source4/setup/provision_users.ldif

   1 dn: CN=Administrator,CN=Users,${DOMAINDN}
   2 objectClass: user
   3 cn: Administrator
   4 description: Built-in account for administering the computer/domain
   5 userAccountControl: 66048
   6 objectSid: ${DOMAINSID}-500
   7 adminCount: 1
   8 accountExpires: -1
   9 sAMAccountName: Administrator
  10 isCriticalSystemObject: TRUE
  11 sambaPassword:: ${ADMINPASS_B64}
  12
  13 dn: CN=Guest,CN=Users,${DOMAINDN}
  14 objectClass: user
  15 cn: Guest
  16 description: Built-in account for guest access to the computer/domain
  17 userAccountControl: 66082
  18 primaryGroupID: 514
  19 objectSid: ${DOMAINSID}-501
  20 sAMAccountName: Guest
  21 isCriticalSystemObject: TRUE
  22
  23 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
  24 objectClass: top
  25 objectClass: group
  26 cn: Enterprise Admins
  27 description: Designated administrators of the enterprise
  28 member: CN=Administrator,CN=Users,${DOMAINDN}
  29 objectSid: ${DOMAINSID}-519
  30 adminCount: 1
  31 sAMAccountName: Enterprise Admins
  32 isCriticalSystemObject: TRUE
  33
  34 dn: CN=krbtgt,CN=Users,${DOMAINDN}
  35 objectClass: top
  36 objectClass: person
  37 objectClass: organizationalPerson
  38 objectClass: user
  39 cn: krbtgt
  40 description: Key Distribution Center Service Account
  41 showInAdvancedViewOnly: TRUE
  42 userAccountControl: 514
  43 objectSid: ${DOMAINSID}-502
  44 adminCount: 1
  45 accountExpires: 9223372036854775807
  46 sAMAccountName: krbtgt
  47 sAMAccountType: 805306368
  48 servicePrincipalName: kadmin/changepw
  49 isCriticalSystemObject: TRUE
  50 sambaPassword:: ${KRBTGTPASS_B64}
  51
  52 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
  53 objectClass: top
  54 objectClass: group
  55 cn: Domain Computers
  56 description: All workstations and servers joined to the domain
  57 objectSid: ${DOMAINSID}-515
  58 sAMAccountName: Domain Computers
  59 isCriticalSystemObject: TRUE
  60
  61 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
  62 objectClass: top
  63 objectClass: group
  64 cn: Domain Controllers
  65 description: All domain controllers in the domain
  66 objectSid: ${DOMAINSID}-516
  67 adminCount: 1
  68 sAMAccountName: Domain Controllers
  69 isCriticalSystemObject: TRUE
  70
  71 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
  72 objectClass: top
  73 objectClass: group
  74 cn: Schema Admins
  75 description: Designated administrators of the schema
  76 member: CN=Administrator,CN=Users,${DOMAINDN}
  77 objectSid: ${DOMAINSID}-518
  78 adminCount: 1
  79 sAMAccountName: Schema Admins
  80 isCriticalSystemObject: TRUE
  81
  82 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
  83 objectClass: top
  84 objectClass: group
  85 cn: Cert Publishers
  86 description: Members of this group are permitted to publish certificates to the Active Directory
  87 groupType: 2147483652
  88 sAMAccountType: 536870912
  89 objectSid: ${DOMAINSID}-517
  90 sAMAccountName: Cert Publishers
  91 isCriticalSystemObject: TRUE
  92
  93 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
  94 objectClass: top
  95 objectClass: group
  96 cn: Domain Admins
  97 description: Designated administrators of the domain
  98 member: CN=Administrator,CN=Users,${DOMAINDN}
  99 objectSid: ${DOMAINSID}-512
 100 adminCount: 1
 101 sAMAccountName: Domain Admins
 102 isCriticalSystemObject: TRUE
 103
 104 dn: CN=Domain Users,CN=Users,${DOMAINDN}
 105 objectClass: top
 106 objectClass: group
 107 cn: Domain Users
 108 description: All domain users
 109 objectSid: ${DOMAINSID}-513
 110 sAMAccountName: Domain Users
 111 isCriticalSystemObject: TRUE
 112
 113 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
 114 objectClass: top
 115 objectClass: group
 116 cn: Domain Guests
 117 description: All domain guests
 118 objectSid: ${DOMAINSID}-514
 119 sAMAccountName: Domain Guests
 120 isCriticalSystemObject: TRUE
 121
 122 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
 123 objectClass: top
 124 objectClass: group
 125 cn: Group Policy Creator Owners
 126 description: Members in this group can modify group policy for the domain
 127 member: CN=Administrator,CN=Users,${DOMAINDN}
 128 objectSid: ${DOMAINSID}-520
 129 sAMAccountName: Group Policy Creator Owners
 130 isCriticalSystemObject: TRUE
 131
 132 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
 133 objectClass: top
 134 objectClass: group
 135 cn: RAS and IAS Servers
 136 description: Servers in this group can access remote access properties of users
 137 instanceType: 4
 138 objectSid: ${DOMAINSID}-553
 139 sAMAccountName: RAS and IAS Servers
 140 sAMAccountType: 536870912
 141 groupType: 2147483652
 142 isCriticalSystemObject: TRUE
 143
 144 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
 145 objectClass: top
 146 objectClass: group
 147 cn: Administrators
 148 description: Administrators have complete and unrestricted access to the computer/domain
 149 member: CN=Domain Admins,CN=Users,${DOMAINDN}
 150 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
 151 member: CN=Administrator,CN=Users,${DOMAINDN}
 152 objectSid: S-1-5-32-544
 153 adminCount: 1
 154 sAMAccountName: Administrators
 155 sAMAccountType: 536870912
 156 systemFlags: 2348810240
 157 groupType: 2147483653
 158 isCriticalSystemObject: TRUE
 159 privilege: SeSecurityPrivilege
 160 privilege: SeBackupPrivilege
 161 privilege: SeRestorePrivilege
 162 privilege: SeSystemtimePrivilege
 163 privilege: SeShutdownPrivilege
 164 privilege: SeRemoteShutdownPrivilege
 165 privilege: SeTakeOwnershipPrivilege
 166 privilege: SeDebugPrivilege
 167 privilege: SeSystemEnvironmentPrivilege
 168 privilege: SeSystemProfilePrivilege
 169 privilege: SeProfileSingleProcessPrivilege
 170 privilege: SeIncreaseBasePriorityPrivilege
 171 privilege: SeLoadDriverPrivilege
 172 privilege: SeCreatePagefilePrivilege
 173 privilege: SeIncreaseQuotaPrivilege
 174 privilege: SeChangeNotifyPrivilege
 175 privilege: SeUndockPrivilege
 176 privilege: SeManageVolumePrivilege
 177 privilege: SeImpersonatePrivilege
 178 privilege: SeCreateGlobalPrivilege
 179 privilege: SeEnableDelegationPrivilege
 180 privilege: SeInteractiveLogonRight
 181 privilege: SeNetworkLogonRight
 182 privilege: SeRemoteInteractiveLogonRight
 183
 184 dn: CN=Users,CN=Builtin,${DOMAINDN}
 185 objectClass: top
 186 objectClass: group
 187 cn: Users
 188 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
 189 member: CN=Domain Users,CN=Users,${DOMAINDN}
 190 objectSid: S-1-5-32-545
 191 sAMAccountName: Users
 192 sAMAccountType: 536870912
 193 systemFlags: 2348810240
 194 groupType: 2147483653
 195 isCriticalSystemObject: TRUE
 196
 197 dn: CN=Guests,CN=Builtin,${DOMAINDN}
 198 objectClass: top
 199 objectClass: group
 200 cn: Guests
 201 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
 202 member: CN=Domain Guests,CN=Users,${DOMAINDN}
 203 member: CN=Guest,CN=Users,${DOMAINDN}
 204 objectSid: S-1-5-32-546
 205 sAMAccountName: Guests
 206 sAMAccountType: 536870912
 207 systemFlags: 2348810240
 208 groupType: 2147483653
 209 isCriticalSystemObject: TRUE
 210
 211 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
 212 objectClass: top
 213 objectClass: group
 214 cn: Print Operators
 215 description: Members can administer domain printers
 216 objectSid: S-1-5-32-550
 217 adminCount: 1
 218 sAMAccountName: Print Operators
 219 sAMAccountType: 536870912
 220 systemFlags: 2348810240
 221 groupType: 2147483653
 222 isCriticalSystemObject: TRUE
 223 privilege: SeLoadDriverPrivilege
 224 privilege: SeShutdownPrivilege
 225 privilege: SeInteractiveLogonRight
 226
 227 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
 228 objectClass: top
 229 objectClass: group
 230 cn: Backup Operators
 231 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
 232 objectSid: S-1-5-32-551
 233 adminCount: 1
 234 sAMAccountName: Backup Operators
 235 sAMAccountType: 536870912
 236 systemFlags: 2348810240
 237 groupType: 2147483653
 238 isCriticalSystemObject: TRUE
 239 privilege: SeBackupPrivilege
 240 privilege: SeRestorePrivilege
 241 privilege: SeShutdownPrivilege
 242 privilege: SeInteractiveLogonRight
 243
 244 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
 245 objectClass: top
 246 objectClass: group
 247 cn: Replicator
 248 description: Supports file replication in a domain
 249 objectSid: S-1-5-32-552
 250 adminCount: 1
 251 sAMAccountName: Replicator
 252 sAMAccountType: 536870912
 253 systemFlags: 2348810240
 254 groupType: 2147483653
 255 isCriticalSystemObject: TRUE
 256
 257 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
 258 objectClass: top
 259 objectClass: group
 260 cn: Remote Desktop Users
 261 description: Members in this group are granted the right to logon remotely
 262 objectSid: S-1-5-32-555
 263 sAMAccountName: Remote Desktop Users
 264 sAMAccountType: 536870912
 265 systemFlags: 2348810240
 266 groupType: 2147483653
 267 isCriticalSystemObject: TRUE
 268
 269 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
 270 objectClass: top
 271 objectClass: group
 272 cn: Network Configuration Operators
 273 description: Members in this group can have some administrative privileges to manage configuration of networking features
 274 objectSid: S-1-5-32-556
 275 sAMAccountName: Network Configuration Operators
 276 sAMAccountType: 536870912
 277 systemFlags: 2348810240
 278 groupType: 2147483653
 279 isCriticalSystemObject: TRUE
 280
 281 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
 282 objectClass: top
 283 objectClass: group
 284 cn: Performance Monitor Users
 285 description: Members of this group have remote access to monitor this computer
 286 objectSid: S-1-5-32-558
 287 sAMAccountName: Performance Monitor Users
 288 sAMAccountType: 536870912
 289 systemFlags: 2348810240
 290 groupType: 2147483653
 291 isCriticalSystemObject: TRUE
 292
 293 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
 294 objectClass: top
 295 objectClass: group
 296 cn: Performance Log Users
 297 description: Members of this group have remote access to schedule logging of performance counters on this computer
 298 objectSid: S-1-5-32-559
 299 sAMAccountName: Performance Log Users
 300 sAMAccountType: 536870912
 301 systemFlags: 2348810240
 302 groupType: 2147483653
 303 isCriticalSystemObject: TRUE
 304
 305 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
 306 objectClass: top
 307 objectClass: group
 308 cn: Server Operators
 309 description: Members can administer domain servers
 310 instanceType: 4
 311 objectSid: S-1-5-32-549
 312 adminCount: 1
 313 sAMAccountName: Server Operators
 314 sAMAccountType: 536870912
 315 systemFlags: 2348810240
 316 groupType: 2147483653
 317 isCriticalSystemObject: TRUE
 318 privilege: SeBackupPrivilege
 319 privilege: SeSystemtimePrivilege
 320 privilege: SeRemoteShutdownPrivilege
 321 privilege: SeRestorePrivilege
 322 privilege: SeShutdownPrivilege
 323 privilege: SeInteractiveLogonRight
 324
 325 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
 326 objectClass: top
 327 objectClass: group
 328 cn: Account Operators
 329 description: Members can administer domain user and group accounts
 330 instanceType: 4
 331 objectSid: S-1-5-32-548
 332 adminCount: 1
 333 sAMAccountName: Account Operators
 334 sAMAccountType: 536870912
 335 systemFlags: 2348810240
 336 groupType: 2147483653
 337 isCriticalSystemObject: TRUE
 338 privilege: SeInteractiveLogonRight
 339
 340 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
 341 objectClass: top
 342 objectClass: group
 343 cn: Pre-Windows 2000 Compatible Access
 344 description: A backward compatibility group which allows read access on all users and groups in the domain
 345 objectSid: S-1-5-32-554
 346 sAMAccountName: Pre-Windows 2000 Compatible Access
 347 sAMAccountType: 536870912
 348 systemFlags: 2348810240
 349 groupType: 2147483653
 350 isCriticalSystemObject: TRUE
 351 privilege: SeRemoteInteractiveLogonRight
 352 privilege: SeChangeNotifyPrivilege
 353
 354 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
 355 objectClass: top
 356 objectClass: group
 357 cn: Incoming Forest Trust Builders
 358 description: Members of this group can create incoming, one-way trusts to this forest
 359 objectSid: S-1-5-32-557
 360 sAMAccountName: Incoming Forest Trust Builders
 361 sAMAccountType: 536870912
 362 systemFlags: 2348810240
 363 groupType: 2147483653
 364 isCriticalSystemObject: TRUE
 365
 366 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
 367 objectClass: top
 368 objectClass: group
 369 cn: Windows Authorization Access Group
 370 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
 371 objectSid: S-1-5-32-560
 372 sAMAccountName: Windows Authorization Access Group
 373 sAMAccountType: 536870912
 374 systemFlags: 2348810240
 375 groupType: 2147483653
 376 isCriticalSystemObject: TRUE
 377
 378 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
 379 objectClass: top
 380 objectClass: group
 381 cn: Terminal Server License Servers
 382 description: Terminal Server License Servers
 383 objectSid: S-1-5-32-561
 384 sAMAccountName: Terminal Server License Servers
 385 sAMAccountType: 536870912
 386 systemFlags: 2348810240
 387 groupType: 2147483653
 388 isCriticalSystemObject: TRUE
 389
 390 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
 391 objectClass: top
 392 objectClass: group
 393 cn: Distributed COM Users
 394 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
 395 objectSid: S-1-5-32-562
 396 sAMAccountName: Distributed COM Users
 397 sAMAccountType: 536870912
 398 systemFlags: 2348810240
 399 groupType: 2147483653
 400 isCriticalSystemObject: TRUE
 401
 402 dn: CN=WellKnown Security Principals,${CONFIGDN}
 403 objectClass: top
 404 objectClass: container
 405 cn: WellKnown Security Principals
 406 systemFlags: 2147483648
 407 showInAdvancedViewOnly: TRUE
 408
 409 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
 410 objectClass: top
 411 objectClass: foreignSecurityPrincipal
 412 cn: Anonymous Logon
 413 objectSid: S-1-5-7
 414 showInAdvancedViewOnly: TRUE
 415
 416 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
 417 objectClass: top
 418 objectClass: foreignSecurityPrincipal
 419 cn: Authenticated Users
 420 objectSid: S-1-5-11
 421 showInAdvancedViewOnly: TRUE
 422
 423 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
 424 objectClass: top
 425 objectClass: foreignSecurityPrincipal
 426 cn: Batch
 427 objectSid: S-1-5-3
 428 showInAdvancedViewOnly: TRUE
 429
 430 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
 431 objectClass: top
 432 objectClass: foreignSecurityPrincipal
 433 cn: Creator Group
 434 objectSid: S-1-3-1
 435 showInAdvancedViewOnly: TRUE
 436
 437 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
 438 objectClass: top
 439 objectClass: foreignSecurityPrincipal
 440 cn: Creator Owner
 441 objectSid: S-1-3-0
 442 showInAdvancedViewOnly: TRUE
 443
 444 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
 445 objectClass: top
 446 objectClass: foreignSecurityPrincipal
 447 cn: Dialup
 448 objectSid: S-1-5-1
 449 showInAdvancedViewOnly: TRUE
 450
 451 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
 452 objectClass: top
 453 objectClass: foreignSecurityPrincipal
 454 cn: Digest Authentication
 455 objectSid: S-1-5-64-21
 456 showInAdvancedViewOnly: TRUE
 457
 458 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
 459 objectClass: top
 460 objectClass: foreignSecurityPrincipal
 461 cn: Enterprise Domain Controllers
 462 objectSid: S-1-5-9
 463 showInAdvancedViewOnly: TRUE
 464
 465 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
 466 objectClass: top
 467 objectClass: foreignSecurityPrincipal
 468 cn: Everyone
 469 objectSid: S-1-1-0
 470 showInAdvancedViewOnly: TRUE
 471
 472 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
 473 objectClass: top
 474 objectClass: foreignSecurityPrincipal
 475 cn: Interactive
 476 objectSid: S-1-5-4
 477 showInAdvancedViewOnly: TRUE
 478
 479 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
 480 objectClass: top
 481 objectClass: foreignSecurityPrincipal
 482 cn: Local Service
 483 objectSid: S-1-5-19
 484 showInAdvancedViewOnly: TRUE
 485
 486 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
 487 objectClass: top
 488 objectClass: foreignSecurityPrincipal
 489 cn: Network
 490 objectSid: S-1-5-2
 491 showInAdvancedViewOnly: TRUE
 492
 493 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
 494 objectClass: top
 495 objectClass: foreignSecurityPrincipal
 496 cn: Network Service
 497 objectSid: S-1-5-20
 498 showInAdvancedViewOnly: TRUE
 499
 500 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
 501 objectClass: top
 502 objectClass: foreignSecurityPrincipal
 503 cn: NTLM Authentication
 504 objectSid: S-1-5-64-10
 505 showInAdvancedViewOnly: TRUE
 506
 507 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
 508 objectClass: top
 509 objectClass: foreignSecurityPrincipal
 510 cn: Other Organization
 511 objectSid: S-1-5-1000
 512 showInAdvancedViewOnly: TRUE
 513
 514 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
 515 objectClass: top
 516 objectClass: foreignSecurityPrincipal
 517 cn: Proxy
 518 objectSid: S-1-5-8
 519 showInAdvancedViewOnly: TRUE
 520
 521 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
 522 objectClass: top
 523 objectClass: foreignSecurityPrincipal
 524 cn: Remote Interactive Logon
 525 objectSid: S-1-5-14
 526 showInAdvancedViewOnly: TRUE
 527
 528 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
 529 objectClass: top
 530 objectClass: foreignSecurityPrincipal
 531 cn: Restricted
 532 objectSid: S-1-5-12
 533 showInAdvancedViewOnly: TRUE
 534
 535 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
 536 objectClass: top
 537 objectClass: foreignSecurityPrincipal
 538 cn: SChannel Authentication
 539 objectSid: S-1-5-64-14
 540 showInAdvancedViewOnly: TRUE
 541
 542 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
 543 objectClass: top
 544 objectClass: foreignSecurityPrincipal
 545 cn: Self
 546 objectSid: S-1-5-10
 547 showInAdvancedViewOnly: TRUE
 548
 549 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
 550 objectClass: top
 551 objectClass: foreignSecurityPrincipal
 552 cn: Service
 553 objectSid: S-1-5-6
 554 showInAdvancedViewOnly: TRUE
 555
 556 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
 557 objectClass: top
 558 objectClass: foreignSecurityPrincipal
 559 cn: Terminal Server User
 560 objectSid: S-1-5-13
 561 showInAdvancedViewOnly: TRUE
 562
 563 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
 564 objectClass: top
 565 objectClass: foreignSecurityPrincipal
 566 cn: This Organization
 567 objectSid: S-1-5-15
 568 showInAdvancedViewOnly: TRUE
 569
 570 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
 571 objectClass: top
 572 objectClass: foreignSecurityPrincipal
 573 cn: Well-Known-Security-Id-System
 574 objectSid: S-1-5-18
 575 showInAdvancedViewOnly: TRUE
 576