source4/provision.ldif

   1 dn: @INDEXLIST
   2 @IDXATTR: name
   3 @IDXATTR: sAMAccountName
   4 @IDXATTR: objectSid
   5 @IDXATTR: objectClass
   6
   7 dn: @ATTRIBUTES
   8 realm: CASE_INSENSITIVE
   9 userPrincipalName: CASE_INSENSITIVE
  10 servicePrincipalName: CASE_INSENSITIVE
  11 name: CASE_INSENSITIVE WILDCARD
  12 dn: CASE_INSENSITIVE WILDCARD
  13 sAMAccountName: CASE_INSENSITIVE WILDCARD
  14 objectClass: CASE_INSENSITIVE
  15 unicodePwd: HIDDEN
  16 ntPwdHash: HIDDEN
  17 ntPwdHistory: HIDDEN
  18 lmPwdHash: HIDDEN
  19 lmPwdHistory: HIDDEN
  20
  21 dn: @SUBCLASSES
  22 top: domain
  23 top: person
  24 top: group
  25 domain: domainDNS
  26 domain: builtinDomain
  27 person: organizationalPerson
  28 organizationalPerson: user
  29 user: computer
  30 template: userTemplate
  31 template: groupTemplate
  32
  33 dn: ${BASEDN}
  34 objectClass: top
  35 objectClass: domain
  36 objectClass: domainDNS
  37 name: ${DOMAIN}
  38 realm: ${REALM}
  39 dnsDomain: ${REALM}
  40 dc: ${DOMAIN}
  41 objectGUID: ${NEWGUID}
  42 creationTime: ${NTTIME}
  43 forceLogoff: 0x8000000000000000
  44 lockoutDuration: -18000000000
  45 lockOutObservationWindow: -18000000000
  46 lockoutThreshold: 0
  47 whenCreated: ${LDAPTIME}
  48 whenChanged: ${LDAPTIME}
  49 uSNCreated: 1
  50 uSNChanged: 1
  51 maxPwdAge: -37108517437440
  52 minPwdAge: 0
  53 minPwdLength: 7
  54 modifiedCountAtLastProm: 0
  55 nextRid: 1001
  56 pwdProperties: 1
  57 pwdHistoryLength: 24
  58 objectSid: ${DOMAINSID}
  59 serverState: 1
  60 uASCompat: 1
  61 modifiedCount: 1
  62 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
  63 isCriticalSystemObject: TRUE
  64
  65 dn: CN=Users,${BASEDN}
  66 objectClass: top
  67 objectClass: container
  68 cn: Users
  69 description: Default container for upgraded user accounts
  70 instanceType: 4
  71 whenCreated: ${LDAPTIME}
  72 whenChanged: ${LDAPTIME}
  73 uSNCreated: 1
  74 uSNChanged: 1
  75 showInAdvancedViewOnly: FALSE
  76 name: Users
  77 objectGUID: ${NEWGUID}
  78 systemFlags: 0x8c000000
  79 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
  80 isCriticalSystemObject: TRUE
  81
  82 dn: CN=Computers,${BASEDN}
  83 objectClass: top
  84 objectClass: container
  85 cn: Computers
  86 description: Default container for upgraded computer accounts
  87 instanceType: 4
  88 whenCreated: ${LDAPTIME}
  89 whenChanged: ${LDAPTIME}
  90 uSNCreated: 1
  91 uSNChanged: 1
  92 showInAdvancedViewOnly: FALSE
  93 name: Computers
  94 objectGUID: ${NEWGUID}
  95 systemFlags: 0x8c000000
  96 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
  97 isCriticalSystemObject: TRUE
  98
  99 dn: OU=Domain Controllers,${BASEDN}
 100 objectClass: top
 101 objectClass: organizationalUnit
 102 ou: Domain Controllers
 103 description: Default container for domain controllers
 104 instanceType: 4
 105 whenCreated: ${LDAPTIME}
 106 whenChanged: ${LDAPTIME}
 107 uSNCreated: 1
 108 uSNChanged: 1
 109 showInAdvancedViewOnly: FALSE
 110 name: Domain Controllers
 111 objectGUID: ${NEWGUID}
 112 systemFlags: 0x8c000000
 113 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
 114 isCriticalSystemObject: TRUE
 115
 116 dn: CN=ForeignSecurityPrincipals,${BASEDN}
 117 objectClass: top
 118 objectClass: container
 119 cn: ForeignSecurityPrincipals
 120 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
 121 instanceType: 4
 122 whenCreated: ${LDAPTIME}
 123 whenChanged: ${LDAPTIME}
 124 uSNCreated: 1
 125 uSNChanged: 1
 126 showInAdvancedViewOnly: FALSE
 127 name: ForeignSecurityPrincipals
 128 objectGUID: ${NEWGUID}
 129 systemFlags: 0x8c000000
 130 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 131 isCriticalSystemObject: TRUE
 132
 133 dn: CN=Builtin,${BASEDN}
 134 objectClass: top
 135 objectClass: builtinDomain
 136 cn: Builtin
 137 instanceType: 4
 138 showInAdvancedViewOnly: FALSE
 139 name: Builtin
 140 forceLogoff: 0x8000000000000000
 141 lockoutDuration: -18000000000
 142 lockOutObservationWindow: -18000000000
 143 lockoutThreshold: 0
 144 maxPwdAge: -37108517437440
 145 minPwdAge: 0
 146 minPwdLength: 0
 147 modifiedCountAtLastProm: 0
 148 nextRid: 1000
 149 pwdProperties: 0
 150 pwdHistoryLength: 0
 151 objectSid: S-1-5-32
 152 serverState: 1
 153 uASCompat: 1
 154 modifiedCount: 1
 155 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
 156 isCriticalSystemObject: TRUE
 157
 158 dn: CN=Administrator,CN=Users,${BASEDN}
 159 objectClass: top
 160 objectClass: person
 161 objectClass: organizationalPerson
 162 objectClass: user
 163 cn: Administrator
 164 description: Built-in account for administering the computer/domain
 165 instanceType: 4
 166 whenCreated: ${LDAPTIME}
 167 whenChanged: ${LDAPTIME}
 168 uSNCreated: 1
 169 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
 170 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
 171 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
 172 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
 173 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 174 uSNChanged: 1
 175 name: Administrator
 176 objectGUID: ${NEWGUID}
 177 userAccountControl: 0x10200
 178 badPwdCount: 0
 179 codePage: 0
 180 countryCode: 0
 181 badPasswordTime: 0
 182 lastLogoff: 0
 183 lastLogon: 0
 184 pwdLastSet: 0
 185 primaryGroupID: 513
 186 objectSid: ${DOMAINSID}-500
 187 adminCount: 1
 188 accountExpires: -1
 189 logonCount: 0
 190 sAMAccountName: Administrator
 191 sAMAccountType: 0x30000000
 192 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 193 isCriticalSystemObject: TRUE
 194
 195 dn: CN=Guest,CN=Users,${BASEDN}
 196 objectClass: top
 197 objectClass: person
 198 objectClass: organizationalPerson
 199 objectClass: user
 200 cn: Guest
 201 description: Built-in account for guest access to the computer/domain
 202 instanceType: 4
 203 whenCreated: ${LDAPTIME}
 204 whenChanged: ${LDAPTIME}
 205 uSNCreated: 1
 206 memberOf: CN=Guests,CN=Builtin,${BASEDN}
 207 uSNChanged: 1
 208 name: Guest
 209 objectGUID: ${NEWGUID}
 210 userAccountControl: 0x10222
 211 badPwdCount: 0
 212 codePage: 0
 213 countryCode: 0
 214 badPasswordTime: 0
 215 lastLogoff: 0
 216 lastLogon: 0
 217 pwdLastSet: 0
 218 primaryGroupID: 514
 219 objectSid: ${DOMAINSID}-501
 220 accountExpires: -1
 221 logonCount: 0
 222 sAMAccountName: Guest
 223 sAMAccountType: 0x30000000
 224 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 225 isCriticalSystemObject: TRUE
 226
 227 dn: CN=Administrators,CN=Builtin,${BASEDN}
 228 objectClass: top
 229 objectClass: group
 230 cn: Administrators
 231 description: Administrators have complete and unrestricted access to the computer/domain
 232 member: CN=Domain Admins,CN=Users,${BASEDN}
 233 member: CN=Enterprise Admins,CN=Users,${BASEDN}
 234 member: CN=Administrator,CN=Users,${BASEDN}
 235 instanceType: 4
 236 whenCreated: ${LDAPTIME}
 237 whenChanged: ${LDAPTIME}
 238 uSNCreated: 1
 239 uSNChanged: 1
 240 name: Administrators
 241 objectGUID: ${NEWGUID}
 242 objectSid: S-1-5-32-544
 243 adminCount: 1
 244 sAMAccountName: Administrators
 245 sAMAccountType: 0x20000000
 246 systemFlags: 0x8c000000
 247 groupType: 0x80000005
 248 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 249 isCriticalSystemObject: TRUE
 250
 251 dn: CN=Users,CN=Builtin,${BASEDN}
 252 objectClass: top
 253 objectClass: group
 254 cn: Users
 255 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
 256 member: CN=Domain Users,CN=Users,${BASEDN}
 257 instanceType: 4
 258 whenCreated: ${LDAPTIME}
 259 whenChanged: ${LDAPTIME}
 260 uSNCreated: 1
 261 uSNChanged: 1
 262 name: Users
 263 objectGUID: ${NEWGUID}
 264 objectSid: S-1-5-32-545
 265 sAMAccountName: Users
 266 sAMAccountType: 0x20000000
 267 systemFlags: 0x8c000000
 268 groupType: 0x80000005
 269 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 270 isCriticalSystemObject: TRUE
 271
 272 dn: CN=Guests,CN=Builtin,${BASEDN}
 273 objectClass: top
 274 objectClass: group
 275 cn: Guests
 276 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
 277 member: CN=Domain Guests,CN=Users,${BASEDN}
 278 member: CN=Guest,CN=Users,${BASEDN}
 279 instanceType: 4
 280 whenCreated: ${LDAPTIME}
 281 whenChanged: ${LDAPTIME}
 282 uSNCreated: 1
 283 uSNChanged: 1
 284 name: Guests
 285 objectGUID: ${NEWGUID}
 286 objectSid: S-1-5-32-546
 287 sAMAccountName: Guests
 288 sAMAccountType: 0x20000000
 289 systemFlags: 0x8c000000
 290 groupType: 0x80000005
 291 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 292 isCriticalSystemObject: TRUE
 293
 294 dn: CN=Print Operators,CN=Builtin,${BASEDN}
 295 objectClass: top
 296 objectClass: group
 297 cn: Print Operators
 298 description: Members can administer domain printers
 299 instanceType: 4
 300 whenCreated: ${LDAPTIME}
 301 whenChanged: ${LDAPTIME}
 302 uSNCreated: 1
 303 uSNChanged: 1
 304 name: Print Operators
 305 objectGUID: ${NEWGUID}
 306 objectSid: S-1-5-32-550
 307 adminCount: 1
 308 sAMAccountName: Print Operators
 309 sAMAccountType: 0x20000000
 310 systemFlags: 0x8c000000
 311 groupType: 0x80000005
 312 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 313 isCriticalSystemObject: TRUE
 314
 315 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
 316 objectClass: top
 317 objectClass: group
 318 cn: Backup Operators
 319 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
 320 instanceType: 4
 321 whenCreated: ${LDAPTIME}
 322 whenChanged: ${LDAPTIME}
 323 uSNCreated: 1
 324 uSNChanged: 1
 325 name: Backup Operators
 326 objectGUID: ${NEWGUID}
 327 objectSid: S-1-5-32-551
 328 adminCount: 1
 329 sAMAccountName: Backup Operators
 330 sAMAccountType: 0x20000000
 331 systemFlags: 0x8c000000
 332 groupType: 0x80000005
 333 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 334 isCriticalSystemObject: TRUE
 335
 336 dn: CN=Replicator,CN=Builtin,${BASEDN}
 337 objectClass: top
 338 objectClass: group
 339 cn: Replicator
 340 description: Supports file replication in a domain
 341 instanceType: 4
 342 whenCreated: ${LDAPTIME}
 343 whenChanged: ${LDAPTIME}
 344 uSNCreated: 1
 345 uSNChanged: 1
 346 name: Replicator
 347 objectGUID: ${NEWGUID}
 348 objectSid: S-1-5-32-552
 349 adminCount: 1
 350 sAMAccountName: Replicator
 351 sAMAccountType: 0x20000000
 352 systemFlags: 0x8c000000
 353 groupType: 0x80000005
 354 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 355 isCriticalSystemObject: TRUE
 356
 357 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
 358 objectClass: top
 359 objectClass: group
 360 cn: Remote Desktop Users
 361 description: Members in this group are granted the right to logon remotely
 362 instanceType: 4
 363 whenCreated: ${LDAPTIME}
 364 whenChanged: ${LDAPTIME}
 365 uSNCreated: 1
 366 uSNChanged: 1
 367 name: Remote Desktop Users
 368 objectGUID: ${NEWGUID}
 369 objectSid: S-1-5-32-555
 370 sAMAccountName: Remote Desktop Users
 371 sAMAccountType: 0x20000000
 372 systemFlags: 0x8c000000
 373 groupType: 0x80000005
 374 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 375 isCriticalSystemObject: TRUE
 376
 377 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
 378 objectClass: top
 379 objectClass: group
 380 cn: Network Configuration Operators
 381 description: Members in this group can have some administrative privileges to manage configuration of networking features
 382 instanceType: 4
 383 whenCreated: ${LDAPTIME}
 384 whenChanged: ${LDAPTIME}
 385 uSNCreated: 1
 386 uSNChanged: 1
 387 name: Network Configuration Operators
 388 objectGUID: ${NEWGUID}
 389 objectSid: S-1-5-32-556
 390 sAMAccountName: Network Configuration Operators
 391 sAMAccountType: 0x20000000
 392 systemFlags: 0x8c000000
 393 groupType: 0x80000005
 394 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 395 isCriticalSystemObject: TRUE
 396
 397 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
 398 objectClass: top
 399 objectClass: group
 400 cn: Performance Monitor Users
 401 description: Members of this group have remote access to monitor this computer
 402 instanceType: 4
 403 whenCreated: ${LDAPTIME}
 404 whenChanged: ${LDAPTIME}
 405 uSNCreated: 1
 406 uSNChanged: 1
 407 name: Performance Monitor Users
 408 objectGUID: ${NEWGUID}
 409 objectSid: S-1-5-32-558
 410 sAMAccountName: Performance Monitor Users
 411 sAMAccountType: 0x20000000
 412 systemFlags: 0x8c000000
 413 groupType: 0x80000005
 414 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 415 isCriticalSystemObject: TRUE
 416
 417 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
 418 objectClass: top
 419 objectClass: group
 420 cn: Performance Log Users
 421 description: Members of this group have remote access to schedule logging of performance counters on this computer
 422 instanceType: 4
 423 whenCreated: ${LDAPTIME}
 424 whenChanged: ${LDAPTIME}
 425 uSNCreated: 1
 426 uSNChanged: 1
 427 name: Performance Log Users
 428 objectGUID: ${NEWGUID}
 429 objectSid: S-1-5-32-559
 430 sAMAccountName: Performance Log Users
 431 sAMAccountType: 0x20000000
 432 systemFlags: 0x8c000000
 433 groupType: 0x80000005
 434 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 435 isCriticalSystemObject: TRUE
 436
 437 dn: CN=${HOSTNAME},OU=Domain Controllers,${BASEDN}
 438 objectClass: top
 439 objectClass: person
 440 objectClass: organizationalPerson
 441 objectClass: user
 442 objectClass: computer
 443 cn: ${HOSTNAME}
 444 instanceType: 4
 445 whenCreated: ${LDAPTIME}
 446 whenChanged: ${LDAPTIME}
 447 uSNCreated: 1
 448 uSNChanged: 1
 449 name: ${HOSTNAME}
 450 objectGUID: ${NEWGUID}
 451 userAccountControl: 532480
 452 badPwdCount: 0
 453 codePage: 0
 454 countryCode: 0
 455 badPasswordTime: 0
 456 lastLogoff: 0
 457 lastLogon: 127273269057298624
 458 localPolicyFlags: 0
 459 pwdLastSet: 127258826171655328
 460 primaryGroupID: 516
 461 objectSid: ${DOMAINSID}-1000
 462 accountExpires: 9223372036854775807
 463 logonCount: 30
 464 sAMAccountName: ${HOSTNAME}$
 465 sAMAccountType: 805306369
 466 operatingSystem: Samba
 467 operatingSystemVersion: 4.0
 468 dNSHostName: ${DNSNAME}
 469 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
 470 isCriticalSystemObject: TRUE
 471
 472 dn: CN=krbtgt,CN=Users,${BASEDN}
 473 objectClass: top
 474 objectClass: person
 475 objectClass: organizationalPerson
 476 objectClass: user
 477 cn: krbtgt
 478 description: Key Distribution Center Service Account
 479 instanceType: 4
 480 whenCreated: ${LDAPTIME}
 481 whenChanged: ${LDAPTIME}
 482 uSNCreated: 1
 483 uSNChanged: 1
 484 showInAdvancedViewOnly: TRUE
 485 name: krbtgt
 486 objectGUID: ${NEWGUID}
 487 userAccountControl: 514
 488 badPwdCount: 0
 489 codePage: 0
 490 countryCode: 0
 491 badPasswordTime: 0
 492 lastLogoff: 0
 493 lastLogon: 0
 494 pwdLastSet: 127258826179466560
 495 primaryGroupID: 513
 496 objectSid: ${DOMAINSID}-502
 497 adminCount: 1
 498 accountExpires: 9223372036854775807
 499 logonCount: 0
 500 sAMAccountName: krbtgt
 501 sAMAccountType: 805306368
 502 servicePrincipalName: kadmin/changepw
 503 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 504 isCriticalSystemObject: TRUE
 505
 506 dn: CN=Domain Computers,CN=Users,${BASEDN}
 507 objectClass: top
 508 objectClass: group
 509 cn: Domain Computers
 510 description: All workstations and servers joined to the domain
 511 instanceType: 4
 512 whenCreated: ${LDAPTIME}
 513 whenChanged: ${LDAPTIME}
 514 uSNCreated: 1
 515 uSNChanged: 1
 516 name: Domain Computers
 517 objectGUID: ${NEWGUID}
 518 objectSid: ${DOMAINSID}-515
 519 sAMAccountName: Domain Computers
 520 sAMAccountType: 268435456
 521 groupType: -2147483646
 522 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 523 isCriticalSystemObject: TRUE
 524
 525 dn: CN=Domain Controllers,CN=Users,${BASEDN}
 526 objectClass: top
 527 objectClass: group
 528 cn: Domain Controllers
 529 description: All domain controllers in the domain
 530 instanceType: 4
 531 whenCreated: ${LDAPTIME}
 532 whenChanged: ${LDAPTIME}
 533 uSNCreated: 1
 534 uSNChanged: 1
 535 name: Domain Controllers
 536 objectGUID: ${NEWGUID}
 537 objectSid: ${DOMAINSID}-516
 538 adminCount: 1
 539 sAMAccountName: Domain Controllers
 540 sAMAccountType: 268435456
 541 groupType: -2147483646
 542 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 543 isCriticalSystemObject: TRUE
 544
 545 dn: CN=Schema Admins,CN=Users,${BASEDN}
 546 objectClass: top
 547 objectClass: group
 548 cn: Schema Admins
 549 description: Designated administrators of the schema
 550 member: CN=Administrator,CN=Users,${BASEDN}
 551 instanceType: 4
 552 whenCreated: ${LDAPTIME}
 553 whenChanged: ${LDAPTIME}
 554 uSNCreated: 1
 555 uSNChanged: 1
 556 name: Schema Admins
 557 objectGUID: ${NEWGUID}
 558 objectSid: ${DOMAINSID}-518
 559 adminCount: 1
 560 sAMAccountName: Schema Admins
 561 sAMAccountType: 268435456
 562 groupType: -2147483646
 563 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 564 isCriticalSystemObject: TRUE
 565
 566 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
 567 objectClass: top
 568 objectClass: group
 569 cn: Enterprise Admins
 570 description: Designated administrators of the enterprise
 571 member: CN=Administrator,CN=Users,${BASEDN}
 572 instanceType: 4
 573 whenCreated: ${LDAPTIME}
 574 whenChanged: ${LDAPTIME}
 575 uSNCreated: 1
 576 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 577 uSNChanged: 1
 578 name: Enterprise Admins
 579 objectGUID: ${NEWGUID}
 580 objectSid: ${DOMAINSID}-519
 581 adminCount: 1
 582 sAMAccountName: Enterprise Admins
 583 sAMAccountType: 268435456
 584 groupType: -2147483646
 585 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 586 isCriticalSystemObject: TRUE
 587
 588 dn: CN=Cert Publishers,CN=Users,${BASEDN}
 589 objectClass: top
 590 objectClass: group
 591 cn: Cert Publishers
 592 description: Members of this group are permitted to publish certificates to the Active Directory
 593 instanceType: 4
 594 whenCreated: ${LDAPTIME}
 595 whenChanged: ${LDAPTIME}
 596 uSNCreated: 1
 597 uSNChanged: 1
 598 name: Cert Publishers
 599 objectGUID: ${NEWGUID}
 600 objectSid: ${DOMAINSID}-517
 601 sAMAccountName: Cert Publishers
 602 sAMAccountType: 0x20000000
 603 groupType: -2147483644
 604 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 605 isCriticalSystemObject: TRUE
 606
 607 dn: CN=Domain Admins,CN=Users,${BASEDN}
 608 objectClass: top
 609 objectClass: group
 610 cn: Domain Admins
 611 description: Designated administrators of the domain
 612 member: CN=Administrator,CN=Users,${BASEDN}
 613 instanceType: 4
 614 whenCreated: ${LDAPTIME}
 615 whenChanged: ${LDAPTIME}
 616 uSNCreated: 1
 617 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 618 uSNChanged: 1
 619 name: Domain Admins
 620 objectGUID: ${NEWGUID}
 621 objectSid: ${DOMAINSID}-512
 622 adminCount: 1
 623 sAMAccountName: Domain Admins
 624 sAMAccountType: 268435456
 625 groupType: -2147483646
 626 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 627 isCriticalSystemObject: TRUE
 628
 629 dn: CN=Domain Users,CN=Users,${BASEDN}
 630 objectClass: top
 631 objectClass: group
 632 cn: Domain Users
 633 description: All domain users
 634 instanceType: 4
 635 whenCreated: ${LDAPTIME}
 636 whenChanged: ${LDAPTIME}
 637 uSNCreated: 1
 638 memberOf: CN=Users,CN=Builtin,${BASEDN}
 639 uSNChanged: 1
 640 name: Domain Users
 641 objectGUID: ${NEWGUID}
 642 objectSid: ${DOMAINSID}-513
 643 sAMAccountName: Domain Users
 644 sAMAccountType: 268435456
 645 groupType: -2147483646
 646 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 647 isCriticalSystemObject: TRUE
 648
 649 dn: CN=Domain Guests,CN=Users,${BASEDN}
 650 objectClass: top
 651 objectClass: group
 652 cn: Domain Guests
 653 description: All domain guests
 654 instanceType: 4
 655 whenCreated: ${LDAPTIME}
 656 whenChanged: ${LDAPTIME}
 657 uSNCreated: 1
 658 memberOf: CN=Guests,CN=Builtin,${BASEDN}
 659 uSNChanged: 1
 660 name: Domain Guests
 661 objectGUID: ${NEWGUID}
 662 objectSid: ${DOMAINSID}-514
 663 sAMAccountName: Domain Guests
 664 sAMAccountType: 268435456
 665 groupType: -2147483646
 666 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 667 isCriticalSystemObject: TRUE
 668
 669 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
 670 objectClass: top
 671 objectClass: group
 672 cn: Group Policy Creator Owners
 673 description: Members in this group can modify group policy for the domain
 674 member: CN=Administrator,CN=Users,${BASEDN}
 675 instanceType: 4
 676 whenCreated: ${LDAPTIME}
 677 whenChanged: ${LDAPTIME}
 678 uSNCreated: 1
 679 uSNChanged: 1
 680 name: Group Policy Creator Owners
 681 objectGUID: ${NEWGUID}
 682 objectSid: ${DOMAINSID}-520
 683 sAMAccountName: Group Policy Creator Owners
 684 sAMAccountType: 268435456
 685 groupType: -2147483646
 686 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 687 isCriticalSystemObject: TRUE
 688
 689 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
 690 objectClass: top
 691 objectClass: group
 692 cn: RAS and IAS Servers
 693 description: Servers in this group can access remote access properties of users
 694 instanceType: 4
 695 whenCreated: ${LDAPTIME}
 696 whenChanged: ${LDAPTIME}
 697 uSNCreated: 1
 698 uSNChanged: 1
 699 name: RAS and IAS Servers
 700 objectGUID: ${NEWGUID}
 701 objectSid: ${DOMAINSID}-553
 702 sAMAccountName: RAS and IAS Servers
 703 sAMAccountType: 0x20000000
 704 groupType: -2147483644
 705 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 706 isCriticalSystemObject: TRUE
 707
 708 dn: CN=Server Operators,CN=Builtin,${BASEDN}
 709 objectClass: top
 710 objectClass: group
 711 cn: Server Operators
 712 description: Members can administer domain servers
 713 instanceType: 4
 714 whenCreated: ${LDAPTIME}
 715 whenChanged: ${LDAPTIME}
 716 uSNCreated: 1
 717 uSNChanged: 1
 718 name: Server Operators
 719 objectGUID: ${NEWGUID}
 720 objectSid: S-1-5-32-549
 721 adminCount: 1
 722 sAMAccountName: Server Operators
 723 sAMAccountType: 0x20000000
 724 systemFlags: 0x8c000000
 725 groupType: 0x80000005
 726 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 727 isCriticalSystemObject: TRUE
 728
 729 dn: CN=Account Operators,CN=Builtin,${BASEDN}
 730 objectClass: top
 731 objectClass: group
 732 cn: Account Operators
 733 description: Members can administer domain user and group accounts
 734 instanceType: 4
 735 whenCreated: ${LDAPTIME}
 736 whenChanged: ${LDAPTIME}
 737 uSNCreated: 1
 738 uSNChanged: 1
 739 name: Account Operators
 740 objectGUID: ${NEWGUID}
 741 objectSid: S-1-5-32-548
 742 adminCount: 1
 743 sAMAccountName: Account Operators
 744 sAMAccountType: 0x20000000
 745 systemFlags: 0x8c000000
 746 groupType: 0x80000005
 747 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 748 isCriticalSystemObject: TRUE
 749
 750 dn: CN=Templates,${BASEDN}
 751 objectClass: top
 752 objectClass: container
 753 cn: Templates
 754 description: Container for SAM account templates
 755 instanceType: 4
 756 whenCreated: ${LDAPTIME}
 757 whenChanged: ${LDAPTIME}
 758 uSNCreated: 1
 759 uSNChanged: 1
 760 showInAdvancedViewOnly: FALSE
 761 name: Templates
 762 objectGUID: ${NEWGUID}
 763 systemFlags: 0x8c000000
 764 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 765 isCriticalSystemObject: TRUE
 766
 767 ###
 768 # note! the template users must not match normal searches. Be careful
 769 # with what classes you put them in
 770 ###
 771
 772 dn: CN=TemplateUser,CN=Templates,${BASEDN}
 773 objectClass: top
 774 objectClass: person
 775 objectClass: organizationalPerson
 776 objectClass: Template
 777 objectClass: userTemplate
 778 cn: TemplateUser
 779 name: TemplateUser
 780 instanceType: 4
 781 userAccountControl: 0x202
 782 badPwdCount: 0
 783 codePage: 0
 784 countryCode: 0
 785 badPasswordTime: 0
 786 lastLogoff: 0
 787 lastLogon: 0
 788 pwdLastSet: 0
 789 primaryGroupID: 513
 790 accountExpires: -1
 791 logonCount: 0
 792 sAMAccountType: 0x30000000
 793
 794 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
 795 objectClass: top
 796 objectClass: Template
 797 objectClass: userTemplate
 798 cn: TemplateMemberServer
 799 name: TemplateMemberServer
 800 instanceType: 4
 801 userAccountControl: 0x1002
 802 badPwdCount: 0
 803 codePage: 0
 804 countryCode: 0
 805 badPasswordTime: 0
 806 lastLogoff: 0
 807 lastLogon: 0
 808 pwdLastSet: 0
 809 primaryGroupID: 513
 810 accountExpires: -1
 811 logonCount: 0
 812 sAMAccountType: 0x30000001
 813
 814 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
 815 objectClass: top
 816 objectClass: Template
 817 objectClass: userTemplate
 818 cn: TemplateDomainController
 819 name: TemplateDomainController
 820 instanceType: 4
 821 userAccountControl: 0x2002
 822 badPwdCount: 0
 823 codePage: 0
 824 countryCode: 0
 825 badPasswordTime: 0
 826 lastLogoff: 0
 827 lastLogon: 0
 828 pwdLastSet: 0
 829 primaryGroupID: 513
 830 accountExpires: -1
 831 logonCount: 0
 832 sAMAccountType: 0x30000001
 833
 834 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
 835 objectClass: top
 836 objectClass: Template
 837 objectClass: groupTemplate
 838 cn: TemplateGroup
 839 name: TemplateGroup
 840 instanceType: 4
 841 sAMAccountType: 0x10000000