1 dn: CN=Administrator,CN=Users,${DOMAINDN}
4 description: Built-in account for administering the computer/domain
5 memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
6 memberOf: CN=Domain Admins,CN=Users,${DOMAINDN}
7 memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN}
8 memberOf: CN=Schema Admins,CN=Users,${DOMAINDN}
9 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
10 userAccountControl: 66048
11 objectSid: ${DOMAINSID}-500
14 sAMAccountName: Administrator
15 isCriticalSystemObject: TRUE
16 sambaPassword: ${ADMINPASS}
18 dn: CN=Guest,CN=Users,${DOMAINDN}
21 description: Built-in account for guest access to the computer/domain
22 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
23 userAccountControl: 66082
25 objectSid: ${DOMAINSID}-501
27 isCriticalSystemObject: TRUE
29 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
33 description: Administrators have complete and unrestricted access to the computer/domain
34 member: CN=Domain Admins,CN=Users,${DOMAINDN}
35 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
36 member: CN=Administrator,CN=Users,${DOMAINDN}
37 objectSid: S-1-5-32-544
39 sAMAccountName: Administrators
40 sAMAccountType: 536870912
41 systemFlags: 2348810240
43 isCriticalSystemObject: TRUE
44 privilege: SeSecurityPrivilege
45 privilege: SeBackupPrivilege
46 privilege: SeRestorePrivilege
47 privilege: SeSystemtimePrivilege
48 privilege: SeShutdownPrivilege
49 privilege: SeRemoteShutdownPrivilege
50 privilege: SeTakeOwnershipPrivilege
51 privilege: SeDebugPrivilege
52 privilege: SeSystemEnvironmentPrivilege
53 privilege: SeSystemProfilePrivilege
54 privilege: SeProfileSingleProcessPrivilege
55 privilege: SeIncreaseBasePriorityPrivilege
56 privilege: SeLoadDriverPrivilege
57 privilege: SeCreatePagefilePrivilege
58 privilege: SeIncreaseQuotaPrivilege
59 privilege: SeChangeNotifyPrivilege
60 privilege: SeUndockPrivilege
61 privilege: SeManageVolumePrivilege
62 privilege: SeImpersonatePrivilege
63 privilege: SeCreateGlobalPrivilege
64 privilege: SeEnableDelegationPrivilege
65 privilege: SeInteractiveLogonRight
66 privilege: SeNetworkLogonRight
67 privilege: SeRemoteInteractiveLogonRight
69 dn: CN=Users,CN=Builtin,${DOMAINDN}
73 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
74 member: CN=Domain Users,CN=Users,${DOMAINDN}
75 objectSid: S-1-5-32-545
77 sAMAccountType: 536870912
78 systemFlags: 2348810240
80 isCriticalSystemObject: TRUE
82 dn: CN=Guests,CN=Builtin,${DOMAINDN}
86 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
87 member: CN=Domain Guests,CN=Users,${DOMAINDN}
88 member: CN=Guest,CN=Users,${DOMAINDN}
89 objectSid: S-1-5-32-546
90 sAMAccountName: Guests
91 sAMAccountType: 536870912
92 systemFlags: 2348810240
94 isCriticalSystemObject: TRUE
96 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
100 description: Members can administer domain printers
101 objectSid: S-1-5-32-550
103 sAMAccountName: Print Operators
104 sAMAccountType: 536870912
105 systemFlags: 2348810240
106 groupType: 2147483653
107 isCriticalSystemObject: TRUE
108 privilege: SeLoadDriverPrivilege
109 privilege: SeShutdownPrivilege
110 privilege: SeInteractiveLogonRight
112 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
116 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
117 objectSid: S-1-5-32-551
119 sAMAccountName: Backup Operators
120 sAMAccountType: 536870912
121 systemFlags: 2348810240
122 groupType: 2147483653
123 isCriticalSystemObject: TRUE
124 privilege: SeBackupPrivilege
125 privilege: SeRestorePrivilege
126 privilege: SeShutdownPrivilege
127 privilege: SeInteractiveLogonRight
129 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
133 description: Supports file replication in a domain
134 objectSid: S-1-5-32-552
136 sAMAccountName: Replicator
137 sAMAccountType: 536870912
138 systemFlags: 2348810240
139 groupType: 2147483653
140 isCriticalSystemObject: TRUE
142 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
145 cn: Remote Desktop Users
146 description: Members in this group are granted the right to logon remotely
147 objectSid: S-1-5-32-555
148 sAMAccountName: Remote Desktop Users
149 sAMAccountType: 536870912
150 systemFlags: 2348810240
151 groupType: 2147483653
152 isCriticalSystemObject: TRUE
154 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
157 cn: Network Configuration Operators
158 description: Members in this group can have some administrative privileges to manage configuration of networking features
159 objectSid: S-1-5-32-556
160 sAMAccountName: Network Configuration Operators
161 sAMAccountType: 536870912
162 systemFlags: 2348810240
163 groupType: 2147483653
164 isCriticalSystemObject: TRUE
166 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
169 cn: Performance Monitor Users
170 description: Members of this group have remote access to monitor this computer
171 objectSid: S-1-5-32-558
172 sAMAccountName: Performance Monitor Users
173 sAMAccountType: 536870912
174 systemFlags: 2348810240
175 groupType: 2147483653
176 isCriticalSystemObject: TRUE
178 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
181 cn: Performance Log Users
182 description: Members of this group have remote access to schedule logging of performance counters on this computer
183 objectSid: S-1-5-32-559
184 sAMAccountName: Performance Log Users
185 sAMAccountType: 536870912
186 systemFlags: 2348810240
187 groupType: 2147483653
188 isCriticalSystemObject: TRUE
190 dn: CN=krbtgt,CN=Users,${DOMAINDN}
193 objectClass: organizationalPerson
196 description: Key Distribution Center Service Account
197 showInAdvancedViewOnly: TRUE
198 userAccountControl: 514
199 objectSid: ${DOMAINSID}-502
201 accountExpires: 9223372036854775807
202 sAMAccountName: krbtgt
203 sAMAccountType: 805306368
204 servicePrincipalName: kadmin/changepw
205 isCriticalSystemObject: TRUE
206 sambaPassword: ${KRBTGTPASS}
208 dn: CN=dns,CN=Users,${DOMAINDN}
211 objectClass: organizationalPerson
214 description: DNS Service Account
215 showInAdvancedViewOnly: TRUE
216 userAccountControl: 514
217 accountExpires: 9223372036854775807
219 sAMAccountType: 805306368
220 servicePrincipalName: DNS/${DNSDOMAIN}
221 isCriticalSystemObject: TRUE
222 sambaPassword: ${DNSPASS}
224 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
228 description: All workstations and servers joined to the domain
229 objectSid: ${DOMAINSID}-515
230 sAMAccountName: Domain Computers
231 isCriticalSystemObject: TRUE
233 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
236 cn: Domain Controllers
237 description: All domain controllers in the domain
238 objectSid: ${DOMAINSID}-516
240 sAMAccountName: Domain Controllers
241 isCriticalSystemObject: TRUE
243 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
247 description: Designated administrators of the schema
248 member: CN=Administrator,CN=Users,${DOMAINDN}
249 objectSid: ${DOMAINSID}-518
251 sAMAccountName: Schema Admins
252 isCriticalSystemObject: TRUE
254 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
257 cn: Enterprise Admins
258 description: Designated administrators of the enterprise
259 member: CN=Administrator,CN=Users,${DOMAINDN}
260 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
261 objectSid: ${DOMAINSID}-519
263 sAMAccountName: Enterprise Admins
264 isCriticalSystemObject: TRUE
266 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
270 description: Members of this group are permitted to publish certificates to the Active Directory
271 groupType: 2147483652
272 sAMAccountType: 536870912
273 objectSid: ${DOMAINSID}-517
274 sAMAccountName: Cert Publishers
275 isCriticalSystemObject: TRUE
277 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
281 description: Designated administrators of the domain
282 member: CN=Administrator,CN=Users,${DOMAINDN}
283 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
284 objectSid: ${DOMAINSID}-512
286 sAMAccountName: Domain Admins
287 isCriticalSystemObject: TRUE
289 dn: CN=Domain Users,CN=Users,${DOMAINDN}
293 description: All domain users
294 memberOf: CN=Users,CN=Builtin,${DOMAINDN}
295 objectSid: ${DOMAINSID}-513
296 sAMAccountName: Domain Users
297 isCriticalSystemObject: TRUE
299 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
303 description: All domain guests
304 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
305 objectSid: ${DOMAINSID}-514
306 sAMAccountName: Domain Guests
307 isCriticalSystemObject: TRUE
309 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
312 cn: Group Policy Creator Owners
313 description: Members in this group can modify group policy for the domain
314 member: CN=Administrator,CN=Users,${DOMAINDN}
315 objectSid: ${DOMAINSID}-520
316 sAMAccountName: Group Policy Creator Owners
317 isCriticalSystemObject: TRUE
319 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
322 cn: RAS and IAS Servers
323 description: Servers in this group can access remote access properties of users
325 objectSid: ${DOMAINSID}-553
326 sAMAccountName: RAS and IAS Servers
327 sAMAccountType: 536870912
328 groupType: 2147483652
329 isCriticalSystemObject: TRUE
331 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
335 description: Members can administer domain servers
337 objectSid: S-1-5-32-549
339 sAMAccountName: Server Operators
340 sAMAccountType: 536870912
341 systemFlags: 2348810240
342 groupType: 2147483653
343 isCriticalSystemObject: TRUE
344 privilege: SeBackupPrivilege
345 privilege: SeSystemtimePrivilege
346 privilege: SeRemoteShutdownPrivilege
347 privilege: SeRestorePrivilege
348 privilege: SeShutdownPrivilege
349 privilege: SeInteractiveLogonRight
351 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
354 cn: Account Operators
355 description: Members can administer domain user and group accounts
357 objectSid: S-1-5-32-548
359 sAMAccountName: Account Operators
360 sAMAccountType: 536870912
361 systemFlags: 2348810240
362 groupType: 2147483653
363 isCriticalSystemObject: TRUE
364 privilege: SeInteractiveLogonRight
366 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
369 cn: Pre-Windows 2000 Compatible Access
370 description: A backward compatibility group which allows read access on all users and groups in the domain
371 objectSid: S-1-5-32-554
372 sAMAccountName: Pre-Windows 2000 Compatible Access
373 sAMAccountType: 536870912
374 systemFlags: 2348810240
375 groupType: 2147483653
376 isCriticalSystemObject: TRUE
377 privilege: SeRemoteInteractiveLogonRight
378 privilege: SeChangeNotifyPrivilege
380 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
383 cn: Incoming Forest Trust Builders
384 description: Members of this group can create incoming, one-way trusts to this forest
385 objectSid: S-1-5-32-557
386 sAMAccountName: Incoming Forest Trust Builders
387 sAMAccountType: 536870912
388 systemFlags: 2348810240
389 groupType: 2147483653
390 isCriticalSystemObject: TRUE
392 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
395 cn: Windows Authorization Access Group
396 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
397 objectSid: S-1-5-32-560
398 sAMAccountName: Windows Authorization Access Group
399 sAMAccountType: 536870912
400 systemFlags: 2348810240
401 groupType: 2147483653
402 isCriticalSystemObject: TRUE
404 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
407 cn: Terminal Server License Servers
408 description: Terminal Server License Servers
409 objectSid: S-1-5-32-561
410 sAMAccountName: Terminal Server License Servers
411 sAMAccountType: 536870912
412 systemFlags: 2348810240
413 groupType: 2147483653
414 isCriticalSystemObject: TRUE
416 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
419 cn: Distributed COM Users
420 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
421 objectSid: S-1-5-32-562
422 sAMAccountName: Distributed COM Users
423 sAMAccountType: 536870912
424 systemFlags: 2348810240
425 groupType: 2147483653
426 isCriticalSystemObject: TRUE
428 dn: CN=WellKnown Security Principals,${CONFIGDN}
430 objectClass: container
431 cn: WellKnown Security Principals
432 systemFlags: 2147483648
433 showInAdvancedViewOnly: TRUE
435 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
437 objectClass: foreignSecurityPrincipal
440 showInAdvancedViewOnly: TRUE
442 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
444 objectClass: foreignSecurityPrincipal
445 cn: Authenticated Users
447 showInAdvancedViewOnly: TRUE
449 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
451 objectClass: foreignSecurityPrincipal
454 showInAdvancedViewOnly: TRUE
456 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
458 objectClass: foreignSecurityPrincipal
461 showInAdvancedViewOnly: TRUE
463 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
465 objectClass: foreignSecurityPrincipal
468 showInAdvancedViewOnly: TRUE
470 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
472 objectClass: foreignSecurityPrincipal
475 showInAdvancedViewOnly: TRUE
477 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
479 objectClass: foreignSecurityPrincipal
480 cn: Digest Authentication
481 objectSid: S-1-5-64-21
482 showInAdvancedViewOnly: TRUE
484 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
486 objectClass: foreignSecurityPrincipal
487 cn: Enterprise Domain Controllers
489 showInAdvancedViewOnly: TRUE
491 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
493 objectClass: foreignSecurityPrincipal
496 showInAdvancedViewOnly: TRUE
498 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
500 objectClass: foreignSecurityPrincipal
503 showInAdvancedViewOnly: TRUE
505 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
507 objectClass: foreignSecurityPrincipal
510 showInAdvancedViewOnly: TRUE
512 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
514 objectClass: foreignSecurityPrincipal
517 showInAdvancedViewOnly: TRUE
519 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
521 objectClass: foreignSecurityPrincipal
524 showInAdvancedViewOnly: TRUE
526 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
528 objectClass: foreignSecurityPrincipal
529 cn: NTLM Authentication
530 objectSid: S-1-5-64-10
531 showInAdvancedViewOnly: TRUE
533 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
535 objectClass: foreignSecurityPrincipal
536 cn: Other Organization
537 objectSid: S-1-5-1000
538 showInAdvancedViewOnly: TRUE
540 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
542 objectClass: foreignSecurityPrincipal
545 showInAdvancedViewOnly: TRUE
547 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
549 objectClass: foreignSecurityPrincipal
550 cn: Remote Interactive Logon
552 showInAdvancedViewOnly: TRUE
554 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
556 objectClass: foreignSecurityPrincipal
559 showInAdvancedViewOnly: TRUE
561 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
563 objectClass: foreignSecurityPrincipal
564 cn: SChannel Authentication
565 objectSid: S-1-5-64-14
566 showInAdvancedViewOnly: TRUE
568 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
570 objectClass: foreignSecurityPrincipal
573 showInAdvancedViewOnly: TRUE
575 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
577 objectClass: foreignSecurityPrincipal
580 showInAdvancedViewOnly: TRUE
582 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
584 objectClass: foreignSecurityPrincipal
585 cn: Terminal Server User
587 showInAdvancedViewOnly: TRUE
589 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
591 objectClass: foreignSecurityPrincipal
592 cn: This Organization
594 showInAdvancedViewOnly: TRUE
596 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
598 objectClass: foreignSecurityPrincipal
599 cn: Well-Known-Security-Id-System
601 showInAdvancedViewOnly: TRUE