3 @IDXATTR: sAMAccountName
8 realm: CASE_INSENSITIVE
9 userPrincipalName: CASE_INSENSITIVE
10 servicePrincipalName: CASE_INSENSITIVE
11 name: CASE_INSENSITIVE WILDCARD
12 dn: CASE_INSENSITIVE WILDCARD
13 sAMAccountName: CASE_INSENSITIVE WILDCARD
14 objectClass: CASE_INSENSITIVE
27 person: organizationalPerson
28 organizationalPerson: user
30 template: userTemplate
31 template: groupTemplate
36 objectClass: domainDNS
41 objectGUID: ${NEWGUID}
42 creationTime: ${NTTIME}
43 forceLogoff: 0x8000000000000000
44 lockoutDuration: -18000000000
45 lockOutObservationWindow: -18000000000
47 whenCreated: ${LDAPTIME}
48 whenChanged: ${LDAPTIME}
51 maxPwdAge: -37108517437440
54 modifiedCountAtLastProm: 0
58 objectSid: ${DOMAINSID}
62 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
63 isCriticalSystemObject: TRUE
65 dn: CN=Users,${BASEDN}
67 objectClass: container
69 description: Default container for upgraded user accounts
71 whenCreated: ${LDAPTIME}
72 whenChanged: ${LDAPTIME}
75 showInAdvancedViewOnly: FALSE
77 objectGUID: ${NEWGUID}
78 systemFlags: 0x8c000000
79 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
80 isCriticalSystemObject: TRUE
82 dn: CN=Computers,${BASEDN}
84 objectClass: container
86 description: Default container for upgraded computer accounts
88 whenCreated: ${LDAPTIME}
89 whenChanged: ${LDAPTIME}
92 showInAdvancedViewOnly: FALSE
94 objectGUID: ${NEWGUID}
95 systemFlags: 0x8c000000
96 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
97 isCriticalSystemObject: TRUE
99 dn: OU=Domain Controllers,${BASEDN}
101 objectClass: organizationalUnit
102 ou: Domain Controllers
103 description: Default container for domain controllers
105 whenCreated: ${LDAPTIME}
106 whenChanged: ${LDAPTIME}
109 showInAdvancedViewOnly: FALSE
110 name: Domain Controllers
111 objectGUID: ${NEWGUID}
112 systemFlags: 0x8c000000
113 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
114 isCriticalSystemObject: TRUE
116 dn: CN=ForeignSecurityPrincipals,${BASEDN}
118 objectClass: container
119 cn: ForeignSecurityPrincipals
120 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
122 whenCreated: ${LDAPTIME}
123 whenChanged: ${LDAPTIME}
126 showInAdvancedViewOnly: FALSE
127 name: ForeignSecurityPrincipals
128 objectGUID: ${NEWGUID}
129 systemFlags: 0x8c000000
130 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
131 isCriticalSystemObject: TRUE
133 dn: CN=Builtin,${BASEDN}
135 objectClass: builtinDomain
138 showInAdvancedViewOnly: FALSE
140 forceLogoff: 0x8000000000000000
141 lockoutDuration: -18000000000
142 lockOutObservationWindow: -18000000000
144 maxPwdAge: -37108517437440
147 modifiedCountAtLastProm: 0
155 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
156 isCriticalSystemObject: TRUE
158 dn: CN=Administrator,CN=Users,${BASEDN}
161 objectClass: organizationalPerson
164 description: Built-in account for administering the computer/domain
166 whenCreated: ${LDAPTIME}
167 whenChanged: ${LDAPTIME}
169 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
170 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
171 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
172 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
173 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
176 objectGUID: ${NEWGUID}
177 userAccountControl: 0x10200
186 objectSid: ${DOMAINSID}-500
190 sAMAccountName: Administrator
191 sAMAccountType: 0x30000000
192 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
193 isCriticalSystemObject: TRUE
195 dn: CN=Guest,CN=Users,${BASEDN}
198 objectClass: organizationalPerson
201 description: Built-in account for guest access to the computer/domain
203 whenCreated: ${LDAPTIME}
204 whenChanged: ${LDAPTIME}
206 memberOf: CN=Guests,CN=Builtin,${BASEDN}
209 objectGUID: ${NEWGUID}
210 userAccountControl: 0x10222
219 objectSid: ${DOMAINSID}-501
222 sAMAccountName: Guest
223 sAMAccountType: 0x30000000
224 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
225 isCriticalSystemObject: TRUE
227 dn: CN=Administrators,CN=Builtin,${BASEDN}
231 description: Administrators have complete and unrestricted access to the computer/domain
232 member: CN=Domain Admins,CN=Users,${BASEDN}
233 member: CN=Enterprise Admins,CN=Users,${BASEDN}
234 member: CN=Administrator,CN=Users,${BASEDN}
236 whenCreated: ${LDAPTIME}
237 whenChanged: ${LDAPTIME}
241 objectGUID: ${NEWGUID}
242 objectSid: S-1-5-32-544
244 sAMAccountName: Administrators
245 sAMAccountType: 0x20000000
246 systemFlags: 0x8c000000
247 groupType: 0x80000005
248 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
249 isCriticalSystemObject: TRUE
251 dn: CN=Users,CN=Builtin,${BASEDN}
255 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
256 member: CN=Domain Users,CN=Users,${BASEDN}
258 whenCreated: ${LDAPTIME}
259 whenChanged: ${LDAPTIME}
263 objectGUID: ${NEWGUID}
264 objectSid: S-1-5-32-545
265 sAMAccountName: Users
266 sAMAccountType: 0x20000000
267 systemFlags: 0x8c000000
268 groupType: 0x80000005
269 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
270 isCriticalSystemObject: TRUE
272 dn: CN=Guests,CN=Builtin,${BASEDN}
276 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
277 member: CN=Domain Guests,CN=Users,${BASEDN}
278 member: CN=Guest,CN=Users,${BASEDN}
280 whenCreated: ${LDAPTIME}
281 whenChanged: ${LDAPTIME}
285 objectGUID: ${NEWGUID}
286 objectSid: S-1-5-32-546
287 sAMAccountName: Guests
288 sAMAccountType: 0x20000000
289 systemFlags: 0x8c000000
290 groupType: 0x80000005
291 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
292 isCriticalSystemObject: TRUE
294 dn: CN=Print Operators,CN=Builtin,${BASEDN}
298 description: Members can administer domain printers
300 whenCreated: ${LDAPTIME}
301 whenChanged: ${LDAPTIME}
304 name: Print Operators
305 objectGUID: ${NEWGUID}
306 objectSid: S-1-5-32-550
308 sAMAccountName: Print Operators
309 sAMAccountType: 0x20000000
310 systemFlags: 0x8c000000
311 groupType: 0x80000005
312 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
313 isCriticalSystemObject: TRUE
315 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
319 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
321 whenCreated: ${LDAPTIME}
322 whenChanged: ${LDAPTIME}
325 name: Backup Operators
326 objectGUID: ${NEWGUID}
327 objectSid: S-1-5-32-551
329 sAMAccountName: Backup Operators
330 sAMAccountType: 0x20000000
331 systemFlags: 0x8c000000
332 groupType: 0x80000005
333 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
334 isCriticalSystemObject: TRUE
336 dn: CN=Replicator,CN=Builtin,${BASEDN}
340 description: Supports file replication in a domain
342 whenCreated: ${LDAPTIME}
343 whenChanged: ${LDAPTIME}
347 objectGUID: ${NEWGUID}
348 objectSid: S-1-5-32-552
350 sAMAccountName: Replicator
351 sAMAccountType: 0x20000000
352 systemFlags: 0x8c000000
353 groupType: 0x80000005
354 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
355 isCriticalSystemObject: TRUE
357 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
360 cn: Remote Desktop Users
361 description: Members in this group are granted the right to logon remotely
363 whenCreated: ${LDAPTIME}
364 whenChanged: ${LDAPTIME}
367 name: Remote Desktop Users
368 objectGUID: ${NEWGUID}
369 objectSid: S-1-5-32-555
370 sAMAccountName: Remote Desktop Users
371 sAMAccountType: 0x20000000
372 systemFlags: 0x8c000000
373 groupType: 0x80000005
374 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
375 isCriticalSystemObject: TRUE
377 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
380 cn: Network Configuration Operators
381 description: Members in this group can have some administrative privileges to manage configuration of networking features
383 whenCreated: ${LDAPTIME}
384 whenChanged: ${LDAPTIME}
387 name: Network Configuration Operators
388 objectGUID: ${NEWGUID}
389 objectSid: S-1-5-32-556
390 sAMAccountName: Network Configuration Operators
391 sAMAccountType: 0x20000000
392 systemFlags: 0x8c000000
393 groupType: 0x80000005
394 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
395 isCriticalSystemObject: TRUE
397 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
400 cn: Performance Monitor Users
401 description: Members of this group have remote access to monitor this computer
403 whenCreated: ${LDAPTIME}
404 whenChanged: ${LDAPTIME}
407 name: Performance Monitor Users
408 objectGUID: ${NEWGUID}
409 objectSid: S-1-5-32-558
410 sAMAccountName: Performance Monitor Users
411 sAMAccountType: 0x20000000
412 systemFlags: 0x8c000000
413 groupType: 0x80000005
414 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
415 isCriticalSystemObject: TRUE
417 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
420 cn: Performance Log Users
421 description: Members of this group have remote access to schedule logging of performance counters on this computer
423 whenCreated: ${LDAPTIME}
424 whenChanged: ${LDAPTIME}
427 name: Performance Log Users
428 objectGUID: ${NEWGUID}
429 objectSid: S-1-5-32-559
430 sAMAccountName: Performance Log Users
431 sAMAccountType: 0x20000000
432 systemFlags: 0x8c000000
433 groupType: 0x80000005
434 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
435 isCriticalSystemObject: TRUE
437 dn: CN=${HOSTNAME},OU=Domain Controllers,${BASEDN}
440 objectClass: organizationalPerson
442 objectClass: computer
445 whenCreated: ${LDAPTIME}
446 whenChanged: ${LDAPTIME}
450 objectGUID: ${NEWGUID}
451 userAccountControl: 532480
457 lastLogon: 127273269057298624
459 pwdLastSet: 127258826171655328
461 objectSid: ${DOMAINSID}-1000
462 accountExpires: 9223372036854775807
464 sAMAccountName: ${HOSTNAME}$
465 sAMAccountType: 805306369
466 operatingSystem: Samba
467 operatingSystemVersion: 4.0
468 dNSHostName: ${DNSNAME}
469 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
470 isCriticalSystemObject: TRUE
472 dn: CN=krbtgt,CN=Users,${BASEDN}
475 objectClass: organizationalPerson
478 description: Key Distribution Center Service Account
480 whenCreated: ${LDAPTIME}
481 whenChanged: ${LDAPTIME}
484 showInAdvancedViewOnly: TRUE
486 objectGUID: ${NEWGUID}
487 userAccountControl: 514
494 pwdLastSet: 127258826179466560
496 objectSid: ${DOMAINSID}-502
498 accountExpires: 9223372036854775807
500 sAMAccountName: krbtgt
501 sAMAccountType: 805306368
502 servicePrincipalName: kadmin/changepw
503 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
504 isCriticalSystemObject: TRUE
506 dn: CN=Domain Computers,CN=Users,${BASEDN}
510 description: All workstations and servers joined to the domain
512 whenCreated: ${LDAPTIME}
513 whenChanged: ${LDAPTIME}
516 name: Domain Computers
517 objectGUID: ${NEWGUID}
518 objectSid: ${DOMAINSID}-515
519 sAMAccountName: Domain Computers
520 sAMAccountType: 268435456
521 groupType: -2147483646
522 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
523 isCriticalSystemObject: TRUE
525 dn: CN=Domain Controllers,CN=Users,${BASEDN}
528 cn: Domain Controllers
529 description: All domain controllers in the domain
531 whenCreated: ${LDAPTIME}
532 whenChanged: ${LDAPTIME}
535 name: Domain Controllers
536 objectGUID: ${NEWGUID}
537 objectSid: ${DOMAINSID}-516
539 sAMAccountName: Domain Controllers
540 sAMAccountType: 268435456
541 groupType: -2147483646
542 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
543 isCriticalSystemObject: TRUE
545 dn: CN=Schema Admins,CN=Users,${BASEDN}
549 description: Designated administrators of the schema
550 member: CN=Administrator,CN=Users,${BASEDN}
552 whenCreated: ${LDAPTIME}
553 whenChanged: ${LDAPTIME}
557 objectGUID: ${NEWGUID}
558 objectSid: ${DOMAINSID}-518
560 sAMAccountName: Schema Admins
561 sAMAccountType: 268435456
562 groupType: -2147483646
563 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
564 isCriticalSystemObject: TRUE
566 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
569 cn: Enterprise Admins
570 description: Designated administrators of the enterprise
571 member: CN=Administrator,CN=Users,${BASEDN}
573 whenCreated: ${LDAPTIME}
574 whenChanged: ${LDAPTIME}
576 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
578 name: Enterprise Admins
579 objectGUID: ${NEWGUID}
580 objectSid: ${DOMAINSID}-519
582 sAMAccountName: Enterprise Admins
583 sAMAccountType: 268435456
584 groupType: -2147483646
585 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
586 isCriticalSystemObject: TRUE
588 dn: CN=Cert Publishers,CN=Users,${BASEDN}
592 description: Members of this group are permitted to publish certificates to the Active Directory
594 whenCreated: ${LDAPTIME}
595 whenChanged: ${LDAPTIME}
598 name: Cert Publishers
599 objectGUID: ${NEWGUID}
600 objectSid: ${DOMAINSID}-517
601 sAMAccountName: Cert Publishers
602 sAMAccountType: 0x20000000
603 groupType: -2147483644
604 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
605 isCriticalSystemObject: TRUE
607 dn: CN=Domain Admins,CN=Users,${BASEDN}
611 description: Designated administrators of the domain
612 member: CN=Administrator,CN=Users,${BASEDN}
614 whenCreated: ${LDAPTIME}
615 whenChanged: ${LDAPTIME}
617 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
620 objectGUID: ${NEWGUID}
621 objectSid: ${DOMAINSID}-512
623 sAMAccountName: Domain Admins
624 sAMAccountType: 268435456
625 groupType: -2147483646
626 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
627 isCriticalSystemObject: TRUE
629 dn: CN=Domain Users,CN=Users,${BASEDN}
633 description: All domain users
635 whenCreated: ${LDAPTIME}
636 whenChanged: ${LDAPTIME}
638 memberOf: CN=Users,CN=Builtin,${BASEDN}
641 objectGUID: ${NEWGUID}
642 objectSid: ${DOMAINSID}-513
643 sAMAccountName: Domain Users
644 sAMAccountType: 268435456
645 groupType: -2147483646
646 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
647 isCriticalSystemObject: TRUE
649 dn: CN=Domain Guests,CN=Users,${BASEDN}
653 description: All domain guests
655 whenCreated: ${LDAPTIME}
656 whenChanged: ${LDAPTIME}
658 memberOf: CN=Guests,CN=Builtin,${BASEDN}
661 objectGUID: ${NEWGUID}
662 objectSid: ${DOMAINSID}-514
663 sAMAccountName: Domain Guests
664 sAMAccountType: 268435456
665 groupType: -2147483646
666 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
667 isCriticalSystemObject: TRUE
669 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
672 cn: Group Policy Creator Owners
673 description: Members in this group can modify group policy for the domain
674 member: CN=Administrator,CN=Users,${BASEDN}
676 whenCreated: ${LDAPTIME}
677 whenChanged: ${LDAPTIME}
680 name: Group Policy Creator Owners
681 objectGUID: ${NEWGUID}
682 objectSid: ${DOMAINSID}-520
683 sAMAccountName: Group Policy Creator Owners
684 sAMAccountType: 268435456
685 groupType: -2147483646
686 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
687 isCriticalSystemObject: TRUE
689 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
692 cn: RAS and IAS Servers
693 description: Servers in this group can access remote access properties of users
695 whenCreated: ${LDAPTIME}
696 whenChanged: ${LDAPTIME}
699 name: RAS and IAS Servers
700 objectGUID: ${NEWGUID}
701 objectSid: ${DOMAINSID}-553
702 sAMAccountName: RAS and IAS Servers
703 sAMAccountType: 0x20000000
704 groupType: -2147483644
705 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
706 isCriticalSystemObject: TRUE
708 dn: CN=Server Operators,CN=Builtin,${BASEDN}
712 description: Members can administer domain servers
714 whenCreated: ${LDAPTIME}
715 whenChanged: ${LDAPTIME}
718 name: Server Operators
719 objectGUID: ${NEWGUID}
720 objectSid: S-1-5-32-549
722 sAMAccountName: Server Operators
723 sAMAccountType: 0x20000000
724 systemFlags: 0x8c000000
725 groupType: 0x80000005
726 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
727 isCriticalSystemObject: TRUE
729 dn: CN=Account Operators,CN=Builtin,${BASEDN}
732 cn: Account Operators
733 description: Members can administer domain user and group accounts
735 whenCreated: ${LDAPTIME}
736 whenChanged: ${LDAPTIME}
739 name: Account Operators
740 objectGUID: ${NEWGUID}
741 objectSid: S-1-5-32-548
743 sAMAccountName: Account Operators
744 sAMAccountType: 0x20000000
745 systemFlags: 0x8c000000
746 groupType: 0x80000005
747 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
748 isCriticalSystemObject: TRUE
750 dn: CN=Templates,${BASEDN}
752 objectClass: container
754 description: Container for SAM account templates
756 whenCreated: ${LDAPTIME}
757 whenChanged: ${LDAPTIME}
760 showInAdvancedViewOnly: FALSE
762 objectGUID: ${NEWGUID}
763 systemFlags: 0x8c000000
764 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
765 isCriticalSystemObject: TRUE
768 # note! the template users must not match normal searches. Be careful
769 # with what classes you put them in
772 dn: CN=TemplateUser,CN=Templates,${BASEDN}
775 objectClass: organizationalPerson
776 objectClass: Template
777 objectClass: userTemplate
781 userAccountControl: 0x202
792 sAMAccountType: 0x30000000
794 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
796 objectClass: Template
797 objectClass: userTemplate
798 cn: TemplateMemberServer
799 name: TemplateMemberServer
801 userAccountControl: 0x1002
812 sAMAccountType: 0x30000001
814 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
816 objectClass: Template
817 objectClass: userTemplate
818 cn: TemplateDomainController
819 name: TemplateDomainController
821 userAccountControl: 0x2002
832 sAMAccountType: 0x30000001
834 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
836 objectClass: Template
837 objectClass: groupTemplate
841 sAMAccountType: 0x10000000