source4/setup/provision_users.ldif

   1 dn: CN=Administrator,CN=Users,${DOMAINDN}
   2 objectClass: user
   3 cn: Administrator
   4 description: Built-in account for administering the computer/domain
   5 memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
   6 memberOf: CN=Domain Admins,CN=Users,${DOMAINDN}
   7 memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN}
   8 memberOf: CN=Schema Admins,CN=Users,${DOMAINDN}
   9 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
  10 userAccountControl: 66048
  11 objectSid: ${DOMAINSID}-500
  12 adminCount: 1
  13 accountExpires: -1
  14 sAMAccountName: Administrator
  15 isCriticalSystemObject: TRUE
  16 sambaPassword: ${ADMINPASS}
  17
  18 dn: CN=Guest,CN=Users,${DOMAINDN}
  19 objectClass: user
  20 cn: Guest
  21 description: Built-in account for guest access to the computer/domain
  22 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
  23 userAccountControl: 66082
  24 primaryGroupID: 514
  25 objectSid: ${DOMAINSID}-501
  26 sAMAccountName: Guest
  27 isCriticalSystemObject: TRUE
  28
  29 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
  30 objectClass: top
  31 objectClass: group
  32 cn: Administrators
  33 description: Administrators have complete and unrestricted access to the computer/domain
  34 member: CN=Domain Admins,CN=Users,${DOMAINDN}
  35 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
  36 member: CN=Administrator,CN=Users,${DOMAINDN}
  37 objectSid: S-1-5-32-544
  38 adminCount: 1
  39 sAMAccountName: Administrators
  40 sAMAccountType: 536870912
  41 systemFlags: 2348810240
  42 groupType: 2147483653
  43 objectCategory: CN=Group,${SCHEMADN}
  44 isCriticalSystemObject: TRUE
  45 privilege: SeSecurityPrivilege
  46 privilege: SeBackupPrivilege
  47 privilege: SeRestorePrivilege
  48 privilege: SeSystemtimePrivilege
  49 privilege: SeShutdownPrivilege
  50 privilege: SeRemoteShutdownPrivilege
  51 privilege: SeTakeOwnershipPrivilege
  52 privilege: SeDebugPrivilege
  53 privilege: SeSystemEnvironmentPrivilege
  54 privilege: SeSystemProfilePrivilege
  55 privilege: SeProfileSingleProcessPrivilege
  56 privilege: SeIncreaseBasePriorityPrivilege
  57 privilege: SeLoadDriverPrivilege
  58 privilege: SeCreatePagefilePrivilege
  59 privilege: SeIncreaseQuotaPrivilege
  60 privilege: SeChangeNotifyPrivilege
  61 privilege: SeUndockPrivilege
  62 privilege: SeManageVolumePrivilege
  63 privilege: SeImpersonatePrivilege
  64 privilege: SeCreateGlobalPrivilege
  65 privilege: SeEnableDelegationPrivilege
  66 privilege: SeInteractiveLogonRight
  67 privilege: SeNetworkLogonRight
  68 privilege: SeRemoteInteractiveLogonRight
  69
  70 dn: CN=Users,CN=Builtin,${DOMAINDN}
  71 objectClass: top
  72 objectClass: group
  73 cn: Users
  74 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
  75 member: CN=Domain Users,CN=Users,${DOMAINDN}
  76 objectSid: S-1-5-32-545
  77 sAMAccountName: Users
  78 sAMAccountType: 536870912
  79 systemFlags: 2348810240
  80 groupType: 2147483653
  81 objectCategory: CN=Group,${SCHEMADN}
  82 isCriticalSystemObject: TRUE
  83
  84 dn: CN=Guests,CN=Builtin,${DOMAINDN}
  85 objectClass: top
  86 objectClass: group
  87 cn: Guests
  88 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
  89 member: CN=Domain Guests,CN=Users,${DOMAINDN}
  90 member: CN=Guest,CN=Users,${DOMAINDN}
  91 objectSid: S-1-5-32-546
  92 sAMAccountName: Guests
  93 sAMAccountType: 536870912
  94 systemFlags: 2348810240
  95 groupType: 2147483653
  96 objectCategory: CN=Group,${SCHEMADN}
  97 isCriticalSystemObject: TRUE
  98
  99 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
 100 objectClass: top
 101 objectClass: group
 102 cn: Print Operators
 103 description: Members can administer domain printers
 104 objectSid: S-1-5-32-550
 105 adminCount: 1
 106 sAMAccountName: Print Operators
 107 sAMAccountType: 536870912
 108 systemFlags: 2348810240
 109 groupType: 2147483653
 110 objectCategory: CN=Group,${SCHEMADN}
 111 isCriticalSystemObject: TRUE
 112 privilege: SeLoadDriverPrivilege
 113 privilege: SeShutdownPrivilege
 114 privilege: SeInteractiveLogonRight
 115
 116 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
 117 objectClass: top
 118 objectClass: group
 119 cn: Backup Operators
 120 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
 121 objectSid: S-1-5-32-551
 122 adminCount: 1
 123 sAMAccountName: Backup Operators
 124 sAMAccountType: 536870912
 125 systemFlags: 2348810240
 126 groupType: 2147483653
 127 objectCategory: CN=Group,${SCHEMADN}
 128 isCriticalSystemObject: TRUE
 129 privilege: SeBackupPrivilege
 130 privilege: SeRestorePrivilege
 131 privilege: SeShutdownPrivilege
 132 privilege: SeInteractiveLogonRight
 133
 134 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
 135 objectClass: top
 136 objectClass: group
 137 cn: Replicator
 138 description: Supports file replication in a domain
 139 objectSid: S-1-5-32-552
 140 adminCount: 1
 141 sAMAccountName: Replicator
 142 sAMAccountType: 536870912
 143 systemFlags: 2348810240
 144 groupType: 2147483653
 145 objectCategory: CN=Group,${SCHEMADN}
 146 isCriticalSystemObject: TRUE
 147
 148 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
 149 objectClass: top
 150 objectClass: group
 151 cn: Remote Desktop Users
 152 description: Members in this group are granted the right to logon remotely
 153 objectSid: S-1-5-32-555
 154 sAMAccountName: Remote Desktop Users
 155 sAMAccountType: 536870912
 156 systemFlags: 2348810240
 157 groupType: 2147483653
 158 objectCategory: CN=Group,${SCHEMADN}
 159 isCriticalSystemObject: TRUE
 160
 161 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
 162 objectClass: top
 163 objectClass: group
 164 cn: Network Configuration Operators
 165 description: Members in this group can have some administrative privileges to manage configuration of networking features
 166 objectSid: S-1-5-32-556
 167 sAMAccountName: Network Configuration Operators
 168 sAMAccountType: 536870912
 169 systemFlags: 2348810240
 170 groupType: 2147483653
 171 objectCategory: CN=Group,${SCHEMADN}
 172 isCriticalSystemObject: TRUE
 173
 174 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
 175 objectClass: top
 176 objectClass: group
 177 cn: Performance Monitor Users
 178 description: Members of this group have remote access to monitor this computer
 179 objectSid: S-1-5-32-558
 180 sAMAccountName: Performance Monitor Users
 181 sAMAccountType: 536870912
 182 systemFlags: 2348810240
 183 groupType: 2147483653
 184 objectCategory: CN=Group,${SCHEMADN}
 185 isCriticalSystemObject: TRUE
 186
 187 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
 188 objectClass: top
 189 objectClass: group
 190 cn: Performance Log Users
 191 description: Members of this group have remote access to schedule logging of performance counters on this computer
 192 objectSid: S-1-5-32-559
 193 sAMAccountName: Performance Log Users
 194 sAMAccountType: 536870912
 195 systemFlags: 2348810240
 196 groupType: 2147483653
 197 objectCategory: CN=Group,${SCHEMADN}
 198 isCriticalSystemObject: TRUE
 199
 200 dn: CN=krbtgt,CN=Users,${DOMAINDN}
 201 objectClass: top
 202 objectClass: person
 203 objectClass: organizationalPerson
 204 objectClass: user
 205 cn: krbtgt
 206 description: Key Distribution Center Service Account
 207 showInAdvancedViewOnly: TRUE
 208 userAccountControl: 514
 209 objectSid: ${DOMAINSID}-502
 210 adminCount: 1
 211 accountExpires: 9223372036854775807
 212 sAMAccountName: krbtgt
 213 sAMAccountType: 805306368
 214 servicePrincipalName: kadmin/changepw
 215 isCriticalSystemObject: TRUE
 216 sambaPassword: ${KRBTGTPASS}
 217
 218 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
 219 objectClass: top
 220 objectClass: group
 221 cn: Domain Computers
 222 description: All workstations and servers joined to the domain
 223 objectSid: ${DOMAINSID}-515
 224 sAMAccountName: Domain Computers
 225 objectCategory: CN=Group,${SCHEMADN}
 226 isCriticalSystemObject: TRUE
 227
 228 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
 229 objectClass: top
 230 objectClass: group
 231 cn: Domain Controllers
 232 description: All domain controllers in the domain
 233 objectSid: ${DOMAINSID}-516
 234 adminCount: 1
 235 sAMAccountName: Domain Controllers
 236 isCriticalSystemObject: TRUE
 237
 238 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
 239 objectClass: top
 240 objectClass: group
 241 cn: Schema Admins
 242 description: Designated administrators of the schema
 243 member: CN=Administrator,CN=Users,${DOMAINDN}
 244 objectSid: ${DOMAINSID}-518
 245 adminCount: 1
 246 sAMAccountName: Schema Admins
 247 isCriticalSystemObject: TRUE
 248
 249 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
 250 objectClass: top
 251 objectClass: group
 252 cn: Enterprise Admins
 253 description: Designated administrators of the enterprise
 254 member: CN=Administrator,CN=Users,${DOMAINDN}
 255 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
 256 objectSid: ${DOMAINSID}-519
 257 adminCount: 1
 258 sAMAccountName: Enterprise Admins
 259 isCriticalSystemObject: TRUE
 260
 261 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
 262 objectClass: top
 263 objectClass: group
 264 cn: Cert Publishers
 265 description: Members of this group are permitted to publish certificates to the Active Directory
 266 groupType: 2147483652
 267 sAMAccountType: 536870912
 268 objectSid: ${DOMAINSID}-517
 269 sAMAccountName: Cert Publishers
 270 objectCategory: CN=Group,${SCHEMADN}
 271 isCriticalSystemObject: TRUE
 272
 273 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
 274 objectClass: top
 275 objectClass: group
 276 cn: Domain Admins
 277 description: Designated administrators of the domain
 278 member: CN=Administrator,CN=Users,${DOMAINDN}
 279 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
 280 objectSid: ${DOMAINSID}-512
 281 adminCount: 1
 282 sAMAccountName: Domain Admins
 283 isCriticalSystemObject: TRUE
 284
 285 dn: CN=Domain Users,CN=Users,${DOMAINDN}
 286 objectClass: top
 287 objectClass: group
 288 cn: Domain Users
 289 description: All domain users
 290 memberOf: CN=Users,CN=Builtin,${DOMAINDN}
 291 objectSid: ${DOMAINSID}-513
 292 sAMAccountName: Domain Users
 293 isCriticalSystemObject: TRUE
 294
 295 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
 296 objectClass: top
 297 objectClass: group
 298 cn: Domain Guests
 299 description: All domain guests
 300 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
 301 objectSid: ${DOMAINSID}-514
 302 sAMAccountName: Domain Guests
 303 isCriticalSystemObject: TRUE
 304
 305 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
 306 objectClass: top
 307 objectClass: group
 308 cn: Group Policy Creator Owners
 309 description: Members in this group can modify group policy for the domain
 310 member: CN=Administrator,CN=Users,${DOMAINDN}
 311 objectSid: ${DOMAINSID}-520
 312 sAMAccountName: Group Policy Creator Owners
 313 objectCategory: CN=Group,${SCHEMADN}
 314 isCriticalSystemObject: TRUE
 315
 316 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
 317 objectClass: top
 318 objectClass: group
 319 cn: RAS and IAS Servers
 320 description: Servers in this group can access remote access properties of users
 321 instanceType: 4
 322 objectSid: ${DOMAINSID}-553
 323 sAMAccountName: RAS and IAS Servers
 324 sAMAccountType: 536870912
 325 groupType: 2147483652
 326 objectCategory: CN=Group,${SCHEMADN}
 327 isCriticalSystemObject: TRUE
 328
 329 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
 330 objectClass: top
 331 objectClass: group
 332 cn: Server Operators
 333 description: Members can administer domain servers
 334 instanceType: 4
 335 objectSid: S-1-5-32-549
 336 adminCount: 1
 337 sAMAccountName: Server Operators
 338 sAMAccountType: 536870912
 339 systemFlags: 2348810240
 340 groupType: 2147483653
 341 objectCategory: CN=Group,${SCHEMADN}
 342 isCriticalSystemObject: TRUE
 343 privilege: SeBackupPrivilege
 344 privilege: SeSystemtimePrivilege
 345 privilege: SeRemoteShutdownPrivilege
 346 privilege: SeRestorePrivilege
 347 privilege: SeShutdownPrivilege
 348 privilege: SeInteractiveLogonRight
 349
 350 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
 351 objectClass: top
 352 objectClass: group
 353 cn: Account Operators
 354 description: Members can administer domain user and group accounts
 355 instanceType: 4
 356 objectSid: S-1-5-32-548
 357 adminCount: 1
 358 sAMAccountName: Account Operators
 359 sAMAccountType: 536870912
 360 systemFlags: 2348810240
 361 groupType: 2147483653
 362 objectCategory: CN=Group,${SCHEMADN}
 363 isCriticalSystemObject: TRUE
 364 privilege: SeInteractiveLogonRight
 365