1 dn: CN=Administrator,CN=Users,${DOMAINDN}
4 description: Built-in account for administering the computer/domain
5 userAccountControl: 66048
6 objectSid: ${DOMAINSID}-500
9 sAMAccountName: Administrator
10 isCriticalSystemObject: TRUE
11 sambaPassword:: ${ADMINPASS_B64}
13 dn: CN=Guest,CN=Users,${DOMAINDN}
16 description: Built-in account for guest access to the computer/domain
17 userAccountControl: 66082
19 objectSid: ${DOMAINSID}-501
21 isCriticalSystemObject: TRUE
23 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
27 description: Designated administrators of the enterprise
28 member: CN=Administrator,CN=Users,${DOMAINDN}
29 objectSid: ${DOMAINSID}-519
31 sAMAccountName: Enterprise Admins
32 isCriticalSystemObject: TRUE
34 dn: CN=krbtgt,CN=Users,${DOMAINDN}
37 objectClass: organizationalPerson
40 description: Key Distribution Center Service Account
41 showInAdvancedViewOnly: TRUE
42 userAccountControl: 514
43 objectSid: ${DOMAINSID}-502
45 accountExpires: 9223372036854775807
46 sAMAccountName: krbtgt
47 sAMAccountType: 805306368
48 servicePrincipalName: kadmin/changepw
49 isCriticalSystemObject: TRUE
50 sambaPassword:: ${KRBTGTPASS_B64}
52 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
56 description: All workstations and servers joined to the domain
57 objectSid: ${DOMAINSID}-515
58 sAMAccountName: Domain Computers
59 isCriticalSystemObject: TRUE
61 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
64 cn: Domain Controllers
65 description: All domain controllers in the domain
66 objectSid: ${DOMAINSID}-516
68 sAMAccountName: Domain Controllers
69 isCriticalSystemObject: TRUE
71 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
75 description: Designated administrators of the schema
76 member: CN=Administrator,CN=Users,${DOMAINDN}
77 objectSid: ${DOMAINSID}-518
79 sAMAccountName: Schema Admins
80 isCriticalSystemObject: TRUE
82 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
86 description: Members of this group are permitted to publish certificates to the Active Directory
88 sAMAccountType: 536870912
89 objectSid: ${DOMAINSID}-517
90 sAMAccountName: Cert Publishers
91 isCriticalSystemObject: TRUE
93 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
97 description: Designated administrators of the domain
98 member: CN=Administrator,CN=Users,${DOMAINDN}
99 objectSid: ${DOMAINSID}-512
101 sAMAccountName: Domain Admins
102 isCriticalSystemObject: TRUE
104 dn: CN=Domain Users,CN=Users,${DOMAINDN}
108 description: All domain users
109 objectSid: ${DOMAINSID}-513
110 sAMAccountName: Domain Users
111 isCriticalSystemObject: TRUE
113 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
117 description: All domain guests
118 objectSid: ${DOMAINSID}-514
119 sAMAccountName: Domain Guests
120 isCriticalSystemObject: TRUE
122 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
125 cn: Group Policy Creator Owners
126 description: Members in this group can modify group policy for the domain
127 member: CN=Administrator,CN=Users,${DOMAINDN}
128 objectSid: ${DOMAINSID}-520
129 sAMAccountName: Group Policy Creator Owners
130 isCriticalSystemObject: TRUE
132 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
135 cn: RAS and IAS Servers
136 description: Servers in this group can access remote access properties of users
138 objectSid: ${DOMAINSID}-553
139 sAMAccountName: RAS and IAS Servers
140 sAMAccountType: 536870912
141 groupType: 2147483652
142 isCriticalSystemObject: TRUE
144 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
148 description: Administrators have complete and unrestricted access to the computer/domain
149 member: CN=Domain Admins,CN=Users,${DOMAINDN}
150 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
151 member: CN=Administrator,CN=Users,${DOMAINDN}
152 objectSid: S-1-5-32-544
154 sAMAccountName: Administrators
155 sAMAccountType: 536870912
156 systemFlags: 2348810240
157 groupType: 2147483653
158 isCriticalSystemObject: TRUE
159 privilege: SeSecurityPrivilege
160 privilege: SeBackupPrivilege
161 privilege: SeRestorePrivilege
162 privilege: SeSystemtimePrivilege
163 privilege: SeShutdownPrivilege
164 privilege: SeRemoteShutdownPrivilege
165 privilege: SeTakeOwnershipPrivilege
166 privilege: SeDebugPrivilege
167 privilege: SeSystemEnvironmentPrivilege
168 privilege: SeSystemProfilePrivilege
169 privilege: SeProfileSingleProcessPrivilege
170 privilege: SeIncreaseBasePriorityPrivilege
171 privilege: SeLoadDriverPrivilege
172 privilege: SeCreatePagefilePrivilege
173 privilege: SeIncreaseQuotaPrivilege
174 privilege: SeChangeNotifyPrivilege
175 privilege: SeUndockPrivilege
176 privilege: SeManageVolumePrivilege
177 privilege: SeImpersonatePrivilege
178 privilege: SeCreateGlobalPrivilege
179 privilege: SeEnableDelegationPrivilege
180 privilege: SeInteractiveLogonRight
181 privilege: SeNetworkLogonRight
182 privilege: SeRemoteInteractiveLogonRight
184 dn: CN=Users,CN=Builtin,${DOMAINDN}
188 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
189 member: CN=Domain Users,CN=Users,${DOMAINDN}
190 objectSid: S-1-5-32-545
191 sAMAccountName: Users
192 sAMAccountType: 536870912
193 systemFlags: 2348810240
194 groupType: 2147483653
195 isCriticalSystemObject: TRUE
197 dn: CN=Guests,CN=Builtin,${DOMAINDN}
201 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
202 member: CN=Domain Guests,CN=Users,${DOMAINDN}
203 member: CN=Guest,CN=Users,${DOMAINDN}
204 objectSid: S-1-5-32-546
205 sAMAccountName: Guests
206 sAMAccountType: 536870912
207 systemFlags: 2348810240
208 groupType: 2147483653
209 isCriticalSystemObject: TRUE
211 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
215 description: Members can administer domain printers
216 objectSid: S-1-5-32-550
218 sAMAccountName: Print Operators
219 sAMAccountType: 536870912
220 systemFlags: 2348810240
221 groupType: 2147483653
222 isCriticalSystemObject: TRUE
223 privilege: SeLoadDriverPrivilege
224 privilege: SeShutdownPrivilege
225 privilege: SeInteractiveLogonRight
227 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
231 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
232 objectSid: S-1-5-32-551
234 sAMAccountName: Backup Operators
235 sAMAccountType: 536870912
236 systemFlags: 2348810240
237 groupType: 2147483653
238 isCriticalSystemObject: TRUE
239 privilege: SeBackupPrivilege
240 privilege: SeRestorePrivilege
241 privilege: SeShutdownPrivilege
242 privilege: SeInteractiveLogonRight
244 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
248 description: Supports file replication in a domain
249 objectSid: S-1-5-32-552
251 sAMAccountName: Replicator
252 sAMAccountType: 536870912
253 systemFlags: 2348810240
254 groupType: 2147483653
255 isCriticalSystemObject: TRUE
257 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
260 cn: Remote Desktop Users
261 description: Members in this group are granted the right to logon remotely
262 objectSid: S-1-5-32-555
263 sAMAccountName: Remote Desktop Users
264 sAMAccountType: 536870912
265 systemFlags: 2348810240
266 groupType: 2147483653
267 isCriticalSystemObject: TRUE
269 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
272 cn: Network Configuration Operators
273 description: Members in this group can have some administrative privileges to manage configuration of networking features
274 objectSid: S-1-5-32-556
275 sAMAccountName: Network Configuration Operators
276 sAMAccountType: 536870912
277 systemFlags: 2348810240
278 groupType: 2147483653
279 isCriticalSystemObject: TRUE
281 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
284 cn: Performance Monitor Users
285 description: Members of this group have remote access to monitor this computer
286 objectSid: S-1-5-32-558
287 sAMAccountName: Performance Monitor Users
288 sAMAccountType: 536870912
289 systemFlags: 2348810240
290 groupType: 2147483653
291 isCriticalSystemObject: TRUE
293 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
296 cn: Performance Log Users
297 description: Members of this group have remote access to schedule logging of performance counters on this computer
298 objectSid: S-1-5-32-559
299 sAMAccountName: Performance Log Users
300 sAMAccountType: 536870912
301 systemFlags: 2348810240
302 groupType: 2147483653
303 isCriticalSystemObject: TRUE
305 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
309 description: Members can administer domain servers
311 objectSid: S-1-5-32-549
313 sAMAccountName: Server Operators
314 sAMAccountType: 536870912
315 systemFlags: 2348810240
316 groupType: 2147483653
317 isCriticalSystemObject: TRUE
318 privilege: SeBackupPrivilege
319 privilege: SeSystemtimePrivilege
320 privilege: SeRemoteShutdownPrivilege
321 privilege: SeRestorePrivilege
322 privilege: SeShutdownPrivilege
323 privilege: SeInteractiveLogonRight
325 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
328 cn: Account Operators
329 description: Members can administer domain user and group accounts
331 objectSid: S-1-5-32-548
333 sAMAccountName: Account Operators
334 sAMAccountType: 536870912
335 systemFlags: 2348810240
336 groupType: 2147483653
337 isCriticalSystemObject: TRUE
338 privilege: SeInteractiveLogonRight
340 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
343 cn: Pre-Windows 2000 Compatible Access
344 description: A backward compatibility group which allows read access on all users and groups in the domain
345 objectSid: S-1-5-32-554
346 sAMAccountName: Pre-Windows 2000 Compatible Access
347 sAMAccountType: 536870912
348 systemFlags: 2348810240
349 groupType: 2147483653
350 isCriticalSystemObject: TRUE
351 privilege: SeRemoteInteractiveLogonRight
352 privilege: SeChangeNotifyPrivilege
354 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
357 cn: Incoming Forest Trust Builders
358 description: Members of this group can create incoming, one-way trusts to this forest
359 objectSid: S-1-5-32-557
360 sAMAccountName: Incoming Forest Trust Builders
361 sAMAccountType: 536870912
362 systemFlags: 2348810240
363 groupType: 2147483653
364 isCriticalSystemObject: TRUE
366 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
369 cn: Windows Authorization Access Group
370 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
371 objectSid: S-1-5-32-560
372 sAMAccountName: Windows Authorization Access Group
373 sAMAccountType: 536870912
374 systemFlags: 2348810240
375 groupType: 2147483653
376 isCriticalSystemObject: TRUE
378 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
381 cn: Terminal Server License Servers
382 description: Terminal Server License Servers
383 objectSid: S-1-5-32-561
384 sAMAccountName: Terminal Server License Servers
385 sAMAccountType: 536870912
386 systemFlags: 2348810240
387 groupType: 2147483653
388 isCriticalSystemObject: TRUE
390 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
393 cn: Distributed COM Users
394 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
395 objectSid: S-1-5-32-562
396 sAMAccountName: Distributed COM Users
397 sAMAccountType: 536870912
398 systemFlags: 2348810240
399 groupType: 2147483653
400 isCriticalSystemObject: TRUE
402 dn: CN=WellKnown Security Principals,${CONFIGDN}
404 objectClass: container
405 cn: WellKnown Security Principals
406 systemFlags: 2147483648
407 showInAdvancedViewOnly: TRUE
409 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
411 objectClass: foreignSecurityPrincipal
414 showInAdvancedViewOnly: TRUE
416 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
418 objectClass: foreignSecurityPrincipal
419 cn: Authenticated Users
421 showInAdvancedViewOnly: TRUE
423 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
425 objectClass: foreignSecurityPrincipal
428 showInAdvancedViewOnly: TRUE
430 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
432 objectClass: foreignSecurityPrincipal
435 showInAdvancedViewOnly: TRUE
437 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
439 objectClass: foreignSecurityPrincipal
442 showInAdvancedViewOnly: TRUE
444 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
446 objectClass: foreignSecurityPrincipal
449 showInAdvancedViewOnly: TRUE
451 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
453 objectClass: foreignSecurityPrincipal
454 cn: Digest Authentication
455 objectSid: S-1-5-64-21
456 showInAdvancedViewOnly: TRUE
458 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
460 objectClass: foreignSecurityPrincipal
461 cn: Enterprise Domain Controllers
463 showInAdvancedViewOnly: TRUE
465 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
467 objectClass: foreignSecurityPrincipal
470 showInAdvancedViewOnly: TRUE
472 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
474 objectClass: foreignSecurityPrincipal
477 showInAdvancedViewOnly: TRUE
479 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
481 objectClass: foreignSecurityPrincipal
484 showInAdvancedViewOnly: TRUE
486 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
488 objectClass: foreignSecurityPrincipal
491 showInAdvancedViewOnly: TRUE
493 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
495 objectClass: foreignSecurityPrincipal
498 showInAdvancedViewOnly: TRUE
500 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
502 objectClass: foreignSecurityPrincipal
503 cn: NTLM Authentication
504 objectSid: S-1-5-64-10
505 showInAdvancedViewOnly: TRUE
507 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
509 objectClass: foreignSecurityPrincipal
510 cn: Other Organization
511 objectSid: S-1-5-1000
512 showInAdvancedViewOnly: TRUE
514 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
516 objectClass: foreignSecurityPrincipal
519 showInAdvancedViewOnly: TRUE
521 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
523 objectClass: foreignSecurityPrincipal
524 cn: Remote Interactive Logon
526 showInAdvancedViewOnly: TRUE
528 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
530 objectClass: foreignSecurityPrincipal
533 showInAdvancedViewOnly: TRUE
535 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
537 objectClass: foreignSecurityPrincipal
538 cn: SChannel Authentication
539 objectSid: S-1-5-64-14
540 showInAdvancedViewOnly: TRUE
542 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
544 objectClass: foreignSecurityPrincipal
547 showInAdvancedViewOnly: TRUE
549 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
551 objectClass: foreignSecurityPrincipal
554 showInAdvancedViewOnly: TRUE
556 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
558 objectClass: foreignSecurityPrincipal
559 cn: Terminal Server User
561 showInAdvancedViewOnly: TRUE
563 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
565 objectClass: foreignSecurityPrincipal
566 cn: This Organization
568 showInAdvancedViewOnly: TRUE
570 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
572 objectClass: foreignSecurityPrincipal
573 cn: Well-Known-Security-Id-System
575 showInAdvancedViewOnly: TRUE