6271a6fa2be011cc3226283b84bd277802dbfb57
[samba.git] / source4 / provision.ldif
1 dn: @INDEXLIST
2 @IDXATTR: name
3 @IDXATTR: sAMAccountName
4 @IDXATTR: objectSid
5 @IDXATTR: objectClass
6 @IDXATTR: member
7 @IDXATTR: unixID
8 @IDXATTR: unixName
9 @IDXATTR: privilege
10
11 dn: @ATTRIBUTES
12 realm: CASE_INSENSITIVE
13 userPrincipalName: CASE_INSENSITIVE
14 servicePrincipalName: CASE_INSENSITIVE
15 name: CASE_INSENSITIVE WILDCARD
16 dn: CASE_INSENSITIVE WILDCARD
17 sAMAccountName: CASE_INSENSITIVE WILDCARD
18 objectClass: CASE_INSENSITIVE
19 unicodePwd: HIDDEN
20 ntPwdHash: HIDDEN
21 ntPwdHistory: HIDDEN
22 lmPwdHash: HIDDEN
23 lmPwdHistory: HIDDEN
24 createTimestamp: HIDDEN
25 modifyTimestamp: HIDDEN
26
27 dn: @SUBCLASSES
28 top: domain
29 top: person
30 top: group
31 domain: domainDNS
32 domain: builtinDomain
33 person: organizationalPerson
34 organizationalPerson: user
35 user: computer
36 template: userTemplate
37 template: groupTemplate
38
39 dn: @MODULES
40 @MODULE: timestamps
41
42 dn: ${BASEDN}
43 objectClass: top
44 objectClass: domain
45 objectClass: domainDNS
46 name: ${DOMAIN}
47 realm: ${REALM}
48 dnsDomain: ${DNSDOMAIN}
49 dc: ${DOMAIN}
50 objectGUID: ${DOMAINGUID}
51 creationTime: ${NTTIME}
52 forceLogoff: 0x8000000000000000
53 lockoutDuration: -18000000000
54 lockOutObservationWindow: -18000000000
55 lockoutThreshold: 0
56 whenCreated: ${LDAPTIME}
57 whenChanged: ${LDAPTIME}
58 uSNCreated: 1
59 uSNChanged: 1
60 maxPwdAge: -37108517437440
61 minPwdAge: 0
62 minPwdLength: 7
63 modifiedCountAtLastProm: 0
64 nextRid: 1001
65 pwdProperties: 1
66 pwdHistoryLength: 24
67 objectSid: ${DOMAINSID}
68 serverState: 1
69 uASCompat: 1
70 modifiedCount: 1
71 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
72 isCriticalSystemObject: TRUE
73
74 dn: CN=Users,${BASEDN}
75 objectClass: top
76 objectClass: container
77 cn: Users
78 description: Default container for upgraded user accounts
79 instanceType: 4
80 whenCreated: ${LDAPTIME}
81 whenChanged: ${LDAPTIME}
82 uSNCreated: 1
83 uSNChanged: 1
84 showInAdvancedViewOnly: FALSE
85 name: Users
86 objectGUID: ${NEWGUID}
87 systemFlags: 0x8c000000
88 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
89 isCriticalSystemObject: TRUE
90
91 dn: CN=Computers,${BASEDN}
92 objectClass: top
93 objectClass: container
94 cn: Computers
95 description: Default container for upgraded computer accounts
96 instanceType: 4
97 whenCreated: ${LDAPTIME}
98 whenChanged: ${LDAPTIME}
99 uSNCreated: 1
100 uSNChanged: 1
101 showInAdvancedViewOnly: FALSE
102 name: Computers
103 objectGUID: ${NEWGUID}
104 systemFlags: 0x8c000000
105 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
106 isCriticalSystemObject: TRUE
107
108 dn: OU=Domain Controllers,${BASEDN}
109 objectClass: top
110 objectClass: organizationalUnit
111 ou: Domain Controllers
112 description: Default container for domain controllers
113 instanceType: 4
114 whenCreated: ${LDAPTIME}
115 whenChanged: ${LDAPTIME}
116 uSNCreated: 1
117 uSNChanged: 1
118 showInAdvancedViewOnly: FALSE
119 name: Domain Controllers
120 objectGUID: ${NEWGUID}
121 systemFlags: 0x8c000000
122 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
123 isCriticalSystemObject: TRUE
124
125 dn: CN=ForeignSecurityPrincipals,${BASEDN}
126 objectClass: top
127 objectClass: container
128 cn: ForeignSecurityPrincipals
129 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
130 instanceType: 4
131 whenCreated: ${LDAPTIME}
132 whenChanged: ${LDAPTIME}
133 uSNCreated: 1
134 uSNChanged: 1
135 showInAdvancedViewOnly: FALSE
136 name: ForeignSecurityPrincipals
137 objectGUID: ${NEWGUID}
138 systemFlags: 0x8c000000
139 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
140 isCriticalSystemObject: TRUE
141
142 dn: CN=Builtin,${BASEDN}
143 objectClass: top
144 objectClass: builtinDomain
145 cn: Builtin
146 instanceType: 4
147 showInAdvancedViewOnly: FALSE
148 name: Builtin
149 forceLogoff: 0x8000000000000000
150 lockoutDuration: -18000000000
151 lockOutObservationWindow: -18000000000
152 lockoutThreshold: 0
153 maxPwdAge: -37108517437440
154 minPwdAge: 0
155 minPwdLength: 0
156 modifiedCountAtLastProm: 0
157 nextRid: 1000
158 pwdProperties: 0
159 pwdHistoryLength: 0
160 objectSid: S-1-5-32
161 serverState: 1
162 uASCompat: 1
163 modifiedCount: 1
164 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
165 isCriticalSystemObject: TRUE
166
167 dn: CN=Administrator,CN=Users,${BASEDN}
168 objectClass: top
169 objectClass: person
170 objectClass: organizationalPerson
171 objectClass: user
172 cn: Administrator
173 description: Built-in account for administering the computer/domain
174 instanceType: 4
175 whenCreated: ${LDAPTIME}
176 whenChanged: ${LDAPTIME}
177 uSNCreated: 1
178 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
179 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
180 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
181 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
182 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
183 uSNChanged: 1
184 name: Administrator
185 objectGUID: ${NEWGUID}
186 userAccountControl: 0x10200
187 badPwdCount: 0
188 codePage: 0
189 countryCode: 0
190 badPasswordTime: 0
191 lastLogoff: 0
192 lastLogon: 0
193 pwdLastSet: 0
194 primaryGroupID: 513
195 objectSid: ${DOMAINSID}-500
196 adminCount: 1
197 accountExpires: -1
198 logonCount: 0
199 sAMAccountName: Administrator
200 sAMAccountType: 0x30000000
201 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
202 isCriticalSystemObject: TRUE
203 unicodePwd: ${ADMINPASS}
204 unixName: root
205
206 dn: CN=Guest,CN=Users,${BASEDN}
207 objectClass: top
208 objectClass: person
209 objectClass: organizationalPerson
210 objectClass: user
211 cn: Guest
212 description: Built-in account for guest access to the computer/domain
213 instanceType: 4
214 whenCreated: ${LDAPTIME}
215 whenChanged: ${LDAPTIME}
216 uSNCreated: 1
217 memberOf: CN=Guests,CN=Builtin,${BASEDN}
218 uSNChanged: 1
219 name: Guest
220 objectGUID: ${NEWGUID}
221 userAccountControl: 0x10222
222 badPwdCount: 0
223 codePage: 0
224 countryCode: 0
225 badPasswordTime: 0
226 lastLogoff: 0
227 lastLogon: 0
228 pwdLastSet: 0
229 primaryGroupID: 514
230 objectSid: ${DOMAINSID}-501
231 accountExpires: -1
232 logonCount: 0
233 sAMAccountName: Guest
234 sAMAccountType: 0x30000000
235 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
236 isCriticalSystemObject: TRUE
237
238 dn: CN=Administrators,CN=Builtin,${BASEDN}
239 objectClass: top
240 objectClass: group
241 cn: Administrators
242 description: Administrators have complete and unrestricted access to the computer/domain
243 member: CN=Domain Admins,CN=Users,${BASEDN}
244 member: CN=Enterprise Admins,CN=Users,${BASEDN}
245 member: CN=Administrator,CN=Users,${BASEDN}
246 instanceType: 4
247 whenCreated: ${LDAPTIME}
248 whenChanged: ${LDAPTIME}
249 uSNCreated: 1
250 uSNChanged: 1
251 name: Administrators
252 objectGUID: ${NEWGUID}
253 objectSid: S-1-5-32-544
254 adminCount: 1
255 sAMAccountName: Administrators
256 sAMAccountType: 0x20000000
257 systemFlags: 0x8c000000
258 groupType: 0x80000005
259 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
260 isCriticalSystemObject: TRUE
261 unixName: ${WHEEL}
262 privilege: SeSecurityPrivilege
263 privilege: SeBackupPrivilege
264 privilege: SeRestorePrivilege
265 privilege: SeSystemtimePrivilege
266 privilege: SeShutdownPrivilege
267 privilege: SeRemoteShutdownPrivilege
268 privilege: SeTakeOwnershipPrivilege
269 privilege: SeDebugPrivilege
270 privilege: SeSystemEnvironmentPrivilege
271 privilege: SeSystemProfilePrivilege
272 privilege: SeProfileSingleProcessPrivilege
273 privilege: SeIncreaseBasePriorityPrivilege
274 privilege: SeLoadDriverPrivilege
275 privilege: SeCreatePagefilePrivilege
276 privilege: SeIncreaseQuotaPrivilege
277 privilege: SeChangeNotifyPrivilege
278 privilege: SeUndockPrivilege
279 privilege: SeManageVolumePrivilege
280 privilege: SeImpersonatePrivilege
281 privilege: SeCreateGlobalPrivilege
282 privilege: SeEnableDelegationPrivilege
283 privilege: SeInteractiveLogonRight
284 privilege: SeNetworkLogonRight
285 privilege: SeRemoteInteractiveLogonRight
286
287
288 dn: CN=Users,CN=Builtin,${BASEDN}
289 objectClass: top
290 objectClass: group
291 cn: Users
292 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
293 member: CN=Domain Users,CN=Users,${BASEDN}
294 instanceType: 4
295 whenCreated: ${LDAPTIME}
296 whenChanged: ${LDAPTIME}
297 uSNCreated: 1
298 uSNChanged: 1
299 name: Users
300 objectGUID: ${NEWGUID}
301 objectSid: S-1-5-32-545
302 sAMAccountName: Users
303 sAMAccountType: 0x20000000
304 systemFlags: 0x8c000000
305 groupType: 0x80000005
306 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
307 isCriticalSystemObject: TRUE
308
309 dn: CN=Guests,CN=Builtin,${BASEDN}
310 objectClass: top
311 objectClass: group
312 cn: Guests
313 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
314 member: CN=Domain Guests,CN=Users,${BASEDN}
315 member: CN=Guest,CN=Users,${BASEDN}
316 instanceType: 4
317 whenCreated: ${LDAPTIME}
318 whenChanged: ${LDAPTIME}
319 uSNCreated: 1
320 uSNChanged: 1
321 name: Guests
322 objectGUID: ${NEWGUID}
323 objectSid: S-1-5-32-546
324 sAMAccountName: Guests
325 sAMAccountType: 0x20000000
326 systemFlags: 0x8c000000
327 groupType: 0x80000005
328 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
329 isCriticalSystemObject: TRUE
330 unixName: ${NOGROUP}
331
332 dn: CN=Print Operators,CN=Builtin,${BASEDN}
333 objectClass: top
334 objectClass: group
335 cn: Print Operators
336 description: Members can administer domain printers
337 instanceType: 4
338 whenCreated: ${LDAPTIME}
339 whenChanged: ${LDAPTIME}
340 uSNCreated: 1
341 uSNChanged: 1
342 name: Print Operators
343 objectGUID: ${NEWGUID}
344 objectSid: S-1-5-32-550
345 adminCount: 1
346 sAMAccountName: Print Operators
347 sAMAccountType: 0x20000000
348 systemFlags: 0x8c000000
349 groupType: 0x80000005
350 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
351 isCriticalSystemObject: TRUE
352 privilege: SeLoadDriverPrivilege
353 privilege: SeShutdownPrivilege
354 privilege: SeInteractiveLogonRight
355
356 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
357 objectClass: top
358 objectClass: group
359 cn: Backup Operators
360 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
361 instanceType: 4
362 whenCreated: ${LDAPTIME}
363 whenChanged: ${LDAPTIME}
364 uSNCreated: 1
365 uSNChanged: 1
366 name: Backup Operators
367 objectGUID: ${NEWGUID}
368 objectSid: S-1-5-32-551
369 adminCount: 1
370 sAMAccountName: Backup Operators
371 sAMAccountType: 0x20000000
372 systemFlags: 0x8c000000
373 groupType: 0x80000005
374 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
375 isCriticalSystemObject: TRUE
376 privilege: SeBackupPrivilege
377 privilege: SeRestorePrivilege
378 privilege: SeShutdownPrivilege
379 privilege: SeInteractiveLogonRight
380
381 dn: CN=Replicator,CN=Builtin,${BASEDN}
382 objectClass: top
383 objectClass: group
384 cn: Replicator
385 description: Supports file replication in a domain
386 instanceType: 4
387 whenCreated: ${LDAPTIME}
388 whenChanged: ${LDAPTIME}
389 uSNCreated: 1
390 uSNChanged: 1
391 name: Replicator
392 objectGUID: ${NEWGUID}
393 objectSid: S-1-5-32-552
394 adminCount: 1
395 sAMAccountName: Replicator
396 sAMAccountType: 0x20000000
397 systemFlags: 0x8c000000
398 groupType: 0x80000005
399 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
400 isCriticalSystemObject: TRUE
401
402 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
403 objectClass: top
404 objectClass: group
405 cn: Remote Desktop Users
406 description: Members in this group are granted the right to logon remotely
407 instanceType: 4
408 whenCreated: ${LDAPTIME}
409 whenChanged: ${LDAPTIME}
410 uSNCreated: 1
411 uSNChanged: 1
412 name: Remote Desktop Users
413 objectGUID: ${NEWGUID}
414 objectSid: S-1-5-32-555
415 sAMAccountName: Remote Desktop Users
416 sAMAccountType: 0x20000000
417 systemFlags: 0x8c000000
418 groupType: 0x80000005
419 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
420 isCriticalSystemObject: TRUE
421
422 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
423 objectClass: top
424 objectClass: group
425 cn: Network Configuration Operators
426 description: Members in this group can have some administrative privileges to manage configuration of networking features
427 instanceType: 4
428 whenCreated: ${LDAPTIME}
429 whenChanged: ${LDAPTIME}
430 uSNCreated: 1
431 uSNChanged: 1
432 name: Network Configuration Operators
433 objectGUID: ${NEWGUID}
434 objectSid: S-1-5-32-556
435 sAMAccountName: Network Configuration Operators
436 sAMAccountType: 0x20000000
437 systemFlags: 0x8c000000
438 groupType: 0x80000005
439 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
440 isCriticalSystemObject: TRUE
441
442 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
443 objectClass: top
444 objectClass: group
445 cn: Performance Monitor Users
446 description: Members of this group have remote access to monitor this computer
447 instanceType: 4
448 whenCreated: ${LDAPTIME}
449 whenChanged: ${LDAPTIME}
450 uSNCreated: 1
451 uSNChanged: 1
452 name: Performance Monitor Users
453 objectGUID: ${NEWGUID}
454 objectSid: S-1-5-32-558
455 sAMAccountName: Performance Monitor Users
456 sAMAccountType: 0x20000000
457 systemFlags: 0x8c000000
458 groupType: 0x80000005
459 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
460 isCriticalSystemObject: TRUE
461
462 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
463 objectClass: top
464 objectClass: group
465 cn: Performance Log Users
466 description: Members of this group have remote access to schedule logging of performance counters on this computer
467 instanceType: 4
468 whenCreated: ${LDAPTIME}
469 whenChanged: ${LDAPTIME}
470 uSNCreated: 1
471 uSNChanged: 1
472 name: Performance Log Users
473 objectGUID: ${NEWGUID}
474 objectSid: S-1-5-32-559
475 sAMAccountName: Performance Log Users
476 sAMAccountType: 0x20000000
477 systemFlags: 0x8c000000
478 groupType: 0x80000005
479 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
480 isCriticalSystemObject: TRUE
481
482 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
483 objectClass: top
484 objectClass: person
485 objectClass: organizationalPerson
486 objectClass: user
487 objectClass: computer
488 cn: ${NETBIOSNAME}
489 instanceType: 4
490 whenCreated: ${LDAPTIME}
491 whenChanged: ${LDAPTIME}
492 uSNCreated: 1
493 uSNChanged: 1
494 name: ${NETBIOSNAME}
495 objectGUID: ${HOSTGUID}
496 userAccountControl: 532480
497 badPwdCount: 0
498 codePage: 0
499 countryCode: 0
500 badPasswordTime: 0
501 lastLogoff: 0
502 lastLogon: 127273269057298624
503 localPolicyFlags: 0
504 pwdLastSet: 127258826171655328
505 primaryGroupID: 516
506 objectSid: ${DOMAINSID}-1000
507 accountExpires: 9223372036854775807
508 logonCount: 30
509 sAMAccountName: ${NETBIOSNAME}$
510 sAMAccountType: 805306369
511 operatingSystem: Samba
512 operatingSystemVersion: 4.0
513 dNSHostName: ${DNSNAME}
514 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
515 isCriticalSystemObject: TRUE
516 unicodePwd: ${RANDPASS}
517 servicePrincipalName: HOST/${DNSNAME}
518 servicePrincipalName: HOST/${NETBIOSNAME}
519 servicePrincipalName: CIFS/${DNSNAME}
520 servicePrincipalName: CIFS/${NETBIOSNAME}
521 servicePrincipalName: LDAP/${DNSNAME}
522 servicePrincipalName: LDAP/${NETBIOSNAME}
523
524 dn: CN=krbtgt,CN=Users,${BASEDN}
525 objectClass: top
526 objectClass: person
527 objectClass: organizationalPerson
528 objectClass: user
529 cn: krbtgt
530 description: Key Distribution Center Service Account
531 instanceType: 4
532 whenCreated: ${LDAPTIME}
533 whenChanged: ${LDAPTIME}
534 uSNCreated: 1
535 uSNChanged: 1
536 showInAdvancedViewOnly: TRUE
537 name: krbtgt
538 objectGUID: ${NEWGUID}
539 userAccountControl: 514
540 badPwdCount: 0
541 codePage: 0
542 countryCode: 0
543 badPasswordTime: 0
544 lastLogoff: 0
545 lastLogon: 0
546 pwdLastSet: 127258826179466560
547 primaryGroupID: 513
548 objectSid: ${DOMAINSID}-502
549 adminCount: 1
550 accountExpires: 9223372036854775807
551 logonCount: 0
552 sAMAccountName: krbtgt
553 sAMAccountType: 805306368
554 servicePrincipalName: kadmin/changepw
555 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
556 isCriticalSystemObject: TRUE
557 unicodePwd: ${RANDPASS}
558
559 dn: CN=Domain Computers,CN=Users,${BASEDN}
560 objectClass: top
561 objectClass: group
562 cn: Domain Computers
563 description: All workstations and servers joined to the domain
564 instanceType: 4
565 whenCreated: ${LDAPTIME}
566 whenChanged: ${LDAPTIME}
567 uSNCreated: 1
568 uSNChanged: 1
569 name: Domain Computers
570 objectGUID: ${NEWGUID}
571 objectSid: ${DOMAINSID}-515
572 sAMAccountName: Domain Computers
573 sAMAccountType: 0x10000000
574 groupType: 0x80000002
575 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
576 isCriticalSystemObject: TRUE
577
578 dn: CN=Domain Controllers,CN=Users,${BASEDN}
579 objectClass: top
580 objectClass: group
581 cn: Domain Controllers
582 description: All domain controllers in the domain
583 instanceType: 4
584 whenCreated: ${LDAPTIME}
585 whenChanged: ${LDAPTIME}
586 uSNCreated: 1
587 uSNChanged: 1
588 name: Domain Controllers
589 objectGUID: ${NEWGUID}
590 objectSid: ${DOMAINSID}-516
591 adminCount: 1
592 sAMAccountName: Domain Controllers
593 sAMAccountType: 0x10000000
594 groupType: 0x80000002
595 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
596 isCriticalSystemObject: TRUE
597
598 dn: CN=Schema Admins,CN=Users,${BASEDN}
599 objectClass: top
600 objectClass: group
601 cn: Schema Admins
602 description: Designated administrators of the schema
603 member: CN=Administrator,CN=Users,${BASEDN}
604 instanceType: 4
605 whenCreated: ${LDAPTIME}
606 whenChanged: ${LDAPTIME}
607 uSNCreated: 1
608 uSNChanged: 1
609 name: Schema Admins
610 objectGUID: ${NEWGUID}
611 objectSid: ${DOMAINSID}-518
612 adminCount: 1
613 sAMAccountName: Schema Admins
614 sAMAccountType: 0x10000000
615 groupType: 0x80000002
616 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
617 isCriticalSystemObject: TRUE
618 unixName: ${WHEEL}
619
620 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
621 objectClass: top
622 objectClass: group
623 cn: Enterprise Admins
624 description: Designated administrators of the enterprise
625 member: CN=Administrator,CN=Users,${BASEDN}
626 instanceType: 4
627 whenCreated: ${LDAPTIME}
628 whenChanged: ${LDAPTIME}
629 uSNCreated: 1
630 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
631 uSNChanged: 1
632 name: Enterprise Admins
633 objectGUID: ${NEWGUID}
634 objectSid: ${DOMAINSID}-519
635 adminCount: 1
636 sAMAccountName: Enterprise Admins
637 sAMAccountType: 0x10000000
638 groupType: 0x80000002
639 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
640 isCriticalSystemObject: TRUE
641 unixName: ${WHEEL}
642
643 dn: CN=Cert Publishers,CN=Users,${BASEDN}
644 objectClass: top
645 objectClass: group
646 cn: Cert Publishers
647 description: Members of this group are permitted to publish certificates to the Active Directory
648 instanceType: 4
649 whenCreated: ${LDAPTIME}
650 whenChanged: ${LDAPTIME}
651 uSNCreated: 1
652 uSNChanged: 1
653 name: Cert Publishers
654 objectGUID: ${NEWGUID}
655 objectSid: ${DOMAINSID}-517
656 sAMAccountName: Cert Publishers
657 sAMAccountType: 0x20000000
658 groupType: 0x80000004
659 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
660 isCriticalSystemObject: TRUE
661
662 dn: CN=Domain Admins,CN=Users,${BASEDN}
663 objectClass: top
664 objectClass: group
665 cn: Domain Admins
666 description: Designated administrators of the domain
667 member: CN=Administrator,CN=Users,${BASEDN}
668 instanceType: 4
669 whenCreated: ${LDAPTIME}
670 whenChanged: ${LDAPTIME}
671 uSNCreated: 1
672 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
673 uSNChanged: 1
674 name: Domain Admins
675 objectGUID: ${NEWGUID}
676 objectSid: ${DOMAINSID}-512
677 adminCount: 1
678 sAMAccountName: Domain Admins
679 sAMAccountType: 0x10000000
680 groupType: 0x80000002
681 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
682 isCriticalSystemObject: TRUE
683 unixName: ${WHEEL}
684
685 dn: CN=Domain Users,CN=Users,${BASEDN}
686 objectClass: top
687 objectClass: group
688 cn: Domain Users
689 description: All domain users
690 instanceType: 4
691 whenCreated: ${LDAPTIME}
692 whenChanged: ${LDAPTIME}
693 uSNCreated: 1
694 memberOf: CN=Users,CN=Builtin,${BASEDN}
695 uSNChanged: 1
696 name: Domain Users
697 objectGUID: ${NEWGUID}
698 objectSid: ${DOMAINSID}-513
699 sAMAccountName: Domain Users
700 sAMAccountType: 0x10000000
701 groupType: 0x80000002
702 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
703 isCriticalSystemObject: TRUE
704 unixName: ${USERS}
705
706 dn: CN=Domain Guests,CN=Users,${BASEDN}
707 objectClass: top
708 objectClass: group
709 cn: Domain Guests
710 description: All domain guests
711 instanceType: 4
712 whenCreated: ${LDAPTIME}
713 whenChanged: ${LDAPTIME}
714 uSNCreated: 1
715 memberOf: CN=Guests,CN=Builtin,${BASEDN}
716 uSNChanged: 1
717 name: Domain Guests
718 objectGUID: ${NEWGUID}
719 objectSid: ${DOMAINSID}-514
720 sAMAccountName: Domain Guests
721 sAMAccountType: 0x10000000
722 groupType: 0x80000002
723 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
724 isCriticalSystemObject: TRUE
725
726 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
727 objectClass: top
728 objectClass: group
729 cn: Group Policy Creator Owners
730 description: Members in this group can modify group policy for the domain
731 member: CN=Administrator,CN=Users,${BASEDN}
732 instanceType: 4
733 whenCreated: ${LDAPTIME}
734 whenChanged: ${LDAPTIME}
735 uSNCreated: 1
736 uSNChanged: 1
737 name: Group Policy Creator Owners
738 objectGUID: ${NEWGUID}
739 objectSid: ${DOMAINSID}-520
740 sAMAccountName: Group Policy Creator Owners
741 sAMAccountType: 0x10000000
742 groupType: 0x80000002
743 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
744 isCriticalSystemObject: TRUE
745 unixName: ${WHEEL}
746
747 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
748 objectClass: top
749 objectClass: group
750 cn: RAS and IAS Servers
751 description: Servers in this group can access remote access properties of users
752 instanceType: 4
753 whenCreated: ${LDAPTIME}
754 whenChanged: ${LDAPTIME}
755 uSNCreated: 1
756 uSNChanged: 1
757 name: RAS and IAS Servers
758 objectGUID: ${NEWGUID}
759 objectSid: ${DOMAINSID}-553
760 sAMAccountName: RAS and IAS Servers
761 sAMAccountType: 0x20000000
762 groupType: 0x80000004
763 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
764 isCriticalSystemObject: TRUE
765
766 dn: CN=Server Operators,CN=Builtin,${BASEDN}
767 objectClass: top
768 objectClass: group
769 cn: Server Operators
770 description: Members can administer domain servers
771 instanceType: 4
772 whenCreated: ${LDAPTIME}
773 whenChanged: ${LDAPTIME}
774 uSNCreated: 1
775 uSNChanged: 1
776 name: Server Operators
777 objectGUID: ${NEWGUID}
778 objectSid: S-1-5-32-549
779 adminCount: 1
780 sAMAccountName: Server Operators
781 sAMAccountType: 0x20000000
782 systemFlags: 0x8c000000
783 groupType: 0x80000005
784 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
785 isCriticalSystemObject: TRUE
786 privilege: SeBackupPrivilege
787 privilege: SeSystemtimePrivilege
788 privilege: SeRemoteShutdownPrivilege
789 privilege: SeRestorePrivilege
790 privilege: SeShutdownPrivilege
791 privilege: SeInteractiveLogonRight
792
793 dn: CN=Account Operators,CN=Builtin,${BASEDN}
794 objectClass: top
795 objectClass: group
796 cn: Account Operators
797 description: Members can administer domain user and group accounts
798 instanceType: 4
799 whenCreated: ${LDAPTIME}
800 whenChanged: ${LDAPTIME}
801 uSNCreated: 1
802 uSNChanged: 1
803 name: Account Operators
804 objectGUID: ${NEWGUID}
805 objectSid: S-1-5-32-548
806 adminCount: 1
807 sAMAccountName: Account Operators
808 sAMAccountType: 0x20000000
809 systemFlags: 0x8c000000
810 groupType: 0x80000005
811 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
812 isCriticalSystemObject: TRUE
813 privilege: SeInteractiveLogonRight
814
815 dn: CN=Templates,${BASEDN}
816 objectClass: top
817 objectClass: container
818 cn: Templates
819 description: Container for SAM account templates
820 instanceType: 4
821 whenCreated: ${LDAPTIME}
822 whenChanged: ${LDAPTIME}
823 uSNCreated: 1
824 uSNChanged: 1
825 showInAdvancedViewOnly: FALSE
826 name: Templates
827 objectGUID: ${NEWGUID}
828 systemFlags: 0x8c000000
829 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
830 isCriticalSystemObject: TRUE
831
832 ###
833 # note! the template users must not match normal searches. Be careful
834 # with what classes you put them in
835 ###
836
837 dn: CN=TemplateUser,CN=Templates,${BASEDN}
838 objectClass: top
839 objectClass: person
840 objectClass: organizationalPerson
841 objectClass: Template
842 objectClass: userTemplate
843 cn: TemplateUser
844 name: TemplateUser
845 instanceType: 4
846 userAccountControl: 0x202
847 badPwdCount: 0
848 codePage: 0
849 countryCode: 0
850 badPasswordTime: 0
851 lastLogoff: 0
852 lastLogon: 0
853 pwdLastSet: 0
854 primaryGroupID: 513
855 accountExpires: -1
856 logonCount: 0
857 sAMAccountType: 0x30000000
858
859 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
860 objectClass: top
861 objectClass: Template
862 objectClass: userTemplate
863 cn: TemplateMemberServer
864 name: TemplateMemberServer
865 instanceType: 4
866 userAccountControl: 0x1002
867 badPwdCount: 0
868 codePage: 0
869 countryCode: 0
870 badPasswordTime: 0
871 lastLogoff: 0
872 lastLogon: 0
873 pwdLastSet: 0
874 primaryGroupID: 513
875 accountExpires: -1
876 logonCount: 0
877 sAMAccountType: 0x30000001
878
879 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
880 objectClass: top
881 objectClass: Template
882 objectClass: userTemplate
883 cn: TemplateDomainController
884 name: TemplateDomainController
885 instanceType: 4
886 userAccountControl: 0x2002
887 badPwdCount: 0
888 codePage: 0
889 countryCode: 0
890 badPasswordTime: 0
891 lastLogoff: 0
892 lastLogon: 0
893 pwdLastSet: 0
894 primaryGroupID: 513
895 accountExpires: -1
896 logonCount: 0
897 sAMAccountType: 0x30000001
898
899 dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
900 objectClass: top
901 objectClass: Template
902 objectClass: userTemplate
903 cn: TemplateTrustingDomain
904 name: TemplateTrustingDomain
905 instanceType: 4
906 userAccountControl: 0x820
907 badPwdCount: 0
908 codePage: 0
909 countryCode: 0
910 badPasswordTime: 0
911 lastLogoff: 0
912 lastLogon: 0
913 pwdLastSet: 0
914 primaryGroupID: 513
915 accountExpires: -1
916 logonCount: 0
917 sAMAccountType: 0x30000002
918
919 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
920 objectClass: top
921 objectClass: Template
922 objectClass: groupTemplate
923 cn: TemplateGroup
924 name: TemplateGroup
925 instanceType: 4
926 groupType: 0x80000002
927 sAMAccountType: 0x10000000
928
929 dn: CN=TemplateAlias,CN=Templates,${BASEDN}
930 objectClass: top
931 objectClass: Template
932 objectClass: aliasTemplate
933 cn: TemplateAlias
934 name: TemplateAlias
935 instanceType: 4
936 groupType: 0x80000004
937 sAMAccountType: 0x10000000
938
939 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
940 objectClass: top
941 objectClass: Template
942 objectClass: foreignSecurityPrincipalTemplate
943 cn: TemplateForeignSecurityPrincipal
944 name: TemplateForeignSecurityPrincipal