65975d2b7d7dbf9ccac82566d2a96733dc011485
[samba.git] / source / provision.ldif
1 dn: @INDEXLIST
2 @IDXATTR: name
3 @IDXATTR: sAMAccountName
4 @IDXATTR: objectSid
5 @IDXATTR: objectClass
6 @IDXATTR: member
7 @IDXATTR: unixID
8 @IDXATTR: unixName
9
10 dn: @ATTRIBUTES
11 realm: CASE_INSENSITIVE
12 userPrincipalName: CASE_INSENSITIVE
13 servicePrincipalName: CASE_INSENSITIVE
14 name: CASE_INSENSITIVE WILDCARD
15 dn: CASE_INSENSITIVE WILDCARD
16 sAMAccountName: CASE_INSENSITIVE WILDCARD
17 objectClass: CASE_INSENSITIVE
18 unicodePwd: HIDDEN
19 ntPwdHash: HIDDEN
20 ntPwdHistory: HIDDEN
21 lmPwdHash: HIDDEN
22 lmPwdHistory: HIDDEN
23 createTimestamp: HIDDEN
24 modifyTimestamp: HIDDEN
25
26 dn: @SUBCLASSES
27 top: domain
28 top: person
29 top: group
30 domain: domainDNS
31 domain: builtinDomain
32 person: organizationalPerson
33 organizationalPerson: user
34 user: computer
35 template: userTemplate
36 template: groupTemplate
37
38 dn: @MODULES
39 @MODULE: timestamps
40
41 dn: ${BASEDN}
42 objectClass: top
43 objectClass: domain
44 objectClass: domainDNS
45 name: ${DOMAIN}
46 realm: ${REALM}
47 dnsDomain: ${DNSDOMAIN}
48 dc: ${DOMAIN}
49 objectGUID: ${DOMAINGUID}
50 creationTime: ${NTTIME}
51 forceLogoff: 0x8000000000000000
52 lockoutDuration: -18000000000
53 lockOutObservationWindow: -18000000000
54 lockoutThreshold: 0
55 whenCreated: ${LDAPTIME}
56 whenChanged: ${LDAPTIME}
57 uSNCreated: 1
58 uSNChanged: 1
59 maxPwdAge: -37108517437440
60 minPwdAge: 0
61 minPwdLength: 7
62 modifiedCountAtLastProm: 0
63 nextRid: 1001
64 pwdProperties: 1
65 pwdHistoryLength: 24
66 objectSid: ${DOMAINSID}
67 serverState: 1
68 uASCompat: 1
69 modifiedCount: 1
70 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
71 isCriticalSystemObject: TRUE
72
73 dn: CN=Users,${BASEDN}
74 objectClass: top
75 objectClass: container
76 cn: Users
77 description: Default container for upgraded user accounts
78 instanceType: 4
79 whenCreated: ${LDAPTIME}
80 whenChanged: ${LDAPTIME}
81 uSNCreated: 1
82 uSNChanged: 1
83 showInAdvancedViewOnly: FALSE
84 name: Users
85 objectGUID: ${NEWGUID}
86 systemFlags: 0x8c000000
87 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
88 isCriticalSystemObject: TRUE
89
90 dn: CN=Computers,${BASEDN}
91 objectClass: top
92 objectClass: container
93 cn: Computers
94 description: Default container for upgraded computer accounts
95 instanceType: 4
96 whenCreated: ${LDAPTIME}
97 whenChanged: ${LDAPTIME}
98 uSNCreated: 1
99 uSNChanged: 1
100 showInAdvancedViewOnly: FALSE
101 name: Computers
102 objectGUID: ${NEWGUID}
103 systemFlags: 0x8c000000
104 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
105 isCriticalSystemObject: TRUE
106
107 dn: OU=Domain Controllers,${BASEDN}
108 objectClass: top
109 objectClass: organizationalUnit
110 ou: Domain Controllers
111 description: Default container for domain controllers
112 instanceType: 4
113 whenCreated: ${LDAPTIME}
114 whenChanged: ${LDAPTIME}
115 uSNCreated: 1
116 uSNChanged: 1
117 showInAdvancedViewOnly: FALSE
118 name: Domain Controllers
119 objectGUID: ${NEWGUID}
120 systemFlags: 0x8c000000
121 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
122 isCriticalSystemObject: TRUE
123
124 dn: CN=ForeignSecurityPrincipals,${BASEDN}
125 objectClass: top
126 objectClass: container
127 cn: ForeignSecurityPrincipals
128 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
129 instanceType: 4
130 whenCreated: ${LDAPTIME}
131 whenChanged: ${LDAPTIME}
132 uSNCreated: 1
133 uSNChanged: 1
134 showInAdvancedViewOnly: FALSE
135 name: ForeignSecurityPrincipals
136 objectGUID: ${NEWGUID}
137 systemFlags: 0x8c000000
138 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
139 isCriticalSystemObject: TRUE
140
141 dn: CN=Builtin,${BASEDN}
142 objectClass: top
143 objectClass: builtinDomain
144 cn: Builtin
145 instanceType: 4
146 showInAdvancedViewOnly: FALSE
147 name: Builtin
148 forceLogoff: 0x8000000000000000
149 lockoutDuration: -18000000000
150 lockOutObservationWindow: -18000000000
151 lockoutThreshold: 0
152 maxPwdAge: -37108517437440
153 minPwdAge: 0
154 minPwdLength: 0
155 modifiedCountAtLastProm: 0
156 nextRid: 1000
157 pwdProperties: 0
158 pwdHistoryLength: 0
159 objectSid: S-1-5-32
160 serverState: 1
161 uASCompat: 1
162 modifiedCount: 1
163 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
164 isCriticalSystemObject: TRUE
165
166 dn: CN=Administrator,CN=Users,${BASEDN}
167 objectClass: top
168 objectClass: person
169 objectClass: organizationalPerson
170 objectClass: user
171 cn: Administrator
172 description: Built-in account for administering the computer/domain
173 instanceType: 4
174 whenCreated: ${LDAPTIME}
175 whenChanged: ${LDAPTIME}
176 uSNCreated: 1
177 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
178 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
179 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
180 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
181 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
182 uSNChanged: 1
183 name: Administrator
184 objectGUID: ${NEWGUID}
185 userAccountControl: 0x10200
186 badPwdCount: 0
187 codePage: 0
188 countryCode: 0
189 badPasswordTime: 0
190 lastLogoff: 0
191 lastLogon: 0
192 pwdLastSet: 0
193 primaryGroupID: 513
194 objectSid: ${DOMAINSID}-500
195 adminCount: 1
196 accountExpires: -1
197 logonCount: 0
198 sAMAccountName: Administrator
199 sAMAccountType: 0x30000000
200 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
201 isCriticalSystemObject: TRUE
202 unicodePwd: ${ADMINPASS}
203 unixName: root
204
205 dn: CN=Guest,CN=Users,${BASEDN}
206 objectClass: top
207 objectClass: person
208 objectClass: organizationalPerson
209 objectClass: user
210 cn: Guest
211 description: Built-in account for guest access to the computer/domain
212 instanceType: 4
213 whenCreated: ${LDAPTIME}
214 whenChanged: ${LDAPTIME}
215 uSNCreated: 1
216 memberOf: CN=Guests,CN=Builtin,${BASEDN}
217 uSNChanged: 1
218 name: Guest
219 objectGUID: ${NEWGUID}
220 userAccountControl: 0x10222
221 badPwdCount: 0
222 codePage: 0
223 countryCode: 0
224 badPasswordTime: 0
225 lastLogoff: 0
226 lastLogon: 0
227 pwdLastSet: 0
228 primaryGroupID: 514
229 objectSid: ${DOMAINSID}-501
230 accountExpires: -1
231 logonCount: 0
232 sAMAccountName: Guest
233 sAMAccountType: 0x30000000
234 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
235 isCriticalSystemObject: TRUE
236
237 dn: CN=Administrators,CN=Builtin,${BASEDN}
238 objectClass: top
239 objectClass: group
240 cn: Administrators
241 description: Administrators have complete and unrestricted access to the computer/domain
242 member: CN=Domain Admins,CN=Users,${BASEDN}
243 member: CN=Enterprise Admins,CN=Users,${BASEDN}
244 member: CN=Administrator,CN=Users,${BASEDN}
245 instanceType: 4
246 whenCreated: ${LDAPTIME}
247 whenChanged: ${LDAPTIME}
248 uSNCreated: 1
249 uSNChanged: 1
250 name: Administrators
251 objectGUID: ${NEWGUID}
252 objectSid: S-1-5-32-544
253 adminCount: 1
254 sAMAccountName: Administrators
255 sAMAccountType: 0x20000000
256 systemFlags: 0x8c000000
257 groupType: 0x80000005
258 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
259 isCriticalSystemObject: TRUE
260 unixName: ${WHEEL}
261 privilege: SeSecurityPrivilege
262 privilege: SeBackupPrivilege
263 privilege: SeRestorePrivilege
264 privilege: SeSystemtimePrivilege
265 privilege: SeShutdownPrivilege
266 privilege: SeRemoteShutdownPrivilege
267 privilege: SeTakeOwnershipPrivilege
268 privilege: SeDebugPrivilege
269 privilege: SeSystemEnvironmentPrivilege
270 privilege: SeSystemProfilePrivilege
271 privilege: SeProfileSingleProcessPrivilege
272 privilege: SeIncreaseBasePriorityPrivilege
273 privilege: SeLoadDriverPrivilege
274 privilege: SeCreatePagefilePrivilege
275 privilege: SeIncreaseQuotaPrivilege
276 privilege: SeChangeNotifyPrivilege
277 privilege: SeUndockPrivilege
278 privilege: SeManageVolumePrivilege
279 privilege: SeImpersonatePrivilege
280 privilege: SeCreateGlobalPrivilege
281 privilege: SeEnableDelegationPrivilege
282 privilege: SeInteractiveLogonRight
283 privilege: SeNetworkLogonRight
284 privilege: SeRemoteInteractiveLogonRight
285
286
287 dn: CN=Users,CN=Builtin,${BASEDN}
288 objectClass: top
289 objectClass: group
290 cn: Users
291 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
292 member: CN=Domain Users,CN=Users,${BASEDN}
293 instanceType: 4
294 whenCreated: ${LDAPTIME}
295 whenChanged: ${LDAPTIME}
296 uSNCreated: 1
297 uSNChanged: 1
298 name: Users
299 objectGUID: ${NEWGUID}
300 objectSid: S-1-5-32-545
301 sAMAccountName: Users
302 sAMAccountType: 0x20000000
303 systemFlags: 0x8c000000
304 groupType: 0x80000005
305 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
306 isCriticalSystemObject: TRUE
307
308 dn: CN=Guests,CN=Builtin,${BASEDN}
309 objectClass: top
310 objectClass: group
311 cn: Guests
312 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
313 member: CN=Domain Guests,CN=Users,${BASEDN}
314 member: CN=Guest,CN=Users,${BASEDN}
315 instanceType: 4
316 whenCreated: ${LDAPTIME}
317 whenChanged: ${LDAPTIME}
318 uSNCreated: 1
319 uSNChanged: 1
320 name: Guests
321 objectGUID: ${NEWGUID}
322 objectSid: S-1-5-32-546
323 sAMAccountName: Guests
324 sAMAccountType: 0x20000000
325 systemFlags: 0x8c000000
326 groupType: 0x80000005
327 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
328 isCriticalSystemObject: TRUE
329 unixName: ${NOGROUP}
330
331 dn: CN=Print Operators,CN=Builtin,${BASEDN}
332 objectClass: top
333 objectClass: group
334 cn: Print Operators
335 description: Members can administer domain printers
336 instanceType: 4
337 whenCreated: ${LDAPTIME}
338 whenChanged: ${LDAPTIME}
339 uSNCreated: 1
340 uSNChanged: 1
341 name: Print Operators
342 objectGUID: ${NEWGUID}
343 objectSid: S-1-5-32-550
344 adminCount: 1
345 sAMAccountName: Print Operators
346 sAMAccountType: 0x20000000
347 systemFlags: 0x8c000000
348 groupType: 0x80000005
349 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
350 isCriticalSystemObject: TRUE
351 privilege: SeLoadDriverPrivilege
352 privilege: SeShutdownPrivilege
353 privilege: SeInteractiveLogonRight
354
355 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
356 objectClass: top
357 objectClass: group
358 cn: Backup Operators
359 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
360 instanceType: 4
361 whenCreated: ${LDAPTIME}
362 whenChanged: ${LDAPTIME}
363 uSNCreated: 1
364 uSNChanged: 1
365 name: Backup Operators
366 objectGUID: ${NEWGUID}
367 objectSid: S-1-5-32-551
368 adminCount: 1
369 sAMAccountName: Backup Operators
370 sAMAccountType: 0x20000000
371 systemFlags: 0x8c000000
372 groupType: 0x80000005
373 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
374 isCriticalSystemObject: TRUE
375 privilege: SeBackupPrivilege
376 privilege: SeRestorePrivilege
377 privilege: SeShutdownPrivilege
378 privilege: SeInteractiveLogonRight
379
380 dn: CN=Replicator,CN=Builtin,${BASEDN}
381 objectClass: top
382 objectClass: group
383 cn: Replicator
384 description: Supports file replication in a domain
385 instanceType: 4
386 whenCreated: ${LDAPTIME}
387 whenChanged: ${LDAPTIME}
388 uSNCreated: 1
389 uSNChanged: 1
390 name: Replicator
391 objectGUID: ${NEWGUID}
392 objectSid: S-1-5-32-552
393 adminCount: 1
394 sAMAccountName: Replicator
395 sAMAccountType: 0x20000000
396 systemFlags: 0x8c000000
397 groupType: 0x80000005
398 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
399 isCriticalSystemObject: TRUE
400
401 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
402 objectClass: top
403 objectClass: group
404 cn: Remote Desktop Users
405 description: Members in this group are granted the right to logon remotely
406 instanceType: 4
407 whenCreated: ${LDAPTIME}
408 whenChanged: ${LDAPTIME}
409 uSNCreated: 1
410 uSNChanged: 1
411 name: Remote Desktop Users
412 objectGUID: ${NEWGUID}
413 objectSid: S-1-5-32-555
414 sAMAccountName: Remote Desktop Users
415 sAMAccountType: 0x20000000
416 systemFlags: 0x8c000000
417 groupType: 0x80000005
418 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
419 isCriticalSystemObject: TRUE
420
421 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
422 objectClass: top
423 objectClass: group
424 cn: Network Configuration Operators
425 description: Members in this group can have some administrative privileges to manage configuration of networking features
426 instanceType: 4
427 whenCreated: ${LDAPTIME}
428 whenChanged: ${LDAPTIME}
429 uSNCreated: 1
430 uSNChanged: 1
431 name: Network Configuration Operators
432 objectGUID: ${NEWGUID}
433 objectSid: S-1-5-32-556
434 sAMAccountName: Network Configuration Operators
435 sAMAccountType: 0x20000000
436 systemFlags: 0x8c000000
437 groupType: 0x80000005
438 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
439 isCriticalSystemObject: TRUE
440
441 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
442 objectClass: top
443 objectClass: group
444 cn: Performance Monitor Users
445 description: Members of this group have remote access to monitor this computer
446 instanceType: 4
447 whenCreated: ${LDAPTIME}
448 whenChanged: ${LDAPTIME}
449 uSNCreated: 1
450 uSNChanged: 1
451 name: Performance Monitor Users
452 objectGUID: ${NEWGUID}
453 objectSid: S-1-5-32-558
454 sAMAccountName: Performance Monitor Users
455 sAMAccountType: 0x20000000
456 systemFlags: 0x8c000000
457 groupType: 0x80000005
458 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
459 isCriticalSystemObject: TRUE
460
461 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
462 objectClass: top
463 objectClass: group
464 cn: Performance Log Users
465 description: Members of this group have remote access to schedule logging of performance counters on this computer
466 instanceType: 4
467 whenCreated: ${LDAPTIME}
468 whenChanged: ${LDAPTIME}
469 uSNCreated: 1
470 uSNChanged: 1
471 name: Performance Log Users
472 objectGUID: ${NEWGUID}
473 objectSid: S-1-5-32-559
474 sAMAccountName: Performance Log Users
475 sAMAccountType: 0x20000000
476 systemFlags: 0x8c000000
477 groupType: 0x80000005
478 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
479 isCriticalSystemObject: TRUE
480
481 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
482 objectClass: top
483 objectClass: person
484 objectClass: organizationalPerson
485 objectClass: user
486 objectClass: computer
487 cn: ${NETBIOSNAME}
488 instanceType: 4
489 whenCreated: ${LDAPTIME}
490 whenChanged: ${LDAPTIME}
491 uSNCreated: 1
492 uSNChanged: 1
493 name: ${NETBIOSNAME}
494 objectGUID: ${HOSTGUID}
495 userAccountControl: 532480
496 badPwdCount: 0
497 codePage: 0
498 countryCode: 0
499 badPasswordTime: 0
500 lastLogoff: 0
501 lastLogon: 127273269057298624
502 localPolicyFlags: 0
503 pwdLastSet: 127258826171655328
504 primaryGroupID: 516
505 objectSid: ${DOMAINSID}-1000
506 accountExpires: 9223372036854775807
507 logonCount: 30
508 sAMAccountName: ${NETBIOSNAME}$
509 sAMAccountType: 805306369
510 operatingSystem: Samba
511 operatingSystemVersion: 4.0
512 dNSHostName: ${DNSNAME}
513 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
514 isCriticalSystemObject: TRUE
515 unicodePwd: ${RANDPASS}
516 servicePrincipalName: HOST/${DNSNAME}
517 servicePrincipalName: HOST/${NETBIOSNAME}
518 servicePrincipalName: CIFS/${DNSNAME}
519 servicePrincipalName: CIFS/${NETBIOSNAME}
520 servicePrincipalName: LDAP/${DNSNAME}
521 servicePrincipalName: LDAP/${NETBIOSNAME}
522
523 dn: CN=krbtgt,CN=Users,${BASEDN}
524 objectClass: top
525 objectClass: person
526 objectClass: organizationalPerson
527 objectClass: user
528 cn: krbtgt
529 description: Key Distribution Center Service Account
530 instanceType: 4
531 whenCreated: ${LDAPTIME}
532 whenChanged: ${LDAPTIME}
533 uSNCreated: 1
534 uSNChanged: 1
535 showInAdvancedViewOnly: TRUE
536 name: krbtgt
537 objectGUID: ${NEWGUID}
538 userAccountControl: 514
539 badPwdCount: 0
540 codePage: 0
541 countryCode: 0
542 badPasswordTime: 0
543 lastLogoff: 0
544 lastLogon: 0
545 pwdLastSet: 127258826179466560
546 primaryGroupID: 513
547 objectSid: ${DOMAINSID}-502
548 adminCount: 1
549 accountExpires: 9223372036854775807
550 logonCount: 0
551 sAMAccountName: krbtgt
552 sAMAccountType: 805306368
553 servicePrincipalName: kadmin/changepw
554 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
555 isCriticalSystemObject: TRUE
556 unicodePwd: ${RANDPASS}
557
558 dn: CN=Domain Computers,CN=Users,${BASEDN}
559 objectClass: top
560 objectClass: group
561 cn: Domain Computers
562 description: All workstations and servers joined to the domain
563 instanceType: 4
564 whenCreated: ${LDAPTIME}
565 whenChanged: ${LDAPTIME}
566 uSNCreated: 1
567 uSNChanged: 1
568 name: Domain Computers
569 objectGUID: ${NEWGUID}
570 objectSid: ${DOMAINSID}-515
571 sAMAccountName: Domain Computers
572 sAMAccountType: 268435456
573 groupType: -2147483646
574 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
575 isCriticalSystemObject: TRUE
576
577 dn: CN=Domain Controllers,CN=Users,${BASEDN}
578 objectClass: top
579 objectClass: group
580 cn: Domain Controllers
581 description: All domain controllers in the domain
582 instanceType: 4
583 whenCreated: ${LDAPTIME}
584 whenChanged: ${LDAPTIME}
585 uSNCreated: 1
586 uSNChanged: 1
587 name: Domain Controllers
588 objectGUID: ${NEWGUID}
589 objectSid: ${DOMAINSID}-516
590 adminCount: 1
591 sAMAccountName: Domain Controllers
592 sAMAccountType: 268435456
593 groupType: -2147483646
594 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
595 isCriticalSystemObject: TRUE
596
597 dn: CN=Schema Admins,CN=Users,${BASEDN}
598 objectClass: top
599 objectClass: group
600 cn: Schema Admins
601 description: Designated administrators of the schema
602 member: CN=Administrator,CN=Users,${BASEDN}
603 instanceType: 4
604 whenCreated: ${LDAPTIME}
605 whenChanged: ${LDAPTIME}
606 uSNCreated: 1
607 uSNChanged: 1
608 name: Schema Admins
609 objectGUID: ${NEWGUID}
610 objectSid: ${DOMAINSID}-518
611 adminCount: 1
612 sAMAccountName: Schema Admins
613 sAMAccountType: 268435456
614 groupType: -2147483646
615 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
616 isCriticalSystemObject: TRUE
617 unixName: ${WHEEL}
618
619 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
620 objectClass: top
621 objectClass: group
622 cn: Enterprise Admins
623 description: Designated administrators of the enterprise
624 member: CN=Administrator,CN=Users,${BASEDN}
625 instanceType: 4
626 whenCreated: ${LDAPTIME}
627 whenChanged: ${LDAPTIME}
628 uSNCreated: 1
629 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
630 uSNChanged: 1
631 name: Enterprise Admins
632 objectGUID: ${NEWGUID}
633 objectSid: ${DOMAINSID}-519
634 adminCount: 1
635 sAMAccountName: Enterprise Admins
636 sAMAccountType: 268435456
637 groupType: -2147483646
638 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
639 isCriticalSystemObject: TRUE
640 unixName: ${WHEEL}
641
642 dn: CN=Cert Publishers,CN=Users,${BASEDN}
643 objectClass: top
644 objectClass: group
645 cn: Cert Publishers
646 description: Members of this group are permitted to publish certificates to the Active Directory
647 instanceType: 4
648 whenCreated: ${LDAPTIME}
649 whenChanged: ${LDAPTIME}
650 uSNCreated: 1
651 uSNChanged: 1
652 name: Cert Publishers
653 objectGUID: ${NEWGUID}
654 objectSid: ${DOMAINSID}-517
655 sAMAccountName: Cert Publishers
656 sAMAccountType: 0x20000000
657 groupType: -2147483644
658 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
659 isCriticalSystemObject: TRUE
660
661 dn: CN=Domain Admins,CN=Users,${BASEDN}
662 objectClass: top
663 objectClass: group
664 cn: Domain Admins
665 description: Designated administrators of the domain
666 member: CN=Administrator,CN=Users,${BASEDN}
667 instanceType: 4
668 whenCreated: ${LDAPTIME}
669 whenChanged: ${LDAPTIME}
670 uSNCreated: 1
671 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
672 uSNChanged: 1
673 name: Domain Admins
674 objectGUID: ${NEWGUID}
675 objectSid: ${DOMAINSID}-512
676 adminCount: 1
677 sAMAccountName: Domain Admins
678 sAMAccountType: 268435456
679 groupType: -2147483646
680 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
681 isCriticalSystemObject: TRUE
682 unixName: ${WHEEL}
683
684 dn: CN=Domain Users,CN=Users,${BASEDN}
685 objectClass: top
686 objectClass: group
687 cn: Domain Users
688 description: All domain users
689 instanceType: 4
690 whenCreated: ${LDAPTIME}
691 whenChanged: ${LDAPTIME}
692 uSNCreated: 1
693 memberOf: CN=Users,CN=Builtin,${BASEDN}
694 uSNChanged: 1
695 name: Domain Users
696 objectGUID: ${NEWGUID}
697 objectSid: ${DOMAINSID}-513
698 sAMAccountName: Domain Users
699 sAMAccountType: 268435456
700 groupType: -2147483646
701 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
702 isCriticalSystemObject: TRUE
703 unixName: ${USERS}
704
705 dn: CN=Domain Guests,CN=Users,${BASEDN}
706 objectClass: top
707 objectClass: group
708 cn: Domain Guests
709 description: All domain guests
710 instanceType: 4
711 whenCreated: ${LDAPTIME}
712 whenChanged: ${LDAPTIME}
713 uSNCreated: 1
714 memberOf: CN=Guests,CN=Builtin,${BASEDN}
715 uSNChanged: 1
716 name: Domain Guests
717 objectGUID: ${NEWGUID}
718 objectSid: ${DOMAINSID}-514
719 sAMAccountName: Domain Guests
720 sAMAccountType: 268435456
721 groupType: -2147483646
722 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
723 isCriticalSystemObject: TRUE
724
725 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
726 objectClass: top
727 objectClass: group
728 cn: Group Policy Creator Owners
729 description: Members in this group can modify group policy for the domain
730 member: CN=Administrator,CN=Users,${BASEDN}
731 instanceType: 4
732 whenCreated: ${LDAPTIME}
733 whenChanged: ${LDAPTIME}
734 uSNCreated: 1
735 uSNChanged: 1
736 name: Group Policy Creator Owners
737 objectGUID: ${NEWGUID}
738 objectSid: ${DOMAINSID}-520
739 sAMAccountName: Group Policy Creator Owners
740 sAMAccountType: 268435456
741 groupType: -2147483646
742 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
743 isCriticalSystemObject: TRUE
744 unixName: ${WHEEL}
745
746 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
747 objectClass: top
748 objectClass: group
749 cn: RAS and IAS Servers
750 description: Servers in this group can access remote access properties of users
751 instanceType: 4
752 whenCreated: ${LDAPTIME}
753 whenChanged: ${LDAPTIME}
754 uSNCreated: 1
755 uSNChanged: 1
756 name: RAS and IAS Servers
757 objectGUID: ${NEWGUID}
758 objectSid: ${DOMAINSID}-553
759 sAMAccountName: RAS and IAS Servers
760 sAMAccountType: 0x20000000
761 groupType: -2147483644
762 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
763 isCriticalSystemObject: TRUE
764
765 dn: CN=Server Operators,CN=Builtin,${BASEDN}
766 objectClass: top
767 objectClass: group
768 cn: Server Operators
769 description: Members can administer domain servers
770 instanceType: 4
771 whenCreated: ${LDAPTIME}
772 whenChanged: ${LDAPTIME}
773 uSNCreated: 1
774 uSNChanged: 1
775 name: Server Operators
776 objectGUID: ${NEWGUID}
777 objectSid: S-1-5-32-549
778 adminCount: 1
779 sAMAccountName: Server Operators
780 sAMAccountType: 0x20000000
781 systemFlags: 0x8c000000
782 groupType: 0x80000005
783 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
784 isCriticalSystemObject: TRUE
785 privilege: SeBackupPrivilege
786 privilege: SeSystemtimePrivilege
787 privilege: SeRemoteShutdownPrivilege
788 privilege: SeRestorePrivilege
789 privilege: SeShutdownPrivilege
790 privilege: SeInteractiveLogonRight
791
792 dn: CN=Account Operators,CN=Builtin,${BASEDN}
793 objectClass: top
794 objectClass: group
795 cn: Account Operators
796 description: Members can administer domain user and group accounts
797 instanceType: 4
798 whenCreated: ${LDAPTIME}
799 whenChanged: ${LDAPTIME}
800 uSNCreated: 1
801 uSNChanged: 1
802 name: Account Operators
803 objectGUID: ${NEWGUID}
804 objectSid: S-1-5-32-548
805 adminCount: 1
806 sAMAccountName: Account Operators
807 sAMAccountType: 0x20000000
808 systemFlags: 0x8c000000
809 groupType: 0x80000005
810 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
811 isCriticalSystemObject: TRUE
812 privilege: SeInteractiveLogonRight
813
814 dn: CN=Templates,${BASEDN}
815 objectClass: top
816 objectClass: container
817 cn: Templates
818 description: Container for SAM account templates
819 instanceType: 4
820 whenCreated: ${LDAPTIME}
821 whenChanged: ${LDAPTIME}
822 uSNCreated: 1
823 uSNChanged: 1
824 showInAdvancedViewOnly: FALSE
825 name: Templates
826 objectGUID: ${NEWGUID}
827 systemFlags: 0x8c000000
828 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
829 isCriticalSystemObject: TRUE
830
831 ###
832 # note! the template users must not match normal searches. Be careful
833 # with what classes you put them in
834 ###
835
836 dn: CN=TemplateUser,CN=Templates,${BASEDN}
837 objectClass: top
838 objectClass: person
839 objectClass: organizationalPerson
840 objectClass: Template
841 objectClass: userTemplate
842 cn: TemplateUser
843 name: TemplateUser
844 instanceType: 4
845 userAccountControl: 0x202
846 badPwdCount: 0
847 codePage: 0
848 countryCode: 0
849 badPasswordTime: 0
850 lastLogoff: 0
851 lastLogon: 0
852 pwdLastSet: 0
853 primaryGroupID: 513
854 accountExpires: -1
855 logonCount: 0
856 sAMAccountType: 0x30000000
857
858 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
859 objectClass: top
860 objectClass: Template
861 objectClass: userTemplate
862 cn: TemplateMemberServer
863 name: TemplateMemberServer
864 instanceType: 4
865 userAccountControl: 0x1002
866 badPwdCount: 0
867 codePage: 0
868 countryCode: 0
869 badPasswordTime: 0
870 lastLogoff: 0
871 lastLogon: 0
872 pwdLastSet: 0
873 primaryGroupID: 513
874 accountExpires: -1
875 logonCount: 0
876 sAMAccountType: 0x30000001
877
878 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
879 objectClass: top
880 objectClass: Template
881 objectClass: userTemplate
882 cn: TemplateDomainController
883 name: TemplateDomainController
884 instanceType: 4
885 userAccountControl: 0x2002
886 badPwdCount: 0
887 codePage: 0
888 countryCode: 0
889 badPasswordTime: 0
890 lastLogoff: 0
891 lastLogon: 0
892 pwdLastSet: 0
893 primaryGroupID: 513
894 accountExpires: -1
895 logonCount: 0
896 sAMAccountType: 0x30000001
897
898 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
899 objectClass: top
900 objectClass: Template
901 objectClass: groupTemplate
902 cn: TemplateGroup
903 name: TemplateGroup
904 instanceType: 4
905 sAMAccountType: 0x10000000