git.samba.org / samba.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Don't manually specify instanceID in the template files.
[samba.git] / source4 / setup / provision_users.ldif
1 dn: CN=Administrator,CN=Users,${DOMAINDN}
2 objectClass: user
3 cn: Administrator
4 description: Built-in account for administering the computer/domain
5 userAccountControl: 66048
6 objectSid: ${DOMAINSID}-500
7 adminCount: 1
8 accountExpires: -1
9 sAMAccountName: Administrator
10 isCriticalSystemObject: TRUE
11 sambaPassword:: ${ADMINPASS_B64}
12
13 dn: CN=Guest,CN=Users,${DOMAINDN}
14 objectClass: user
15 cn: Guest
16 description: Built-in account for guest access to the computer/domain
17 userAccountControl: 66082
18 primaryGroupID: 514
19 objectSid: ${DOMAINSID}-501
20 sAMAccountName: Guest
21 isCriticalSystemObject: TRUE
22
23 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
24 objectClass: top
25 objectClass: group
26 cn: Enterprise Admins
27 description: Designated administrators of the enterprise
28 member: CN=Administrator,CN=Users,${DOMAINDN}
29 objectSid: ${DOMAINSID}-519
30 adminCount: 1
31 sAMAccountName: Enterprise Admins
32 isCriticalSystemObject: TRUE
33
34 dn: CN=krbtgt,CN=Users,${DOMAINDN}
35 objectClass: top
36 objectClass: person
37 objectClass: organizationalPerson
38 objectClass: user
39 cn: krbtgt
40 description: Key Distribution Center Service Account
41 showInAdvancedViewOnly: TRUE
42 userAccountControl: 514
43 objectSid: ${DOMAINSID}-502
44 adminCount: 1
45 accountExpires: 9223372036854775807
46 sAMAccountName: krbtgt
47 sAMAccountType: 805306368
48 servicePrincipalName: kadmin/changepw
49 isCriticalSystemObject: TRUE
50 sambaPassword:: ${KRBTGTPASS_B64}
51
52 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
53 objectClass: top
54 objectClass: group
55 cn: Domain Computers
56 description: All workstations and servers joined to the domain
57 objectSid: ${DOMAINSID}-515
58 sAMAccountName: Domain Computers
59 isCriticalSystemObject: TRUE
60
61 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
62 objectClass: top
63 objectClass: group
64 cn: Domain Controllers
65 description: All domain controllers in the domain
66 objectSid: ${DOMAINSID}-516
67 adminCount: 1
68 sAMAccountName: Domain Controllers
69 isCriticalSystemObject: TRUE
70
71 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
72 objectClass: top
73 objectClass: group
74 cn: Schema Admins
75 description: Designated administrators of the schema
76 member: CN=Administrator,CN=Users,${DOMAINDN}
77 objectSid: ${DOMAINSID}-518
78 adminCount: 1
79 sAMAccountName: Schema Admins
80 isCriticalSystemObject: TRUE
81
82 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
83 objectClass: top
84 objectClass: group
85 cn: Cert Publishers
86 description: Members of this group are permitted to publish certificates to the Active Directory
87 groupType: 2147483652
88 sAMAccountType: 536870912
89 objectSid: ${DOMAINSID}-517
90 sAMAccountName: Cert Publishers
91 isCriticalSystemObject: TRUE
92
93 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
94 objectClass: top
95 objectClass: group
96 cn: Domain Admins
97 description: Designated administrators of the domain
98 member: CN=Administrator,CN=Users,${DOMAINDN}
99 objectSid: ${DOMAINSID}-512
100 adminCount: 1
101 sAMAccountName: Domain Admins
102 isCriticalSystemObject: TRUE
103
104 dn: CN=Domain Users,CN=Users,${DOMAINDN}
105 objectClass: top
106 objectClass: group
107 cn: Domain Users
108 description: All domain users
109 objectSid: ${DOMAINSID}-513
110 sAMAccountName: Domain Users
111 isCriticalSystemObject: TRUE
112
113 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
114 objectClass: top
115 objectClass: group
116 cn: Domain Guests
117 description: All domain guests
118 objectSid: ${DOMAINSID}-514
119 sAMAccountName: Domain Guests
120 isCriticalSystemObject: TRUE
121
122 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
123 objectClass: top
124 objectClass: group
125 cn: Group Policy Creator Owners
126 description: Members in this group can modify group policy for the domain
127 member: CN=Administrator,CN=Users,${DOMAINDN}
128 objectSid: ${DOMAINSID}-520
129 sAMAccountName: Group Policy Creator Owners
130 isCriticalSystemObject: TRUE
131
132 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
133 objectClass: top
134 objectClass: group
135 cn: RAS and IAS Servers
136 description: Servers in this group can access remote access properties of users
137 objectSid: ${DOMAINSID}-553
138 sAMAccountName: RAS and IAS Servers
139 sAMAccountType: 536870912
140 groupType: 2147483652
141 isCriticalSystemObject: TRUE
142
143 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
144 objectClass: top
145 objectClass: group
146 cn: Administrators
147 description: Administrators have complete and unrestricted access to the computer/domain
148 member: CN=Domain Admins,CN=Users,${DOMAINDN}
149 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
150 member: CN=Administrator,CN=Users,${DOMAINDN}
151 objectSid: S-1-5-32-544
152 adminCount: 1
153 sAMAccountName: Administrators
154 sAMAccountType: 536870912
155 systemFlags: 2348810240
156 groupType: 2147483653
157 isCriticalSystemObject: TRUE
158 privilege: SeSecurityPrivilege
159 privilege: SeBackupPrivilege
160 privilege: SeRestorePrivilege
161 privilege: SeSystemtimePrivilege
162 privilege: SeShutdownPrivilege
163 privilege: SeRemoteShutdownPrivilege
164 privilege: SeTakeOwnershipPrivilege
165 privilege: SeDebugPrivilege
166 privilege: SeSystemEnvironmentPrivilege
167 privilege: SeSystemProfilePrivilege
168 privilege: SeProfileSingleProcessPrivilege
169 privilege: SeIncreaseBasePriorityPrivilege
170 privilege: SeLoadDriverPrivilege
171 privilege: SeCreatePagefilePrivilege
172 privilege: SeIncreaseQuotaPrivilege
173 privilege: SeChangeNotifyPrivilege
174 privilege: SeUndockPrivilege
175 privilege: SeManageVolumePrivilege
176 privilege: SeImpersonatePrivilege
177 privilege: SeCreateGlobalPrivilege
178 privilege: SeEnableDelegationPrivilege
179 privilege: SeInteractiveLogonRight
180 privilege: SeNetworkLogonRight
181 privilege: SeRemoteInteractiveLogonRight
182
183 dn: CN=Users,CN=Builtin,${DOMAINDN}
184 objectClass: top
185 objectClass: group
186 cn: Users
187 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
188 member: CN=Domain Users,CN=Users,${DOMAINDN}
189 objectSid: S-1-5-32-545
190 sAMAccountName: Users
191 sAMAccountType: 536870912
192 systemFlags: 2348810240
193 groupType: 2147483653
194 isCriticalSystemObject: TRUE
195
196 dn: CN=Guests,CN=Builtin,${DOMAINDN}
197 objectClass: top
198 objectClass: group
199 cn: Guests
200 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
201 member: CN=Domain Guests,CN=Users,${DOMAINDN}
202 member: CN=Guest,CN=Users,${DOMAINDN}
203 objectSid: S-1-5-32-546
204 sAMAccountName: Guests
205 sAMAccountType: 536870912
206 systemFlags: 2348810240
207 groupType: 2147483653
208 isCriticalSystemObject: TRUE
209
210 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
211 objectClass: top
212 objectClass: group
213 cn: Print Operators
214 description: Members can administer domain printers
215 objectSid: S-1-5-32-550
216 adminCount: 1
217 sAMAccountName: Print Operators
218 sAMAccountType: 536870912
219 systemFlags: 2348810240
220 groupType: 2147483653
221 isCriticalSystemObject: TRUE
222 privilege: SeLoadDriverPrivilege
223 privilege: SeShutdownPrivilege
224 privilege: SeInteractiveLogonRight
225
226 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
227 objectClass: top
228 objectClass: group
229 cn: Backup Operators
230 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
231 objectSid: S-1-5-32-551
232 adminCount: 1
233 sAMAccountName: Backup Operators
234 sAMAccountType: 536870912
235 systemFlags: 2348810240
236 groupType: 2147483653
237 isCriticalSystemObject: TRUE
238 privilege: SeBackupPrivilege
239 privilege: SeRestorePrivilege
240 privilege: SeShutdownPrivilege
241 privilege: SeInteractiveLogonRight
242
243 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
244 objectClass: top
245 objectClass: group
246 cn: Replicator
247 description: Supports file replication in a domain
248 objectSid: S-1-5-32-552
249 adminCount: 1
250 sAMAccountName: Replicator
251 sAMAccountType: 536870912
252 systemFlags: 2348810240
253 groupType: 2147483653
254 isCriticalSystemObject: TRUE
255
256 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
257 objectClass: top
258 objectClass: group
259 cn: Remote Desktop Users
260 description: Members in this group are granted the right to logon remotely
261 objectSid: S-1-5-32-555
262 sAMAccountName: Remote Desktop Users
263 sAMAccountType: 536870912
264 systemFlags: 2348810240
265 groupType: 2147483653
266 isCriticalSystemObject: TRUE
267
268 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
269 objectClass: top
270 objectClass: group
271 cn: Network Configuration Operators
272 description: Members in this group can have some administrative privileges to manage configuration of networking features
273 objectSid: S-1-5-32-556
274 sAMAccountName: Network Configuration Operators
275 sAMAccountType: 536870912
276 systemFlags: 2348810240
277 groupType: 2147483653
278 isCriticalSystemObject: TRUE
279
280 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
281 objectClass: top
282 objectClass: group
283 cn: Performance Monitor Users
284 description: Members of this group have remote access to monitor this computer
285 objectSid: S-1-5-32-558
286 sAMAccountName: Performance Monitor Users
287 sAMAccountType: 536870912
288 systemFlags: 2348810240
289 groupType: 2147483653
290 isCriticalSystemObject: TRUE
291
292 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
293 objectClass: top
294 objectClass: group
295 cn: Performance Log Users
296 description: Members of this group have remote access to schedule logging of performance counters on this computer
297 objectSid: S-1-5-32-559
298 sAMAccountName: Performance Log Users
299 sAMAccountType: 536870912
300 systemFlags: 2348810240
301 groupType: 2147483653
302 isCriticalSystemObject: TRUE
303
304 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
305 objectClass: top
306 objectClass: group
307 cn: Server Operators
308 description: Members can administer domain servers
309 objectSid: S-1-5-32-549
310 adminCount: 1
311 sAMAccountName: Server Operators
312 sAMAccountType: 536870912
313 systemFlags: 2348810240
314 groupType: 2147483653
315 isCriticalSystemObject: TRUE
316 privilege: SeBackupPrivilege
317 privilege: SeSystemtimePrivilege
318 privilege: SeRemoteShutdownPrivilege
319 privilege: SeRestorePrivilege
320 privilege: SeShutdownPrivilege
321 privilege: SeInteractiveLogonRight
322
323 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
324 objectClass: top
325 objectClass: group
326 cn: Account Operators
327 description: Members can administer domain user and group accounts
328 objectSid: S-1-5-32-548
329 adminCount: 1
330 sAMAccountName: Account Operators
331 sAMAccountType: 536870912
332 systemFlags: 2348810240
333 groupType: 2147483653
334 isCriticalSystemObject: TRUE
335 privilege: SeInteractiveLogonRight
336
337 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
338 objectClass: top
339 objectClass: group
340 cn: Pre-Windows 2000 Compatible Access
341 description: A backward compatibility group which allows read access on all users and groups in the domain
342 objectSid: S-1-5-32-554
343 sAMAccountName: Pre-Windows 2000 Compatible Access
344 sAMAccountType: 536870912
345 systemFlags: 2348810240
346 groupType: 2147483653
347 isCriticalSystemObject: TRUE
348 privilege: SeRemoteInteractiveLogonRight
349 privilege: SeChangeNotifyPrivilege
350
351 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
352 objectClass: top
353 objectClass: group
354 cn: Incoming Forest Trust Builders
355 description: Members of this group can create incoming, one-way trusts to this forest
356 objectSid: S-1-5-32-557
357 sAMAccountName: Incoming Forest Trust Builders
358 sAMAccountType: 536870912
359 systemFlags: 2348810240
360 groupType: 2147483653
361 isCriticalSystemObject: TRUE
362
363 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
364 objectClass: top
365 objectClass: group
366 cn: Windows Authorization Access Group
367 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
368 objectSid: S-1-5-32-560
369 sAMAccountName: Windows Authorization Access Group
370 sAMAccountType: 536870912
371 systemFlags: 2348810240
372 groupType: 2147483653
373 isCriticalSystemObject: TRUE
374
375 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
376 objectClass: top
377 objectClass: group
378 cn: Terminal Server License Servers
379 description: Terminal Server License Servers
380 objectSid: S-1-5-32-561
381 sAMAccountName: Terminal Server License Servers
382 sAMAccountType: 536870912
383 systemFlags: 2348810240
384 groupType: 2147483653
385 isCriticalSystemObject: TRUE
386
387 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
388 objectClass: top
389 objectClass: group
390 cn: Distributed COM Users
391 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
392 objectSid: S-1-5-32-562
393 sAMAccountName: Distributed COM Users
394 sAMAccountType: 536870912
395 systemFlags: 2348810240
396 groupType: 2147483653
397 isCriticalSystemObject: TRUE
398
399 dn: CN=WellKnown Security Principals,${CONFIGDN}
400 objectClass: top
401 objectClass: container
402 cn: WellKnown Security Principals
403 systemFlags: 2147483648
404 showInAdvancedViewOnly: TRUE
405
406 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
407 objectClass: top
408 objectClass: foreignSecurityPrincipal
409 cn: Anonymous Logon
410 objectSid: S-1-5-7
411 showInAdvancedViewOnly: TRUE
412
413 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
414 objectClass: top
415 objectClass: foreignSecurityPrincipal
416 cn: Authenticated Users
417 objectSid: S-1-5-11
418 showInAdvancedViewOnly: TRUE
419
420 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
421 objectClass: top
422 objectClass: foreignSecurityPrincipal
423 cn: Batch
424 objectSid: S-1-5-3
425 showInAdvancedViewOnly: TRUE
426
427 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
428 objectClass: top
429 objectClass: foreignSecurityPrincipal
430 cn: Creator Group
431 objectSid: S-1-3-1
432 showInAdvancedViewOnly: TRUE
433
434 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
435 objectClass: top
436 objectClass: foreignSecurityPrincipal
437 cn: Creator Owner
438 objectSid: S-1-3-0
439 showInAdvancedViewOnly: TRUE
440
441 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
442 objectClass: top
443 objectClass: foreignSecurityPrincipal
444 cn: Dialup
445 objectSid: S-1-5-1
446 showInAdvancedViewOnly: TRUE
447
448 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
449 objectClass: top
450 objectClass: foreignSecurityPrincipal
451 cn: Digest Authentication
452 objectSid: S-1-5-64-21
453 showInAdvancedViewOnly: TRUE
454
455 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
456 objectClass: top
457 objectClass: foreignSecurityPrincipal
458 cn: Enterprise Domain Controllers
459 objectSid: S-1-5-9
460 showInAdvancedViewOnly: TRUE
461
462 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
463 objectClass: top
464 objectClass: foreignSecurityPrincipal
465 cn: Everyone
466 objectSid: S-1-1-0
467 showInAdvancedViewOnly: TRUE
468
469 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
470 objectClass: top
471 objectClass: foreignSecurityPrincipal
472 cn: Interactive
473 objectSid: S-1-5-4
474 showInAdvancedViewOnly: TRUE
475
476 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
477 objectClass: top
478 objectClass: foreignSecurityPrincipal
479 cn: Local Service
480 objectSid: S-1-5-19
481 showInAdvancedViewOnly: TRUE
482
483 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
484 objectClass: top
485 objectClass: foreignSecurityPrincipal
486 cn: Network
487 objectSid: S-1-5-2
488 showInAdvancedViewOnly: TRUE
489
490 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
491 objectClass: top
492 objectClass: foreignSecurityPrincipal
493 cn: Network Service
494 objectSid: S-1-5-20
495 showInAdvancedViewOnly: TRUE
496
497 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
498 objectClass: top
499 objectClass: foreignSecurityPrincipal
500 cn: NTLM Authentication
501 objectSid: S-1-5-64-10
502 showInAdvancedViewOnly: TRUE
503
504 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
505 objectClass: top
506 objectClass: foreignSecurityPrincipal
507 cn: Other Organization
508 objectSid: S-1-5-1000
509 showInAdvancedViewOnly: TRUE
510
511 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
512 objectClass: top
513 objectClass: foreignSecurityPrincipal
514 cn: Proxy
515 objectSid: S-1-5-8
516 showInAdvancedViewOnly: TRUE
517
518 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
519 objectClass: top
520 objectClass: foreignSecurityPrincipal
521 cn: Remote Interactive Logon
522 objectSid: S-1-5-14
523 showInAdvancedViewOnly: TRUE
524
525 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
526 objectClass: top
527 objectClass: foreignSecurityPrincipal
528 cn: Restricted
529 objectSid: S-1-5-12
530 showInAdvancedViewOnly: TRUE
531
532 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
533 objectClass: top
534 objectClass: foreignSecurityPrincipal
535 cn: SChannel Authentication
536 objectSid: S-1-5-64-14
537 showInAdvancedViewOnly: TRUE
538
539 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
540 objectClass: top
541 objectClass: foreignSecurityPrincipal
542 cn: Self
543 objectSid: S-1-5-10
544 showInAdvancedViewOnly: TRUE
545
546 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
547 objectClass: top
548 objectClass: foreignSecurityPrincipal
549 cn: Service
550 objectSid: S-1-5-6
551 showInAdvancedViewOnly: TRUE
552
553 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
554 objectClass: top
555 objectClass: foreignSecurityPrincipal
556 cn: Terminal Server User
557 objectSid: S-1-5-13
558 showInAdvancedViewOnly: TRUE
559
560 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
561 objectClass: top
562 objectClass: foreignSecurityPrincipal
563 cn: This Organization
564 objectSid: S-1-5-15
565 showInAdvancedViewOnly: TRUE
566
567 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
568 objectClass: top
569 objectClass: foreignSecurityPrincipal
570 cn: Well-Known-Security-Id-System
571 objectSid: S-1-5-18
572 showInAdvancedViewOnly: TRUE
573
Samba Shared Repository