git.samba.org / samba.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
r24729: First try and publishing a DNS service account, for folks to play with.
[samba.git] / source4 / setup / provision_users.ldif
1 dn: CN=Administrator,CN=Users,${DOMAINDN}
2 objectClass: user
3 cn: Administrator
4 description: Built-in account for administering the computer/domain
5 memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
6 memberOf: CN=Domain Admins,CN=Users,${DOMAINDN}
7 memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN}
8 memberOf: CN=Schema Admins,CN=Users,${DOMAINDN}
9 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
10 userAccountControl: 66048
11 objectSid: ${DOMAINSID}-500
12 adminCount: 1
13 accountExpires: -1
14 sAMAccountName: Administrator
15 isCriticalSystemObject: TRUE
16 sambaPassword: ${ADMINPASS}
17
18 dn: CN=Guest,CN=Users,${DOMAINDN}
19 objectClass: user
20 cn: Guest
21 description: Built-in account for guest access to the computer/domain
22 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
23 userAccountControl: 66082
24 primaryGroupID: 514
25 objectSid: ${DOMAINSID}-501
26 sAMAccountName: Guest
27 isCriticalSystemObject: TRUE
28
29 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
30 objectClass: top
31 objectClass: group
32 cn: Administrators
33 description: Administrators have complete and unrestricted access to the computer/domain
34 member: CN=Domain Admins,CN=Users,${DOMAINDN}
35 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
36 member: CN=Administrator,CN=Users,${DOMAINDN}
37 objectSid: S-1-5-32-544
38 adminCount: 1
39 sAMAccountName: Administrators
40 sAMAccountType: 536870912
41 systemFlags: 2348810240
42 groupType: 2147483653
43 isCriticalSystemObject: TRUE
44 privilege: SeSecurityPrivilege
45 privilege: SeBackupPrivilege
46 privilege: SeRestorePrivilege
47 privilege: SeSystemtimePrivilege
48 privilege: SeShutdownPrivilege
49 privilege: SeRemoteShutdownPrivilege
50 privilege: SeTakeOwnershipPrivilege
51 privilege: SeDebugPrivilege
52 privilege: SeSystemEnvironmentPrivilege
53 privilege: SeSystemProfilePrivilege
54 privilege: SeProfileSingleProcessPrivilege
55 privilege: SeIncreaseBasePriorityPrivilege
56 privilege: SeLoadDriverPrivilege
57 privilege: SeCreatePagefilePrivilege
58 privilege: SeIncreaseQuotaPrivilege
59 privilege: SeChangeNotifyPrivilege
60 privilege: SeUndockPrivilege
61 privilege: SeManageVolumePrivilege
62 privilege: SeImpersonatePrivilege
63 privilege: SeCreateGlobalPrivilege
64 privilege: SeEnableDelegationPrivilege
65 privilege: SeInteractiveLogonRight
66 privilege: SeNetworkLogonRight
67 privilege: SeRemoteInteractiveLogonRight
68
69 dn: CN=Users,CN=Builtin,${DOMAINDN}
70 objectClass: top
71 objectClass: group
72 cn: Users
73 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
74 member: CN=Domain Users,CN=Users,${DOMAINDN}
75 objectSid: S-1-5-32-545
76 sAMAccountName: Users
77 sAMAccountType: 536870912
78 systemFlags: 2348810240
79 groupType: 2147483653
80 isCriticalSystemObject: TRUE
81
82 dn: CN=Guests,CN=Builtin,${DOMAINDN}
83 objectClass: top
84 objectClass: group
85 cn: Guests
86 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
87 member: CN=Domain Guests,CN=Users,${DOMAINDN}
88 member: CN=Guest,CN=Users,${DOMAINDN}
89 objectSid: S-1-5-32-546
90 sAMAccountName: Guests
91 sAMAccountType: 536870912
92 systemFlags: 2348810240
93 groupType: 2147483653
94 isCriticalSystemObject: TRUE
95
96 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
97 objectClass: top
98 objectClass: group
99 cn: Print Operators
100 description: Members can administer domain printers
101 objectSid: S-1-5-32-550
102 adminCount: 1
103 sAMAccountName: Print Operators
104 sAMAccountType: 536870912
105 systemFlags: 2348810240
106 groupType: 2147483653
107 isCriticalSystemObject: TRUE
108 privilege: SeLoadDriverPrivilege
109 privilege: SeShutdownPrivilege
110 privilege: SeInteractiveLogonRight
111
112 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
113 objectClass: top
114 objectClass: group
115 cn: Backup Operators
116 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
117 objectSid: S-1-5-32-551
118 adminCount: 1
119 sAMAccountName: Backup Operators
120 sAMAccountType: 536870912
121 systemFlags: 2348810240
122 groupType: 2147483653
123 isCriticalSystemObject: TRUE
124 privilege: SeBackupPrivilege
125 privilege: SeRestorePrivilege
126 privilege: SeShutdownPrivilege
127 privilege: SeInteractiveLogonRight
128
129 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
130 objectClass: top
131 objectClass: group
132 cn: Replicator
133 description: Supports file replication in a domain
134 objectSid: S-1-5-32-552
135 adminCount: 1
136 sAMAccountName: Replicator
137 sAMAccountType: 536870912
138 systemFlags: 2348810240
139 groupType: 2147483653
140 isCriticalSystemObject: TRUE
141
142 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
143 objectClass: top
144 objectClass: group
145 cn: Remote Desktop Users
146 description: Members in this group are granted the right to logon remotely
147 objectSid: S-1-5-32-555
148 sAMAccountName: Remote Desktop Users
149 sAMAccountType: 536870912
150 systemFlags: 2348810240
151 groupType: 2147483653
152 isCriticalSystemObject: TRUE
153
154 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
155 objectClass: top
156 objectClass: group
157 cn: Network Configuration Operators
158 description: Members in this group can have some administrative privileges to manage configuration of networking features
159 objectSid: S-1-5-32-556
160 sAMAccountName: Network Configuration Operators
161 sAMAccountType: 536870912
162 systemFlags: 2348810240
163 groupType: 2147483653
164 isCriticalSystemObject: TRUE
165
166 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
167 objectClass: top
168 objectClass: group
169 cn: Performance Monitor Users
170 description: Members of this group have remote access to monitor this computer
171 objectSid: S-1-5-32-558
172 sAMAccountName: Performance Monitor Users
173 sAMAccountType: 536870912
174 systemFlags: 2348810240
175 groupType: 2147483653
176 isCriticalSystemObject: TRUE
177
178 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
179 objectClass: top
180 objectClass: group
181 cn: Performance Log Users
182 description: Members of this group have remote access to schedule logging of performance counters on this computer
183 objectSid: S-1-5-32-559
184 sAMAccountName: Performance Log Users
185 sAMAccountType: 536870912
186 systemFlags: 2348810240
187 groupType: 2147483653
188 isCriticalSystemObject: TRUE
189
190 dn: CN=krbtgt,CN=Users,${DOMAINDN}
191 objectClass: top
192 objectClass: person
193 objectClass: organizationalPerson
194 objectClass: user
195 cn: krbtgt
196 description: Key Distribution Center Service Account
197 showInAdvancedViewOnly: TRUE
198 userAccountControl: 514
199 objectSid: ${DOMAINSID}-502
200 adminCount: 1
201 accountExpires: 9223372036854775807
202 sAMAccountName: krbtgt
203 sAMAccountType: 805306368
204 servicePrincipalName: kadmin/changepw
205 isCriticalSystemObject: TRUE
206 sambaPassword: ${KRBTGTPASS}
207
208 dn: CN=dns,CN=Users,${DOMAINDN}
209 objectClass: top
210 objectClass: person
211 objectClass: organizationalPerson
212 objectClass: user
213 cn: dns
214 description: DNS Service Account
215 showInAdvancedViewOnly: TRUE
216 userAccountControl: 514
217 accountExpires: 9223372036854775807
218 sAMAccountName: dns
219 sAMAccountType: 805306368
220 servicePrincipalName: DNS/${DNSDOMAIN}
221 isCriticalSystemObject: TRUE
222 sambaPassword: ${DNSPASS}
223
224 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
225 objectClass: top
226 objectClass: group
227 cn: Domain Computers
228 description: All workstations and servers joined to the domain
229 objectSid: ${DOMAINSID}-515
230 sAMAccountName: Domain Computers
231 isCriticalSystemObject: TRUE
232
233 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
234 objectClass: top
235 objectClass: group
236 cn: Domain Controllers
237 description: All domain controllers in the domain
238 objectSid: ${DOMAINSID}-516
239 adminCount: 1
240 sAMAccountName: Domain Controllers
241 isCriticalSystemObject: TRUE
242
243 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
244 objectClass: top
245 objectClass: group
246 cn: Schema Admins
247 description: Designated administrators of the schema
248 member: CN=Administrator,CN=Users,${DOMAINDN}
249 objectSid: ${DOMAINSID}-518
250 adminCount: 1
251 sAMAccountName: Schema Admins
252 isCriticalSystemObject: TRUE
253
254 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
255 objectClass: top
256 objectClass: group
257 cn: Enterprise Admins
258 description: Designated administrators of the enterprise
259 member: CN=Administrator,CN=Users,${DOMAINDN}
260 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
261 objectSid: ${DOMAINSID}-519
262 adminCount: 1
263 sAMAccountName: Enterprise Admins
264 isCriticalSystemObject: TRUE
265
266 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
267 objectClass: top
268 objectClass: group
269 cn: Cert Publishers
270 description: Members of this group are permitted to publish certificates to the Active Directory
271 groupType: 2147483652
272 sAMAccountType: 536870912
273 objectSid: ${DOMAINSID}-517
274 sAMAccountName: Cert Publishers
275 isCriticalSystemObject: TRUE
276
277 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
278 objectClass: top
279 objectClass: group
280 cn: Domain Admins
281 description: Designated administrators of the domain
282 member: CN=Administrator,CN=Users,${DOMAINDN}
283 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
284 objectSid: ${DOMAINSID}-512
285 adminCount: 1
286 sAMAccountName: Domain Admins
287 isCriticalSystemObject: TRUE
288
289 dn: CN=Domain Users,CN=Users,${DOMAINDN}
290 objectClass: top
291 objectClass: group
292 cn: Domain Users
293 description: All domain users
294 memberOf: CN=Users,CN=Builtin,${DOMAINDN}
295 objectSid: ${DOMAINSID}-513
296 sAMAccountName: Domain Users
297 isCriticalSystemObject: TRUE
298
299 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
300 objectClass: top
301 objectClass: group
302 cn: Domain Guests
303 description: All domain guests
304 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
305 objectSid: ${DOMAINSID}-514
306 sAMAccountName: Domain Guests
307 isCriticalSystemObject: TRUE
308
309 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
310 objectClass: top
311 objectClass: group
312 cn: Group Policy Creator Owners
313 description: Members in this group can modify group policy for the domain
314 member: CN=Administrator,CN=Users,${DOMAINDN}
315 objectSid: ${DOMAINSID}-520
316 sAMAccountName: Group Policy Creator Owners
317 isCriticalSystemObject: TRUE
318
319 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
320 objectClass: top
321 objectClass: group
322 cn: RAS and IAS Servers
323 description: Servers in this group can access remote access properties of users
324 instanceType: 4
325 objectSid: ${DOMAINSID}-553
326 sAMAccountName: RAS and IAS Servers
327 sAMAccountType: 536870912
328 groupType: 2147483652
329 isCriticalSystemObject: TRUE
330
331 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
332 objectClass: top
333 objectClass: group
334 cn: Server Operators
335 description: Members can administer domain servers
336 instanceType: 4
337 objectSid: S-1-5-32-549
338 adminCount: 1
339 sAMAccountName: Server Operators
340 sAMAccountType: 536870912
341 systemFlags: 2348810240
342 groupType: 2147483653
343 isCriticalSystemObject: TRUE
344 privilege: SeBackupPrivilege
345 privilege: SeSystemtimePrivilege
346 privilege: SeRemoteShutdownPrivilege
347 privilege: SeRestorePrivilege
348 privilege: SeShutdownPrivilege
349 privilege: SeInteractiveLogonRight
350
351 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
352 objectClass: top
353 objectClass: group
354 cn: Account Operators
355 description: Members can administer domain user and group accounts
356 instanceType: 4
357 objectSid: S-1-5-32-548
358 adminCount: 1
359 sAMAccountName: Account Operators
360 sAMAccountType: 536870912
361 systemFlags: 2348810240
362 groupType: 2147483653
363 isCriticalSystemObject: TRUE
364 privilege: SeInteractiveLogonRight
365
366 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
367 objectClass: top
368 objectClass: group
369 cn: Pre-Windows 2000 Compatible Access
370 description: A backward compatibility group which allows read access on all users and groups in the domain
371 objectSid: S-1-5-32-554
372 sAMAccountName: Pre-Windows 2000 Compatible Access
373 sAMAccountType: 536870912
374 systemFlags: 2348810240
375 groupType: 2147483653
376 isCriticalSystemObject: TRUE
377 privilege: SeRemoteInteractiveLogonRight
378 privilege: SeChangeNotifyPrivilege
379
380 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
381 objectClass: top
382 objectClass: group
383 cn: Incoming Forest Trust Builders
384 description: Members of this group can create incoming, one-way trusts to this forest
385 objectSid: S-1-5-32-557
386 sAMAccountName: Incoming Forest Trust Builders
387 sAMAccountType: 536870912
388 systemFlags: 2348810240
389 groupType: 2147483653
390 isCriticalSystemObject: TRUE
391
392 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
393 objectClass: top
394 objectClass: group
395 cn: Windows Authorization Access Group
396 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
397 objectSid: S-1-5-32-560
398 sAMAccountName: Windows Authorization Access Group
399 sAMAccountType: 536870912
400 systemFlags: 2348810240
401 groupType: 2147483653
402 isCriticalSystemObject: TRUE
403
404 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
405 objectClass: top
406 objectClass: group
407 cn: Terminal Server License Servers
408 description: Terminal Server License Servers
409 objectSid: S-1-5-32-561
410 sAMAccountName: Terminal Server License Servers
411 sAMAccountType: 536870912
412 systemFlags: 2348810240
413 groupType: 2147483653
414 isCriticalSystemObject: TRUE
415
416 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
417 objectClass: top
418 objectClass: group
419 cn: Distributed COM Users
420 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
421 objectSid: S-1-5-32-562
422 sAMAccountName: Distributed COM Users
423 sAMAccountType: 536870912
424 systemFlags: 2348810240
425 groupType: 2147483653
426 isCriticalSystemObject: TRUE
427
428 dn: CN=WellKnown Security Principals,${CONFIGDN}
429 objectClass: top
430 objectClass: container
431 cn: WellKnown Security Principals
432 systemFlags: 2147483648
433 showInAdvancedViewOnly: TRUE
434
435 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
436 objectClass: top
437 objectClass: foreignSecurityPrincipal
438 cn: Anonymous Logon
439 objectSid: S-1-5-7
440 showInAdvancedViewOnly: TRUE
441
442 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
443 objectClass: top
444 objectClass: foreignSecurityPrincipal
445 cn: Authenticated Users
446 objectSid: S-1-5-11
447 showInAdvancedViewOnly: TRUE
448
449 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
450 objectClass: top
451 objectClass: foreignSecurityPrincipal
452 cn: Batch
453 objectSid: S-1-5-3
454 showInAdvancedViewOnly: TRUE
455
456 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
457 objectClass: top
458 objectClass: foreignSecurityPrincipal
459 cn: Creator Group
460 objectSid: S-1-3-1
461 showInAdvancedViewOnly: TRUE
462
463 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
464 objectClass: top
465 objectClass: foreignSecurityPrincipal
466 cn: Creator Owner
467 objectSid: S-1-3-0
468 showInAdvancedViewOnly: TRUE
469
470 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
471 objectClass: top
472 objectClass: foreignSecurityPrincipal
473 cn: Dialup
474 objectSid: S-1-5-1
475 showInAdvancedViewOnly: TRUE
476
477 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
478 objectClass: top
479 objectClass: foreignSecurityPrincipal
480 cn: Digest Authentication
481 objectSid: S-1-5-64-21
482 showInAdvancedViewOnly: TRUE
483
484 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
485 objectClass: top
486 objectClass: foreignSecurityPrincipal
487 cn: Enterprise Domain Controllers
488 objectSid: S-1-5-9
489 showInAdvancedViewOnly: TRUE
490
491 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
492 objectClass: top
493 objectClass: foreignSecurityPrincipal
494 cn: Everyone
495 objectSid: S-1-1-0
496 showInAdvancedViewOnly: TRUE
497
498 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
499 objectClass: top
500 objectClass: foreignSecurityPrincipal
501 cn: Interactive
502 objectSid: S-1-5-4
503 showInAdvancedViewOnly: TRUE
504
505 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
506 objectClass: top
507 objectClass: foreignSecurityPrincipal
508 cn: Local Service
509 objectSid: S-1-5-19
510 showInAdvancedViewOnly: TRUE
511
512 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
513 objectClass: top
514 objectClass: foreignSecurityPrincipal
515 cn: Network
516 objectSid: S-1-5-2
517 showInAdvancedViewOnly: TRUE
518
519 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
520 objectClass: top
521 objectClass: foreignSecurityPrincipal
522 cn: Network Service
523 objectSid: S-1-5-20
524 showInAdvancedViewOnly: TRUE
525
526 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
527 objectClass: top
528 objectClass: foreignSecurityPrincipal
529 cn: NTLM Authentication
530 objectSid: S-1-5-64-10
531 showInAdvancedViewOnly: TRUE
532
533 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
534 objectClass: top
535 objectClass: foreignSecurityPrincipal
536 cn: Other Organization
537 objectSid: S-1-5-1000
538 showInAdvancedViewOnly: TRUE
539
540 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
541 objectClass: top
542 objectClass: foreignSecurityPrincipal
543 cn: Proxy
544 objectSid: S-1-5-8
545 showInAdvancedViewOnly: TRUE
546
547 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
548 objectClass: top
549 objectClass: foreignSecurityPrincipal
550 cn: Remote Interactive Logon
551 objectSid: S-1-5-14
552 showInAdvancedViewOnly: TRUE
553
554 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
555 objectClass: top
556 objectClass: foreignSecurityPrincipal
557 cn: Restricted
558 objectSid: S-1-5-12
559 showInAdvancedViewOnly: TRUE
560
561 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
562 objectClass: top
563 objectClass: foreignSecurityPrincipal
564 cn: SChannel Authentication
565 objectSid: S-1-5-64-14
566 showInAdvancedViewOnly: TRUE
567
568 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
569 objectClass: top
570 objectClass: foreignSecurityPrincipal
571 cn: Self
572 objectSid: S-1-5-10
573 showInAdvancedViewOnly: TRUE
574
575 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
576 objectClass: top
577 objectClass: foreignSecurityPrincipal
578 cn: Service
579 objectSid: S-1-5-6
580 showInAdvancedViewOnly: TRUE
581
582 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
583 objectClass: top
584 objectClass: foreignSecurityPrincipal
585 cn: Terminal Server User
586 objectSid: S-1-5-13
587 showInAdvancedViewOnly: TRUE
588
589 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
590 objectClass: top
591 objectClass: foreignSecurityPrincipal
592 cn: This Organization
593 objectSid: S-1-5-15
594 showInAdvancedViewOnly: TRUE
595
596 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
597 objectClass: top
598 objectClass: foreignSecurityPrincipal
599 cn: Well-Known-Security-Id-System
600 objectSid: S-1-5-18
601 showInAdvancedViewOnly: TRUE
602
Samba Shared Repository