3 @IDXATTR: sAMAccountName
12 realm: CASE_INSENSITIVE
13 userPrincipalName: CASE_INSENSITIVE
14 servicePrincipalName: CASE_INSENSITIVE
15 name: CASE_INSENSITIVE WILDCARD
16 dn: CASE_INSENSITIVE WILDCARD
17 sAMAccountName: CASE_INSENSITIVE WILDCARD
18 objectClass: CASE_INSENSITIVE
24 createTimestamp: HIDDEN
25 modifyTimestamp: HIDDEN
33 person: organizationalPerson
34 organizationalPerson: user
36 template: userTemplate
37 template: groupTemplate
41 # uncomment this if you want to enable schema checking
44 ###############################
45 # Domain Naming Context
46 ###############################
50 objectClass: domainDNS
53 dnsDomain: ${DNSDOMAIN}
55 objectGUID: ${DOMAINGUID}
56 creationTime: ${NTTIME}
57 forceLogoff: 0x8000000000000000
58 lockoutDuration: -18000000000
59 lockOutObservationWindow: -18000000000
61 whenCreated: ${LDAPTIME}
62 whenChanged: ${LDAPTIME}
65 maxPwdAge: -37108517437440
68 modifiedCountAtLastProm: 0
72 objectSid: ${DOMAINSID}
75 msDS-Behavior-Version: 0
76 ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
79 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
80 isCriticalSystemObject: TRUE
81 subRefs: CN=Configuration,${BASEDN}
82 subRefs: CN=Schema,CN=Configuration,${BASEDN}
84 dn: CN=Users,${BASEDN}
86 objectClass: container
88 description: Default container for upgraded user accounts
90 whenCreated: ${LDAPTIME}
91 whenChanged: ${LDAPTIME}
94 showInAdvancedViewOnly: FALSE
96 objectGUID: ${NEWGUID}
97 systemFlags: 0x8c000000
98 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
99 isCriticalSystemObject: TRUE
101 dn: CN=Computers,${BASEDN}
103 objectClass: container
105 description: Default container for upgraded computer accounts
107 whenCreated: ${LDAPTIME}
108 whenChanged: ${LDAPTIME}
111 showInAdvancedViewOnly: FALSE
113 objectGUID: ${NEWGUID}
114 systemFlags: 0x8c000000
115 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
116 isCriticalSystemObject: TRUE
118 dn: OU=Domain Controllers,${BASEDN}
120 objectClass: organizationalUnit
121 ou: Domain Controllers
122 description: Default container for domain controllers
124 whenCreated: ${LDAPTIME}
125 whenChanged: ${LDAPTIME}
128 showInAdvancedViewOnly: FALSE
129 name: Domain Controllers
130 objectGUID: ${NEWGUID}
131 systemFlags: 0x8c000000
132 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
133 isCriticalSystemObject: TRUE
135 dn: CN=ForeignSecurityPrincipals,${BASEDN}
137 objectClass: container
138 cn: ForeignSecurityPrincipals
139 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
141 whenCreated: ${LDAPTIME}
142 whenChanged: ${LDAPTIME}
145 showInAdvancedViewOnly: FALSE
146 name: ForeignSecurityPrincipals
147 objectGUID: ${NEWGUID}
148 systemFlags: 0x8c000000
149 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
150 isCriticalSystemObject: TRUE
152 dn: CN=System,${BASEDN}
154 objectClass: container
156 description: Builtin system settings
158 whenCreated: ${LDAPTIME}
159 whenChanged: ${LDAPTIME}
162 showInAdvancedViewOnly: TRUE
164 objectGUID: ${NEWGUID}
165 systemFlags: 0x8c000000
166 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
167 isCriticalSystemObject: TRUE
169 dn: CN=RID Manager$,CN=System,${BASEDN}
171 objectclass: rIDManager
174 whenCreated: ${LDAPTIME}
175 whenChanged: ${LDAPTIME}
178 showInAdvancedViewOnly: TRUE
180 objectGUID: ${NEWGUID}
181 systemFlags: 0x8c000000
182 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
183 isCriticalSystemObject: TRUE
184 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
185 rIDAvailablePool: 4611686014132423217
187 dn: CN=DomainUpdates,CN=System,${BASEDN}
189 objectClass: container
192 whenCreated: ${LDAPTIME}
193 whenChanged: ${LDAPTIME}
196 showInAdvancedViewOnly: TRUE
198 objectGUID: ${NEWGUID}
199 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
201 dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN}
203 objectClass: container
204 cn: Windows2003Update
206 whenCreated: ${LDAPTIME}
207 whenChanged: ${LDAPTIME}
210 showInAdvancedViewOnly: TRUE
211 name: Windows2003Update
212 objectGUID: ${NEWGUID}
213 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
216 dn: CN=Infrastructure,${BASEDN}
218 objectclass: infrastructureUpdate
221 whenCreated: ${LDAPTIME}
222 whenChanged: ${LDAPTIME}
225 showInAdvancedViewOnly: TRUE
227 objectGUID: ${NEWGUID}
228 systemFlags: 0x8c000000
229 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
230 isCriticalSystemObject: TRUE
231 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
233 dn: CN=Builtin,${BASEDN}
235 objectClass: builtinDomain
238 showInAdvancedViewOnly: FALSE
240 forceLogoff: 0x8000000000000000
241 lockoutDuration: -18000000000
242 lockOutObservationWindow: -18000000000
244 maxPwdAge: -37108517437440
247 modifiedCountAtLastProm: 0
255 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
256 isCriticalSystemObject: TRUE
258 dn: CN=Administrator,CN=Users,${BASEDN}
261 objectClass: organizationalPerson
264 description: Built-in account for administering the computer/domain
266 whenCreated: ${LDAPTIME}
267 whenChanged: ${LDAPTIME}
269 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
270 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
271 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
272 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
273 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
276 objectGUID: ${NEWGUID}
277 userAccountControl: 0x10200
286 objectSid: ${DOMAINSID}-500
290 sAMAccountName: Administrator
291 sAMAccountType: 0x30000000
292 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
293 isCriticalSystemObject: TRUE
294 unicodePwd: ${ADMINPASS}
297 dn: CN=Guest,CN=Users,${BASEDN}
300 objectClass: organizationalPerson
303 description: Built-in account for guest access to the computer/domain
305 whenCreated: ${LDAPTIME}
306 whenChanged: ${LDAPTIME}
308 memberOf: CN=Guests,CN=Builtin,${BASEDN}
311 objectGUID: ${NEWGUID}
312 userAccountControl: 0x10222
321 objectSid: ${DOMAINSID}-501
324 sAMAccountName: Guest
325 sAMAccountType: 0x30000000
326 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
327 isCriticalSystemObject: TRUE
329 dn: CN=Administrators,CN=Builtin,${BASEDN}
333 description: Administrators have complete and unrestricted access to the computer/domain
334 member: CN=Domain Admins,CN=Users,${BASEDN}
335 member: CN=Enterprise Admins,CN=Users,${BASEDN}
336 member: CN=Administrator,CN=Users,${BASEDN}
338 whenCreated: ${LDAPTIME}
339 whenChanged: ${LDAPTIME}
343 objectGUID: ${NEWGUID}
344 objectSid: S-1-5-32-544
346 sAMAccountName: Administrators
347 sAMAccountType: 0x20000000
348 systemFlags: 0x8c000000
349 groupType: 0x80000005
350 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
351 isCriticalSystemObject: TRUE
353 privilege: SeSecurityPrivilege
354 privilege: SeBackupPrivilege
355 privilege: SeRestorePrivilege
356 privilege: SeSystemtimePrivilege
357 privilege: SeShutdownPrivilege
358 privilege: SeRemoteShutdownPrivilege
359 privilege: SeTakeOwnershipPrivilege
360 privilege: SeDebugPrivilege
361 privilege: SeSystemEnvironmentPrivilege
362 privilege: SeSystemProfilePrivilege
363 privilege: SeProfileSingleProcessPrivilege
364 privilege: SeIncreaseBasePriorityPrivilege
365 privilege: SeLoadDriverPrivilege
366 privilege: SeCreatePagefilePrivilege
367 privilege: SeIncreaseQuotaPrivilege
368 privilege: SeChangeNotifyPrivilege
369 privilege: SeUndockPrivilege
370 privilege: SeManageVolumePrivilege
371 privilege: SeImpersonatePrivilege
372 privilege: SeCreateGlobalPrivilege
373 privilege: SeEnableDelegationPrivilege
374 privilege: SeInteractiveLogonRight
375 privilege: SeNetworkLogonRight
376 privilege: SeRemoteInteractiveLogonRight
379 dn: CN=Users,CN=Builtin,${BASEDN}
383 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
384 member: CN=Domain Users,CN=Users,${BASEDN}
386 whenCreated: ${LDAPTIME}
387 whenChanged: ${LDAPTIME}
391 objectGUID: ${NEWGUID}
392 objectSid: S-1-5-32-545
393 sAMAccountName: Users
394 sAMAccountType: 0x20000000
395 systemFlags: 0x8c000000
396 groupType: 0x80000005
397 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
398 isCriticalSystemObject: TRUE
400 dn: CN=Guests,CN=Builtin,${BASEDN}
404 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
405 member: CN=Domain Guests,CN=Users,${BASEDN}
406 member: CN=Guest,CN=Users,${BASEDN}
408 whenCreated: ${LDAPTIME}
409 whenChanged: ${LDAPTIME}
413 objectGUID: ${NEWGUID}
414 objectSid: S-1-5-32-546
415 sAMAccountName: Guests
416 sAMAccountType: 0x20000000
417 systemFlags: 0x8c000000
418 groupType: 0x80000005
419 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
420 isCriticalSystemObject: TRUE
423 dn: CN=Print Operators,CN=Builtin,${BASEDN}
427 description: Members can administer domain printers
429 whenCreated: ${LDAPTIME}
430 whenChanged: ${LDAPTIME}
433 name: Print Operators
434 objectGUID: ${NEWGUID}
435 objectSid: S-1-5-32-550
437 sAMAccountName: Print Operators
438 sAMAccountType: 0x20000000
439 systemFlags: 0x8c000000
440 groupType: 0x80000005
441 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
442 isCriticalSystemObject: TRUE
443 privilege: SeLoadDriverPrivilege
444 privilege: SeShutdownPrivilege
445 privilege: SeInteractiveLogonRight
447 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
451 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
453 whenCreated: ${LDAPTIME}
454 whenChanged: ${LDAPTIME}
457 name: Backup Operators
458 objectGUID: ${NEWGUID}
459 objectSid: S-1-5-32-551
461 sAMAccountName: Backup Operators
462 sAMAccountType: 0x20000000
463 systemFlags: 0x8c000000
464 groupType: 0x80000005
465 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
466 isCriticalSystemObject: TRUE
467 privilege: SeBackupPrivilege
468 privilege: SeRestorePrivilege
469 privilege: SeShutdownPrivilege
470 privilege: SeInteractiveLogonRight
472 dn: CN=Replicator,CN=Builtin,${BASEDN}
476 description: Supports file replication in a domain
478 whenCreated: ${LDAPTIME}
479 whenChanged: ${LDAPTIME}
483 objectGUID: ${NEWGUID}
484 objectSid: S-1-5-32-552
486 sAMAccountName: Replicator
487 sAMAccountType: 0x20000000
488 systemFlags: 0x8c000000
489 groupType: 0x80000005
490 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
491 isCriticalSystemObject: TRUE
493 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
496 cn: Remote Desktop Users
497 description: Members in this group are granted the right to logon remotely
499 whenCreated: ${LDAPTIME}
500 whenChanged: ${LDAPTIME}
503 name: Remote Desktop Users
504 objectGUID: ${NEWGUID}
505 objectSid: S-1-5-32-555
506 sAMAccountName: Remote Desktop Users
507 sAMAccountType: 0x20000000
508 systemFlags: 0x8c000000
509 groupType: 0x80000005
510 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
511 isCriticalSystemObject: TRUE
513 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
516 cn: Network Configuration Operators
517 description: Members in this group can have some administrative privileges to manage configuration of networking features
519 whenCreated: ${LDAPTIME}
520 whenChanged: ${LDAPTIME}
523 name: Network Configuration Operators
524 objectGUID: ${NEWGUID}
525 objectSid: S-1-5-32-556
526 sAMAccountName: Network Configuration Operators
527 sAMAccountType: 0x20000000
528 systemFlags: 0x8c000000
529 groupType: 0x80000005
530 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
531 isCriticalSystemObject: TRUE
533 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
536 cn: Performance Monitor Users
537 description: Members of this group have remote access to monitor this computer
539 whenCreated: ${LDAPTIME}
540 whenChanged: ${LDAPTIME}
543 name: Performance Monitor Users
544 objectGUID: ${NEWGUID}
545 objectSid: S-1-5-32-558
546 sAMAccountName: Performance Monitor Users
547 sAMAccountType: 0x20000000
548 systemFlags: 0x8c000000
549 groupType: 0x80000005
550 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
551 isCriticalSystemObject: TRUE
553 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
556 cn: Performance Log Users
557 description: Members of this group have remote access to schedule logging of performance counters on this computer
559 whenCreated: ${LDAPTIME}
560 whenChanged: ${LDAPTIME}
563 name: Performance Log Users
564 objectGUID: ${NEWGUID}
565 objectSid: S-1-5-32-559
566 sAMAccountName: Performance Log Users
567 sAMAccountType: 0x20000000
568 systemFlags: 0x8c000000
569 groupType: 0x80000005
570 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
571 isCriticalSystemObject: TRUE
573 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
576 objectClass: organizationalPerson
578 objectClass: computer
581 whenCreated: ${LDAPTIME}
582 whenChanged: ${LDAPTIME}
586 objectGUID: ${HOSTGUID}
587 userAccountControl: 532480
593 lastLogon: 127273269057298624
595 pwdLastSet: 127258826171655328
597 objectSid: ${DOMAINSID}-1000
598 accountExpires: 9223372036854775807
600 sAMAccountName: ${NETBIOSNAME}$
601 sAMAccountType: 805306369
602 operatingSystem: Samba
603 operatingSystemVersion: 4.0
604 dNSHostName: ${DNSNAME}
605 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
606 isCriticalSystemObject: TRUE
607 unicodePwd: ${JOINPASS}
608 servicePrincipalName: HOST/${DNSNAME}
609 servicePrincipalName: HOST/${NETBIOSNAME}
610 servicePrincipalName: CIFS/${DNSNAME}
611 servicePrincipalName: CIFS/${NETBIOSNAME}
612 servicePrincipalName: LDAP/${DNSNAME}
613 servicePrincipalName: LDAP/${NETBIOSNAME}
615 dn: CN=krbtgt,CN=Users,${BASEDN}
618 objectClass: organizationalPerson
621 description: Key Distribution Center Service Account
623 whenCreated: ${LDAPTIME}
624 whenChanged: ${LDAPTIME}
627 showInAdvancedViewOnly: TRUE
629 objectGUID: ${NEWGUID}
630 userAccountControl: 514
637 pwdLastSet: 127258826179466560
639 objectSid: ${DOMAINSID}-502
641 accountExpires: 9223372036854775807
643 sAMAccountName: krbtgt
644 sAMAccountType: 805306368
645 servicePrincipalName: kadmin/changepw
646 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
647 isCriticalSystemObject: TRUE
648 unicodePwd: ${RANDPASS}
650 dn: CN=Domain Computers,CN=Users,${BASEDN}
654 description: All workstations and servers joined to the domain
656 whenCreated: ${LDAPTIME}
657 whenChanged: ${LDAPTIME}
660 name: Domain Computers
661 objectGUID: ${NEWGUID}
662 objectSid: ${DOMAINSID}-515
663 sAMAccountName: Domain Computers
664 sAMAccountType: 0x10000000
665 groupType: 0x80000002
666 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
667 isCriticalSystemObject: TRUE
669 dn: CN=Domain Controllers,CN=Users,${BASEDN}
672 cn: Domain Controllers
673 description: All domain controllers in the domain
675 whenCreated: ${LDAPTIME}
676 whenChanged: ${LDAPTIME}
679 name: Domain Controllers
680 objectGUID: ${NEWGUID}
681 objectSid: ${DOMAINSID}-516
683 sAMAccountName: Domain Controllers
684 sAMAccountType: 0x10000000
685 groupType: 0x80000002
686 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
687 isCriticalSystemObject: TRUE
689 dn: CN=Schema Admins,CN=Users,${BASEDN}
693 description: Designated administrators of the schema
694 member: CN=Administrator,CN=Users,${BASEDN}
696 whenCreated: ${LDAPTIME}
697 whenChanged: ${LDAPTIME}
701 objectGUID: ${NEWGUID}
702 objectSid: ${DOMAINSID}-518
704 sAMAccountName: Schema Admins
705 sAMAccountType: 0x10000000
706 groupType: 0x80000002
707 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
708 isCriticalSystemObject: TRUE
711 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
714 cn: Enterprise Admins
715 description: Designated administrators of the enterprise
716 member: CN=Administrator,CN=Users,${BASEDN}
718 whenCreated: ${LDAPTIME}
719 whenChanged: ${LDAPTIME}
721 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
723 name: Enterprise Admins
724 objectGUID: ${NEWGUID}
725 objectSid: ${DOMAINSID}-519
727 sAMAccountName: Enterprise Admins
728 sAMAccountType: 0x10000000
729 groupType: 0x80000002
730 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
731 isCriticalSystemObject: TRUE
734 dn: CN=Cert Publishers,CN=Users,${BASEDN}
738 description: Members of this group are permitted to publish certificates to the Active Directory
740 whenCreated: ${LDAPTIME}
741 whenChanged: ${LDAPTIME}
744 name: Cert Publishers
745 objectGUID: ${NEWGUID}
746 objectSid: ${DOMAINSID}-517
747 sAMAccountName: Cert Publishers
748 sAMAccountType: 0x20000000
749 groupType: 0x80000004
750 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
751 isCriticalSystemObject: TRUE
753 dn: CN=Domain Admins,CN=Users,${BASEDN}
757 description: Designated administrators of the domain
758 member: CN=Administrator,CN=Users,${BASEDN}
760 whenCreated: ${LDAPTIME}
761 whenChanged: ${LDAPTIME}
763 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
766 objectGUID: ${NEWGUID}
767 objectSid: ${DOMAINSID}-512
769 sAMAccountName: Domain Admins
770 sAMAccountType: 0x10000000
771 groupType: 0x80000002
772 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
773 isCriticalSystemObject: TRUE
776 dn: CN=Domain Users,CN=Users,${BASEDN}
780 description: All domain users
782 whenCreated: ${LDAPTIME}
783 whenChanged: ${LDAPTIME}
785 memberOf: CN=Users,CN=Builtin,${BASEDN}
788 objectGUID: ${NEWGUID}
789 objectSid: ${DOMAINSID}-513
790 sAMAccountName: Domain Users
791 sAMAccountType: 0x10000000
792 groupType: 0x80000002
793 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
794 isCriticalSystemObject: TRUE
797 dn: CN=Domain Guests,CN=Users,${BASEDN}
801 description: All domain guests
803 whenCreated: ${LDAPTIME}
804 whenChanged: ${LDAPTIME}
806 memberOf: CN=Guests,CN=Builtin,${BASEDN}
809 objectGUID: ${NEWGUID}
810 objectSid: ${DOMAINSID}-514
811 sAMAccountName: Domain Guests
812 sAMAccountType: 0x10000000
813 groupType: 0x80000002
814 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
815 isCriticalSystemObject: TRUE
817 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
820 cn: Group Policy Creator Owners
821 description: Members in this group can modify group policy for the domain
822 member: CN=Administrator,CN=Users,${BASEDN}
824 whenCreated: ${LDAPTIME}
825 whenChanged: ${LDAPTIME}
828 name: Group Policy Creator Owners
829 objectGUID: ${NEWGUID}
830 objectSid: ${DOMAINSID}-520
831 sAMAccountName: Group Policy Creator Owners
832 sAMAccountType: 0x10000000
833 groupType: 0x80000002
834 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
835 isCriticalSystemObject: TRUE
838 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
841 cn: RAS and IAS Servers
842 description: Servers in this group can access remote access properties of users
844 whenCreated: ${LDAPTIME}
845 whenChanged: ${LDAPTIME}
848 name: RAS and IAS Servers
849 objectGUID: ${NEWGUID}
850 objectSid: ${DOMAINSID}-553
851 sAMAccountName: RAS and IAS Servers
852 sAMAccountType: 0x20000000
853 groupType: 0x80000004
854 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
855 isCriticalSystemObject: TRUE
857 dn: CN=Server Operators,CN=Builtin,${BASEDN}
861 description: Members can administer domain servers
863 whenCreated: ${LDAPTIME}
864 whenChanged: ${LDAPTIME}
867 name: Server Operators
868 objectGUID: ${NEWGUID}
869 objectSid: S-1-5-32-549
871 sAMAccountName: Server Operators
872 sAMAccountType: 0x20000000
873 systemFlags: 0x8c000000
874 groupType: 0x80000005
875 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
876 isCriticalSystemObject: TRUE
877 privilege: SeBackupPrivilege
878 privilege: SeSystemtimePrivilege
879 privilege: SeRemoteShutdownPrivilege
880 privilege: SeRestorePrivilege
881 privilege: SeShutdownPrivilege
882 privilege: SeInteractiveLogonRight
884 dn: CN=Account Operators,CN=Builtin,${BASEDN}
887 cn: Account Operators
888 description: Members can administer domain user and group accounts
890 whenCreated: ${LDAPTIME}
891 whenChanged: ${LDAPTIME}
894 name: Account Operators
895 objectGUID: ${NEWGUID}
896 objectSid: S-1-5-32-548
898 sAMAccountName: Account Operators
899 sAMAccountType: 0x20000000
900 systemFlags: 0x8c000000
901 groupType: 0x80000005
902 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
903 isCriticalSystemObject: TRUE
904 privilege: SeInteractiveLogonRight
906 dn: CN=Templates,${BASEDN}
908 objectClass: container
910 description: Container for SAM account templates
912 whenCreated: ${LDAPTIME}
913 whenChanged: ${LDAPTIME}
916 showInAdvancedViewOnly: TRUE
918 objectGUID: ${NEWGUID}
919 systemFlags: 0x8c000000
920 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
921 isCriticalSystemObject: TRUE
924 # note! the template users must not match normal searches. Be careful
925 # with what classes you put them in
928 dn: CN=TemplateUser,CN=Templates,${BASEDN}
931 objectClass: organizationalPerson
932 objectClass: Template
933 objectClass: userTemplate
937 userAccountControl: 0x202
948 sAMAccountType: 0x30000000
950 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
952 objectClass: Template
953 objectClass: userTemplate
954 cn: TemplateMemberServer
955 name: TemplateMemberServer
957 userAccountControl: 0x1002
968 sAMAccountType: 0x30000001
970 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
972 objectClass: Template
973 objectClass: userTemplate
974 cn: TemplateDomainController
975 name: TemplateDomainController
977 userAccountControl: 0x2002
988 sAMAccountType: 0x30000001
990 dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
992 objectClass: Template
993 objectClass: userTemplate
994 cn: TemplateTrustingDomain
995 name: TemplateTrustingDomain
997 userAccountControl: 0x820
1008 sAMAccountType: 0x30000002
1010 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
1012 objectClass: Template
1013 objectClass: groupTemplate
1017 groupType: 0x80000002
1018 sAMAccountType: 0x10000000
1020 dn: CN=TemplateAlias,CN=Templates,${BASEDN}
1022 objectClass: Template
1023 objectClass: aliasTemplate
1027 groupType: 0x80000004
1028 sAMAccountType: 0x10000000
1030 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
1032 objectClass: Template
1033 objectClass: foreignSecurityPrincipalTemplate
1034 cn: TemplateForeignSecurityPrincipal
1035 name: TemplateForeignSecurityPrincipal
1037 dn: CN=TemplateSecret,CN=Templates,${BASEDN}
1040 objectClass: Template
1041 objectClass: secretTemplate
1043 name: TemplateSecret
1046 dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
1049 objectClass: Template
1050 objectClass: trustedDomainTemplate
1051 cn: TemplateTrustedDomain
1052 name: TemplateTrustedDomain
1055 ###############################
1056 # Configuration Naming Context
1057 ###############################
1058 dn: CN=Configuration,${BASEDN}
1060 objectClass: configuration
1063 whenCreated: ${LDAPTIME}
1064 whenChanged: ${LDAPTIME}
1067 showInAdvancedViewOnly: TRUE
1069 objectGUID: ${NEWGUID}
1070 objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
1071 subRefs: CN=Schema,CN=Configuration,${BASEDN}
1072 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1073 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1075 dn: CN=Partitions,CN=Configuration,${BASEDN}
1077 objectClass: crossRefContainer
1080 whenCreated: ${LDAPTIME}
1081 whenChanged: ${LDAPTIME}
1084 showInAdvancedViewOnly: TRUE
1086 objectGUID: ${NEWGUID}
1087 systemFlags: 0x80000000
1088 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
1089 msDS-Behavior-Version: 0
1090 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1092 dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN}
1094 objectClass: crossRef
1095 cn: Enterprise Configuration
1097 whenCreated: ${LDAPTIME}
1098 whenChanged: ${LDAPTIME}
1101 showInAdvancedViewOnly: TRUE
1102 name: Enterprise Configuration
1103 objectGUID: ${NEWGUID}
1104 systemFlags: 0x00000001
1105 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1106 nCName: CN=Configuration,${BASEDN}
1107 dnsRoot: ${DNSDOMAIN}
1109 dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN}
1111 objectClass: crossRef
1112 cn: Enterprise Schema
1114 whenCreated: ${LDAPTIME}
1115 whenChanged: ${LDAPTIME}
1118 showInAdvancedViewOnly: TRUE
1119 name: Enterprise Schema
1120 objectGUID: ${NEWGUID}
1121 systemFlags: 0x00000001
1122 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1123 nCName: CN=Schema,CN=Configuration,${BASEDN}
1124 dnsRoot: ${DNSDOMAIN}
1126 dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN}
1128 objectClass: crossRef
1131 whenCreated: ${LDAPTIME}
1132 whenChanged: ${LDAPTIME}
1135 showInAdvancedViewOnly: TRUE
1137 objectGUID: ${NEWGUID}
1138 systemFlags: 0x00000003
1139 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1141 nETBIOSName: ${DOMAIN}
1142 dnsRoot: ${DNSDOMAIN}
1144 dn: CN=Sites,CN=Configuration,${BASEDN}
1146 objectClass: sitesContainer
1149 whenCreated: ${LDAPTIME}
1150 whenChanged: ${LDAPTIME}
1153 showInAdvancedViewOnly: TRUE
1155 objectGUID: ${NEWGUID}
1156 systemFlags: 0x82000000
1157 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
1159 dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1164 whenCreated: ${LDAPTIME}
1165 whenChanged: ${LDAPTIME}
1168 showInAdvancedViewOnly: TRUE
1170 objectGUID: ${NEWGUID}
1171 systemFlags: 0x82000000
1172 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
1174 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1176 objectClass: serversContainer
1179 whenCreated: ${LDAPTIME}
1180 whenChanged: ${LDAPTIME}
1183 showInAdvancedViewOnly: TRUE
1185 objectGUID: ${NEWGUID}
1186 systemFlags: 0x82000000
1187 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
1189 dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1194 whenCreated: ${LDAPTIME}
1195 whenChanged: ${LDAPTIME}
1198 showInAdvancedViewOnly: TRUE
1199 name: ${NETBIOSNAME}
1200 objectGUID: ${NEWGUID}
1201 systemFlags: 0x52000000
1202 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
1203 dNSHostName: ${DNSNAME}
1204 serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
1206 dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1208 objectClass: applicationSettings
1209 objectClass: nTDSDSA
1212 whenCreated: ${LDAPTIME}
1213 whenChanged: ${LDAPTIME}
1216 showInAdvancedViewOnly: TRUE
1218 systemFlags: 0x02000000
1219 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
1220 dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
1221 objectGUID: ${INVOCATIONID}
1222 invocationId: ${INVOCATIONID}
1223 msDS-Behavior-Version: 2
1225 ###############################
1226 # Schema Naming Context
1227 ###############################
1228 dn: CN=Schema,CN=Configuration,${BASEDN}
1233 whenCreated: ${LDAPTIME}
1234 whenChanged: ${LDAPTIME}
1237 showInAdvancedViewOnly: TRUE
1239 objectGUID: ${NEWGUID}
1240 objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
1241 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1242 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1243 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}