@IDXATTR: sAMAccountName
@IDXATTR: objectSid
@IDXATTR: objectClass
+@IDXATTR: member
+@IDXATTR: unixID
+@IDXATTR: unixName
+@IDXATTR: privilege
dn: @ATTRIBUTES
+realm: CASE_INSENSITIVE
+userPrincipalName: CASE_INSENSITIVE
+servicePrincipalName: CASE_INSENSITIVE
name: CASE_INSENSITIVE WILDCARD
+dn: CASE_INSENSITIVE WILDCARD
sAMAccountName: CASE_INSENSITIVE WILDCARD
objectClass: CASE_INSENSITIVE
-numMembers: HIDDEN
+unicodePwd: HIDDEN
+ntPwdHash: HIDDEN
+ntPwdHistory: HIDDEN
+lmPwdHash: HIDDEN
+lmPwdHistory: HIDDEN
+createTimestamp: HIDDEN
+modifyTimestamp: HIDDEN
dn: @SUBCLASSES
top: domain
template: userTemplate
template: groupTemplate
+dn: @MODULES
+@MODULE: timestamps
+
dn: ${BASEDN}
objectClass: top
objectClass: domain
objectClass: domainDNS
name: ${DOMAIN}
+realm: ${REALM}
+dnsDomain: ${DNSDOMAIN}
dc: ${DOMAIN}
-objectGUID: ${NEWGUID}
+objectGUID: ${DOMAINGUID}
creationTime: ${NTTIME}
forceLogoff: 0x8000000000000000
lockoutDuration: -18000000000
pwdHistoryLength: 24
objectSid: ${DOMAINSID}
serverState: 1
+nTMixedDomain: 1
uASCompat: 1
modifiedCount: 1
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
sAMAccountType: 0x30000000
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unicodePwd: ${ADMINPASS}
+unixName: root
dn: CN=Guest,CN=Users,${BASEDN}
objectClass: top
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unixName: ${WHEEL}
+privilege: SeSecurityPrivilege
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeTakeOwnershipPrivilege
+privilege: SeDebugPrivilege
+privilege: SeSystemEnvironmentPrivilege
+privilege: SeSystemProfilePrivilege
+privilege: SeProfileSingleProcessPrivilege
+privilege: SeIncreaseBasePriorityPrivilege
+privilege: SeLoadDriverPrivilege
+privilege: SeCreatePagefilePrivilege
+privilege: SeIncreaseQuotaPrivilege
+privilege: SeChangeNotifyPrivilege
+privilege: SeUndockPrivilege
+privilege: SeManageVolumePrivilege
+privilege: SeImpersonatePrivilege
+privilege: SeCreateGlobalPrivilege
+privilege: SeEnableDelegationPrivilege
+privilege: SeInteractiveLogonRight
+privilege: SeNetworkLogonRight
+privilege: SeRemoteInteractiveLogonRight
+
dn: CN=Users,CN=Builtin,${BASEDN}
objectClass: top
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unixName: ${NOGROUP}
dn: CN=Print Operators,CN=Builtin,${BASEDN}
objectClass: top
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeLoadDriverPrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
dn: CN=Backup Operators,CN=Builtin,${BASEDN}
objectClass: top
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
dn: CN=Replicator,CN=Builtin,${BASEDN}
objectClass: top
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
-dn: CN=${HOSTNAME},OU=Domain Controllers,${BASEDN}
+dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
-cn: ${HOSTNAME}
+cn: ${NETBIOSNAME}
instanceType: 4
whenCreated: ${LDAPTIME}
whenChanged: ${LDAPTIME}
uSNCreated: 1
uSNChanged: 1
-name: ${HOSTNAME}
-objectGUID: ${NEWGUID}
+name: ${NETBIOSNAME}
+objectGUID: ${HOSTGUID}
userAccountControl: 532480
badPwdCount: 0
codePage: 0
objectSid: ${DOMAINSID}-1000
accountExpires: 9223372036854775807
logonCount: 30
-sAMAccountName: ${HOSTNAME}$
+sAMAccountName: ${NETBIOSNAME}$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0
dNSHostName: ${DNSNAME}
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unicodePwd: ${RANDPASS}
+servicePrincipalName: HOST/${DNSNAME}
+servicePrincipalName: HOST/${NETBIOSNAME}
+servicePrincipalName: CIFS/${DNSNAME}
+servicePrincipalName: CIFS/${NETBIOSNAME}
+servicePrincipalName: LDAP/${DNSNAME}
+servicePrincipalName: LDAP/${NETBIOSNAME}
dn: CN=krbtgt,CN=Users,${BASEDN}
objectClass: top
servicePrincipalName: kadmin/changepw
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unicodePwd: ${RANDPASS}
dn: CN=Domain Computers,CN=Users,${BASEDN}
objectClass: top
objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-515
sAMAccountName: Domain Computers
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectSid: ${DOMAINSID}-516
adminCount: 1
sAMAccountName: Domain Controllers
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectSid: ${DOMAINSID}-518
adminCount: 1
sAMAccountName: Schema Admins
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unixName: ${WHEEL}
dn: CN=Enterprise Admins,CN=Users,${BASEDN}
objectClass: top
objectSid: ${DOMAINSID}-519
adminCount: 1
sAMAccountName: Enterprise Admins
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unixName: ${WHEEL}
dn: CN=Cert Publishers,CN=Users,${BASEDN}
objectClass: top
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
sAMAccountType: 0x20000000
-groupType: -2147483644
+groupType: 0x80000004
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectSid: ${DOMAINSID}-512
adminCount: 1
sAMAccountName: Domain Admins
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unixName: ${WHEEL}
dn: CN=Domain Users,CN=Users,${BASEDN}
objectClass: top
objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-513
sAMAccountName: Domain Users
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unixName: ${USERS}
dn: CN=Domain Guests,CN=Users,${BASEDN}
objectClass: top
objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-514
sAMAccountName: Domain Guests
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectGUID: ${NEWGUID}
objectSid: ${DOMAINSID}-520
sAMAccountName: Group Policy Creator Owners
-sAMAccountType: 268435456
-groupType: -2147483646
+sAMAccountType: 0x10000000
+groupType: 0x80000002
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+unixName: ${WHEEL}
dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
objectClass: top
objectSid: ${DOMAINSID}-553
sAMAccountName: RAS and IAS Servers
sAMAccountType: 0x20000000
-groupType: -2147483644
+groupType: 0x80000004
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
dn: CN=Account Operators,CN=Builtin,${BASEDN}
objectClass: top
groupType: 0x80000005
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+privilege: SeInteractiveLogonRight
dn: CN=Templates,${BASEDN}
objectClass: top
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
+###
+# note! the template users must not match normal searches. Be careful
+# with what classes you put them in
+###
+
dn: CN=TemplateUser,CN=Templates,${BASEDN}
objectClass: top
objectClass: person
cn: TemplateUser
name: TemplateUser
instanceType: 4
-userAccountControl: 0x222
+userAccountControl: 0x202
badPwdCount: 0
codePage: 0
countryCode: 0
logonCount: 0
sAMAccountType: 0x30000000
+dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateMemberServer
+name: TemplateMemberServer
+instanceType: 4
+userAccountControl: 0x1002
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000001
+
+dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateDomainController
+name: TemplateDomainController
+instanceType: 4
+userAccountControl: 0x2002
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000001
+
+dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateTrustingDomain
+name: TemplateTrustingDomain
+instanceType: 4
+userAccountControl: 0x820
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 0x30000002
+
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
objectClass: top
objectClass: Template
cn: TemplateGroup
name: TemplateGroup
instanceType: 4
+groupType: 0x80000002
sAMAccountType: 0x10000000
+
+dn: CN=TemplateAlias,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: aliasTemplate
+cn: TemplateAlias
+name: TemplateAlias
+instanceType: 4
+groupType: 0x80000004
+sAMAccountType: 0x10000000
+
+dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
+objectClass: top
+objectClass: Template
+objectClass: foreignSecurityPrincipalTemplate
+cn: TemplateForeignSecurityPrincipal
+name: TemplateForeignSecurityPrincipal