3 @IDXATTR: sAMAccountName
8 realm: CASE_INSENSITIVE
9 userPrincipalName: CASE_INSENSITIVE
10 servicePrincipalName: CASE_INSENSITIVE
11 name: CASE_INSENSITIVE WILDCARD
12 sAMAccountName: CASE_INSENSITIVE WILDCARD
13 objectClass: CASE_INSENSITIVE
22 person: organizationalPerson
23 organizationalPerson: user
25 template: userTemplate
26 template: groupTemplate
31 objectClass: domainDNS
36 objectGUID: ${NEWGUID}
37 creationTime: ${NTTIME}
38 forceLogoff: 0x8000000000000000
39 lockoutDuration: -18000000000
40 lockOutObservationWindow: -18000000000
42 whenCreated: ${LDAPTIME}
43 whenChanged: ${LDAPTIME}
46 maxPwdAge: -37108517437440
49 modifiedCountAtLastProm: 0
53 objectSid: ${DOMAINSID}
57 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
58 isCriticalSystemObject: TRUE
60 dn: CN=Users,${BASEDN}
62 objectClass: container
64 description: Default container for upgraded user accounts
66 whenCreated: ${LDAPTIME}
67 whenChanged: ${LDAPTIME}
70 showInAdvancedViewOnly: FALSE
72 objectGUID: ${NEWGUID}
73 systemFlags: 0x8c000000
74 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
75 isCriticalSystemObject: TRUE
77 dn: CN=Computers,${BASEDN}
79 objectClass: container
81 description: Default container for upgraded computer accounts
83 whenCreated: ${LDAPTIME}
84 whenChanged: ${LDAPTIME}
87 showInAdvancedViewOnly: FALSE
89 objectGUID: ${NEWGUID}
90 systemFlags: 0x8c000000
91 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
92 isCriticalSystemObject: TRUE
94 dn: OU=Domain Controllers,${BASEDN}
96 objectClass: organizationalUnit
97 ou: Domain Controllers
98 description: Default container for domain controllers
100 whenCreated: ${LDAPTIME}
101 whenChanged: ${LDAPTIME}
104 showInAdvancedViewOnly: FALSE
105 name: Domain Controllers
106 objectGUID: ${NEWGUID}
107 systemFlags: 0x8c000000
108 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
109 isCriticalSystemObject: TRUE
111 dn: CN=ForeignSecurityPrincipals,${BASEDN}
113 objectClass: container
114 cn: ForeignSecurityPrincipals
115 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
117 whenCreated: ${LDAPTIME}
118 whenChanged: ${LDAPTIME}
121 showInAdvancedViewOnly: FALSE
122 name: ForeignSecurityPrincipals
123 objectGUID: ${NEWGUID}
124 systemFlags: 0x8c000000
125 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
126 isCriticalSystemObject: TRUE
128 dn: CN=Builtin,${BASEDN}
130 objectClass: builtinDomain
133 showInAdvancedViewOnly: FALSE
135 forceLogoff: 0x8000000000000000
136 lockoutDuration: -18000000000
137 lockOutObservationWindow: -18000000000
139 maxPwdAge: -37108517437440
142 modifiedCountAtLastProm: 0
150 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
151 isCriticalSystemObject: TRUE
153 dn: CN=Administrator,CN=Users,${BASEDN}
156 objectClass: organizationalPerson
159 description: Built-in account for administering the computer/domain
161 whenCreated: ${LDAPTIME}
162 whenChanged: ${LDAPTIME}
164 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
165 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
166 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
167 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
168 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
171 objectGUID: ${NEWGUID}
172 userAccountControl: 0x10200
181 objectSid: ${DOMAINSID}-500
185 sAMAccountName: Administrator
186 sAMAccountType: 0x30000000
187 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
188 isCriticalSystemObject: TRUE
190 dn: CN=Guest,CN=Users,${BASEDN}
193 objectClass: organizationalPerson
196 description: Built-in account for guest access to the computer/domain
198 whenCreated: ${LDAPTIME}
199 whenChanged: ${LDAPTIME}
201 memberOf: CN=Guests,CN=Builtin,${BASEDN}
204 objectGUID: ${NEWGUID}
205 userAccountControl: 0x10222
214 objectSid: ${DOMAINSID}-501
217 sAMAccountName: Guest
218 sAMAccountType: 0x30000000
219 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
220 isCriticalSystemObject: TRUE
222 dn: CN=Administrators,CN=Builtin,${BASEDN}
226 description: Administrators have complete and unrestricted access to the computer/domain
227 member: CN=Domain Admins,CN=Users,${BASEDN}
228 member: CN=Enterprise Admins,CN=Users,${BASEDN}
229 member: CN=Administrator,CN=Users,${BASEDN}
231 whenCreated: ${LDAPTIME}
232 whenChanged: ${LDAPTIME}
236 objectGUID: ${NEWGUID}
237 objectSid: S-1-5-32-544
239 sAMAccountName: Administrators
240 sAMAccountType: 0x20000000
241 systemFlags: 0x8c000000
242 groupType: 0x80000005
243 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
244 isCriticalSystemObject: TRUE
246 dn: CN=Users,CN=Builtin,${BASEDN}
250 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
251 member: CN=Domain Users,CN=Users,${BASEDN}
253 whenCreated: ${LDAPTIME}
254 whenChanged: ${LDAPTIME}
258 objectGUID: ${NEWGUID}
259 objectSid: S-1-5-32-545
260 sAMAccountName: Users
261 sAMAccountType: 0x20000000
262 systemFlags: 0x8c000000
263 groupType: 0x80000005
264 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
265 isCriticalSystemObject: TRUE
267 dn: CN=Guests,CN=Builtin,${BASEDN}
271 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
272 member: CN=Domain Guests,CN=Users,${BASEDN}
273 member: CN=Guest,CN=Users,${BASEDN}
275 whenCreated: ${LDAPTIME}
276 whenChanged: ${LDAPTIME}
280 objectGUID: ${NEWGUID}
281 objectSid: S-1-5-32-546
282 sAMAccountName: Guests
283 sAMAccountType: 0x20000000
284 systemFlags: 0x8c000000
285 groupType: 0x80000005
286 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
287 isCriticalSystemObject: TRUE
289 dn: CN=Print Operators,CN=Builtin,${BASEDN}
293 description: Members can administer domain printers
295 whenCreated: ${LDAPTIME}
296 whenChanged: ${LDAPTIME}
299 name: Print Operators
300 objectGUID: ${NEWGUID}
301 objectSid: S-1-5-32-550
303 sAMAccountName: Print Operators
304 sAMAccountType: 0x20000000
305 systemFlags: 0x8c000000
306 groupType: 0x80000005
307 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
308 isCriticalSystemObject: TRUE
310 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
314 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
316 whenCreated: ${LDAPTIME}
317 whenChanged: ${LDAPTIME}
320 name: Backup Operators
321 objectGUID: ${NEWGUID}
322 objectSid: S-1-5-32-551
324 sAMAccountName: Backup Operators
325 sAMAccountType: 0x20000000
326 systemFlags: 0x8c000000
327 groupType: 0x80000005
328 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
329 isCriticalSystemObject: TRUE
331 dn: CN=Replicator,CN=Builtin,${BASEDN}
335 description: Supports file replication in a domain
337 whenCreated: ${LDAPTIME}
338 whenChanged: ${LDAPTIME}
342 objectGUID: ${NEWGUID}
343 objectSid: S-1-5-32-552
345 sAMAccountName: Replicator
346 sAMAccountType: 0x20000000
347 systemFlags: 0x8c000000
348 groupType: 0x80000005
349 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
350 isCriticalSystemObject: TRUE
352 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
355 cn: Remote Desktop Users
356 description: Members in this group are granted the right to logon remotely
358 whenCreated: ${LDAPTIME}
359 whenChanged: ${LDAPTIME}
362 name: Remote Desktop Users
363 objectGUID: ${NEWGUID}
364 objectSid: S-1-5-32-555
365 sAMAccountName: Remote Desktop Users
366 sAMAccountType: 0x20000000
367 systemFlags: 0x8c000000
368 groupType: 0x80000005
369 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
370 isCriticalSystemObject: TRUE
372 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
375 cn: Network Configuration Operators
376 description: Members in this group can have some administrative privileges to manage configuration of networking features
378 whenCreated: ${LDAPTIME}
379 whenChanged: ${LDAPTIME}
382 name: Network Configuration Operators
383 objectGUID: ${NEWGUID}
384 objectSid: S-1-5-32-556
385 sAMAccountName: Network Configuration Operators
386 sAMAccountType: 0x20000000
387 systemFlags: 0x8c000000
388 groupType: 0x80000005
389 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
390 isCriticalSystemObject: TRUE
392 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
395 cn: Performance Monitor Users
396 description: Members of this group have remote access to monitor this computer
398 whenCreated: ${LDAPTIME}
399 whenChanged: ${LDAPTIME}
402 name: Performance Monitor Users
403 objectGUID: ${NEWGUID}
404 objectSid: S-1-5-32-558
405 sAMAccountName: Performance Monitor Users
406 sAMAccountType: 0x20000000
407 systemFlags: 0x8c000000
408 groupType: 0x80000005
409 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
410 isCriticalSystemObject: TRUE
412 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
415 cn: Performance Log Users
416 description: Members of this group have remote access to schedule logging of performance counters on this computer
418 whenCreated: ${LDAPTIME}
419 whenChanged: ${LDAPTIME}
422 name: Performance Log Users
423 objectGUID: ${NEWGUID}
424 objectSid: S-1-5-32-559
425 sAMAccountName: Performance Log Users
426 sAMAccountType: 0x20000000
427 systemFlags: 0x8c000000
428 groupType: 0x80000005
429 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
430 isCriticalSystemObject: TRUE
432 dn: CN=${HOSTNAME},OU=Domain Controllers,${BASEDN}
435 objectClass: organizationalPerson
437 objectClass: computer
440 whenCreated: ${LDAPTIME}
441 whenChanged: ${LDAPTIME}
445 objectGUID: ${NEWGUID}
446 userAccountControl: 532480
452 lastLogon: 127273269057298624
454 pwdLastSet: 127258826171655328
456 objectSid: ${DOMAINSID}-1000
457 accountExpires: 9223372036854775807
459 sAMAccountName: ${HOSTNAME}$
460 sAMAccountType: 805306369
461 operatingSystem: Samba
462 operatingSystemVersion: 4.0
463 dNSHostName: ${DNSNAME}
464 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
465 isCriticalSystemObject: TRUE
467 dn: CN=krbtgt,CN=Users,${BASEDN}
470 objectClass: organizationalPerson
473 description: Key Distribution Center Service Account
475 whenCreated: ${LDAPTIME}
476 whenChanged: ${LDAPTIME}
479 showInAdvancedViewOnly: TRUE
481 objectGUID: ${NEWGUID}
482 userAccountControl: 514
489 pwdLastSet: 127258826179466560
491 objectSid: ${DOMAINSID}-502
493 accountExpires: 9223372036854775807
495 sAMAccountName: krbtgt
496 sAMAccountType: 805306368
497 servicePrincipalName: kadmin/changepw
498 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
499 isCriticalSystemObject: TRUE
501 dn: CN=Domain Computers,CN=Users,${BASEDN}
505 description: All workstations and servers joined to the domain
507 whenCreated: ${LDAPTIME}
508 whenChanged: ${LDAPTIME}
511 name: Domain Computers
512 objectGUID: ${NEWGUID}
513 objectSid: ${DOMAINSID}-515
514 sAMAccountName: Domain Computers
515 sAMAccountType: 268435456
516 groupType: -2147483646
517 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
518 isCriticalSystemObject: TRUE
520 dn: CN=Domain Controllers,CN=Users,${BASEDN}
523 cn: Domain Controllers
524 description: All domain controllers in the domain
526 whenCreated: ${LDAPTIME}
527 whenChanged: ${LDAPTIME}
530 name: Domain Controllers
531 objectGUID: ${NEWGUID}
532 objectSid: ${DOMAINSID}-516
534 sAMAccountName: Domain Controllers
535 sAMAccountType: 268435456
536 groupType: -2147483646
537 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
538 isCriticalSystemObject: TRUE
540 dn: CN=Schema Admins,CN=Users,${BASEDN}
544 description: Designated administrators of the schema
545 member: CN=Administrator,CN=Users,${BASEDN}
547 whenCreated: ${LDAPTIME}
548 whenChanged: ${LDAPTIME}
552 objectGUID: ${NEWGUID}
553 objectSid: ${DOMAINSID}-518
555 sAMAccountName: Schema Admins
556 sAMAccountType: 268435456
557 groupType: -2147483646
558 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
559 isCriticalSystemObject: TRUE
561 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
564 cn: Enterprise Admins
565 description: Designated administrators of the enterprise
566 member: CN=Administrator,CN=Users,${BASEDN}
568 whenCreated: ${LDAPTIME}
569 whenChanged: ${LDAPTIME}
571 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
573 name: Enterprise Admins
574 objectGUID: ${NEWGUID}
575 objectSid: ${DOMAINSID}-519
577 sAMAccountName: Enterprise Admins
578 sAMAccountType: 268435456
579 groupType: -2147483646
580 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
581 isCriticalSystemObject: TRUE
583 dn: CN=Cert Publishers,CN=Users,${BASEDN}
587 description: Members of this group are permitted to publish certificates to the Active Directory
589 whenCreated: ${LDAPTIME}
590 whenChanged: ${LDAPTIME}
593 name: Cert Publishers
594 objectGUID: ${NEWGUID}
595 objectSid: ${DOMAINSID}-517
596 sAMAccountName: Cert Publishers
597 sAMAccountType: 0x20000000
598 groupType: -2147483644
599 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
600 isCriticalSystemObject: TRUE
602 dn: CN=Domain Admins,CN=Users,${BASEDN}
606 description: Designated administrators of the domain
607 member: CN=Administrator,CN=Users,${BASEDN}
609 whenCreated: ${LDAPTIME}
610 whenChanged: ${LDAPTIME}
612 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
615 objectGUID: ${NEWGUID}
616 objectSid: ${DOMAINSID}-512
618 sAMAccountName: Domain Admins
619 sAMAccountType: 268435456
620 groupType: -2147483646
621 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
622 isCriticalSystemObject: TRUE
624 dn: CN=Domain Users,CN=Users,${BASEDN}
628 description: All domain users
630 whenCreated: ${LDAPTIME}
631 whenChanged: ${LDAPTIME}
633 memberOf: CN=Users,CN=Builtin,${BASEDN}
636 objectGUID: ${NEWGUID}
637 objectSid: ${DOMAINSID}-513
638 sAMAccountName: Domain Users
639 sAMAccountType: 268435456
640 groupType: -2147483646
641 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
642 isCriticalSystemObject: TRUE
644 dn: CN=Domain Guests,CN=Users,${BASEDN}
648 description: All domain guests
650 whenCreated: ${LDAPTIME}
651 whenChanged: ${LDAPTIME}
653 memberOf: CN=Guests,CN=Builtin,${BASEDN}
656 objectGUID: ${NEWGUID}
657 objectSid: ${DOMAINSID}-514
658 sAMAccountName: Domain Guests
659 sAMAccountType: 268435456
660 groupType: -2147483646
661 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
662 isCriticalSystemObject: TRUE
664 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
667 cn: Group Policy Creator Owners
668 description: Members in this group can modify group policy for the domain
669 member: CN=Administrator,CN=Users,${BASEDN}
671 whenCreated: ${LDAPTIME}
672 whenChanged: ${LDAPTIME}
675 name: Group Policy Creator Owners
676 objectGUID: ${NEWGUID}
677 objectSid: ${DOMAINSID}-520
678 sAMAccountName: Group Policy Creator Owners
679 sAMAccountType: 268435456
680 groupType: -2147483646
681 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
682 isCriticalSystemObject: TRUE
684 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
687 cn: RAS and IAS Servers
688 description: Servers in this group can access remote access properties of users
690 whenCreated: ${LDAPTIME}
691 whenChanged: ${LDAPTIME}
694 name: RAS and IAS Servers
695 objectGUID: ${NEWGUID}
696 objectSid: ${DOMAINSID}-553
697 sAMAccountName: RAS and IAS Servers
698 sAMAccountType: 0x20000000
699 groupType: -2147483644
700 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
701 isCriticalSystemObject: TRUE
703 dn: CN=Server Operators,CN=Builtin,${BASEDN}
707 description: Members can administer domain servers
709 whenCreated: ${LDAPTIME}
710 whenChanged: ${LDAPTIME}
713 name: Server Operators
714 objectGUID: ${NEWGUID}
715 objectSid: S-1-5-32-549
717 sAMAccountName: Server Operators
718 sAMAccountType: 0x20000000
719 systemFlags: 0x8c000000
720 groupType: 0x80000005
721 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
722 isCriticalSystemObject: TRUE
724 dn: CN=Account Operators,CN=Builtin,${BASEDN}
727 cn: Account Operators
728 description: Members can administer domain user and group accounts
730 whenCreated: ${LDAPTIME}
731 whenChanged: ${LDAPTIME}
734 name: Account Operators
735 objectGUID: ${NEWGUID}
736 objectSid: S-1-5-32-548
738 sAMAccountName: Account Operators
739 sAMAccountType: 0x20000000
740 systemFlags: 0x8c000000
741 groupType: 0x80000005
742 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
743 isCriticalSystemObject: TRUE
745 dn: CN=Templates,${BASEDN}
747 objectClass: container
749 description: Container for SAM account templates
751 whenCreated: ${LDAPTIME}
752 whenChanged: ${LDAPTIME}
755 showInAdvancedViewOnly: FALSE
757 objectGUID: ${NEWGUID}
758 systemFlags: 0x8c000000
759 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
760 isCriticalSystemObject: TRUE
763 # note! the template users must not match normal searches. Be careful
764 # with what classes you put them in
767 dn: CN=TemplateUser,CN=Templates,${BASEDN}
770 objectClass: organizationalPerson
771 objectClass: Template
772 objectClass: userTemplate
776 userAccountControl: 0x202
787 sAMAccountType: 0x30000000
789 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
791 objectClass: Template
792 objectClass: userTemplate
793 cn: TemplateMemberServer
794 name: TemplateMemberServer
796 userAccountControl: 0x1002
807 sAMAccountType: 0x30000001
809 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
811 objectClass: Template
812 objectClass: userTemplate
813 cn: TemplateDomainController
814 name: TemplateDomainController
816 userAccountControl: 0x2002
827 sAMAccountType: 0x30000001
829 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
831 objectClass: Template
832 objectClass: groupTemplate
836 sAMAccountType: 0x10000000