r4484: - use the nTMixedDomain attribute to check if our domain is mixed mode or not
[samba.git] / source4 / provision.ldif
1 dn: @INDEXLIST
2 @IDXATTR: name
3 @IDXATTR: sAMAccountName
4 @IDXATTR: objectSid
5 @IDXATTR: objectClass
6 @IDXATTR: member
7 @IDXATTR: unixID
8 @IDXATTR: unixName
9 @IDXATTR: privilege
10
11 dn: @ATTRIBUTES
12 realm: CASE_INSENSITIVE
13 userPrincipalName: CASE_INSENSITIVE
14 servicePrincipalName: CASE_INSENSITIVE
15 name: CASE_INSENSITIVE WILDCARD
16 dn: CASE_INSENSITIVE WILDCARD
17 sAMAccountName: CASE_INSENSITIVE WILDCARD
18 objectClass: CASE_INSENSITIVE
19 unicodePwd: HIDDEN
20 ntPwdHash: HIDDEN
21 ntPwdHistory: HIDDEN
22 lmPwdHash: HIDDEN
23 lmPwdHistory: HIDDEN
24 createTimestamp: HIDDEN
25 modifyTimestamp: HIDDEN
26
27 dn: @SUBCLASSES
28 top: domain
29 top: person
30 top: group
31 domain: domainDNS
32 domain: builtinDomain
33 person: organizationalPerson
34 organizationalPerson: user
35 user: computer
36 template: userTemplate
37 template: groupTemplate
38
39 dn: @MODULES
40 @MODULE: timestamps
41
42 dn: ${BASEDN}
43 objectClass: top
44 objectClass: domain
45 objectClass: domainDNS
46 name: ${DOMAIN}
47 realm: ${REALM}
48 dnsDomain: ${DNSDOMAIN}
49 dc: ${DOMAIN}
50 objectGUID: ${DOMAINGUID}
51 creationTime: ${NTTIME}
52 forceLogoff: 0x8000000000000000
53 lockoutDuration: -18000000000
54 lockOutObservationWindow: -18000000000
55 lockoutThreshold: 0
56 whenCreated: ${LDAPTIME}
57 whenChanged: ${LDAPTIME}
58 uSNCreated: 1
59 uSNChanged: 1
60 maxPwdAge: -37108517437440
61 minPwdAge: 0
62 minPwdLength: 7
63 modifiedCountAtLastProm: 0
64 nextRid: 1001
65 pwdProperties: 1
66 pwdHistoryLength: 24
67 objectSid: ${DOMAINSID}
68 serverState: 1
69 nTMixedDomain: 1
70 uASCompat: 1
71 modifiedCount: 1
72 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
73 isCriticalSystemObject: TRUE
74
75 dn: CN=Users,${BASEDN}
76 objectClass: top
77 objectClass: container
78 cn: Users
79 description: Default container for upgraded user accounts
80 instanceType: 4
81 whenCreated: ${LDAPTIME}
82 whenChanged: ${LDAPTIME}
83 uSNCreated: 1
84 uSNChanged: 1
85 showInAdvancedViewOnly: FALSE
86 name: Users
87 objectGUID: ${NEWGUID}
88 systemFlags: 0x8c000000
89 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
90 isCriticalSystemObject: TRUE
91
92 dn: CN=Computers,${BASEDN}
93 objectClass: top
94 objectClass: container
95 cn: Computers
96 description: Default container for upgraded computer accounts
97 instanceType: 4
98 whenCreated: ${LDAPTIME}
99 whenChanged: ${LDAPTIME}
100 uSNCreated: 1
101 uSNChanged: 1
102 showInAdvancedViewOnly: FALSE
103 name: Computers
104 objectGUID: ${NEWGUID}
105 systemFlags: 0x8c000000
106 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
107 isCriticalSystemObject: TRUE
108
109 dn: OU=Domain Controllers,${BASEDN}
110 objectClass: top
111 objectClass: organizationalUnit
112 ou: Domain Controllers
113 description: Default container for domain controllers
114 instanceType: 4
115 whenCreated: ${LDAPTIME}
116 whenChanged: ${LDAPTIME}
117 uSNCreated: 1
118 uSNChanged: 1
119 showInAdvancedViewOnly: FALSE
120 name: Domain Controllers
121 objectGUID: ${NEWGUID}
122 systemFlags: 0x8c000000
123 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
124 isCriticalSystemObject: TRUE
125
126 dn: CN=ForeignSecurityPrincipals,${BASEDN}
127 objectClass: top
128 objectClass: container
129 cn: ForeignSecurityPrincipals
130 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
131 instanceType: 4
132 whenCreated: ${LDAPTIME}
133 whenChanged: ${LDAPTIME}
134 uSNCreated: 1
135 uSNChanged: 1
136 showInAdvancedViewOnly: FALSE
137 name: ForeignSecurityPrincipals
138 objectGUID: ${NEWGUID}
139 systemFlags: 0x8c000000
140 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
141 isCriticalSystemObject: TRUE
142
143 dn: CN=Builtin,${BASEDN}
144 objectClass: top
145 objectClass: builtinDomain
146 cn: Builtin
147 instanceType: 4
148 showInAdvancedViewOnly: FALSE
149 name: Builtin
150 forceLogoff: 0x8000000000000000
151 lockoutDuration: -18000000000
152 lockOutObservationWindow: -18000000000
153 lockoutThreshold: 0
154 maxPwdAge: -37108517437440
155 minPwdAge: 0
156 minPwdLength: 0
157 modifiedCountAtLastProm: 0
158 nextRid: 1000
159 pwdProperties: 0
160 pwdHistoryLength: 0
161 objectSid: S-1-5-32
162 serverState: 1
163 uASCompat: 1
164 modifiedCount: 1
165 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
166 isCriticalSystemObject: TRUE
167
168 dn: CN=Administrator,CN=Users,${BASEDN}
169 objectClass: top
170 objectClass: person
171 objectClass: organizationalPerson
172 objectClass: user
173 cn: Administrator
174 description: Built-in account for administering the computer/domain
175 instanceType: 4
176 whenCreated: ${LDAPTIME}
177 whenChanged: ${LDAPTIME}
178 uSNCreated: 1
179 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
180 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
181 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
182 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
183 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
184 uSNChanged: 1
185 name: Administrator
186 objectGUID: ${NEWGUID}
187 userAccountControl: 0x10200
188 badPwdCount: 0
189 codePage: 0
190 countryCode: 0
191 badPasswordTime: 0
192 lastLogoff: 0
193 lastLogon: 0
194 pwdLastSet: 0
195 primaryGroupID: 513
196 objectSid: ${DOMAINSID}-500
197 adminCount: 1
198 accountExpires: -1
199 logonCount: 0
200 sAMAccountName: Administrator
201 sAMAccountType: 0x30000000
202 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
203 isCriticalSystemObject: TRUE
204 unicodePwd: ${ADMINPASS}
205 unixName: root
206
207 dn: CN=Guest,CN=Users,${BASEDN}
208 objectClass: top
209 objectClass: person
210 objectClass: organizationalPerson
211 objectClass: user
212 cn: Guest
213 description: Built-in account for guest access to the computer/domain
214 instanceType: 4
215 whenCreated: ${LDAPTIME}
216 whenChanged: ${LDAPTIME}
217 uSNCreated: 1
218 memberOf: CN=Guests,CN=Builtin,${BASEDN}
219 uSNChanged: 1
220 name: Guest
221 objectGUID: ${NEWGUID}
222 userAccountControl: 0x10222
223 badPwdCount: 0
224 codePage: 0
225 countryCode: 0
226 badPasswordTime: 0
227 lastLogoff: 0
228 lastLogon: 0
229 pwdLastSet: 0
230 primaryGroupID: 514
231 objectSid: ${DOMAINSID}-501
232 accountExpires: -1
233 logonCount: 0
234 sAMAccountName: Guest
235 sAMAccountType: 0x30000000
236 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
237 isCriticalSystemObject: TRUE
238
239 dn: CN=Administrators,CN=Builtin,${BASEDN}
240 objectClass: top
241 objectClass: group
242 cn: Administrators
243 description: Administrators have complete and unrestricted access to the computer/domain
244 member: CN=Domain Admins,CN=Users,${BASEDN}
245 member: CN=Enterprise Admins,CN=Users,${BASEDN}
246 member: CN=Administrator,CN=Users,${BASEDN}
247 instanceType: 4
248 whenCreated: ${LDAPTIME}
249 whenChanged: ${LDAPTIME}
250 uSNCreated: 1
251 uSNChanged: 1
252 name: Administrators
253 objectGUID: ${NEWGUID}
254 objectSid: S-1-5-32-544
255 adminCount: 1
256 sAMAccountName: Administrators
257 sAMAccountType: 0x20000000
258 systemFlags: 0x8c000000
259 groupType: 0x80000005
260 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
261 isCriticalSystemObject: TRUE
262 unixName: ${WHEEL}
263 privilege: SeSecurityPrivilege
264 privilege: SeBackupPrivilege
265 privilege: SeRestorePrivilege
266 privilege: SeSystemtimePrivilege
267 privilege: SeShutdownPrivilege
268 privilege: SeRemoteShutdownPrivilege
269 privilege: SeTakeOwnershipPrivilege
270 privilege: SeDebugPrivilege
271 privilege: SeSystemEnvironmentPrivilege
272 privilege: SeSystemProfilePrivilege
273 privilege: SeProfileSingleProcessPrivilege
274 privilege: SeIncreaseBasePriorityPrivilege
275 privilege: SeLoadDriverPrivilege
276 privilege: SeCreatePagefilePrivilege
277 privilege: SeIncreaseQuotaPrivilege
278 privilege: SeChangeNotifyPrivilege
279 privilege: SeUndockPrivilege
280 privilege: SeManageVolumePrivilege
281 privilege: SeImpersonatePrivilege
282 privilege: SeCreateGlobalPrivilege
283 privilege: SeEnableDelegationPrivilege
284 privilege: SeInteractiveLogonRight
285 privilege: SeNetworkLogonRight
286 privilege: SeRemoteInteractiveLogonRight
287
288
289 dn: CN=Users,CN=Builtin,${BASEDN}
290 objectClass: top
291 objectClass: group
292 cn: Users
293 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
294 member: CN=Domain Users,CN=Users,${BASEDN}
295 instanceType: 4
296 whenCreated: ${LDAPTIME}
297 whenChanged: ${LDAPTIME}
298 uSNCreated: 1
299 uSNChanged: 1
300 name: Users
301 objectGUID: ${NEWGUID}
302 objectSid: S-1-5-32-545
303 sAMAccountName: Users
304 sAMAccountType: 0x20000000
305 systemFlags: 0x8c000000
306 groupType: 0x80000005
307 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
308 isCriticalSystemObject: TRUE
309
310 dn: CN=Guests,CN=Builtin,${BASEDN}
311 objectClass: top
312 objectClass: group
313 cn: Guests
314 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
315 member: CN=Domain Guests,CN=Users,${BASEDN}
316 member: CN=Guest,CN=Users,${BASEDN}
317 instanceType: 4
318 whenCreated: ${LDAPTIME}
319 whenChanged: ${LDAPTIME}
320 uSNCreated: 1
321 uSNChanged: 1
322 name: Guests
323 objectGUID: ${NEWGUID}
324 objectSid: S-1-5-32-546
325 sAMAccountName: Guests
326 sAMAccountType: 0x20000000
327 systemFlags: 0x8c000000
328 groupType: 0x80000005
329 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
330 isCriticalSystemObject: TRUE
331 unixName: ${NOGROUP}
332
333 dn: CN=Print Operators,CN=Builtin,${BASEDN}
334 objectClass: top
335 objectClass: group
336 cn: Print Operators
337 description: Members can administer domain printers
338 instanceType: 4
339 whenCreated: ${LDAPTIME}
340 whenChanged: ${LDAPTIME}
341 uSNCreated: 1
342 uSNChanged: 1
343 name: Print Operators
344 objectGUID: ${NEWGUID}
345 objectSid: S-1-5-32-550
346 adminCount: 1
347 sAMAccountName: Print Operators
348 sAMAccountType: 0x20000000
349 systemFlags: 0x8c000000
350 groupType: 0x80000005
351 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
352 isCriticalSystemObject: TRUE
353 privilege: SeLoadDriverPrivilege
354 privilege: SeShutdownPrivilege
355 privilege: SeInteractiveLogonRight
356
357 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
358 objectClass: top
359 objectClass: group
360 cn: Backup Operators
361 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
362 instanceType: 4
363 whenCreated: ${LDAPTIME}
364 whenChanged: ${LDAPTIME}
365 uSNCreated: 1
366 uSNChanged: 1
367 name: Backup Operators
368 objectGUID: ${NEWGUID}
369 objectSid: S-1-5-32-551
370 adminCount: 1
371 sAMAccountName: Backup Operators
372 sAMAccountType: 0x20000000
373 systemFlags: 0x8c000000
374 groupType: 0x80000005
375 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
376 isCriticalSystemObject: TRUE
377 privilege: SeBackupPrivilege
378 privilege: SeRestorePrivilege
379 privilege: SeShutdownPrivilege
380 privilege: SeInteractiveLogonRight
381
382 dn: CN=Replicator,CN=Builtin,${BASEDN}
383 objectClass: top
384 objectClass: group
385 cn: Replicator
386 description: Supports file replication in a domain
387 instanceType: 4
388 whenCreated: ${LDAPTIME}
389 whenChanged: ${LDAPTIME}
390 uSNCreated: 1
391 uSNChanged: 1
392 name: Replicator
393 objectGUID: ${NEWGUID}
394 objectSid: S-1-5-32-552
395 adminCount: 1
396 sAMAccountName: Replicator
397 sAMAccountType: 0x20000000
398 systemFlags: 0x8c000000
399 groupType: 0x80000005
400 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
401 isCriticalSystemObject: TRUE
402
403 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
404 objectClass: top
405 objectClass: group
406 cn: Remote Desktop Users
407 description: Members in this group are granted the right to logon remotely
408 instanceType: 4
409 whenCreated: ${LDAPTIME}
410 whenChanged: ${LDAPTIME}
411 uSNCreated: 1
412 uSNChanged: 1
413 name: Remote Desktop Users
414 objectGUID: ${NEWGUID}
415 objectSid: S-1-5-32-555
416 sAMAccountName: Remote Desktop Users
417 sAMAccountType: 0x20000000
418 systemFlags: 0x8c000000
419 groupType: 0x80000005
420 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
421 isCriticalSystemObject: TRUE
422
423 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
424 objectClass: top
425 objectClass: group
426 cn: Network Configuration Operators
427 description: Members in this group can have some administrative privileges to manage configuration of networking features
428 instanceType: 4
429 whenCreated: ${LDAPTIME}
430 whenChanged: ${LDAPTIME}
431 uSNCreated: 1
432 uSNChanged: 1
433 name: Network Configuration Operators
434 objectGUID: ${NEWGUID}
435 objectSid: S-1-5-32-556
436 sAMAccountName: Network Configuration Operators
437 sAMAccountType: 0x20000000
438 systemFlags: 0x8c000000
439 groupType: 0x80000005
440 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
441 isCriticalSystemObject: TRUE
442
443 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
444 objectClass: top
445 objectClass: group
446 cn: Performance Monitor Users
447 description: Members of this group have remote access to monitor this computer
448 instanceType: 4
449 whenCreated: ${LDAPTIME}
450 whenChanged: ${LDAPTIME}
451 uSNCreated: 1
452 uSNChanged: 1
453 name: Performance Monitor Users
454 objectGUID: ${NEWGUID}
455 objectSid: S-1-5-32-558
456 sAMAccountName: Performance Monitor Users
457 sAMAccountType: 0x20000000
458 systemFlags: 0x8c000000
459 groupType: 0x80000005
460 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
461 isCriticalSystemObject: TRUE
462
463 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
464 objectClass: top
465 objectClass: group
466 cn: Performance Log Users
467 description: Members of this group have remote access to schedule logging of performance counters on this computer
468 instanceType: 4
469 whenCreated: ${LDAPTIME}
470 whenChanged: ${LDAPTIME}
471 uSNCreated: 1
472 uSNChanged: 1
473 name: Performance Log Users
474 objectGUID: ${NEWGUID}
475 objectSid: S-1-5-32-559
476 sAMAccountName: Performance Log Users
477 sAMAccountType: 0x20000000
478 systemFlags: 0x8c000000
479 groupType: 0x80000005
480 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
481 isCriticalSystemObject: TRUE
482
483 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
484 objectClass: top
485 objectClass: person
486 objectClass: organizationalPerson
487 objectClass: user
488 objectClass: computer
489 cn: ${NETBIOSNAME}
490 instanceType: 4
491 whenCreated: ${LDAPTIME}
492 whenChanged: ${LDAPTIME}
493 uSNCreated: 1
494 uSNChanged: 1
495 name: ${NETBIOSNAME}
496 objectGUID: ${HOSTGUID}
497 userAccountControl: 532480
498 badPwdCount: 0
499 codePage: 0
500 countryCode: 0
501 badPasswordTime: 0
502 lastLogoff: 0
503 lastLogon: 127273269057298624
504 localPolicyFlags: 0
505 pwdLastSet: 127258826171655328
506 primaryGroupID: 516
507 objectSid: ${DOMAINSID}-1000
508 accountExpires: 9223372036854775807
509 logonCount: 30
510 sAMAccountName: ${NETBIOSNAME}$
511 sAMAccountType: 805306369
512 operatingSystem: Samba
513 operatingSystemVersion: 4.0
514 dNSHostName: ${DNSNAME}
515 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
516 isCriticalSystemObject: TRUE
517 unicodePwd: ${RANDPASS}
518 servicePrincipalName: HOST/${DNSNAME}
519 servicePrincipalName: HOST/${NETBIOSNAME}
520 servicePrincipalName: CIFS/${DNSNAME}
521 servicePrincipalName: CIFS/${NETBIOSNAME}
522 servicePrincipalName: LDAP/${DNSNAME}
523 servicePrincipalName: LDAP/${NETBIOSNAME}
524
525 dn: CN=krbtgt,CN=Users,${BASEDN}
526 objectClass: top
527 objectClass: person
528 objectClass: organizationalPerson
529 objectClass: user
530 cn: krbtgt
531 description: Key Distribution Center Service Account
532 instanceType: 4
533 whenCreated: ${LDAPTIME}
534 whenChanged: ${LDAPTIME}
535 uSNCreated: 1
536 uSNChanged: 1
537 showInAdvancedViewOnly: TRUE
538 name: krbtgt
539 objectGUID: ${NEWGUID}
540 userAccountControl: 514
541 badPwdCount: 0
542 codePage: 0
543 countryCode: 0
544 badPasswordTime: 0
545 lastLogoff: 0
546 lastLogon: 0
547 pwdLastSet: 127258826179466560
548 primaryGroupID: 513
549 objectSid: ${DOMAINSID}-502
550 adminCount: 1
551 accountExpires: 9223372036854775807
552 logonCount: 0
553 sAMAccountName: krbtgt
554 sAMAccountType: 805306368
555 servicePrincipalName: kadmin/changepw
556 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
557 isCriticalSystemObject: TRUE
558 unicodePwd: ${RANDPASS}
559
560 dn: CN=Domain Computers,CN=Users,${BASEDN}
561 objectClass: top
562 objectClass: group
563 cn: Domain Computers
564 description: All workstations and servers joined to the domain
565 instanceType: 4
566 whenCreated: ${LDAPTIME}
567 whenChanged: ${LDAPTIME}
568 uSNCreated: 1
569 uSNChanged: 1
570 name: Domain Computers
571 objectGUID: ${NEWGUID}
572 objectSid: ${DOMAINSID}-515
573 sAMAccountName: Domain Computers
574 sAMAccountType: 0x10000000
575 groupType: 0x80000002
576 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
577 isCriticalSystemObject: TRUE
578
579 dn: CN=Domain Controllers,CN=Users,${BASEDN}
580 objectClass: top
581 objectClass: group
582 cn: Domain Controllers
583 description: All domain controllers in the domain
584 instanceType: 4
585 whenCreated: ${LDAPTIME}
586 whenChanged: ${LDAPTIME}
587 uSNCreated: 1
588 uSNChanged: 1
589 name: Domain Controllers
590 objectGUID: ${NEWGUID}
591 objectSid: ${DOMAINSID}-516
592 adminCount: 1
593 sAMAccountName: Domain Controllers
594 sAMAccountType: 0x10000000
595 groupType: 0x80000002
596 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
597 isCriticalSystemObject: TRUE
598
599 dn: CN=Schema Admins,CN=Users,${BASEDN}
600 objectClass: top
601 objectClass: group
602 cn: Schema Admins
603 description: Designated administrators of the schema
604 member: CN=Administrator,CN=Users,${BASEDN}
605 instanceType: 4
606 whenCreated: ${LDAPTIME}
607 whenChanged: ${LDAPTIME}
608 uSNCreated: 1
609 uSNChanged: 1
610 name: Schema Admins
611 objectGUID: ${NEWGUID}
612 objectSid: ${DOMAINSID}-518
613 adminCount: 1
614 sAMAccountName: Schema Admins
615 sAMAccountType: 0x10000000
616 groupType: 0x80000002
617 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
618 isCriticalSystemObject: TRUE
619 unixName: ${WHEEL}
620
621 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
622 objectClass: top
623 objectClass: group
624 cn: Enterprise Admins
625 description: Designated administrators of the enterprise
626 member: CN=Administrator,CN=Users,${BASEDN}
627 instanceType: 4
628 whenCreated: ${LDAPTIME}
629 whenChanged: ${LDAPTIME}
630 uSNCreated: 1
631 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
632 uSNChanged: 1
633 name: Enterprise Admins
634 objectGUID: ${NEWGUID}
635 objectSid: ${DOMAINSID}-519
636 adminCount: 1
637 sAMAccountName: Enterprise Admins
638 sAMAccountType: 0x10000000
639 groupType: 0x80000002
640 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
641 isCriticalSystemObject: TRUE
642 unixName: ${WHEEL}
643
644 dn: CN=Cert Publishers,CN=Users,${BASEDN}
645 objectClass: top
646 objectClass: group
647 cn: Cert Publishers
648 description: Members of this group are permitted to publish certificates to the Active Directory
649 instanceType: 4
650 whenCreated: ${LDAPTIME}
651 whenChanged: ${LDAPTIME}
652 uSNCreated: 1
653 uSNChanged: 1
654 name: Cert Publishers
655 objectGUID: ${NEWGUID}
656 objectSid: ${DOMAINSID}-517
657 sAMAccountName: Cert Publishers
658 sAMAccountType: 0x20000000
659 groupType: 0x80000004
660 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
661 isCriticalSystemObject: TRUE
662
663 dn: CN=Domain Admins,CN=Users,${BASEDN}
664 objectClass: top
665 objectClass: group
666 cn: Domain Admins
667 description: Designated administrators of the domain
668 member: CN=Administrator,CN=Users,${BASEDN}
669 instanceType: 4
670 whenCreated: ${LDAPTIME}
671 whenChanged: ${LDAPTIME}
672 uSNCreated: 1
673 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
674 uSNChanged: 1
675 name: Domain Admins
676 objectGUID: ${NEWGUID}
677 objectSid: ${DOMAINSID}-512
678 adminCount: 1
679 sAMAccountName: Domain Admins
680 sAMAccountType: 0x10000000
681 groupType: 0x80000002
682 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
683 isCriticalSystemObject: TRUE
684 unixName: ${WHEEL}
685
686 dn: CN=Domain Users,CN=Users,${BASEDN}
687 objectClass: top
688 objectClass: group
689 cn: Domain Users
690 description: All domain users
691 instanceType: 4
692 whenCreated: ${LDAPTIME}
693 whenChanged: ${LDAPTIME}
694 uSNCreated: 1
695 memberOf: CN=Users,CN=Builtin,${BASEDN}
696 uSNChanged: 1
697 name: Domain Users
698 objectGUID: ${NEWGUID}
699 objectSid: ${DOMAINSID}-513
700 sAMAccountName: Domain Users
701 sAMAccountType: 0x10000000
702 groupType: 0x80000002
703 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
704 isCriticalSystemObject: TRUE
705 unixName: ${USERS}
706
707 dn: CN=Domain Guests,CN=Users,${BASEDN}
708 objectClass: top
709 objectClass: group
710 cn: Domain Guests
711 description: All domain guests
712 instanceType: 4
713 whenCreated: ${LDAPTIME}
714 whenChanged: ${LDAPTIME}
715 uSNCreated: 1
716 memberOf: CN=Guests,CN=Builtin,${BASEDN}
717 uSNChanged: 1
718 name: Domain Guests
719 objectGUID: ${NEWGUID}
720 objectSid: ${DOMAINSID}-514
721 sAMAccountName: Domain Guests
722 sAMAccountType: 0x10000000
723 groupType: 0x80000002
724 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
725 isCriticalSystemObject: TRUE
726
727 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
728 objectClass: top
729 objectClass: group
730 cn: Group Policy Creator Owners
731 description: Members in this group can modify group policy for the domain
732 member: CN=Administrator,CN=Users,${BASEDN}
733 instanceType: 4
734 whenCreated: ${LDAPTIME}
735 whenChanged: ${LDAPTIME}
736 uSNCreated: 1
737 uSNChanged: 1
738 name: Group Policy Creator Owners
739 objectGUID: ${NEWGUID}
740 objectSid: ${DOMAINSID}-520
741 sAMAccountName: Group Policy Creator Owners
742 sAMAccountType: 0x10000000
743 groupType: 0x80000002
744 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
745 isCriticalSystemObject: TRUE
746 unixName: ${WHEEL}
747
748 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
749 objectClass: top
750 objectClass: group
751 cn: RAS and IAS Servers
752 description: Servers in this group can access remote access properties of users
753 instanceType: 4
754 whenCreated: ${LDAPTIME}
755 whenChanged: ${LDAPTIME}
756 uSNCreated: 1
757 uSNChanged: 1
758 name: RAS and IAS Servers
759 objectGUID: ${NEWGUID}
760 objectSid: ${DOMAINSID}-553
761 sAMAccountName: RAS and IAS Servers
762 sAMAccountType: 0x20000000
763 groupType: 0x80000004
764 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
765 isCriticalSystemObject: TRUE
766
767 dn: CN=Server Operators,CN=Builtin,${BASEDN}
768 objectClass: top
769 objectClass: group
770 cn: Server Operators
771 description: Members can administer domain servers
772 instanceType: 4
773 whenCreated: ${LDAPTIME}
774 whenChanged: ${LDAPTIME}
775 uSNCreated: 1
776 uSNChanged: 1
777 name: Server Operators
778 objectGUID: ${NEWGUID}
779 objectSid: S-1-5-32-549
780 adminCount: 1
781 sAMAccountName: Server Operators
782 sAMAccountType: 0x20000000
783 systemFlags: 0x8c000000
784 groupType: 0x80000005
785 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
786 isCriticalSystemObject: TRUE
787 privilege: SeBackupPrivilege
788 privilege: SeSystemtimePrivilege
789 privilege: SeRemoteShutdownPrivilege
790 privilege: SeRestorePrivilege
791 privilege: SeShutdownPrivilege
792 privilege: SeInteractiveLogonRight
793
794 dn: CN=Account Operators,CN=Builtin,${BASEDN}
795 objectClass: top
796 objectClass: group
797 cn: Account Operators
798 description: Members can administer domain user and group accounts
799 instanceType: 4
800 whenCreated: ${LDAPTIME}
801 whenChanged: ${LDAPTIME}
802 uSNCreated: 1
803 uSNChanged: 1
804 name: Account Operators
805 objectGUID: ${NEWGUID}
806 objectSid: S-1-5-32-548
807 adminCount: 1
808 sAMAccountName: Account Operators
809 sAMAccountType: 0x20000000
810 systemFlags: 0x8c000000
811 groupType: 0x80000005
812 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
813 isCriticalSystemObject: TRUE
814 privilege: SeInteractiveLogonRight
815
816 dn: CN=Templates,${BASEDN}
817 objectClass: top
818 objectClass: container
819 cn: Templates
820 description: Container for SAM account templates
821 instanceType: 4
822 whenCreated: ${LDAPTIME}
823 whenChanged: ${LDAPTIME}
824 uSNCreated: 1
825 uSNChanged: 1
826 showInAdvancedViewOnly: FALSE
827 name: Templates
828 objectGUID: ${NEWGUID}
829 systemFlags: 0x8c000000
830 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
831 isCriticalSystemObject: TRUE
832
833 ###
834 # note! the template users must not match normal searches. Be careful
835 # with what classes you put them in
836 ###
837
838 dn: CN=TemplateUser,CN=Templates,${BASEDN}
839 objectClass: top
840 objectClass: person
841 objectClass: organizationalPerson
842 objectClass: Template
843 objectClass: userTemplate
844 cn: TemplateUser
845 name: TemplateUser
846 instanceType: 4
847 userAccountControl: 0x202
848 badPwdCount: 0
849 codePage: 0
850 countryCode: 0
851 badPasswordTime: 0
852 lastLogoff: 0
853 lastLogon: 0
854 pwdLastSet: 0
855 primaryGroupID: 513
856 accountExpires: -1
857 logonCount: 0
858 sAMAccountType: 0x30000000
859
860 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
861 objectClass: top
862 objectClass: Template
863 objectClass: userTemplate
864 cn: TemplateMemberServer
865 name: TemplateMemberServer
866 instanceType: 4
867 userAccountControl: 0x1002
868 badPwdCount: 0
869 codePage: 0
870 countryCode: 0
871 badPasswordTime: 0
872 lastLogoff: 0
873 lastLogon: 0
874 pwdLastSet: 0
875 primaryGroupID: 513
876 accountExpires: -1
877 logonCount: 0
878 sAMAccountType: 0x30000001
879
880 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
881 objectClass: top
882 objectClass: Template
883 objectClass: userTemplate
884 cn: TemplateDomainController
885 name: TemplateDomainController
886 instanceType: 4
887 userAccountControl: 0x2002
888 badPwdCount: 0
889 codePage: 0
890 countryCode: 0
891 badPasswordTime: 0
892 lastLogoff: 0
893 lastLogon: 0
894 pwdLastSet: 0
895 primaryGroupID: 513
896 accountExpires: -1
897 logonCount: 0
898 sAMAccountType: 0x30000001
899
900 dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
901 objectClass: top
902 objectClass: Template
903 objectClass: userTemplate
904 cn: TemplateTrustingDomain
905 name: TemplateTrustingDomain
906 instanceType: 4
907 userAccountControl: 0x820
908 badPwdCount: 0
909 codePage: 0
910 countryCode: 0
911 badPasswordTime: 0
912 lastLogoff: 0
913 lastLogon: 0
914 pwdLastSet: 0
915 primaryGroupID: 513
916 accountExpires: -1
917 logonCount: 0
918 sAMAccountType: 0x30000002
919
920 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
921 objectClass: top
922 objectClass: Template
923 objectClass: groupTemplate
924 cn: TemplateGroup
925 name: TemplateGroup
926 instanceType: 4
927 groupType: 0x80000002
928 sAMAccountType: 0x10000000
929
930 dn: CN=TemplateAlias,CN=Templates,${BASEDN}
931 objectClass: top
932 objectClass: Template
933 objectClass: aliasTemplate
934 cn: TemplateAlias
935 name: TemplateAlias
936 instanceType: 4
937 groupType: 0x80000004
938 sAMAccountType: 0x10000000
939
940 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
941 objectClass: top
942 objectClass: Template
943 objectClass: foreignSecurityPrincipalTemplate
944 cn: TemplateForeignSecurityPrincipal
945 name: TemplateForeignSecurityPrincipal