source4/provision.ldif

   1 dn: @INDEXLIST
   2 @IDXATTR: name
   3 @IDXATTR: sAMAccountName
   4 @IDXATTR: objectSid
   5 @IDXATTR: objectClass
   6 @IDXATTR: member
   7
   8 dn: @ATTRIBUTES
   9 realm: CASE_INSENSITIVE
  10 userPrincipalName: CASE_INSENSITIVE
  11 servicePrincipalName: CASE_INSENSITIVE
  12 name: CASE_INSENSITIVE WILDCARD
  13 dn: CASE_INSENSITIVE WILDCARD
  14 sAMAccountName: CASE_INSENSITIVE WILDCARD
  15 objectClass: CASE_INSENSITIVE
  16 unicodePwd: HIDDEN
  17 ntPwdHash: HIDDEN
  18 ntPwdHistory: HIDDEN
  19 lmPwdHash: HIDDEN
  20 lmPwdHistory: HIDDEN
  21
  22 dn: @SUBCLASSES
  23 top: domain
  24 top: person
  25 top: group
  26 domain: domainDNS
  27 domain: builtinDomain
  28 person: organizationalPerson
  29 organizationalPerson: user
  30 user: computer
  31 template: userTemplate
  32 template: groupTemplate
  33
  34 dn: ${BASEDN}
  35 objectClass: top
  36 objectClass: domain
  37 objectClass: domainDNS
  38 name: ${DOMAIN}
  39 realm: ${REALM}
  40 dnsDomain: ${DNSDOMAIN}
  41 dc: ${DOMAIN}
  42 objectGUID: ${DOMAINGUID}
  43 creationTime: ${NTTIME}
  44 forceLogoff: 0x8000000000000000
  45 lockoutDuration: -18000000000
  46 lockOutObservationWindow: -18000000000
  47 lockoutThreshold: 0
  48 whenCreated: ${LDAPTIME}
  49 whenChanged: ${LDAPTIME}
  50 uSNCreated: 1
  51 uSNChanged: 1
  52 maxPwdAge: -37108517437440
  53 minPwdAge: 0
  54 minPwdLength: 7
  55 modifiedCountAtLastProm: 0
  56 nextRid: 1001
  57 pwdProperties: 1
  58 pwdHistoryLength: 24
  59 objectSid: ${DOMAINSID}
  60 serverState: 1
  61 uASCompat: 1
  62 modifiedCount: 1
  63 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
  64 isCriticalSystemObject: TRUE
  65
  66 dn: CN=Users,${BASEDN}
  67 objectClass: top
  68 objectClass: container
  69 cn: Users
  70 description: Default container for upgraded user accounts
  71 instanceType: 4
  72 whenCreated: ${LDAPTIME}
  73 whenChanged: ${LDAPTIME}
  74 uSNCreated: 1
  75 uSNChanged: 1
  76 showInAdvancedViewOnly: FALSE
  77 name: Users
  78 objectGUID: ${NEWGUID}
  79 systemFlags: 0x8c000000
  80 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
  81 isCriticalSystemObject: TRUE
  82
  83 dn: CN=Computers,${BASEDN}
  84 objectClass: top
  85 objectClass: container
  86 cn: Computers
  87 description: Default container for upgraded computer accounts
  88 instanceType: 4
  89 whenCreated: ${LDAPTIME}
  90 whenChanged: ${LDAPTIME}
  91 uSNCreated: 1
  92 uSNChanged: 1
  93 showInAdvancedViewOnly: FALSE
  94 name: Computers
  95 objectGUID: ${NEWGUID}
  96 systemFlags: 0x8c000000
  97 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
  98 isCriticalSystemObject: TRUE
  99
 100 dn: OU=Domain Controllers,${BASEDN}
 101 objectClass: top
 102 objectClass: organizationalUnit
 103 ou: Domain Controllers
 104 description: Default container for domain controllers
 105 instanceType: 4
 106 whenCreated: ${LDAPTIME}
 107 whenChanged: ${LDAPTIME}
 108 uSNCreated: 1
 109 uSNChanged: 1
 110 showInAdvancedViewOnly: FALSE
 111 name: Domain Controllers
 112 objectGUID: ${NEWGUID}
 113 systemFlags: 0x8c000000
 114 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
 115 isCriticalSystemObject: TRUE
 116
 117 dn: CN=ForeignSecurityPrincipals,${BASEDN}
 118 objectClass: top
 119 objectClass: container
 120 cn: ForeignSecurityPrincipals
 121 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
 122 instanceType: 4
 123 whenCreated: ${LDAPTIME}
 124 whenChanged: ${LDAPTIME}
 125 uSNCreated: 1
 126 uSNChanged: 1
 127 showInAdvancedViewOnly: FALSE
 128 name: ForeignSecurityPrincipals
 129 objectGUID: ${NEWGUID}
 130 systemFlags: 0x8c000000
 131 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 132 isCriticalSystemObject: TRUE
 133
 134 dn: CN=Builtin,${BASEDN}
 135 objectClass: top
 136 objectClass: builtinDomain
 137 cn: Builtin
 138 instanceType: 4
 139 showInAdvancedViewOnly: FALSE
 140 name: Builtin
 141 forceLogoff: 0x8000000000000000
 142 lockoutDuration: -18000000000
 143 lockOutObservationWindow: -18000000000
 144 lockoutThreshold: 0
 145 maxPwdAge: -37108517437440
 146 minPwdAge: 0
 147 minPwdLength: 0
 148 modifiedCountAtLastProm: 0
 149 nextRid: 1000
 150 pwdProperties: 0
 151 pwdHistoryLength: 0
 152 objectSid: S-1-5-32
 153 serverState: 1
 154 uASCompat: 1
 155 modifiedCount: 1
 156 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
 157 isCriticalSystemObject: TRUE
 158
 159 dn: CN=Administrator,CN=Users,${BASEDN}
 160 objectClass: top
 161 objectClass: person
 162 objectClass: organizationalPerson
 163 objectClass: user
 164 cn: Administrator
 165 description: Built-in account for administering the computer/domain
 166 instanceType: 4
 167 whenCreated: ${LDAPTIME}
 168 whenChanged: ${LDAPTIME}
 169 uSNCreated: 1
 170 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
 171 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
 172 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
 173 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
 174 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 175 uSNChanged: 1
 176 name: Administrator
 177 objectGUID: ${NEWGUID}
 178 userAccountControl: 0x10200
 179 badPwdCount: 0
 180 codePage: 0
 181 countryCode: 0
 182 badPasswordTime: 0
 183 lastLogoff: 0
 184 lastLogon: 0
 185 pwdLastSet: 0
 186 primaryGroupID: 513
 187 objectSid: ${DOMAINSID}-500
 188 adminCount: 1
 189 accountExpires: -1
 190 logonCount: 0
 191 sAMAccountName: Administrator
 192 sAMAccountType: 0x30000000
 193 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 194 isCriticalSystemObject: TRUE
 195 unicodePwd: ${ADMINPASS}
 196 unixName: root
 197
 198 dn: CN=Guest,CN=Users,${BASEDN}
 199 objectClass: top
 200 objectClass: person
 201 objectClass: organizationalPerson
 202 objectClass: user
 203 cn: Guest
 204 description: Built-in account for guest access to the computer/domain
 205 instanceType: 4
 206 whenCreated: ${LDAPTIME}
 207 whenChanged: ${LDAPTIME}
 208 uSNCreated: 1
 209 memberOf: CN=Guests,CN=Builtin,${BASEDN}
 210 uSNChanged: 1
 211 name: Guest
 212 objectGUID: ${NEWGUID}
 213 userAccountControl: 0x10222
 214 badPwdCount: 0
 215 codePage: 0
 216 countryCode: 0
 217 badPasswordTime: 0
 218 lastLogoff: 0
 219 lastLogon: 0
 220 pwdLastSet: 0
 221 primaryGroupID: 514
 222 objectSid: ${DOMAINSID}-501
 223 accountExpires: -1
 224 logonCount: 0
 225 sAMAccountName: Guest
 226 sAMAccountType: 0x30000000
 227 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 228 isCriticalSystemObject: TRUE
 229
 230 dn: CN=Administrators,CN=Builtin,${BASEDN}
 231 objectClass: top
 232 objectClass: group
 233 cn: Administrators
 234 description: Administrators have complete and unrestricted access to the computer/domain
 235 member: CN=Domain Admins,CN=Users,${BASEDN}
 236 member: CN=Enterprise Admins,CN=Users,${BASEDN}
 237 member: CN=Administrator,CN=Users,${BASEDN}
 238 instanceType: 4
 239 whenCreated: ${LDAPTIME}
 240 whenChanged: ${LDAPTIME}
 241 uSNCreated: 1
 242 uSNChanged: 1
 243 name: Administrators
 244 objectGUID: ${NEWGUID}
 245 objectSid: S-1-5-32-544
 246 adminCount: 1
 247 sAMAccountName: Administrators
 248 sAMAccountType: 0x20000000
 249 systemFlags: 0x8c000000
 250 groupType: 0x80000005
 251 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 252 isCriticalSystemObject: TRUE
 253 unixName: ${WHEEL}
 254
 255 dn: CN=Users,CN=Builtin,${BASEDN}
 256 objectClass: top
 257 objectClass: group
 258 cn: Users
 259 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
 260 member: CN=Domain Users,CN=Users,${BASEDN}
 261 instanceType: 4
 262 whenCreated: ${LDAPTIME}
 263 whenChanged: ${LDAPTIME}
 264 uSNCreated: 1
 265 uSNChanged: 1
 266 name: Users
 267 objectGUID: ${NEWGUID}
 268 objectSid: S-1-5-32-545
 269 sAMAccountName: Users
 270 sAMAccountType: 0x20000000
 271 systemFlags: 0x8c000000
 272 groupType: 0x80000005
 273 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 274 isCriticalSystemObject: TRUE
 275
 276 dn: CN=Guests,CN=Builtin,${BASEDN}
 277 objectClass: top
 278 objectClass: group
 279 cn: Guests
 280 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
 281 member: CN=Domain Guests,CN=Users,${BASEDN}
 282 member: CN=Guest,CN=Users,${BASEDN}
 283 instanceType: 4
 284 whenCreated: ${LDAPTIME}
 285 whenChanged: ${LDAPTIME}
 286 uSNCreated: 1
 287 uSNChanged: 1
 288 name: Guests
 289 objectGUID: ${NEWGUID}
 290 objectSid: S-1-5-32-546
 291 sAMAccountName: Guests
 292 sAMAccountType: 0x20000000
 293 systemFlags: 0x8c000000
 294 groupType: 0x80000005
 295 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 296 isCriticalSystemObject: TRUE
 297 unixName: ${NOGROUP}
 298
 299 dn: CN=Print Operators,CN=Builtin,${BASEDN}
 300 objectClass: top
 301 objectClass: group
 302 cn: Print Operators
 303 description: Members can administer domain printers
 304 instanceType: 4
 305 whenCreated: ${LDAPTIME}
 306 whenChanged: ${LDAPTIME}
 307 uSNCreated: 1
 308 uSNChanged: 1
 309 name: Print Operators
 310 objectGUID: ${NEWGUID}
 311 objectSid: S-1-5-32-550
 312 adminCount: 1
 313 sAMAccountName: Print Operators
 314 sAMAccountType: 0x20000000
 315 systemFlags: 0x8c000000
 316 groupType: 0x80000005
 317 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 318 isCriticalSystemObject: TRUE
 319
 320 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
 321 objectClass: top
 322 objectClass: group
 323 cn: Backup Operators
 324 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
 325 instanceType: 4
 326 whenCreated: ${LDAPTIME}
 327 whenChanged: ${LDAPTIME}
 328 uSNCreated: 1
 329 uSNChanged: 1
 330 name: Backup Operators
 331 objectGUID: ${NEWGUID}
 332 objectSid: S-1-5-32-551
 333 adminCount: 1
 334 sAMAccountName: Backup Operators
 335 sAMAccountType: 0x20000000
 336 systemFlags: 0x8c000000
 337 groupType: 0x80000005
 338 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 339 isCriticalSystemObject: TRUE
 340
 341 dn: CN=Replicator,CN=Builtin,${BASEDN}
 342 objectClass: top
 343 objectClass: group
 344 cn: Replicator
 345 description: Supports file replication in a domain
 346 instanceType: 4
 347 whenCreated: ${LDAPTIME}
 348 whenChanged: ${LDAPTIME}
 349 uSNCreated: 1
 350 uSNChanged: 1
 351 name: Replicator
 352 objectGUID: ${NEWGUID}
 353 objectSid: S-1-5-32-552
 354 adminCount: 1
 355 sAMAccountName: Replicator
 356 sAMAccountType: 0x20000000
 357 systemFlags: 0x8c000000
 358 groupType: 0x80000005
 359 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 360 isCriticalSystemObject: TRUE
 361
 362 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
 363 objectClass: top
 364 objectClass: group
 365 cn: Remote Desktop Users
 366 description: Members in this group are granted the right to logon remotely
 367 instanceType: 4
 368 whenCreated: ${LDAPTIME}
 369 whenChanged: ${LDAPTIME}
 370 uSNCreated: 1
 371 uSNChanged: 1
 372 name: Remote Desktop Users
 373 objectGUID: ${NEWGUID}
 374 objectSid: S-1-5-32-555
 375 sAMAccountName: Remote Desktop Users
 376 sAMAccountType: 0x20000000
 377 systemFlags: 0x8c000000
 378 groupType: 0x80000005
 379 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 380 isCriticalSystemObject: TRUE
 381
 382 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
 383 objectClass: top
 384 objectClass: group
 385 cn: Network Configuration Operators
 386 description: Members in this group can have some administrative privileges to manage configuration of networking features
 387 instanceType: 4
 388 whenCreated: ${LDAPTIME}
 389 whenChanged: ${LDAPTIME}
 390 uSNCreated: 1
 391 uSNChanged: 1
 392 name: Network Configuration Operators
 393 objectGUID: ${NEWGUID}
 394 objectSid: S-1-5-32-556
 395 sAMAccountName: Network Configuration Operators
 396 sAMAccountType: 0x20000000
 397 systemFlags: 0x8c000000
 398 groupType: 0x80000005
 399 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 400 isCriticalSystemObject: TRUE
 401
 402 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
 403 objectClass: top
 404 objectClass: group
 405 cn: Performance Monitor Users
 406 description: Members of this group have remote access to monitor this computer
 407 instanceType: 4
 408 whenCreated: ${LDAPTIME}
 409 whenChanged: ${LDAPTIME}
 410 uSNCreated: 1
 411 uSNChanged: 1
 412 name: Performance Monitor Users
 413 objectGUID: ${NEWGUID}
 414 objectSid: S-1-5-32-558
 415 sAMAccountName: Performance Monitor Users
 416 sAMAccountType: 0x20000000
 417 systemFlags: 0x8c000000
 418 groupType: 0x80000005
 419 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 420 isCriticalSystemObject: TRUE
 421
 422 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
 423 objectClass: top
 424 objectClass: group
 425 cn: Performance Log Users
 426 description: Members of this group have remote access to schedule logging of performance counters on this computer
 427 instanceType: 4
 428 whenCreated: ${LDAPTIME}
 429 whenChanged: ${LDAPTIME}
 430 uSNCreated: 1
 431 uSNChanged: 1
 432 name: Performance Log Users
 433 objectGUID: ${NEWGUID}
 434 objectSid: S-1-5-32-559
 435 sAMAccountName: Performance Log Users
 436 sAMAccountType: 0x20000000
 437 systemFlags: 0x8c000000
 438 groupType: 0x80000005
 439 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 440 isCriticalSystemObject: TRUE
 441
 442 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
 443 objectClass: top
 444 objectClass: person
 445 objectClass: organizationalPerson
 446 objectClass: user
 447 objectClass: computer
 448 cn: ${NETBIOSNAME}
 449 instanceType: 4
 450 whenCreated: ${LDAPTIME}
 451 whenChanged: ${LDAPTIME}
 452 uSNCreated: 1
 453 uSNChanged: 1
 454 name: ${NETBIOSNAME}
 455 objectGUID: ${HOSTGUID}
 456 userAccountControl: 532480
 457 badPwdCount: 0
 458 codePage: 0
 459 countryCode: 0
 460 badPasswordTime: 0
 461 lastLogoff: 0
 462 lastLogon: 127273269057298624
 463 localPolicyFlags: 0
 464 pwdLastSet: 127258826171655328
 465 primaryGroupID: 516
 466 objectSid: ${DOMAINSID}-1000
 467 accountExpires: 9223372036854775807
 468 logonCount: 30
 469 sAMAccountName: ${NETBIOSNAME}$
 470 sAMAccountType: 805306369
 471 operatingSystem: Samba
 472 operatingSystemVersion: 4.0
 473 dNSHostName: ${DNSNAME}
 474 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
 475 isCriticalSystemObject: TRUE
 476 unicodePwd: ${RANDPASS}
 477 servicePrincipalName: HOST/${DNSNAME}
 478
 479 dn: CN=krbtgt,CN=Users,${BASEDN}
 480 objectClass: top
 481 objectClass: person
 482 objectClass: organizationalPerson
 483 objectClass: user
 484 cn: krbtgt
 485 description: Key Distribution Center Service Account
 486 instanceType: 4
 487 whenCreated: ${LDAPTIME}
 488 whenChanged: ${LDAPTIME}
 489 uSNCreated: 1
 490 uSNChanged: 1
 491 showInAdvancedViewOnly: TRUE
 492 name: krbtgt
 493 objectGUID: ${NEWGUID}
 494 userAccountControl: 514
 495 badPwdCount: 0
 496 codePage: 0
 497 countryCode: 0
 498 badPasswordTime: 0
 499 lastLogoff: 0
 500 lastLogon: 0
 501 pwdLastSet: 127258826179466560
 502 primaryGroupID: 513
 503 objectSid: ${DOMAINSID}-502
 504 adminCount: 1
 505 accountExpires: 9223372036854775807
 506 logonCount: 0
 507 sAMAccountName: krbtgt
 508 sAMAccountType: 805306368
 509 servicePrincipalName: kadmin/changepw
 510 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 511 isCriticalSystemObject: TRUE
 512 unicodePwd: ${RANDPASS}
 513
 514 dn: CN=Domain Computers,CN=Users,${BASEDN}
 515 objectClass: top
 516 objectClass: group
 517 cn: Domain Computers
 518 description: All workstations and servers joined to the domain
 519 instanceType: 4
 520 whenCreated: ${LDAPTIME}
 521 whenChanged: ${LDAPTIME}
 522 uSNCreated: 1
 523 uSNChanged: 1
 524 name: Domain Computers
 525 objectGUID: ${NEWGUID}
 526 objectSid: ${DOMAINSID}-515
 527 sAMAccountName: Domain Computers
 528 sAMAccountType: 268435456
 529 groupType: -2147483646
 530 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 531 isCriticalSystemObject: TRUE
 532
 533 dn: CN=Domain Controllers,CN=Users,${BASEDN}
 534 objectClass: top
 535 objectClass: group
 536 cn: Domain Controllers
 537 description: All domain controllers in the domain
 538 instanceType: 4
 539 whenCreated: ${LDAPTIME}
 540 whenChanged: ${LDAPTIME}
 541 uSNCreated: 1
 542 uSNChanged: 1
 543 name: Domain Controllers
 544 objectGUID: ${NEWGUID}
 545 objectSid: ${DOMAINSID}-516
 546 adminCount: 1
 547 sAMAccountName: Domain Controllers
 548 sAMAccountType: 268435456
 549 groupType: -2147483646
 550 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 551 isCriticalSystemObject: TRUE
 552
 553 dn: CN=Schema Admins,CN=Users,${BASEDN}
 554 objectClass: top
 555 objectClass: group
 556 cn: Schema Admins
 557 description: Designated administrators of the schema
 558 member: CN=Administrator,CN=Users,${BASEDN}
 559 instanceType: 4
 560 whenCreated: ${LDAPTIME}
 561 whenChanged: ${LDAPTIME}
 562 uSNCreated: 1
 563 uSNChanged: 1
 564 name: Schema Admins
 565 objectGUID: ${NEWGUID}
 566 objectSid: ${DOMAINSID}-518
 567 adminCount: 1
 568 sAMAccountName: Schema Admins
 569 sAMAccountType: 268435456
 570 groupType: -2147483646
 571 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 572 isCriticalSystemObject: TRUE
 573 unixName: ${WHEEL}
 574
 575 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
 576 objectClass: top
 577 objectClass: group
 578 cn: Enterprise Admins
 579 description: Designated administrators of the enterprise
 580 member: CN=Administrator,CN=Users,${BASEDN}
 581 instanceType: 4
 582 whenCreated: ${LDAPTIME}
 583 whenChanged: ${LDAPTIME}
 584 uSNCreated: 1
 585 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 586 uSNChanged: 1
 587 name: Enterprise Admins
 588 objectGUID: ${NEWGUID}
 589 objectSid: ${DOMAINSID}-519
 590 adminCount: 1
 591 sAMAccountName: Enterprise Admins
 592 sAMAccountType: 268435456
 593 groupType: -2147483646
 594 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 595 isCriticalSystemObject: TRUE
 596 unixName: ${WHEEL}
 597
 598 dn: CN=Cert Publishers,CN=Users,${BASEDN}
 599 objectClass: top
 600 objectClass: group
 601 cn: Cert Publishers
 602 description: Members of this group are permitted to publish certificates to the Active Directory
 603 instanceType: 4
 604 whenCreated: ${LDAPTIME}
 605 whenChanged: ${LDAPTIME}
 606 uSNCreated: 1
 607 uSNChanged: 1
 608 name: Cert Publishers
 609 objectGUID: ${NEWGUID}
 610 objectSid: ${DOMAINSID}-517
 611 sAMAccountName: Cert Publishers
 612 sAMAccountType: 0x20000000
 613 groupType: -2147483644
 614 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 615 isCriticalSystemObject: TRUE
 616
 617 dn: CN=Domain Admins,CN=Users,${BASEDN}
 618 objectClass: top
 619 objectClass: group
 620 cn: Domain Admins
 621 description: Designated administrators of the domain
 622 member: CN=Administrator,CN=Users,${BASEDN}
 623 instanceType: 4
 624 whenCreated: ${LDAPTIME}
 625 whenChanged: ${LDAPTIME}
 626 uSNCreated: 1
 627 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 628 uSNChanged: 1
 629 name: Domain Admins
 630 objectGUID: ${NEWGUID}
 631 objectSid: ${DOMAINSID}-512
 632 adminCount: 1
 633 sAMAccountName: Domain Admins
 634 sAMAccountType: 268435456
 635 groupType: -2147483646
 636 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 637 isCriticalSystemObject: TRUE
 638 unixName: ${WHEEL}
 639
 640 dn: CN=Domain Users,CN=Users,${BASEDN}
 641 objectClass: top
 642 objectClass: group
 643 cn: Domain Users
 644 description: All domain users
 645 instanceType: 4
 646 whenCreated: ${LDAPTIME}
 647 whenChanged: ${LDAPTIME}
 648 uSNCreated: 1
 649 memberOf: CN=Users,CN=Builtin,${BASEDN}
 650 uSNChanged: 1
 651 name: Domain Users
 652 objectGUID: ${NEWGUID}
 653 objectSid: ${DOMAINSID}-513
 654 sAMAccountName: Domain Users
 655 sAMAccountType: 268435456
 656 groupType: -2147483646
 657 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 658 isCriticalSystemObject: TRUE
 659 unixName: ${USERS}
 660
 661 dn: CN=Domain Guests,CN=Users,${BASEDN}
 662 objectClass: top
 663 objectClass: group
 664 cn: Domain Guests
 665 description: All domain guests
 666 instanceType: 4
 667 whenCreated: ${LDAPTIME}
 668 whenChanged: ${LDAPTIME}
 669 uSNCreated: 1
 670 memberOf: CN=Guests,CN=Builtin,${BASEDN}
 671 uSNChanged: 1
 672 name: Domain Guests
 673 objectGUID: ${NEWGUID}
 674 objectSid: ${DOMAINSID}-514
 675 sAMAccountName: Domain Guests
 676 sAMAccountType: 268435456
 677 groupType: -2147483646
 678 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 679 isCriticalSystemObject: TRUE
 680
 681 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
 682 objectClass: top
 683 objectClass: group
 684 cn: Group Policy Creator Owners
 685 description: Members in this group can modify group policy for the domain
 686 member: CN=Administrator,CN=Users,${BASEDN}
 687 instanceType: 4
 688 whenCreated: ${LDAPTIME}
 689 whenChanged: ${LDAPTIME}
 690 uSNCreated: 1
 691 uSNChanged: 1
 692 name: Group Policy Creator Owners
 693 objectGUID: ${NEWGUID}
 694 objectSid: ${DOMAINSID}-520
 695 sAMAccountName: Group Policy Creator Owners
 696 sAMAccountType: 268435456
 697 groupType: -2147483646
 698 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 699 isCriticalSystemObject: TRUE
 700 unixName: ${WHEEL}
 701
 702 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
 703 objectClass: top
 704 objectClass: group
 705 cn: RAS and IAS Servers
 706 description: Servers in this group can access remote access properties of users
 707 instanceType: 4
 708 whenCreated: ${LDAPTIME}
 709 whenChanged: ${LDAPTIME}
 710 uSNCreated: 1
 711 uSNChanged: 1
 712 name: RAS and IAS Servers
 713 objectGUID: ${NEWGUID}
 714 objectSid: ${DOMAINSID}-553
 715 sAMAccountName: RAS and IAS Servers
 716 sAMAccountType: 0x20000000
 717 groupType: -2147483644
 718 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 719 isCriticalSystemObject: TRUE
 720
 721 dn: CN=Server Operators,CN=Builtin,${BASEDN}
 722 objectClass: top
 723 objectClass: group
 724 cn: Server Operators
 725 description: Members can administer domain servers
 726 instanceType: 4
 727 whenCreated: ${LDAPTIME}
 728 whenChanged: ${LDAPTIME}
 729 uSNCreated: 1
 730 uSNChanged: 1
 731 name: Server Operators
 732 objectGUID: ${NEWGUID}
 733 objectSid: S-1-5-32-549
 734 adminCount: 1
 735 sAMAccountName: Server Operators
 736 sAMAccountType: 0x20000000
 737 systemFlags: 0x8c000000
 738 groupType: 0x80000005
 739 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 740 isCriticalSystemObject: TRUE
 741
 742 dn: CN=Account Operators,CN=Builtin,${BASEDN}
 743 objectClass: top
 744 objectClass: group
 745 cn: Account Operators
 746 description: Members can administer domain user and group accounts
 747 instanceType: 4
 748 whenCreated: ${LDAPTIME}
 749 whenChanged: ${LDAPTIME}
 750 uSNCreated: 1
 751 uSNChanged: 1
 752 name: Account Operators
 753 objectGUID: ${NEWGUID}
 754 objectSid: S-1-5-32-548
 755 adminCount: 1
 756 sAMAccountName: Account Operators
 757 sAMAccountType: 0x20000000
 758 systemFlags: 0x8c000000
 759 groupType: 0x80000005
 760 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 761 isCriticalSystemObject: TRUE
 762
 763 dn: CN=Templates,${BASEDN}
 764 objectClass: top
 765 objectClass: container
 766 cn: Templates
 767 description: Container for SAM account templates
 768 instanceType: 4
 769 whenCreated: ${LDAPTIME}
 770 whenChanged: ${LDAPTIME}
 771 uSNCreated: 1
 772 uSNChanged: 1
 773 showInAdvancedViewOnly: FALSE
 774 name: Templates
 775 objectGUID: ${NEWGUID}
 776 systemFlags: 0x8c000000
 777 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 778 isCriticalSystemObject: TRUE
 779
 780 ###
 781 # note! the template users must not match normal searches. Be careful
 782 # with what classes you put them in
 783 ###
 784
 785 dn: CN=TemplateUser,CN=Templates,${BASEDN}
 786 objectClass: top
 787 objectClass: person
 788 objectClass: organizationalPerson
 789 objectClass: Template
 790 objectClass: userTemplate
 791 cn: TemplateUser
 792 name: TemplateUser
 793 instanceType: 4
 794 userAccountControl: 0x202
 795 badPwdCount: 0
 796 codePage: 0
 797 countryCode: 0
 798 badPasswordTime: 0
 799 lastLogoff: 0
 800 lastLogon: 0
 801 pwdLastSet: 0
 802 primaryGroupID: 513
 803 accountExpires: -1
 804 logonCount: 0
 805 sAMAccountType: 0x30000000
 806
 807 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
 808 objectClass: top
 809 objectClass: Template
 810 objectClass: userTemplate
 811 cn: TemplateMemberServer
 812 name: TemplateMemberServer
 813 instanceType: 4
 814 userAccountControl: 0x1002
 815 badPwdCount: 0
 816 codePage: 0
 817 countryCode: 0
 818 badPasswordTime: 0
 819 lastLogoff: 0
 820 lastLogon: 0
 821 pwdLastSet: 0
 822 primaryGroupID: 513
 823 accountExpires: -1
 824 logonCount: 0
 825 sAMAccountType: 0x30000001
 826
 827 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
 828 objectClass: top
 829 objectClass: Template
 830 objectClass: userTemplate
 831 cn: TemplateDomainController
 832 name: TemplateDomainController
 833 instanceType: 4
 834 userAccountControl: 0x2002
 835 badPwdCount: 0
 836 codePage: 0
 837 countryCode: 0
 838 badPasswordTime: 0
 839 lastLogoff: 0
 840 lastLogon: 0
 841 pwdLastSet: 0
 842 primaryGroupID: 513
 843 accountExpires: -1
 844 logonCount: 0
 845 sAMAccountType: 0x30000001
 846
 847 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
 848 objectClass: top
 849 objectClass: Template
 850 objectClass: groupTemplate
 851 cn: TemplateGroup
 852 name: TemplateGroup
 853 instanceType: 4
 854 sAMAccountType: 0x10000000
 855