed COM Users
375 systemFlags: 2348810240
376 groupType: 2147483653
377 isCriticalSystemObject: TRUE
379 dn: CN=WellKnown Security Principals,${CONFIGDN}
381 objectClass: container
382 cn: WellKnown Security Principals
383 systemFlags: 2147483648
385 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
387 objectClass: foreignSecurityPrincipal
391 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
393 objectClass: foreignSecurityPrincipal
394 cn: Authenticated Users
397 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
399 objectClass: foreignSecurityPrincipal
403 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
405 objectClass: foreignSecurityPrincipal
409 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
411 objectClass: foreignSecurityPrincipal
415 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
417 objectClass: foreignSecurityPrincipal
421 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
423 objectClass: foreignSecurityPrincipal
424 cn: Digest Authentication
425 objectSid: S-1-5-64-21
427 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
429 objectClass: foreignSecurityPrincipal
430 cn: Enterprise Domain Controllers
433 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
435 objectClass: foreignSecurityPrincipal
439 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
441 objectClass: foreignSecurityPrincipal
445 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
447 objectClass: foreignSecurityPrincipal
451 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
453 objectClass: foreignSecurityPrincipal
457 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
459 objectClass: foreignSecurityPrincipal
463 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
465 objectClass: foreignSecurityPrincipal
466 cn: NTLM Authentication
467 objectSid: S-1-5-64-10
469 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
471 objectClass: foreignSecurityPrincipal
472 cn: Other Organization
473 objectSid: S-1-5-1000
475 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
477 objectClass: foreignSecurityPrincipal
481 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
483 objectClass: foreignSecurityPrincipal
484 cn: Remote Interactive Logon
487 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
489 objectClass: foreignSecurityPrincipal
493 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
495 objectClass: foreignSecurityPrincipal
496 cn: SChannel Authentication
497 objectSid: S-1-5-64-14
499 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
501 objectClass: foreignSecurityPrincipal
505 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
507 objectClass: foreignSecurityPrincipal
511 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
513 objectClass: foreignSecurityPrincipal
514 cn: Terminal Server User
517 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
519 objectClass: foreignSecurityPrincipal
520 cn: This Organization
523 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
525 objectClass: foreignSecurityPrincipal
526 cn: Well-Known-Security-Id-System