3 @IDXATTR: sAMAccountName
9 realm: CASE_INSENSITIVE
10 userPrincipalName: CASE_INSENSITIVE
11 servicePrincipalName: CASE_INSENSITIVE
12 name: CASE_INSENSITIVE WILDCARD
13 dn: CASE_INSENSITIVE WILDCARD
14 sAMAccountName: CASE_INSENSITIVE WILDCARD
15 objectClass: CASE_INSENSITIVE
28 person: organizationalPerson
29 organizationalPerson: user
31 template: userTemplate
32 template: groupTemplate
37 objectClass: domainDNS
40 dnsDomain: ${DNSDOMAIN}
42 objectGUID: ${DOMAINGUID}
43 creationTime: ${NTTIME}
44 forceLogoff: 0x8000000000000000
45 lockoutDuration: -18000000000
46 lockOutObservationWindow: -18000000000
48 whenCreated: ${LDAPTIME}
49 whenChanged: ${LDAPTIME}
52 maxPwdAge: -37108517437440
55 modifiedCountAtLastProm: 0
59 objectSid: ${DOMAINSID}
63 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
64 isCriticalSystemObject: TRUE
66 dn: CN=Users,${BASEDN}
68 objectClass: container
70 description: Default container for upgraded user accounts
72 whenCreated: ${LDAPTIME}
73 whenChanged: ${LDAPTIME}
76 showInAdvancedViewOnly: FALSE
78 objectGUID: ${NEWGUID}
79 systemFlags: 0x8c000000
80 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
81 isCriticalSystemObject: TRUE
83 dn: CN=Computers,${BASEDN}
85 objectClass: container
87 description: Default container for upgraded computer accounts
89 whenCreated: ${LDAPTIME}
90 whenChanged: ${LDAPTIME}
93 showInAdvancedViewOnly: FALSE
95 objectGUID: ${NEWGUID}
96 systemFlags: 0x8c000000
97 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
98 isCriticalSystemObject: TRUE
100 dn: OU=Domain Controllers,${BASEDN}
102 objectClass: organizationalUnit
103 ou: Domain Controllers
104 description: Default container for domain controllers
106 whenCreated: ${LDAPTIME}
107 whenChanged: ${LDAPTIME}
110 showInAdvancedViewOnly: FALSE
111 name: Domain Controllers
112 objectGUID: ${NEWGUID}
113 systemFlags: 0x8c000000
114 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
115 isCriticalSystemObject: TRUE
117 dn: CN=ForeignSecurityPrincipals,${BASEDN}
119 objectClass: container
120 cn: ForeignSecurityPrincipals
121 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
123 whenCreated: ${LDAPTIME}
124 whenChanged: ${LDAPTIME}
127 showInAdvancedViewOnly: FALSE
128 name: ForeignSecurityPrincipals
129 objectGUID: ${NEWGUID}
130 systemFlags: 0x8c000000
131 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
132 isCriticalSystemObject: TRUE
134 dn: CN=Builtin,${BASEDN}
136 objectClass: builtinDomain
139 showInAdvancedViewOnly: FALSE
141 forceLogoff: 0x8000000000000000
142 lockoutDuration: -18000000000
143 lockOutObservationWindow: -18000000000
145 maxPwdAge: -37108517437440
148 modifiedCountAtLastProm: 0
156 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
157 isCriticalSystemObject: TRUE
159 dn: CN=Administrator,CN=Users,${BASEDN}
162 objectClass: organizationalPerson
165 description: Built-in account for administering the computer/domain
167 whenCreated: ${LDAPTIME}
168 whenChanged: ${LDAPTIME}
170 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
171 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
172 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
173 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
174 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
177 objectGUID: ${NEWGUID}
178 userAccountControl: 0x10200
187 objectSid: ${DOMAINSID}-500
191 sAMAccountName: Administrator
192 sAMAccountType: 0x30000000
193 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
194 isCriticalSystemObject: TRUE
195 unicodePwd: ${ADMINPASS}
198 dn: CN=Guest,CN=Users,${BASEDN}
201 objectClass: organizationalPerson
204 description: Built-in account for guest access to the computer/domain
206 whenCreated: ${LDAPTIME}
207 whenChanged: ${LDAPTIME}
209 memberOf: CN=Guests,CN=Builtin,${BASEDN}
212 objectGUID: ${NEWGUID}
213 userAccountControl: 0x10222
222 objectSid: ${DOMAINSID}-501
225 sAMAccountName: Guest
226 sAMAccountType: 0x30000000
227 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
228 isCriticalSystemObject: TRUE
230 dn: CN=Administrators,CN=Builtin,${BASEDN}
234 description: Administrators have complete and unrestricted access to the computer/domain
235 member: CN=Domain Admins,CN=Users,${BASEDN}
236 member: CN=Enterprise Admins,CN=Users,${BASEDN}
237 member: CN=Administrator,CN=Users,${BASEDN}
239 whenCreated: ${LDAPTIME}
240 whenChanged: ${LDAPTIME}
244 objectGUID: ${NEWGUID}
245 objectSid: S-1-5-32-544
247 sAMAccountName: Administrators
248 sAMAccountType: 0x20000000
249 systemFlags: 0x8c000000
250 groupType: 0x80000005
251 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
252 isCriticalSystemObject: TRUE
255 dn: CN=Users,CN=Builtin,${BASEDN}
259 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
260 member: CN=Domain Users,CN=Users,${BASEDN}
262 whenCreated: ${LDAPTIME}
263 whenChanged: ${LDAPTIME}
267 objectGUID: ${NEWGUID}
268 objectSid: S-1-5-32-545
269 sAMAccountName: Users
270 sAMAccountType: 0x20000000
271 systemFlags: 0x8c000000
272 groupType: 0x80000005
273 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
274 isCriticalSystemObject: TRUE
276 dn: CN=Guests,CN=Builtin,${BASEDN}
280 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
281 member: CN=Domain Guests,CN=Users,${BASEDN}
282 member: CN=Guest,CN=Users,${BASEDN}
284 whenCreated: ${LDAPTIME}
285 whenChanged: ${LDAPTIME}
289 objectGUID: ${NEWGUID}
290 objectSid: S-1-5-32-546
291 sAMAccountName: Guests
292 sAMAccountType: 0x20000000
293 systemFlags: 0x8c000000
294 groupType: 0x80000005
295 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
296 isCriticalSystemObject: TRUE
299 dn: CN=Print Operators,CN=Builtin,${BASEDN}
303 description: Members can administer domain printers
305 whenCreated: ${LDAPTIME}
306 whenChanged: ${LDAPTIME}
309 name: Print Operators
310 objectGUID: ${NEWGUID}
311 objectSid: S-1-5-32-550
313 sAMAccountName: Print Operators
314 sAMAccountType: 0x20000000
315 systemFlags: 0x8c000000
316 groupType: 0x80000005
317 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
318 isCriticalSystemObject: TRUE
320 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
324 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
326 whenCreated: ${LDAPTIME}
327 whenChanged: ${LDAPTIME}
330 name: Backup Operators
331 objectGUID: ${NEWGUID}
332 objectSid: S-1-5-32-551
334 sAMAccountName: Backup Operators
335 sAMAccountType: 0x20000000
336 systemFlags: 0x8c000000
337 groupType: 0x80000005
338 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
339 isCriticalSystemObject: TRUE
341 dn: CN=Replicator,CN=Builtin,${BASEDN}
345 description: Supports file replication in a domain
347 whenCreated: ${LDAPTIME}
348 whenChanged: ${LDAPTIME}
352 objectGUID: ${NEWGUID}
353 objectSid: S-1-5-32-552
355 sAMAccountName: Replicator
356 sAMAccountType: 0x20000000
357 systemFlags: 0x8c000000
358 groupType: 0x80000005
359 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
360 isCriticalSystemObject: TRUE
362 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
365 cn: Remote Desktop Users
366 description: Members in this group are granted the right to logon remotely
368 whenCreated: ${LDAPTIME}
369 whenChanged: ${LDAPTIME}
372 name: Remote Desktop Users
373 objectGUID: ${NEWGUID}
374 objectSid: S-1-5-32-555
375 sAMAccountName: Remote Desktop Users
376 sAMAccountType: 0x20000000
377 systemFlags: 0x8c000000
378 groupType: 0x80000005
379 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
380 isCriticalSystemObject: TRUE
382 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
385 cn: Network Configuration Operators
386 description: Members in this group can have some administrative privileges to manage configuration of networking features
388 whenCreated: ${LDAPTIME}
389 whenChanged: ${LDAPTIME}
392 name: Network Configuration Operators
393 objectGUID: ${NEWGUID}
394 objectSid: S-1-5-32-556
395 sAMAccountName: Network Configuration Operators
396 sAMAccountType: 0x20000000
397 systemFlags: 0x8c000000
398 groupType: 0x80000005
399 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
400 isCriticalSystemObject: TRUE
402 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
405 cn: Performance Monitor Users
406 description: Members of this group have remote access to monitor this computer
408 whenCreated: ${LDAPTIME}
409 whenChanged: ${LDAPTIME}
412 name: Performance Monitor Users
413 objectGUID: ${NEWGUID}
414 objectSid: S-1-5-32-558
415 sAMAccountName: Performance Monitor Users
416 sAMAccountType: 0x20000000
417 systemFlags: 0x8c000000
418 groupType: 0x80000005
419 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
420 isCriticalSystemObject: TRUE
422 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
425 cn: Performance Log Users
426 description: Members of this group have remote access to schedule logging of performance counters on this computer
428 whenCreated: ${LDAPTIME}
429 whenChanged: ${LDAPTIME}
432 name: Performance Log Users
433 objectGUID: ${NEWGUID}
434 objectSid: S-1-5-32-559
435 sAMAccountName: Performance Log Users
436 sAMAccountType: 0x20000000
437 systemFlags: 0x8c000000
438 groupType: 0x80000005
439 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
440 isCriticalSystemObject: TRUE
442 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
445 objectClass: organizationalPerson
447 objectClass: computer
450 whenCreated: ${LDAPTIME}
451 whenChanged: ${LDAPTIME}
455 objectGUID: ${HOSTGUID}
456 userAccountControl: 532480
462 lastLogon: 127273269057298624
464 pwdLastSet: 127258826171655328
466 objectSid: ${DOMAINSID}-1000
467 accountExpires: 9223372036854775807
469 sAMAccountName: ${NETBIOSNAME}$
470 sAMAccountType: 805306369
471 operatingSystem: Samba
472 operatingSystemVersion: 4.0
473 dNSHostName: ${DNSNAME}
474 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
475 isCriticalSystemObject: TRUE
476 unicodePwd: ${RANDPASS}
477 servicePrincipalName: HOST/${DNSNAME}
479 dn: CN=krbtgt,CN=Users,${BASEDN}
482 objectClass: organizationalPerson
485 description: Key Distribution Center Service Account
487 whenCreated: ${LDAPTIME}
488 whenChanged: ${LDAPTIME}
491 showInAdvancedViewOnly: TRUE
493 objectGUID: ${NEWGUID}
494 userAccountControl: 514
501 pwdLastSet: 127258826179466560
503 objectSid: ${DOMAINSID}-502
505 accountExpires: 9223372036854775807
507 sAMAccountName: krbtgt
508 sAMAccountType: 805306368
509 servicePrincipalName: kadmin/changepw
510 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
511 isCriticalSystemObject: TRUE
512 unicodePwd: ${RANDPASS}
514 dn: CN=Domain Computers,CN=Users,${BASEDN}
518 description: All workstations and servers joined to the domain
520 whenCreated: ${LDAPTIME}
521 whenChanged: ${LDAPTIME}
524 name: Domain Computers
525 objectGUID: ${NEWGUID}
526 objectSid: ${DOMAINSID}-515
527 sAMAccountName: Domain Computers
528 sAMAccountType: 268435456
529 groupType: -2147483646
530 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
531 isCriticalSystemObject: TRUE
533 dn: CN=Domain Controllers,CN=Users,${BASEDN}
536 cn: Domain Controllers
537 description: All domain controllers in the domain
539 whenCreated: ${LDAPTIME}
540 whenChanged: ${LDAPTIME}
543 name: Domain Controllers
544 objectGUID: ${NEWGUID}
545 objectSid: ${DOMAINSID}-516
547 sAMAccountName: Domain Controllers
548 sAMAccountType: 268435456
549 groupType: -2147483646
550 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
551 isCriticalSystemObject: TRUE
553 dn: CN=Schema Admins,CN=Users,${BASEDN}
557 description: Designated administrators of the schema
558 member: CN=Administrator,CN=Users,${BASEDN}
560 whenCreated: ${LDAPTIME}
561 whenChanged: ${LDAPTIME}
565 objectGUID: ${NEWGUID}
566 objectSid: ${DOMAINSID}-518
568 sAMAccountName: Schema Admins
569 sAMAccountType: 268435456
570 groupType: -2147483646
571 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
572 isCriticalSystemObject: TRUE
575 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
578 cn: Enterprise Admins
579 description: Designated administrators of the enterprise
580 member: CN=Administrator,CN=Users,${BASEDN}
582 whenCreated: ${LDAPTIME}
583 whenChanged: ${LDAPTIME}
585 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
587 name: Enterprise Admins
588 objectGUID: ${NEWGUID}
589 objectSid: ${DOMAINSID}-519
591 sAMAccountName: Enterprise Admins
592 sAMAccountType: 268435456
593 groupType: -2147483646
594 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
595 isCriticalSystemObject: TRUE
598 dn: CN=Cert Publishers,CN=Users,${BASEDN}
602 description: Members of this group are permitted to publish certificates to the Active Directory
604 whenCreated: ${LDAPTIME}
605 whenChanged: ${LDAPTIME}
608 name: Cert Publishers
609 objectGUID: ${NEWGUID}
610 objectSid: ${DOMAINSID}-517
611 sAMAccountName: Cert Publishers
612 sAMAccountType: 0x20000000
613 groupType: -2147483644
614 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
615 isCriticalSystemObject: TRUE
617 dn: CN=Domain Admins,CN=Users,${BASEDN}
621 description: Designated administrators of the domain
622 member: CN=Administrator,CN=Users,${BASEDN}
624 whenCreated: ${LDAPTIME}
625 whenChanged: ${LDAPTIME}
627 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
630 objectGUID: ${NEWGUID}
631 objectSid: ${DOMAINSID}-512
633 sAMAccountName: Domain Admins
634 sAMAccountType: 268435456
635 groupType: -2147483646
636 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
637 isCriticalSystemObject: TRUE
640 dn: CN=Domain Users,CN=Users,${BASEDN}
644 description: All domain users
646 whenCreated: ${LDAPTIME}
647 whenChanged: ${LDAPTIME}
649 memberOf: CN=Users,CN=Builtin,${BASEDN}
652 objectGUID: ${NEWGUID}
653 objectSid: ${DOMAINSID}-513
654 sAMAccountName: Domain Users
655 sAMAccountType: 268435456
656 groupType: -2147483646
657 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
658 isCriticalSystemObject: TRUE
661 dn: CN=Domain Guests,CN=Users,${BASEDN}
665 description: All domain guests
667 whenCreated: ${LDAPTIME}
668 whenChanged: ${LDAPTIME}
670 memberOf: CN=Guests,CN=Builtin,${BASEDN}
673 objectGUID: ${NEWGUID}
674 objectSid: ${DOMAINSID}-514
675 sAMAccountName: Domain Guests
676 sAMAccountType: 268435456
677 groupType: -2147483646
678 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
679 isCriticalSystemObject: TRUE
681 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
684 cn: Group Policy Creator Owners
685 description: Members in this group can modify group policy for the domain
686 member: CN=Administrator,CN=Users,${BASEDN}
688 whenCreated: ${LDAPTIME}
689 whenChanged: ${LDAPTIME}
692 name: Group Policy Creator Owners
693 objectGUID: ${NEWGUID}
694 objectSid: ${DOMAINSID}-520
695 sAMAccountName: Group Policy Creator Owners
696 sAMAccountType: 268435456
697 groupType: -2147483646
698 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
699 isCriticalSystemObject: TRUE
702 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
705 cn: RAS and IAS Servers
706 description: Servers in this group can access remote access properties of users
708 whenCreated: ${LDAPTIME}
709 whenChanged: ${LDAPTIME}
712 name: RAS and IAS Servers
713 objectGUID: ${NEWGUID}
714 objectSid: ${DOMAINSID}-553
715 sAMAccountName: RAS and IAS Servers
716 sAMAccountType: 0x20000000
717 groupType: -2147483644
718 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
719 isCriticalSystemObject: TRUE
721 dn: CN=Server Operators,CN=Builtin,${BASEDN}
725 description: Members can administer domain servers
727 whenCreated: ${LDAPTIME}
728 whenChanged: ${LDAPTIME}
731 name: Server Operators
732 objectGUID: ${NEWGUID}
733 objectSid: S-1-5-32-549
735 sAMAccountName: Server Operators
736 sAMAccountType: 0x20000000
737 systemFlags: 0x8c000000
738 groupType: 0x80000005
739 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
740 isCriticalSystemObject: TRUE
742 dn: CN=Account Operators,CN=Builtin,${BASEDN}
745 cn: Account Operators
746 description: Members can administer domain user and group accounts
748 whenCreated: ${LDAPTIME}
749 whenChanged: ${LDAPTIME}
752 name: Account Operators
753 objectGUID: ${NEWGUID}
754 objectSid: S-1-5-32-548
756 sAMAccountName: Account Operators
757 sAMAccountType: 0x20000000
758 systemFlags: 0x8c000000
759 groupType: 0x80000005
760 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
761 isCriticalSystemObject: TRUE
763 dn: CN=Templates,${BASEDN}
765 objectClass: container
767 description: Container for SAM account templates
769 whenCreated: ${LDAPTIME}
770 whenChanged: ${LDAPTIME}
773 showInAdvancedViewOnly: FALSE
775 objectGUID: ${NEWGUID}
776 systemFlags: 0x8c000000
777 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
778 isCriticalSystemObject: TRUE
781 # note! the template users must not match normal searches. Be careful
782 # with what classes you put them in
785 dn: CN=TemplateUser,CN=Templates,${BASEDN}
788 objectClass: organizationalPerson
789 objectClass: Template
790 objectClass: userTemplate
794 userAccountControl: 0x202
805 sAMAccountType: 0x30000000
807 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
809 objectClass: Template
810 objectClass: userTemplate
811 cn: TemplateMemberServer
812 name: TemplateMemberServer
814 userAccountControl: 0x1002
825 sAMAccountType: 0x30000001
827 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
829 objectClass: Template
830 objectClass: userTemplate
831 cn: TemplateDomainController
832 name: TemplateDomainController
834 userAccountControl: 0x2002
845 sAMAccountType: 0x30000001
847 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
849 objectClass: Template
850 objectClass: groupTemplate
854 sAMAccountType: 0x10000000