3 @IDXATTR: sAMAccountName
8 name: CASE_INSENSITIVE WILDCARD
9 sAMAccountName: CASE_INSENSITIVE WILDCARD
10 objectClass: CASE_INSENSITIVE
19 person: organizationalPerson
20 organizationalPerson: user
22 template: userTemplate
23 template: groupTemplate
28 objectClass: domainDNS
33 objectGUID: ${NEWGUID}
34 creationTime: ${NTTIME}
35 forceLogoff: 0x8000000000000000
36 lockoutDuration: -18000000000
37 lockOutObservationWindow: -18000000000
39 whenCreated: ${LDAPTIME}
40 whenChanged: ${LDAPTIME}
43 maxPwdAge: -37108517437440
46 modifiedCountAtLastProm: 0
50 objectSid: ${DOMAINSID}
54 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
55 isCriticalSystemObject: TRUE
57 dn: CN=Users,${BASEDN}
59 objectClass: container
61 description: Default container for upgraded user accounts
63 whenCreated: ${LDAPTIME}
64 whenChanged: ${LDAPTIME}
67 showInAdvancedViewOnly: FALSE
69 objectGUID: ${NEWGUID}
70 systemFlags: 0x8c000000
71 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
72 isCriticalSystemObject: TRUE
74 dn: CN=Computers,${BASEDN}
76 objectClass: container
78 description: Default container for upgraded computer accounts
80 whenCreated: ${LDAPTIME}
81 whenChanged: ${LDAPTIME}
84 showInAdvancedViewOnly: FALSE
86 objectGUID: ${NEWGUID}
87 systemFlags: 0x8c000000
88 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
89 isCriticalSystemObject: TRUE
91 dn: OU=Domain Controllers,${BASEDN}
93 objectClass: organizationalUnit
94 ou: Domain Controllers
95 description: Default container for domain controllers
97 whenCreated: ${LDAPTIME}
98 whenChanged: ${LDAPTIME}
101 showInAdvancedViewOnly: FALSE
102 name: Domain Controllers
103 objectGUID: ${NEWGUID}
104 systemFlags: 0x8c000000
105 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
106 isCriticalSystemObject: TRUE
108 dn: CN=ForeignSecurityPrincipals,${BASEDN}
110 objectClass: container
111 cn: ForeignSecurityPrincipals
112 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
114 whenCreated: ${LDAPTIME}
115 whenChanged: ${LDAPTIME}
118 showInAdvancedViewOnly: FALSE
119 name: ForeignSecurityPrincipals
120 objectGUID: ${NEWGUID}
121 systemFlags: 0x8c000000
122 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
123 isCriticalSystemObject: TRUE
125 dn: CN=Builtin,${BASEDN}
127 objectClass: builtinDomain
130 showInAdvancedViewOnly: FALSE
132 forceLogoff: 0x8000000000000000
133 lockoutDuration: -18000000000
134 lockOutObservationWindow: -18000000000
136 maxPwdAge: -37108517437440
139 modifiedCountAtLastProm: 0
147 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
148 isCriticalSystemObject: TRUE
150 dn: CN=Administrator,CN=Users,${BASEDN}
153 objectClass: organizationalPerson
156 description: Built-in account for administering the computer/domain
158 whenCreated: ${LDAPTIME}
159 whenChanged: ${LDAPTIME}
161 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
162 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
163 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
164 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
165 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
168 objectGUID: ${NEWGUID}
169 userAccountControl: 0x10200
178 objectSid: ${DOMAINSID}-500
182 sAMAccountName: Administrator
183 sAMAccountType: 0x30000000
184 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
185 isCriticalSystemObject: TRUE
187 dn: CN=Guest,CN=Users,${BASEDN}
190 objectClass: organizationalPerson
193 description: Built-in account for guest access to the computer/domain
195 whenCreated: ${LDAPTIME}
196 whenChanged: ${LDAPTIME}
198 memberOf: CN=Guests,CN=Builtin,${BASEDN}
201 objectGUID: ${NEWGUID}
202 userAccountControl: 0x10222
211 objectSid: ${DOMAINSID}-501
214 sAMAccountName: Guest
215 sAMAccountType: 0x30000000
216 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
217 isCriticalSystemObject: TRUE
219 dn: CN=Administrators,CN=Builtin,${BASEDN}
223 description: Administrators have complete and unrestricted access to the computer/domain
224 member: CN=Domain Admins,CN=Users,${BASEDN}
225 member: CN=Enterprise Admins,CN=Users,${BASEDN}
226 member: CN=Administrator,CN=Users,${BASEDN}
228 whenCreated: ${LDAPTIME}
229 whenChanged: ${LDAPTIME}
233 objectGUID: ${NEWGUID}
234 objectSid: S-1-5-32-544
236 sAMAccountName: Administrators
237 sAMAccountType: 0x20000000
238 systemFlags: 0x8c000000
239 groupType: 0x80000005
240 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
241 isCriticalSystemObject: TRUE
243 dn: CN=Users,CN=Builtin,${BASEDN}
247 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
248 member: CN=Domain Users,CN=Users,${BASEDN}
250 whenCreated: ${LDAPTIME}
251 whenChanged: ${LDAPTIME}
255 objectGUID: ${NEWGUID}
256 objectSid: S-1-5-32-545
257 sAMAccountName: Users
258 sAMAccountType: 0x20000000
259 systemFlags: 0x8c000000
260 groupType: 0x80000005
261 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
262 isCriticalSystemObject: TRUE
264 dn: CN=Guests,CN=Builtin,${BASEDN}
268 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
269 member: CN=Domain Guests,CN=Users,${BASEDN}
270 member: CN=Guest,CN=Users,${BASEDN}
272 whenCreated: ${LDAPTIME}
273 whenChanged: ${LDAPTIME}
277 objectGUID: ${NEWGUID}
278 objectSid: S-1-5-32-546
279 sAMAccountName: Guests
280 sAMAccountType: 0x20000000
281 systemFlags: 0x8c000000
282 groupType: 0x80000005
283 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
284 isCriticalSystemObject: TRUE
286 dn: CN=Print Operators,CN=Builtin,${BASEDN}
290 description: Members can administer domain printers
292 whenCreated: ${LDAPTIME}
293 whenChanged: ${LDAPTIME}
296 name: Print Operators
297 objectGUID: ${NEWGUID}
298 objectSid: S-1-5-32-550
300 sAMAccountName: Print Operators
301 sAMAccountType: 0x20000000
302 systemFlags: 0x8c000000
303 groupType: 0x80000005
304 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
305 isCriticalSystemObject: TRUE
307 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
311 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
313 whenCreated: ${LDAPTIME}
314 whenChanged: ${LDAPTIME}
317 name: Backup Operators
318 objectGUID: ${NEWGUID}
319 objectSid: S-1-5-32-551
321 sAMAccountName: Backup Operators
322 sAMAccountType: 0x20000000
323 systemFlags: 0x8c000000
324 groupType: 0x80000005
325 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
326 isCriticalSystemObject: TRUE
328 dn: CN=Replicator,CN=Builtin,${BASEDN}
332 description: Supports file replication in a domain
334 whenCreated: ${LDAPTIME}
335 whenChanged: ${LDAPTIME}
339 objectGUID: ${NEWGUID}
340 objectSid: S-1-5-32-552
342 sAMAccountName: Replicator
343 sAMAccountType: 0x20000000
344 systemFlags: 0x8c000000
345 groupType: 0x80000005
346 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
347 isCriticalSystemObject: TRUE
349 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
352 cn: Remote Desktop Users
353 description: Members in this group are granted the right to logon remotely
355 whenCreated: ${LDAPTIME}
356 whenChanged: ${LDAPTIME}
359 name: Remote Desktop Users
360 objectGUID: ${NEWGUID}
361 objectSid: S-1-5-32-555
362 sAMAccountName: Remote Desktop Users
363 sAMAccountType: 0x20000000
364 systemFlags: 0x8c000000
365 groupType: 0x80000005
366 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
367 isCriticalSystemObject: TRUE
369 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
372 cn: Network Configuration Operators
373 description: Members in this group can have some administrative privileges to manage configuration of networking features
375 whenCreated: ${LDAPTIME}
376 whenChanged: ${LDAPTIME}
379 name: Network Configuration Operators
380 objectGUID: ${NEWGUID}
381 objectSid: S-1-5-32-556
382 sAMAccountName: Network Configuration Operators
383 sAMAccountType: 0x20000000
384 systemFlags: 0x8c000000
385 groupType: 0x80000005
386 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
387 isCriticalSystemObject: TRUE
389 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
392 cn: Performance Monitor Users
393 description: Members of this group have remote access to monitor this computer
395 whenCreated: ${LDAPTIME}
396 whenChanged: ${LDAPTIME}
399 name: Performance Monitor Users
400 objectGUID: ${NEWGUID}
401 objectSid: S-1-5-32-558
402 sAMAccountName: Performance Monitor Users
403 sAMAccountType: 0x20000000
404 systemFlags: 0x8c000000
405 groupType: 0x80000005
406 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
407 isCriticalSystemObject: TRUE
409 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
412 cn: Performance Log Users
413 description: Members of this group have remote access to schedule logging of performance counters on this computer
415 whenCreated: ${LDAPTIME}
416 whenChanged: ${LDAPTIME}
419 name: Performance Log Users
420 objectGUID: ${NEWGUID}
421 objectSid: S-1-5-32-559
422 sAMAccountName: Performance Log Users
423 sAMAccountType: 0x20000000
424 systemFlags: 0x8c000000
425 groupType: 0x80000005
426 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
427 isCriticalSystemObject: TRUE
429 dn: CN=${HOSTNAME},OU=Domain Controllers,${BASEDN}
432 objectClass: organizationalPerson
434 objectClass: computer
437 whenCreated: ${LDAPTIME}
438 whenChanged: ${LDAPTIME}
442 objectGUID: ${NEWGUID}
443 userAccountControl: 532480
449 lastLogon: 127273269057298624
451 pwdLastSet: 127258826171655328
453 objectSid: ${DOMAINSID}-1000
454 accountExpires: 9223372036854775807
456 sAMAccountName: ${HOSTNAME}$
457 sAMAccountType: 805306369
458 operatingSystem: Samba
459 operatingSystemVersion: 4.0
460 dNSHostName: ${DNSNAME}
461 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
462 isCriticalSystemObject: TRUE
464 dn: CN=krbtgt,CN=Users,${BASEDN}
467 objectClass: organizationalPerson
470 description: Key Distribution Center Service Account
472 whenCreated: ${LDAPTIME}
473 whenChanged: ${LDAPTIME}
476 showInAdvancedViewOnly: TRUE
478 objectGUID: ${NEWGUID}
479 userAccountControl: 514
486 pwdLastSet: 127258826179466560
488 objectSid: ${DOMAINSID}-502
490 accountExpires: 9223372036854775807
492 sAMAccountName: krbtgt
493 sAMAccountType: 805306368
494 servicePrincipalName: kadmin/changepw
495 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
496 isCriticalSystemObject: TRUE
498 dn: CN=Domain Computers,CN=Users,${BASEDN}
502 description: All workstations and servers joined to the domain
504 whenCreated: ${LDAPTIME}
505 whenChanged: ${LDAPTIME}
508 name: Domain Computers
509 objectGUID: ${NEWGUID}
510 objectSid: ${DOMAINSID}-515
511 sAMAccountName: Domain Computers
512 sAMAccountType: 268435456
513 groupType: -2147483646
514 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
515 isCriticalSystemObject: TRUE
517 dn: CN=Domain Controllers,CN=Users,${BASEDN}
520 cn: Domain Controllers
521 description: All domain controllers in the domain
523 whenCreated: ${LDAPTIME}
524 whenChanged: ${LDAPTIME}
527 name: Domain Controllers
528 objectGUID: ${NEWGUID}
529 objectSid: ${DOMAINSID}-516
531 sAMAccountName: Domain Controllers
532 sAMAccountType: 268435456
533 groupType: -2147483646
534 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
535 isCriticalSystemObject: TRUE
537 dn: CN=Schema Admins,CN=Users,${BASEDN}
541 description: Designated administrators of the schema
542 member: CN=Administrator,CN=Users,${BASEDN}
544 whenCreated: ${LDAPTIME}
545 whenChanged: ${LDAPTIME}
549 objectGUID: ${NEWGUID}
550 objectSid: ${DOMAINSID}-518
552 sAMAccountName: Schema Admins
553 sAMAccountType: 268435456
554 groupType: -2147483646
555 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
556 isCriticalSystemObject: TRUE
558 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
561 cn: Enterprise Admins
562 description: Designated administrators of the enterprise
563 member: CN=Administrator,CN=Users,${BASEDN}
565 whenCreated: ${LDAPTIME}
566 whenChanged: ${LDAPTIME}
568 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
570 name: Enterprise Admins
571 objectGUID: ${NEWGUID}
572 objectSid: ${DOMAINSID}-519
574 sAMAccountName: Enterprise Admins
575 sAMAccountType: 268435456
576 groupType: -2147483646
577 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
578 isCriticalSystemObject: TRUE
580 dn: CN=Cert Publishers,CN=Users,${BASEDN}
584 description: Members of this group are permitted to publish certificates to the Active Directory
586 whenCreated: ${LDAPTIME}
587 whenChanged: ${LDAPTIME}
590 name: Cert Publishers
591 objectGUID: ${NEWGUID}
592 objectSid: ${DOMAINSID}-517
593 sAMAccountName: Cert Publishers
594 sAMAccountType: 0x20000000
595 groupType: -2147483644
596 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
597 isCriticalSystemObject: TRUE
599 dn: CN=Domain Admins,CN=Users,${BASEDN}
603 description: Designated administrators of the domain
604 member: CN=Administrator,CN=Users,${BASEDN}
606 whenCreated: ${LDAPTIME}
607 whenChanged: ${LDAPTIME}
609 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
612 objectGUID: ${NEWGUID}
613 objectSid: ${DOMAINSID}-512
615 sAMAccountName: Domain Admins
616 sAMAccountType: 268435456
617 groupType: -2147483646
618 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
619 isCriticalSystemObject: TRUE
621 dn: CN=Domain Users,CN=Users,${BASEDN}
625 description: All domain users
627 whenCreated: ${LDAPTIME}
628 whenChanged: ${LDAPTIME}
630 memberOf: CN=Users,CN=Builtin,${BASEDN}
633 objectGUID: ${NEWGUID}
634 objectSid: ${DOMAINSID}-513
635 sAMAccountName: Domain Users
636 sAMAccountType: 268435456
637 groupType: -2147483646
638 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
639 isCriticalSystemObject: TRUE
641 dn: CN=Domain Guests,CN=Users,${BASEDN}
645 description: All domain guests
647 whenCreated: ${LDAPTIME}
648 whenChanged: ${LDAPTIME}
650 memberOf: CN=Guests,CN=Builtin,${BASEDN}
653 objectGUID: ${NEWGUID}
654 objectSid: ${DOMAINSID}-514
655 sAMAccountName: Domain Guests
656 sAMAccountType: 268435456
657 groupType: -2147483646
658 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
659 isCriticalSystemObject: TRUE
661 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
664 cn: Group Policy Creator Owners
665 description: Members in this group can modify group policy for the domain
666 member: CN=Administrator,CN=Users,${BASEDN}
668 whenCreated: ${LDAPTIME}
669 whenChanged: ${LDAPTIME}
672 name: Group Policy Creator Owners
673 objectGUID: ${NEWGUID}
674 objectSid: ${DOMAINSID}-520
675 sAMAccountName: Group Policy Creator Owners
676 sAMAccountType: 268435456
677 groupType: -2147483646
678 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
679 isCriticalSystemObject: TRUE
681 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
684 cn: RAS and IAS Servers
685 description: Servers in this group can access remote access properties of users
687 whenCreated: ${LDAPTIME}
688 whenChanged: ${LDAPTIME}
691 name: RAS and IAS Servers
692 objectGUID: ${NEWGUID}
693 objectSid: ${DOMAINSID}-553
694 sAMAccountName: RAS and IAS Servers
695 sAMAccountType: 0x20000000
696 groupType: -2147483644
697 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
698 isCriticalSystemObject: TRUE
700 dn: CN=Server Operators,CN=Builtin,${BASEDN}
704 description: Members can administer domain servers
706 whenCreated: ${LDAPTIME}
707 whenChanged: ${LDAPTIME}
710 name: Server Operators
711 objectGUID: ${NEWGUID}
712 objectSid: S-1-5-32-549
714 sAMAccountName: Server Operators
715 sAMAccountType: 0x20000000
716 systemFlags: 0x8c000000
717 groupType: 0x80000005
718 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
719 isCriticalSystemObject: TRUE
721 dn: CN=Account Operators,CN=Builtin,${BASEDN}
724 cn: Account Operators
725 description: Members can administer domain user and group accounts
727 whenCreated: ${LDAPTIME}
728 whenChanged: ${LDAPTIME}
731 name: Account Operators
732 objectGUID: ${NEWGUID}
733 objectSid: S-1-5-32-548
735 sAMAccountName: Account Operators
736 sAMAccountType: 0x20000000
737 systemFlags: 0x8c000000
738 groupType: 0x80000005
739 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
740 isCriticalSystemObject: TRUE
742 dn: CN=Templates,${BASEDN}
744 objectClass: container
746 description: Container for SAM account templates
748 whenCreated: ${LDAPTIME}
749 whenChanged: ${LDAPTIME}
752 showInAdvancedViewOnly: FALSE
754 objectGUID: ${NEWGUID}
755 systemFlags: 0x8c000000
756 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
757 isCriticalSystemObject: TRUE
760 # note! the template users must not match normal searches. Be careful
761 # with what classes you put them in
764 dn: CN=TemplateUser,CN=Templates,${BASEDN}
767 objectClass: organizationalPerson
768 objectClass: Template
769 objectClass: userTemplate
773 userAccountControl: 0x202
784 sAMAccountType: 0x30000000
786 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
788 objectClass: Template
789 objectClass: userTemplate
790 cn: TemplateMemberServer
791 name: TemplateMemberServer
793 userAccountControl: 0x1002
804 sAMAccountType: 0x30000001
806 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
808 objectClass: Template
809 objectClass: userTemplate
810 cn: TemplateDomainController
811 name: TemplateDomainController
813 userAccountControl: 0x2002
824 sAMAccountType: 0x30000001
826 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
828 objectClass: Template
829 objectClass: groupTemplate
833 sAMAccountType: 0x10000000