r25299: Modify the provision script to take an additional argument: --server-role
[samba.git] / source4 / setup / provision_users.ldif
1 dn: CN=Administrator,CN=Users,${DOMAINDN}
2 objectClass: user
3 cn: Administrator
4 description: Built-in account for administering the computer/domain
5 memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
6 memberOf: CN=Domain Admins,CN=Users,${DOMAINDN}
7 memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN}
8 memberOf: CN=Schema Admins,CN=Users,${DOMAINDN}
9 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
10 userAccountControl: 66048
11 objectSid: ${DOMAINSID}-500
12 adminCount: 1
13 accountExpires: -1
14 sAMAccountName: Administrator
15 isCriticalSystemObject: TRUE
16 sambaPassword:: ${ADMINPASS_B64}
17
18 dn: CN=Guest,CN=Users,${DOMAINDN}
19 objectClass: user
20 cn: Guest
21 description: Built-in account for guest access to the computer/domain
22 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
23 userAccountControl: 66082
24 primaryGroupID: 514
25 objectSid: ${DOMAINSID}-501
26 sAMAccountName: Guest
27 isCriticalSystemObject: TRUE
28
29 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
30 objectClass: top
31 objectClass: group
32 cn: Administrators
33 description: Administrators have complete and unrestricted access to the computer/domain
34 member: CN=Domain Admins,CN=Users,${DOMAINDN}
35 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
36 member: CN=Administrator,CN=Users,${DOMAINDN}
37 objectSid: S-1-5-32-544
38 adminCount: 1
39 sAMAccountName: Administrators
40 sAMAccountType: 536870912
41 systemFlags: 2348810240
42 groupType: 2147483653
43 isCriticalSystemObject: TRUE
44 privilege: SeSecurityPrivilege
45 privilege: SeBackupPrivilege
46 privilege: SeRestorePrivilege
47 privilege: SeSystemtimePrivilege
48 privilege: SeShutdownPrivilege
49 privilege: SeRemoteShutdownPrivilege
50 privilege: SeTakeOwnershipPrivilege
51 privilege: SeDebugPrivilege
52 privilege: SeSystemEnvironmentPrivilege
53 privilege: SeSystemProfilePrivilege
54 privilege: SeProfileSingleProcessPrivilege
55 privilege: SeIncreaseBasePriorityPrivilege
56 privilege: SeLoadDriverPrivilege
57 privilege: SeCreatePagefilePrivilege
58 privilege: SeIncreaseQuotaPrivilege
59 privilege: SeChangeNotifyPrivilege
60 privilege: SeUndockPrivilege
61 privilege: SeManageVolumePrivilege
62 privilege: SeImpersonatePrivilege
63 privilege: SeCreateGlobalPrivilege
64 privilege: SeEnableDelegationPrivilege
65 privilege: SeInteractiveLogonRight
66 privilege: SeNetworkLogonRight
67 privilege: SeRemoteInteractiveLogonRight
68
69 dn: CN=Users,CN=Builtin,${DOMAINDN}
70 objectClass: top
71 objectClass: group
72 cn: Users
73 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
74 member: CN=Domain Users,CN=Users,${DOMAINDN}
75 objectSid: S-1-5-32-545
76 sAMAccountName: Users
77 sAMAccountType: 536870912
78 systemFlags: 2348810240
79 groupType: 2147483653
80 isCriticalSystemObject: TRUE
81
82 dn: CN=Guests,CN=Builtin,${DOMAINDN}
83 objectClass: top
84 objectClass: group
85 cn: Guests
86 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
87 member: CN=Domain Guests,CN=Users,${DOMAINDN}
88 member: CN=Guest,CN=Users,${DOMAINDN}
89 objectSid: S-1-5-32-546
90 sAMAccountName: Guests
91 sAMAccountType: 536870912
92 systemFlags: 2348810240
93 groupType: 2147483653
94 isCriticalSystemObject: TRUE
95
96 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
97 objectClass: top
98 objectClass: group
99 cn: Print Operators
100 description: Members can administer domain printers
101 objectSid: S-1-5-32-550
102 adminCount: 1
103 sAMAccountName: Print Operators
104 sAMAccountType: 536870912
105 systemFlags: 2348810240
106 groupType: 2147483653
107 isCriticalSystemObject: TRUE
108 privilege: SeLoadDriverPrivilege
109 privilege: SeShutdownPrivilege
110 privilege: SeInteractiveLogonRight
111
112 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
113 objectClass: top
114 objectClass: group
115 cn: Backup Operators
116 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
117 objectSid: S-1-5-32-551
118 adminCount: 1
119 sAMAccountName: Backup Operators
120 sAMAccountType: 536870912
121 systemFlags: 2348810240
122 groupType: 2147483653
123 isCriticalSystemObject: TRUE
124 privilege: SeBackupPrivilege
125 privilege: SeRestorePrivilege
126 privilege: SeShutdownPrivilege
127 privilege: SeInteractiveLogonRight
128
129 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
130 objectClass: top
131 objectClass: group
132 cn: Replicator
133 description: Supports file replication in a domain
134 objectSid: S-1-5-32-552
135 adminCount: 1
136 sAMAccountName: Replicator
137 sAMAccountType: 536870912
138 systemFlags: 2348810240
139 groupType: 2147483653
140 isCriticalSystemObject: TRUE
141
142 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
143 objectClass: top
144 objectClass: group
145 cn: Remote Desktop Users
146 description: Members in this group are granted the right to logon remotely
147 objectSid: S-1-5-32-555
148 sAMAccountName: Remote Desktop Users
149 sAMAccountType: 536870912
150 systemFlags: 2348810240
151 groupType: 2147483653
152 isCriticalSystemObject: TRUE
153
154 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
155 objectClass: top
156 objectClass: group
157 cn: Network Configuration Operators
158 description: Members in this group can have some administrative privileges to manage configuration of networking features
159 objectSid: S-1-5-32-556
160 sAMAccountName: Network Configuration Operators
161 sAMAccountType: 536870912
162 systemFlags: 2348810240
163 groupType: 2147483653
164 isCriticalSystemObject: TRUE
165
166 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
167 objectClass: top
168 objectClass: group
169 cn: Performance Monitor Users
170 description: Members of this group have remote access to monitor this computer
171 objectSid: S-1-5-32-558
172 sAMAccountName: Performance Monitor Users
173 sAMAccountType: 536870912
174 systemFlags: 2348810240
175 groupType: 2147483653
176 isCriticalSystemObject: TRUE
177
178 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
179 objectClass: top
180 objectClass: group
181 cn: Performance Log Users
182 description: Members of this group have remote access to schedule logging of performance counters on this computer
183 objectSid: S-1-5-32-559
184 sAMAccountName: Performance Log Users
185 sAMAccountType: 536870912
186 systemFlags: 2348810240
187 groupType: 2147483653
188 isCriticalSystemObject: TRUE
189
190 dn: CN=krbtgt,CN=Users,${DOMAINDN}
191 objectClass: top
192 objectClass: person
193 objectClass: organizationalPerson
194 objectClass: user
195 cn: krbtgt
196 description: Key Distribution Center Service Account
197 showInAdvancedViewOnly: TRUE
198 userAccountControl: 514
199 objectSid: ${DOMAINSID}-502
200 adminCount: 1
201 accountExpires: 9223372036854775807
202 sAMAccountName: krbtgt
203 sAMAccountType: 805306368
204 servicePrincipalName: kadmin/changepw
205 isCriticalSystemObject: TRUE
206 sambaPassword:: ${KRBTGTPASS_B64}
207
208 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
209 objectClass: top
210 objectClass: group
211 cn: Domain Computers
212 description: All workstations and servers joined to the domain
213 objectSid: ${DOMAINSID}-515
214 sAMAccountName: Domain Computers
215 isCriticalSystemObject: TRUE
216
217 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
218 objectClass: top
219 objectClass: group
220 cn: Domain Controllers
221 description: All domain controllers in the domain
222 objectSid: ${DOMAINSID}-516
223 adminCount: 1
224 sAMAccountName: Domain Controllers
225 isCriticalSystemObject: TRUE
226
227 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
228 objectClass: top
229 objectClass: group
230 cn: Schema Admins
231 description: Designated administrators of the schema
232 member: CN=Administrator,CN=Users,${DOMAINDN}
233 objectSid: ${DOMAINSID}-518
234 adminCount: 1
235 sAMAccountName: Schema Admins
236 isCriticalSystemObject: TRUE
237
238 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
239 objectClass: top
240 objectClass: group
241 cn: Enterprise Admins
242 description: Designated administrators of the enterprise
243 member: CN=Administrator,CN=Users,${DOMAINDN}
244 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
245 objectSid: ${DOMAINSID}-519
246 adminCount: 1
247 sAMAccountName: Enterprise Admins
248 isCriticalSystemObject: TRUE
249
250 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
251 objectClass: top
252 objectClass: group
253 cn: Cert Publishers
254 description: Members of this group are permitted to publish certificates to the Active Directory
255 groupType: 2147483652
256 sAMAccountType: 536870912
257 objectSid: ${DOMAINSID}-517
258 sAMAccountName: Cert Publishers
259 isCriticalSystemObject: TRUE
260
261 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
262 objectClass: top
263 objectClass: group
264 cn: Domain Admins
265 description: Designated administrators of the domain
266 member: CN=Administrator,CN=Users,${DOMAINDN}
267 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
268 objectSid: ${DOMAINSID}-512
269 adminCount: 1
270 sAMAccountName: Domain Admins
271 isCriticalSystemObject: TRUE
272
273 dn: CN=Domain Users,CN=Users,${DOMAINDN}
274 objectClass: top
275 objectClass: group
276 cn: Domain Users
277 description: All domain users
278 memberOf: CN=Users,CN=Builtin,${DOMAINDN}
279 objectSid: ${DOMAINSID}-513
280 sAMAccountName: Domain Users
281 isCriticalSystemObject: TRUE
282
283 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
284 objectClass: top
285 objectClass: group
286 cn: Domain Guests
287 description: All domain guests
288 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
289 objectSid: ${DOMAINSID}-514
290 sAMAccountName: Domain Guests
291 isCriticalSystemObject: TRUE
292
293 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
294 objectClass: top
295 objectClass: group
296 cn: Group Policy Creator Owners
297 description: Members in this group can modify group policy for the domain
298 member: CN=Administrator,CN=Users,${DOMAINDN}
299 objectSid: ${DOMAINSID}-520
300 sAMAccountName: Group Policy Creator Owners
301 isCriticalSystemObject: TRUE
302
303 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
304 objectClass: top
305 objectClass: group
306 cn: RAS and IAS Servers
307 description: Servers in this group can access remote access properties of users
308 instanceType: 4
309 objectSid: ${DOMAINSID}-553
310 sAMAccountName: RAS and IAS Servers
311 sAMAccountType: 536870912
312 groupType: 2147483652
313 isCriticalSystemObject: TRUE
314
315 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
316 objectClass: top
317 objectClass: group
318 cn: Server Operators
319 description: Members can administer domain servers
320 instanceType: 4
321 objectSid: S-1-5-32-549
322 adminCount: 1
323 sAMAccountName: Server Operators
324 sAMAccountType: 536870912
325 systemFlags: 2348810240
326 groupType: 2147483653
327 isCriticalSystemObject: TRUE
328 privilege: SeBackupPrivilege
329 privilege: SeSystemtimePrivilege
330 privilege: SeRemoteShutdownPrivilege
331 privilege: SeRestorePrivilege
332 privilege: SeShutdownPrivilege
333 privilege: SeInteractiveLogonRight
334
335 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
336 objectClass: top
337 objectClass: group
338 cn: Account Operators
339 description: Members can administer domain user and group accounts
340 instanceType: 4
341 objectSid: S-1-5-32-548
342 adminCount: 1
343 sAMAccountName: Account Operators
344 sAMAccountType: 536870912
345 systemFlags: 2348810240
346 groupType: 2147483653
347 isCriticalSystemObject: TRUE
348 privilege: SeInteractiveLogonRight
349
350 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
351 objectClass: top
352 objectClass: group
353 cn: Pre-Windows 2000 Compatible Access
354 description: A backward compatibility group which allows read access on all users and groups in the domain
355 objectSid: S-1-5-32-554
356 sAMAccountName: Pre-Windows 2000 Compatible Access
357 sAMAccountType: 536870912
358 systemFlags: 2348810240
359 groupType: 2147483653
360 isCriticalSystemObject: TRUE
361 privilege: SeRemoteInteractiveLogonRight
362 privilege: SeChangeNotifyPrivilege
363
364 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
365 objectClass: top
366 objectClass: group
367 cn: Incoming Forest Trust Builders
368 description: Members of this group can create incoming, one-way trusts to this forest
369 objectSid: S-1-5-32-557
370 sAMAccountName: Incoming Forest Trust Builders
371 sAMAccountType: 536870912
372 systemFlags: 2348810240
373 groupType: 2147483653
374 isCriticalSystemObject: TRUE
375
376 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
377 objectClass: top
378 objectClass: group
379 cn: Windows Authorization Access Group
380 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
381 objectSid: S-1-5-32-560
382 sAMAccountName: Windows Authorization Access Group
383 sAMAccountType: 536870912
384 systemFlags: 2348810240
385 groupType: 2147483653
386 isCriticalSystemObject: TRUE
387
388 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
389 objectClass: top
390 objectClass: group
391 cn: Terminal Server License Servers
392 description: Terminal Server License Servers
393 objectSid: S-1-5-32-561
394 sAMAccountName: Terminal Server License Servers
395 sAMAccountType: 536870912
396 systemFlags: 2348810240
397 groupType: 2147483653
398 isCriticalSystemObject: TRUE
399
400 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
401 objectClass: top
402 objectClass: group
403 cn: Distributed COM Users
404 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
405 objectSid: S-1-5-32-562
406 sAMAccountName: Distributed COM Users
407 sAMAccountType: 536870912
408 systemFlags: 2348810240
409 groupType: 2147483653
410 isCriticalSystemObject: TRUE
411
412 dn: CN=WellKnown Security Principals,${CONFIGDN}
413 objectClass: top
414 objectClass: container
415 cn: WellKnown Security Principals
416 systemFlags: 2147483648
417 showInAdvancedViewOnly: TRUE
418
419 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
420 objectClass: top
421 objectClass: foreignSecurityPrincipal
422 cn: Anonymous Logon
423 objectSid: S-1-5-7
424 showInAdvancedViewOnly: TRUE
425
426 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
427 objectClass: top
428 objectClass: foreignSecurityPrincipal
429 cn: Authenticated Users
430 objectSid: S-1-5-11
431 showInAdvancedViewOnly: TRUE
432
433 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
434 objectClass: top
435 objectClass: foreignSecurityPrincipal
436 cn: Batch
437 objectSid: S-1-5-3
438 showInAdvancedViewOnly: TRUE
439
440 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
441 objectClass: top
442 objectClass: foreignSecurityPrincipal
443 cn: Creator Group
444 objectSid: S-1-3-1
445 showInAdvancedViewOnly: TRUE
446
447 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
448 objectClass: top
449 objectClass: foreignSecurityPrincipal
450 cn: Creator Owner
451 objectSid: S-1-3-0
452 showInAdvancedViewOnly: TRUE
453
454 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
455 objectClass: top
456 objectClass: foreignSecurityPrincipal
457 cn: Dialup
458 objectSid: S-1-5-1
459 showInAdvancedViewOnly: TRUE
460
461 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
462 objectClass: top
463 objectClass: foreignSecurityPrincipal
464 cn: Digest Authentication
465 objectSid: S-1-5-64-21
466 showInAdvancedViewOnly: TRUE
467
468 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
469 objectClass: top
470 objectClass: foreignSecurityPrincipal
471 cn: Enterprise Domain Controllers
472 objectSid: S-1-5-9
473 showInAdvancedViewOnly: TRUE
474
475 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
476 objectClass: top
477 objectClass: foreignSecurityPrincipal
478 cn: Everyone
479 objectSid: S-1-1-0
480 showInAdvancedViewOnly: TRUE
481
482 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
483 objectClass: top
484 objectClass: foreignSecurityPrincipal
485 cn: Interactive
486 objectSid: S-1-5-4
487 showInAdvancedViewOnly: TRUE
488
489 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
490 objectClass: top
491 objectClass: foreignSecurityPrincipal
492 cn: Local Service
493 objectSid: S-1-5-19
494 showInAdvancedViewOnly: TRUE
495
496 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
497 objectClass: top
498 objectClass: foreignSecurityPrincipal
499 cn: Network
500 objectSid: S-1-5-2
501 showInAdvancedViewOnly: TRUE
502
503 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
504 objectClass: top
505 objectClass: foreignSecurityPrincipal
506 cn: Network Service
507 objectSid: S-1-5-20
508 showInAdvancedViewOnly: TRUE
509
510 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
511 objectClass: top
512 objectClass: foreignSecurityPrincipal
513 cn: NTLM Authentication
514 objectSid: S-1-5-64-10
515 showInAdvancedViewOnly: TRUE
516
517 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
518 objectClass: top
519 objectClass: foreignSecurityPrincipal
520 cn: Other Organization
521 objectSid: S-1-5-1000
522 showInAdvancedViewOnly: TRUE
523
524 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
525 objectClass: top
526 objectClass: foreignSecurityPrincipal
527 cn: Proxy
528 objectSid: S-1-5-8
529 showInAdvancedViewOnly: TRUE
530
531 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
532 objectClass: top
533 objectClass: foreignSecurityPrincipal
534 cn: Remote Interactive Logon
535 objectSid: S-1-5-14
536 showInAdvancedViewOnly: TRUE
537
538 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
539 objectClass: top
540 objectClass: foreignSecurityPrincipal
541 cn: Restricted
542 objectSid: S-1-5-12
543 showInAdvancedViewOnly: TRUE
544
545 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
546 objectClass: top
547 objectClass: foreignSecurityPrincipal
548 cn: SChannel Authentication
549 objectSid: S-1-5-64-14
550 showInAdvancedViewOnly: TRUE
551
552 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
553 objectClass: top
554 objectClass: foreignSecurityPrincipal
555 cn: Self
556 objectSid: S-1-5-10
557 showInAdvancedViewOnly: TRUE
558
559 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
560 objectClass: top
561 objectClass: foreignSecurityPrincipal
562 cn: Service
563 objectSid: S-1-5-6
564 showInAdvancedViewOnly: TRUE
565
566 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
567 objectClass: top
568 objectClass: foreignSecurityPrincipal
569 cn: Terminal Server User
570 objectSid: S-1-5-13
571 showInAdvancedViewOnly: TRUE
572
573 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
574 objectClass: top
575 objectClass: foreignSecurityPrincipal
576 cn: This Organization
577 objectSid: S-1-5-15
578 showInAdvancedViewOnly: TRUE
579
580 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
581 objectClass: top
582 objectClass: foreignSecurityPrincipal
583 cn: Well-Known-Security-Id-System
584 objectSid: S-1-5-18
585 showInAdvancedViewOnly: TRUE
586