1 dn: CN=Administrator,CN=Users,${DOMAINDN}
4 description: Built-in account for administering the computer/domain
5 memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
6 memberOf: CN=Domain Admins,CN=Users,${DOMAINDN}
7 memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN}
8 memberOf: CN=Schema Admins,CN=Users,${DOMAINDN}
9 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
10 userAccountControl: 66048
11 objectSid: ${DOMAINSID}-500
14 sAMAccountName: Administrator
15 isCriticalSystemObject: TRUE
16 sambaPassword: ${ADMINPASS}
18 dn: CN=Guest,CN=Users,${DOMAINDN}
21 description: Built-in account for guest access to the computer/domain
22 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
23 userAccountControl: 66082
25 objectSid: ${DOMAINSID}-501
27 isCriticalSystemObject: TRUE
29 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
33 description: Administrators have complete and unrestricted access to the computer/domain
34 member: CN=Domain Admins,CN=Users,${DOMAINDN}
35 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
36 member: CN=Administrator,CN=Users,${DOMAINDN}
37 objectSid: S-1-5-32-544
39 sAMAccountName: Administrators
40 sAMAccountType: 536870912
41 systemFlags: 2348810240
43 objectCategory: CN=Group,${SCHEMADN}
44 isCriticalSystemObject: TRUE
45 privilege: SeSecurityPrivilege
46 privilege: SeBackupPrivilege
47 privilege: SeRestorePrivilege
48 privilege: SeSystemtimePrivilege
49 privilege: SeShutdownPrivilege
50 privilege: SeRemoteShutdownPrivilege
51 privilege: SeTakeOwnershipPrivilege
52 privilege: SeDebugPrivilege
53 privilege: SeSystemEnvironmentPrivilege
54 privilege: SeSystemProfilePrivilege
55 privilege: SeProfileSingleProcessPrivilege
56 privilege: SeIncreaseBasePriorityPrivilege
57 privilege: SeLoadDriverPrivilege
58 privilege: SeCreatePagefilePrivilege
59 privilege: SeIncreaseQuotaPrivilege
60 privilege: SeChangeNotifyPrivilege
61 privilege: SeUndockPrivilege
62 privilege: SeManageVolumePrivilege
63 privilege: SeImpersonatePrivilege
64 privilege: SeCreateGlobalPrivilege
65 privilege: SeEnableDelegationPrivilege
66 privilege: SeInteractiveLogonRight
67 privilege: SeNetworkLogonRight
68 privilege: SeRemoteInteractiveLogonRight
70 dn: CN=Users,CN=Builtin,${DOMAINDN}
74 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
75 member: CN=Domain Users,CN=Users,${DOMAINDN}
76 objectSid: S-1-5-32-545
78 sAMAccountType: 536870912
79 systemFlags: 2348810240
81 objectCategory: CN=Group,${SCHEMADN}
82 isCriticalSystemObject: TRUE
84 dn: CN=Guests,CN=Builtin,${DOMAINDN}
88 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
89 member: CN=Domain Guests,CN=Users,${DOMAINDN}
90 member: CN=Guest,CN=Users,${DOMAINDN}
91 objectSid: S-1-5-32-546
92 sAMAccountName: Guests
93 sAMAccountType: 536870912
94 systemFlags: 2348810240
96 objectCategory: CN=Group,${SCHEMADN}
97 isCriticalSystemObject: TRUE
99 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
103 description: Members can administer domain printers
104 objectSid: S-1-5-32-550
106 sAMAccountName: Print Operators
107 sAMAccountType: 536870912
108 systemFlags: 2348810240
109 groupType: 2147483653
110 objectCategory: CN=Group,${SCHEMADN}
111 isCriticalSystemObject: TRUE
112 privilege: SeLoadDriverPrivilege
113 privilege: SeShutdownPrivilege
114 privilege: SeInteractiveLogonRight
116 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
120 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
121 objectSid: S-1-5-32-551
123 sAMAccountName: Backup Operators
124 sAMAccountType: 536870912
125 systemFlags: 2348810240
126 groupType: 2147483653
127 objectCategory: CN=Group,${SCHEMADN}
128 isCriticalSystemObject: TRUE
129 privilege: SeBackupPrivilege
130 privilege: SeRestorePrivilege
131 privilege: SeShutdownPrivilege
132 privilege: SeInteractiveLogonRight
134 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
138 description: Supports file replication in a domain
139 objectSid: S-1-5-32-552
141 sAMAccountName: Replicator
142 sAMAccountType: 536870912
143 systemFlags: 2348810240
144 groupType: 2147483653
145 objectCategory: CN=Group,${SCHEMADN}
146 isCriticalSystemObject: TRUE
148 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
151 cn: Remote Desktop Users
152 description: Members in this group are granted the right to logon remotely
153 objectSid: S-1-5-32-555
154 sAMAccountName: Remote Desktop Users
155 sAMAccountType: 536870912
156 systemFlags: 2348810240
157 groupType: 2147483653
158 objectCategory: CN=Group,${SCHEMADN}
159 isCriticalSystemObject: TRUE
161 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
164 cn: Network Configuration Operators
165 description: Members in this group can have some administrative privileges to manage configuration of networking features
166 objectSid: S-1-5-32-556
167 sAMAccountName: Network Configuration Operators
168 sAMAccountType: 536870912
169 systemFlags: 2348810240
170 groupType: 2147483653
171 objectCategory: CN=Group,${SCHEMADN}
172 isCriticalSystemObject: TRUE
174 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
177 cn: Performance Monitor Users
178 description: Members of this group have remote access to monitor this computer
179 objectSid: S-1-5-32-558
180 sAMAccountName: Performance Monitor Users
181 sAMAccountType: 536870912
182 systemFlags: 2348810240
183 groupType: 2147483653
184 objectCategory: CN=Group,${SCHEMADN}
185 isCriticalSystemObject: TRUE
187 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
190 cn: Performance Log Users
191 description: Members of this group have remote access to schedule logging of performance counters on this computer
192 objectSid: S-1-5-32-559
193 sAMAccountName: Performance Log Users
194 sAMAccountType: 536870912
195 systemFlags: 2348810240
196 groupType: 2147483653
197 objectCategory: CN=Group,${SCHEMADN}
198 isCriticalSystemObject: TRUE
200 dn: CN=krbtgt,CN=Users,${DOMAINDN}
203 objectClass: organizationalPerson
206 description: Key Distribution Center Service Account
207 showInAdvancedViewOnly: TRUE
208 userAccountControl: 514
209 objectSid: ${DOMAINSID}-502
211 accountExpires: 9223372036854775807
212 sAMAccountName: krbtgt
213 sAMAccountType: 805306368
214 servicePrincipalName: kadmin/changepw
215 isCriticalSystemObject: TRUE
216 sambaPassword: ${KRBTGTPASS}
218 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
222 description: All workstations and servers joined to the domain
223 objectSid: ${DOMAINSID}-515
224 sAMAccountName: Domain Computers
225 objectCategory: CN=Group,${SCHEMADN}
226 isCriticalSystemObject: TRUE
228 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
231 cn: Domain Controllers
232 description: All domain controllers in the domain
233 objectSid: ${DOMAINSID}-516
235 sAMAccountName: Domain Controllers
236 isCriticalSystemObject: TRUE
238 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
242 description: Designated administrators of the schema
243 member: CN=Administrator,CN=Users,${DOMAINDN}
244 objectSid: ${DOMAINSID}-518
246 sAMAccountName: Schema Admins
247 isCriticalSystemObject: TRUE
249 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
252 cn: Enterprise Admins
253 description: Designated administrators of the enterprise
254 member: CN=Administrator,CN=Users,${DOMAINDN}
255 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
256 objectSid: ${DOMAINSID}-519
258 sAMAccountName: Enterprise Admins
259 isCriticalSystemObject: TRUE
261 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
265 description: Members of this group are permitted to publish certificates to the Active Directory
266 groupType: 2147483652
267 sAMAccountType: 536870912
268 objectSid: ${DOMAINSID}-517
269 sAMAccountName: Cert Publishers
270 objectCategory: CN=Group,${SCHEMADN}
271 isCriticalSystemObject: TRUE
273 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
277 description: Designated administrators of the domain
278 member: CN=Administrator,CN=Users,${DOMAINDN}
279 memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
280 objectSid: ${DOMAINSID}-512
282 sAMAccountName: Domain Admins
283 isCriticalSystemObject: TRUE
285 dn: CN=Domain Users,CN=Users,${DOMAINDN}
289 description: All domain users
290 memberOf: CN=Users,CN=Builtin,${DOMAINDN}
291 objectSid: ${DOMAINSID}-513
292 sAMAccountName: Domain Users
293 isCriticalSystemObject: TRUE
295 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
299 description: All domain guests
300 memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
301 objectSid: ${DOMAINSID}-514
302 sAMAccountName: Domain Guests
303 isCriticalSystemObject: TRUE
305 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
308 cn: Group Policy Creator Owners
309 description: Members in this group can modify group policy for the domain
310 member: CN=Administrator,CN=Users,${DOMAINDN}
311 objectSid: ${DOMAINSID}-520
312 sAMAccountName: Group Policy Creator Owners
313 objectCategory: CN=Group,${SCHEMADN}
314 isCriticalSystemObject: TRUE
316 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
319 cn: RAS and IAS Servers
320 description: Servers in this group can access remote access properties of users
322 objectSid: ${DOMAINSID}-553
323 sAMAccountName: RAS and IAS Servers
324 sAMAccountType: 536870912
325 groupType: 2147483652
326 objectCategory: CN=Group,${SCHEMADN}
327 isCriticalSystemObject: TRUE
329 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
333 description: Members can administer domain servers
335 objectSid: S-1-5-32-549
337 sAMAccountName: Server Operators
338 sAMAccountType: 536870912
339 systemFlags: 2348810240
340 groupType: 2147483653
341 objectCategory: CN=Group,${SCHEMADN}
342 isCriticalSystemObject: TRUE
343 privilege: SeBackupPrivilege
344 privilege: SeSystemtimePrivilege
345 privilege: SeRemoteShutdownPrivilege
346 privilege: SeRestorePrivilege
347 privilege: SeShutdownPrivilege
348 privilege: SeInteractiveLogonRight
350 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
353 cn: Account Operators
354 description: Members can administer domain user and group accounts
356 objectSid: S-1-5-32-548
358 sAMAccountName: Account Operators
359 sAMAccountType: 536870912
360 systemFlags: 2348810240
361 groupType: 2147483653
362 objectCategory: CN=Group,${SCHEMADN}
363 isCriticalSystemObject: TRUE
364 privilege: SeInteractiveLogonRight