1 dn: CN=Administrator,CN=Users,${DOMAINDN}
4 description: Built-in account for administering the computer/domain
5 userAccountControl: 66048
6 objectSid: ${DOMAINSID}-500
9 sAMAccountName: Administrator
10 isCriticalSystemObject: TRUE
11 sambaPassword:: ${ADMINPASS_B64}
13 dn: CN=Guest,CN=Users,${DOMAINDN}
16 description: Built-in account for guest access to the computer/domain
17 userAccountControl: 66082
19 objectSid: ${DOMAINSID}-501
21 isCriticalSystemObject: TRUE
23 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
27 description: Administrators have complete and unrestricted access to the computer/domain
28 member: CN=Domain Admins,CN=Users,${DOMAINDN}
29 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
30 member: CN=Administrator,CN=Users,${DOMAINDN}
31 objectSid: S-1-5-32-544
33 sAMAccountName: Administrators
34 sAMAccountType: 536870912
35 systemFlags: 2348810240
37 isCriticalSystemObject: TRUE
38 privilege: SeSecurityPrivilege
39 privilege: SeBackupPrivilege
40 privilege: SeRestorePrivilege
41 privilege: SeSystemtimePrivilege
42 privilege: SeShutdownPrivilege
43 privilege: SeRemoteShutdownPrivilege
44 privilege: SeTakeOwnershipPrivilege
45 privilege: SeDebugPrivilege
46 privilege: SeSystemEnvironmentPrivilege
47 privilege: SeSystemProfilePrivilege
48 privilege: SeProfileSingleProcessPrivilege
49 privilege: SeIncreaseBasePriorityPrivilege
50 privilege: SeLoadDriverPrivilege
51 privilege: SeCreatePagefilePrivilege
52 privilege: SeIncreaseQuotaPrivilege
53 privilege: SeChangeNotifyPrivilege
54 privilege: SeUndockPrivilege
55 privilege: SeManageVolumePrivilege
56 privilege: SeImpersonatePrivilege
57 privilege: SeCreateGlobalPrivilege
58 privilege: SeEnableDelegationPrivilege
59 privilege: SeInteractiveLogonRight
60 privilege: SeNetworkLogonRight
61 privilege: SeRemoteInteractiveLogonRight
63 dn: CN=Users,CN=Builtin,${DOMAINDN}
67 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
68 member: CN=Domain Users,CN=Users,${DOMAINDN}
69 objectSid: S-1-5-32-545
71 sAMAccountType: 536870912
72 systemFlags: 2348810240
74 isCriticalSystemObject: TRUE
76 dn: CN=Guests,CN=Builtin,${DOMAINDN}
80 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
81 member: CN=Domain Guests,CN=Users,${DOMAINDN}
82 member: CN=Guest,CN=Users,${DOMAINDN}
83 objectSid: S-1-5-32-546
84 sAMAccountName: Guests
85 sAMAccountType: 536870912
86 systemFlags: 2348810240
88 isCriticalSystemObject: TRUE
90 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
94 description: Members can administer domain printers
95 objectSid: S-1-5-32-550
97 sAMAccountName: Print Operators
98 sAMAccountType: 536870912
99 systemFlags: 2348810240
100 groupType: 2147483653
101 isCriticalSystemObject: TRUE
102 privilege: SeLoadDriverPrivilege
103 privilege: SeShutdownPrivilege
104 privilege: SeInteractiveLogonRight
106 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
110 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
111 objectSid: S-1-5-32-551
113 sAMAccountName: Backup Operators
114 sAMAccountType: 536870912
115 systemFlags: 2348810240
116 groupType: 2147483653
117 isCriticalSystemObject: TRUE
118 privilege: SeBackupPrivilege
119 privilege: SeRestorePrivilege
120 privilege: SeShutdownPrivilege
121 privilege: SeInteractiveLogonRight
123 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
127 description: Supports file replication in a domain
128 objectSid: S-1-5-32-552
130 sAMAccountName: Replicator
131 sAMAccountType: 536870912
132 systemFlags: 2348810240
133 groupType: 2147483653
134 isCriticalSystemObject: TRUE
136 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
139 cn: Remote Desktop Users
140 description: Members in this group are granted the right to logon remotely
141 objectSid: S-1-5-32-555
142 sAMAccountName: Remote Desktop Users
143 sAMAccountType: 536870912
144 systemFlags: 2348810240
145 groupType: 2147483653
146 isCriticalSystemObject: TRUE
148 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
151 cn: Network Configuration Operators
152 description: Members in this group can have some administrative privileges to manage configuration of networking features
153 objectSid: S-1-5-32-556
154 sAMAccountName: Network Configuration Operators
155 sAMAccountType: 536870912
156 systemFlags: 2348810240
157 groupType: 2147483653
158 isCriticalSystemObject: TRUE
160 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
163 cn: Performance Monitor Users
164 description: Members of this group have remote access to monitor this computer
165 objectSid: S-1-5-32-558
166 sAMAccountName: Performance Monitor Users
167 sAMAccountType: 536870912
168 systemFlags: 2348810240
169 groupType: 2147483653
170 isCriticalSystemObject: TRUE
172 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
175 cn: Performance Log Users
176 description: Members of this group have remote access to schedule logging of performance counters on this computer
177 objectSid: S-1-5-32-559
178 sAMAccountName: Performance Log Users
179 sAMAccountType: 536870912
180 systemFlags: 2348810240
181 groupType: 2147483653
182 isCriticalSystemObject: TRUE
184 dn: CN=krbtgt,CN=Users,${DOMAINDN}
187 objectClass: organizationalPerson
190 description: Key Distribution Center Service Account
191 showInAdvancedViewOnly: TRUE
192 userAccountControl: 514
193 objectSid: ${DOMAINSID}-502
195 accountExpires: 9223372036854775807
196 sAMAccountName: krbtgt
197 sAMAccountType: 805306368
198 servicePrincipalName: kadmin/changepw
199 isCriticalSystemObject: TRUE
200 sambaPassword:: ${KRBTGTPASS_B64}
202 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
206 description: All workstations and servers joined to the domain
207 objectSid: ${DOMAINSID}-515
208 sAMAccountName: Domain Computers
209 isCriticalSystemObject: TRUE
211 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
214 cn: Domain Controllers
215 description: All domain controllers in the domain
216 objectSid: ${DOMAINSID}-516
218 sAMAccountName: Domain Controllers
219 isCriticalSystemObject: TRUE
221 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
225 description: Designated administrators of the schema
226 member: CN=Administrator,CN=Users,${DOMAINDN}
227 objectSid: ${DOMAINSID}-518
229 sAMAccountName: Schema Admins
230 isCriticalSystemObject: TRUE
232 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
235 cn: Enterprise Admins
236 description: Designated administrators of the enterprise
237 member: CN=Administrator,CN=Users,${DOMAINDN}
238 objectSid: ${DOMAINSID}-519
240 sAMAccountName: Enterprise Admins
241 isCriticalSystemObject: TRUE
243 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
247 description: Members of this group are permitted to publish certificates to the Active Directory
248 groupType: 2147483652
249 sAMAccountType: 536870912
250 objectSid: ${DOMAINSID}-517
251 sAMAccountName: Cert Publishers
252 isCriticalSystemObject: TRUE
254 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
258 description: Designated administrators of the domain
259 member: CN=Administrator,CN=Users,${DOMAINDN}
260 objectSid: ${DOMAINSID}-512
262 sAMAccountName: Domain Admins
263 isCriticalSystemObject: TRUE
265 dn: CN=Domain Users,CN=Users,${DOMAINDN}
269 description: All domain users
270 objectSid: ${DOMAINSID}-513
271 sAMAccountName: Domain Users
272 isCriticalSystemObject: TRUE
274 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
278 description: All domain guests
279 objectSid: ${DOMAINSID}-514
280 sAMAccountName: Domain Guests
281 isCriticalSystemObject: TRUE
283 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
286 cn: Group Policy Creator Owners
287 description: Members in this group can modify group policy for the domain
288 member: CN=Administrator,CN=Users,${DOMAINDN}
289 objectSid: ${DOMAINSID}-520
290 sAMAccountName: Group Policy Creator Owners
291 isCriticalSystemObject: TRUE
293 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
296 cn: RAS and IAS Servers
297 description: Servers in this group can access remote access properties of users
299 objectSid: ${DOMAINSID}-553
300 sAMAccountName: RAS and IAS Servers
301 sAMAccountType: 536870912
302 groupType: 2147483652
303 isCriticalSystemObject: TRUE
305 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
309 description: Members can administer domain servers
311 objectSid: S-1-5-32-549
313 sAMAccountName: Server Operators
314 sAMAccountType: 536870912
315 systemFlags: 2348810240
316 groupType: 2147483653
317 isCriticalSystemObject: TRUE
318 privilege: SeBackupPrivilege
319 privilege: SeSystemtimePrivilege
320 privilege: SeRemoteShutdownPrivilege
321 privilege: SeRestorePrivilege
322 privilege: SeShutdownPrivilege
323 privilege: SeInteractiveLogonRight
325 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
328 cn: Account Operators
329 description: Members can administer domain user and group accounts
331 objectSid: S-1-5-32-548
333 sAMAccountName: Account Operators
334 sAMAccountType: 536870912
335 systemFlags: 2348810240
336 groupType: 2147483653
337 isCriticalSystemObject: TRUE
338 privilege: SeInteractiveLogonRight
340 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
343 cn: Pre-Windows 2000 Compatible Access
344 description: A backward compatibility group which allows read access on all users and groups in the domain
345 objectSid: S-1-5-32-554
346 sAMAccountName: Pre-Windows 2000 Compatible Access
347 sAMAccountType: 536870912
348 systemFlags: 2348810240
349 groupType: 2147483653
350 isCriticalSystemObject: TRUE
351 privilege: SeRemoteInteractiveLogonRight
352 privilege: SeChangeNotifyPrivilege
354 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
357 cn: Incoming Forest Trust Builders
358 description: Members of this group can create incoming, one-way trusts to this forest
359 objectSid: S-1-5-32-557
360 sAMAccountName: Incoming Forest Trust Builders
361 sAMAccountType: 536870912
362 systemFlags: 2348810240
363 groupType: 2147483653
364 isCriticalSystemObject: TRUE
366 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
369 cn: Windows Authorization Access Group
370 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
371 objectSid: S-1-5-32-560
372 sAMAccountName: Windows Authorization Access Group
373 sAMAccountType: 536870912
374 systemFlags: 2348810240
375 groupType: 2147483653
376 isCriticalSystemObject: TRUE
378 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
381 cn: Terminal Server License Servers
382 description: Terminal Server License Servers
383 objectSid: S-1-5-32-561
384 sAMAccountName: Terminal Server License Servers
385 sAMAccountType: 536870912
386 systemFlags: 2348810240
387 groupType: 2147483653
388 isCriticalSystemObject: TRUE
390 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
393 cn: Distributed COM Users
394 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
395 objectSid: S-1-5-32-562
396 sAMAccountName: Distributed COM Users
397 sAMAccountType: 536870912
398 systemFlags: 2348810240
399 groupType: 2147483653
400 isCriticalSystemObject: TRUE
402 dn: CN=WellKnown Security Principals,${CONFIGDN}
404 objectClass: container
405 cn: WellKnown Security Principals
406 systemFlags: 2147483648
407 showInAdvancedViewOnly: TRUE
409 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
411 objectClass: foreignSecurityPrincipal
414 showInAdvancedViewOnly: TRUE
416 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
418 objectClass: foreignSecurityPrincipal
419 cn: Authenticated Users
421 showInAdvancedViewOnly: TRUE
423 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
425 objectClass: foreignSecurityPrincipal
428 showInAdvancedViewOnly: TRUE
430 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
432 objectClass: foreignSecurityPrincipal
435 showInAdvancedViewOnly: TRUE
437 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
439 objectClass: foreignSecurityPrincipal
442 showInAdvancedViewOnly: TRUE
444 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
446 objectClass: foreignSecurityPrincipal
449 showInAdvancedViewOnly: TRUE
451 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
453 objectClass: foreignSecurityPrincipal
454 cn: Digest Authentication
455 objectSid: S-1-5-64-21
456 showInAdvancedViewOnly: TRUE
458 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
460 objectClass: foreignSecurityPrincipal
461 cn: Enterprise Domain Controllers
463 showInAdvancedViewOnly: TRUE
465 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
467 objectClass: foreignSecurityPrincipal
470 showInAdvancedViewOnly: TRUE
472 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
474 objectClass: foreignSecurityPrincipal
477 showInAdvancedViewOnly: TRUE
479 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
481 objectClass: foreignSecurityPrincipal
484 showInAdvancedViewOnly: TRUE
486 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
488 objectClass: foreignSecurityPrincipal
491 showInAdvancedViewOnly: TRUE
493 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
495 objectClass: foreignSecurityPrincipal
498 showInAdvancedViewOnly: TRUE
500 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
502 objectClass: foreignSecurityPrincipal
503 cn: NTLM Authentication
504 objectSid: S-1-5-64-10
505 showInAdvancedViewOnly: TRUE
507 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
509 objectClass: foreignSecurityPrincipal
510 cn: Other Organization
511 objectSid: S-1-5-1000
512 showInAdvancedViewOnly: TRUE
514 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
516 objectClass: foreignSecurityPrincipal
519 showInAdvancedViewOnly: TRUE
521 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
523 objectClass: foreignSecurityPrincipal
524 cn: Remote Interactive Logon
526 showInAdvancedViewOnly: TRUE
528 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
530 objectClass: foreignSecurityPrincipal
533 showInAdvancedViewOnly: TRUE
535 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
537 objectClass: foreignSecurityPrincipal
538 cn: SChannel Authentication
539 objectSid: S-1-5-64-14
540 showInAdvancedViewOnly: TRUE
542 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
544 objectClass: foreignSecurityPrincipal
547 showInAdvancedViewOnly: TRUE
549 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
551 objectClass: foreignSecurityPrincipal
554 showInAdvancedViewOnly: TRUE
556 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
558 objectClass: foreignSecurityPrincipal
559 cn: Terminal Server User
561 showInAdvancedViewOnly: TRUE
563 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
565 objectClass: foreignSecurityPrincipal
566 cn: This Organization
568 showInAdvancedViewOnly: TRUE
570 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
572 objectClass: foreignSecurityPrincipal
573 cn: Well-Known-Security-Id-System
575 showInAdvancedViewOnly: TRUE