source4/setup/provision_users.ldif

   1 dn: CN=Administrator,CN=Users,${DOMAINDN}
   2 objectClass: user
   3 cn: Administrator
   4 description: Built-in account for administering the computer/domain
   5 userAccountControl: 66048
   6 objectSid: ${DOMAINSID}-500
   7 adminCount: 1
   8 accountExpires: -1
   9 sAMAccountName: Administrator
  10 isCriticalSystemObject: TRUE
  11 sambaPassword:: ${ADMINPASS_B64}
  12
  13 dn: CN=Guest,CN=Users,${DOMAINDN}
  14 objectClass: user
  15 cn: Guest
  16 description: Built-in account for guest access to the computer/domain
  17 userAccountControl: 66082
  18 primaryGroupID: 514
  19 objectSid: ${DOMAINSID}-501
  20 sAMAccountName: Guest
  21 isCriticalSystemObject: TRUE
  22
  23 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
  24 objectClass: top
  25 objectClass: group
  26 cn: Administrators
  27 description: Administrators have complete and unrestricted access to the computer/domain
  28 member: CN=Domain Admins,CN=Users,${DOMAINDN}
  29 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
  30 member: CN=Administrator,CN=Users,${DOMAINDN}
  31 objectSid: S-1-5-32-544
  32 adminCount: 1
  33 sAMAccountName: Administrators
  34 sAMAccountType: 536870912
  35 systemFlags: 2348810240
  36 groupType: 2147483653
  37 isCriticalSystemObject: TRUE
  38 privilege: SeSecurityPrivilege
  39 privilege: SeBackupPrivilege
  40 privilege: SeRestorePrivilege
  41 privilege: SeSystemtimePrivilege
  42 privilege: SeShutdownPrivilege
  43 privilege: SeRemoteShutdownPrivilege
  44 privilege: SeTakeOwnershipPrivilege
  45 privilege: SeDebugPrivilege
  46 privilege: SeSystemEnvironmentPrivilege
  47 privilege: SeSystemProfilePrivilege
  48 privilege: SeProfileSingleProcessPrivilege
  49 privilege: SeIncreaseBasePriorityPrivilege
  50 privilege: SeLoadDriverPrivilege
  51 privilege: SeCreatePagefilePrivilege
  52 privilege: SeIncreaseQuotaPrivilege
  53 privilege: SeChangeNotifyPrivilege
  54 privilege: SeUndockPrivilege
  55 privilege: SeManageVolumePrivilege
  56 privilege: SeImpersonatePrivilege
  57 privilege: SeCreateGlobalPrivilege
  58 privilege: SeEnableDelegationPrivilege
  59 privilege: SeInteractiveLogonRight
  60 privilege: SeNetworkLogonRight
  61 privilege: SeRemoteInteractiveLogonRight
  62
  63 dn: CN=Users,CN=Builtin,${DOMAINDN}
  64 objectClass: top
  65 objectClass: group
  66 cn: Users
  67 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
  68 member: CN=Domain Users,CN=Users,${DOMAINDN}
  69 objectSid: S-1-5-32-545
  70 sAMAccountName: Users
  71 sAMAccountType: 536870912
  72 systemFlags: 2348810240
  73 groupType: 2147483653
  74 isCriticalSystemObject: TRUE
  75
  76 dn: CN=Guests,CN=Builtin,${DOMAINDN}
  77 objectClass: top
  78 objectClass: group
  79 cn: Guests
  80 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
  81 member: CN=Domain Guests,CN=Users,${DOMAINDN}
  82 member: CN=Guest,CN=Users,${DOMAINDN}
  83 objectSid: S-1-5-32-546
  84 sAMAccountName: Guests
  85 sAMAccountType: 536870912
  86 systemFlags: 2348810240
  87 groupType: 2147483653
  88 isCriticalSystemObject: TRUE
  89
  90 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
  91 objectClass: top
  92 objectClass: group
  93 cn: Print Operators
  94 description: Members can administer domain printers
  95 objectSid: S-1-5-32-550
  96 adminCount: 1
  97 sAMAccountName: Print Operators
  98 sAMAccountType: 536870912
  99 systemFlags: 2348810240
 100 groupType: 2147483653
 101 isCriticalSystemObject: TRUE
 102 privilege: SeLoadDriverPrivilege
 103 privilege: SeShutdownPrivilege
 104 privilege: SeInteractiveLogonRight
 105
 106 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
 107 objectClass: top
 108 objectClass: group
 109 cn: Backup Operators
 110 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
 111 objectSid: S-1-5-32-551
 112 adminCount: 1
 113 sAMAccountName: Backup Operators
 114 sAMAccountType: 536870912
 115 systemFlags: 2348810240
 116 groupType: 2147483653
 117 isCriticalSystemObject: TRUE
 118 privilege: SeBackupPrivilege
 119 privilege: SeRestorePrivilege
 120 privilege: SeShutdownPrivilege
 121 privilege: SeInteractiveLogonRight
 122
 123 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
 124 objectClass: top
 125 objectClass: group
 126 cn: Replicator
 127 description: Supports file replication in a domain
 128 objectSid: S-1-5-32-552
 129 adminCount: 1
 130 sAMAccountName: Replicator
 131 sAMAccountType: 536870912
 132 systemFlags: 2348810240
 133 groupType: 2147483653
 134 isCriticalSystemObject: TRUE
 135
 136 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
 137 objectClass: top
 138 objectClass: group
 139 cn: Remote Desktop Users
 140 description: Members in this group are granted the right to logon remotely
 141 objectSid: S-1-5-32-555
 142 sAMAccountName: Remote Desktop Users
 143 sAMAccountType: 536870912
 144 systemFlags: 2348810240
 145 groupType: 2147483653
 146 isCriticalSystemObject: TRUE
 147
 148 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
 149 objectClass: top
 150 objectClass: group
 151 cn: Network Configuration Operators
 152 description: Members in this group can have some administrative privileges to manage configuration of networking features
 153 objectSid: S-1-5-32-556
 154 sAMAccountName: Network Configuration Operators
 155 sAMAccountType: 536870912
 156 systemFlags: 2348810240
 157 groupType: 2147483653
 158 isCriticalSystemObject: TRUE
 159
 160 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
 161 objectClass: top
 162 objectClass: group
 163 cn: Performance Monitor Users
 164 description: Members of this group have remote access to monitor this computer
 165 objectSid: S-1-5-32-558
 166 sAMAccountName: Performance Monitor Users
 167 sAMAccountType: 536870912
 168 systemFlags: 2348810240
 169 groupType: 2147483653
 170 isCriticalSystemObject: TRUE
 171
 172 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
 173 objectClass: top
 174 objectClass: group
 175 cn: Performance Log Users
 176 description: Members of this group have remote access to schedule logging of performance counters on this computer
 177 objectSid: S-1-5-32-559
 178 sAMAccountName: Performance Log Users
 179 sAMAccountType: 536870912
 180 systemFlags: 2348810240
 181 groupType: 2147483653
 182 isCriticalSystemObject: TRUE
 183
 184 dn: CN=krbtgt,CN=Users,${DOMAINDN}
 185 objectClass: top
 186 objectClass: person
 187 objectClass: organizationalPerson
 188 objectClass: user
 189 cn: krbtgt
 190 description: Key Distribution Center Service Account
 191 showInAdvancedViewOnly: TRUE
 192 userAccountControl: 514
 193 objectSid: ${DOMAINSID}-502
 194 adminCount: 1
 195 accountExpires: 9223372036854775807
 196 sAMAccountName: krbtgt
 197 sAMAccountType: 805306368
 198 servicePrincipalName: kadmin/changepw
 199 isCriticalSystemObject: TRUE
 200 sambaPassword:: ${KRBTGTPASS_B64}
 201
 202 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 203 objectClass: top
 204 objectClass: group
 205 cn: Domain Computers
 206 description: All workstations and servers joined to the domain
 207 objectSid: ${DOMAINSID}-515
 208 sAMAccountName: Domain Computers
 209 isCriticalSystemObject: TRUE
 210
 211 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
 212 objectClass: top
 213 objectClass: group
 214 cn: Domain Controllers
 215 description: All domain controllers in the domain
 216 objectSid: ${DOMAINSID}-516
 217 adminCount: 1
 218 sAMAccountName: Domain Controllers
 219 isCriticalSystemObject: TRUE
 220
 221 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
 222 objectClass: top
 223 objectClass: group
 224 cn: Schema Admins
 225 description: Designated administrators of the schema
 226 member: CN=Administrator,CN=Users,${DOMAINDN}
 227 objectSid: ${DOMAINSID}-518
 228 adminCount: 1
 229 sAMAccountName: Schema Admins
 230 isCriticalSystemObject: TRUE
 231
 232 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
 233 objectClass: top
 234 objectClass: group
 235 cn: Enterprise Admins
 236 description: Designated administrators of the enterprise
 237 member: CN=Administrator,CN=Users,${DOMAINDN}
 238 objectSid: ${DOMAINSID}-519
 239 adminCount: 1
 240 sAMAccountName: Enterprise Admins
 241 isCriticalSystemObject: TRUE
 242
 243 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
 244 objectClass: top
 245 objectClass: group
 246 cn: Cert Publishers
 247 description: Members of this group are permitted to publish certificates to the Active Directory
 248 groupType: 2147483652
 249 sAMAccountType: 536870912
 250 objectSid: ${DOMAINSID}-517
 251 sAMAccountName: Cert Publishers
 252 isCriticalSystemObject: TRUE
 253
 254 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
 255 objectClass: top
 256 objectClass: group
 257 cn: Domain Admins
 258 description: Designated administrators of the domain
 259 member: CN=Administrator,CN=Users,${DOMAINDN}
 260 objectSid: ${DOMAINSID}-512
 261 adminCount: 1
 262 sAMAccountName: Domain Admins
 263 isCriticalSystemObject: TRUE
 264
 265 dn: CN=Domain Users,CN=Users,${DOMAINDN}
 266 objectClass: top
 267 objectClass: group
 268 cn: Domain Users
 269 description: All domain users
 270 objectSid: ${DOMAINSID}-513
 271 sAMAccountName: Domain Users
 272 isCriticalSystemObject: TRUE
 273
 274 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
 275 objectClass: top
 276 objectClass: group
 277 cn: Domain Guests
 278 description: All domain guests
 279 objectSid: ${DOMAINSID}-514
 280 sAMAccountName: Domain Guests
 281 isCriticalSystemObject: TRUE
 282
 283 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
 284 objectClass: top
 285 objectClass: group
 286 cn: Group Policy Creator Owners
 287 description: Members in this group can modify group policy for the domain
 288 member: CN=Administrator,CN=Users,${DOMAINDN}
 289 objectSid: ${DOMAINSID}-520
 290 sAMAccountName: Group Policy Creator Owners
 291 isCriticalSystemObject: TRUE
 292
 293 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
 294 objectClass: top
 295 objectClass: group
 296 cn: RAS and IAS Servers
 297 description: Servers in this group can access remote access properties of users
 298 instanceType: 4
 299 objectSid: ${DOMAINSID}-553
 300 sAMAccountName: RAS and IAS Servers
 301 sAMAccountType: 536870912
 302 groupType: 2147483652
 303 isCriticalSystemObject: TRUE
 304
 305 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
 306 objectClass: top
 307 objectClass: group
 308 cn: Server Operators
 309 description: Members can administer domain servers
 310 instanceType: 4
 311 objectSid: S-1-5-32-549
 312 adminCount: 1
 313 sAMAccountName: Server Operators
 314 sAMAccountType: 536870912
 315 systemFlags: 2348810240
 316 groupType: 2147483653
 317 isCriticalSystemObject: TRUE
 318 privilege: SeBackupPrivilege
 319 privilege: SeSystemtimePrivilege
 320 privilege: SeRemoteShutdownPrivilege
 321 privilege: SeRestorePrivilege
 322 privilege: SeShutdownPrivilege
 323 privilege: SeInteractiveLogonRight
 324
 325 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
 326 objectClass: top
 327 objectClass: group
 328 cn: Account Operators
 329 description: Members can administer domain user and group accounts
 330 instanceType: 4
 331 objectSid: S-1-5-32-548
 332 adminCount: 1
 333 sAMAccountName: Account Operators
 334 sAMAccountType: 536870912
 335 systemFlags: 2348810240
 336 groupType: 2147483653
 337 isCriticalSystemObject: TRUE
 338 privilege: SeInteractiveLogonRight
 339
 340 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
 341 objectClass: top
 342 objectClass: group
 343 cn: Pre-Windows 2000 Compatible Access
 344 description: A backward compatibility group which allows read access on all users and groups in the domain
 345 objectSid: S-1-5-32-554
 346 sAMAccountName: Pre-Windows 2000 Compatible Access
 347 sAMAccountType: 536870912
 348 systemFlags: 2348810240
 349 groupType: 2147483653
 350 isCriticalSystemObject: TRUE
 351 privilege: SeRemoteInteractiveLogonRight
 352 privilege: SeChangeNotifyPrivilege
 353
 354 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
 355 objectClass: top
 356 objectClass: group
 357 cn: Incoming Forest Trust Builders
 358 description: Members of this group can create incoming, one-way trusts to this forest
 359 objectSid: S-1-5-32-557
 360 sAMAccountName: Incoming Forest Trust Builders
 361 sAMAccountType: 536870912
 362 systemFlags: 2348810240
 363 groupType: 2147483653
 364 isCriticalSystemObject: TRUE
 365
 366 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
 367 objectClass: top
 368 objectClass: group
 369 cn: Windows Authorization Access Group
 370 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
 371 objectSid: S-1-5-32-560
 372 sAMAccountName: Windows Authorization Access Group
 373 sAMAccountType: 536870912
 374 systemFlags: 2348810240
 375 groupType: 2147483653
 376 isCriticalSystemObject: TRUE
 377
 378 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
 379 objectClass: top
 380 objectClass: group
 381 cn: Terminal Server License Servers
 382 description: Terminal Server License Servers
 383 objectSid: S-1-5-32-561
 384 sAMAccountName: Terminal Server License Servers
 385 sAMAccountType: 536870912
 386 systemFlags: 2348810240
 387 groupType: 2147483653
 388 isCriticalSystemObject: TRUE
 389
 390 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
 391 objectClass: top
 392 objectClass: group
 393 cn: Distributed COM Users
 394 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
 395 objectSid: S-1-5-32-562
 396 sAMAccountName: Distributed COM Users
 397 sAMAccountType: 536870912
 398 systemFlags: 2348810240
 399 groupType: 2147483653
 400 isCriticalSystemObject: TRUE
 401
 402 dn: CN=WellKnown Security Principals,${CONFIGDN}
 403 objectClass: top
 404 objectClass: container
 405 cn: WellKnown Security Principals
 406 systemFlags: 2147483648
 407 showInAdvancedViewOnly: TRUE
 408
 409 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
 410 objectClass: top
 411 objectClass: foreignSecurityPrincipal
 412 cn: Anonymous Logon
 413 objectSid: S-1-5-7
 414 showInAdvancedViewOnly: TRUE
 415
 416 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
 417 objectClass: top
 418 objectClass: foreignSecurityPrincipal
 419 cn: Authenticated Users
 420 objectSid: S-1-5-11
 421 showInAdvancedViewOnly: TRUE
 422
 423 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
 424 objectClass: top
 425 objectClass: foreignSecurityPrincipal
 426 cn: Batch
 427 objectSid: S-1-5-3
 428 showInAdvancedViewOnly: TRUE
 429
 430 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
 431 objectClass: top
 432 objectClass: foreignSecurityPrincipal
 433 cn: Creator Group
 434 objectSid: S-1-3-1
 435 showInAdvancedViewOnly: TRUE
 436
 437 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
 438 objectClass: top
 439 objectClass: foreignSecurityPrincipal
 440 cn: Creator Owner
 441 objectSid: S-1-3-0
 442 showInAdvancedViewOnly: TRUE
 443
 444 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
 445 objectClass: top
 446 objectClass: foreignSecurityPrincipal
 447 cn: Dialup
 448 objectSid: S-1-5-1
 449 showInAdvancedViewOnly: TRUE
 450
 451 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
 452 objectClass: top
 453 objectClass: foreignSecurityPrincipal
 454 cn: Digest Authentication
 455 objectSid: S-1-5-64-21
 456 showInAdvancedViewOnly: TRUE
 457
 458 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
 459 objectClass: top
 460 objectClass: foreignSecurityPrincipal
 461 cn: Enterprise Domain Controllers
 462 objectSid: S-1-5-9
 463 showInAdvancedViewOnly: TRUE
 464
 465 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
 466 objectClass: top
 467 objectClass: foreignSecurityPrincipal
 468 cn: Everyone
 469 objectSid: S-1-1-0
 470 showInAdvancedViewOnly: TRUE
 471
 472 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
 473 objectClass: top
 474 objectClass: foreignSecurityPrincipal
 475 cn: Interactive
 476 objectSid: S-1-5-4
 477 showInAdvancedViewOnly: TRUE
 478
 479 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
 480 objectClass: top
 481 objectClass: foreignSecurityPrincipal
 482 cn: Local Service
 483 objectSid: S-1-5-19
 484 showInAdvancedViewOnly: TRUE
 485
 486 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
 487 objectClass: top
 488 objectClass: foreignSecurityPrincipal
 489 cn: Network
 490 objectSid: S-1-5-2
 491 showInAdvancedViewOnly: TRUE
 492
 493 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
 494 objectClass: top
 495 objectClass: foreignSecurityPrincipal
 496 cn: Network Service
 497 objectSid: S-1-5-20
 498 showInAdvancedViewOnly: TRUE
 499
 500 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
 501 objectClass: top
 502 objectClass: foreignSecurityPrincipal
 503 cn: NTLM Authentication
 504 objectSid: S-1-5-64-10
 505 showInAdvancedViewOnly: TRUE
 506
 507 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
 508 objectClass: top
 509 objectClass: foreignSecurityPrincipal
 510 cn: Other Organization
 511 objectSid: S-1-5-1000
 512 showInAdvancedViewOnly: TRUE
 513
 514 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
 515 objectClass: top
 516 objectClass: foreignSecurityPrincipal
 517 cn: Proxy
 518 objectSid: S-1-5-8
 519 showInAdvancedViewOnly: TRUE
 520
 521 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
 522 objectClass: top
 523 objectClass: foreignSecurityPrincipal
 524 cn: Remote Interactive Logon
 525 objectSid: S-1-5-14
 526 showInAdvancedViewOnly: TRUE
 527
 528 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
 529 objectClass: top
 530 objectClass: foreignSecurityPrincipal
 531 cn: Restricted
 532 objectSid: S-1-5-12
 533 showInAdvancedViewOnly: TRUE
 534
 535 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
 536 objectClass: top
 537 objectClass: foreignSecurityPrincipal
 538 cn: SChannel Authentication
 539 objectSid: S-1-5-64-14
 540 showInAdvancedViewOnly: TRUE
 541
 542 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
 543 objectClass: top
 544 objectClass: foreignSecurityPrincipal
 545 cn: Self
 546 objectSid: S-1-5-10
 547 showInAdvancedViewOnly: TRUE
 548
 549 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
 550 objectClass: top
 551 objectClass: foreignSecurityPrincipal
 552 cn: Service
 553 objectSid: S-1-5-6
 554 showInAdvancedViewOnly: TRUE
 555
 556 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
 557 objectClass: top
 558 objectClass: foreignSecurityPrincipal
 559 cn: Terminal Server User
 560 objectSid: S-1-5-13
 561 showInAdvancedViewOnly: TRUE
 562
 563 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
 564 objectClass: top
 565 objectClass: foreignSecurityPrincipal
 566 cn: This Organization
 567 objectSid: S-1-5-15
 568 showInAdvancedViewOnly: TRUE
 569
 570 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
 571 objectClass: top
 572 objectClass: foreignSecurityPrincipal
 573 cn: Well-Known-Security-Id-System
 574 objectSid: S-1-5-18
 575 showInAdvancedViewOnly: TRUE
 576