3 @IDXATTR: sAMAccountName
12 realm: CASE_INSENSITIVE
13 userPrincipalName: CASE_INSENSITIVE
14 servicePrincipalName: CASE_INSENSITIVE
17 name: CASE_INSENSITIVE WILDCARD
18 dn: CASE_INSENSITIVE WILDCARD
19 sAMAccountName: CASE_INSENSITIVE WILDCARD
20 objectClass: CASE_INSENSITIVE
26 createTimestamp: HIDDEN
27 modifyTimestamp: HIDDEN
35 person: organizationalPerson
36 organizationalPerson: user
38 template: userTemplate
39 template: groupTemplate
41 #Add modules to the list to activate them by default
42 #beware often order is important
44 @LIST: samldb,timestamps
46 ###############################
47 # Domain Naming Context
48 ###############################
52 objectClass: domainDNS
55 dnsDomain: ${DNSDOMAIN}
57 objectGUID: ${DOMAINGUID}
58 creationTime: ${NTTIME}
59 forceLogoff: 0x8000000000000000
60 lockoutDuration: -18000000000
61 lockOutObservationWindow: -18000000000
63 whenCreated: ${LDAPTIME}
64 whenChanged: ${LDAPTIME}
67 maxPwdAge: -37108517437440
70 modifiedCountAtLastProm: 0
74 objectSid: ${DOMAINSID}
77 msDS-Behavior-Version: 0
78 ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
81 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
82 isCriticalSystemObject: TRUE
83 subRefs: CN=Configuration,${BASEDN}
84 subRefs: CN=Schema,CN=Configuration,${BASEDN}
86 dn: CN=Users,${BASEDN}
88 objectClass: container
90 description: Default container for upgraded user accounts
92 whenCreated: ${LDAPTIME}
93 whenChanged: ${LDAPTIME}
96 showInAdvancedViewOnly: FALSE
98 objectGUID: ${NEWGUID}
99 systemFlags: 0x8c000000
100 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
101 isCriticalSystemObject: TRUE
103 dn: CN=Computers,${BASEDN}
105 objectClass: container
107 description: Default container for upgraded computer accounts
109 whenCreated: ${LDAPTIME}
110 whenChanged: ${LDAPTIME}
113 showInAdvancedViewOnly: FALSE
115 objectGUID: ${NEWGUID}
116 systemFlags: 0x8c000000
117 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
118 isCriticalSystemObject: TRUE
120 dn: OU=Domain Controllers,${BASEDN}
122 objectClass: organizationalUnit
123 ou: Domain Controllers
124 description: Default container for domain controllers
126 whenCreated: ${LDAPTIME}
127 whenChanged: ${LDAPTIME}
130 showInAdvancedViewOnly: FALSE
131 name: Domain Controllers
132 objectGUID: ${NEWGUID}
133 systemFlags: 0x8c000000
134 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
135 isCriticalSystemObject: TRUE
137 dn: CN=ForeignSecurityPrincipals,${BASEDN}
139 objectClass: container
140 cn: ForeignSecurityPrincipals
141 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
143 whenCreated: ${LDAPTIME}
144 whenChanged: ${LDAPTIME}
147 showInAdvancedViewOnly: FALSE
148 name: ForeignSecurityPrincipals
149 objectGUID: ${NEWGUID}
150 systemFlags: 0x8c000000
151 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
152 isCriticalSystemObject: TRUE
154 dn: CN=System,${BASEDN}
156 objectClass: container
158 description: Builtin system settings
160 whenCreated: ${LDAPTIME}
161 whenChanged: ${LDAPTIME}
164 showInAdvancedViewOnly: TRUE
166 objectGUID: ${NEWGUID}
167 systemFlags: 0x8c000000
168 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
169 isCriticalSystemObject: TRUE
171 dn: CN=RID Manager$,CN=System,${BASEDN}
173 objectclass: rIDManager
176 whenCreated: ${LDAPTIME}
177 whenChanged: ${LDAPTIME}
180 showInAdvancedViewOnly: TRUE
182 objectGUID: ${NEWGUID}
183 systemFlags: 0x8c000000
184 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
185 isCriticalSystemObject: TRUE
186 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
187 rIDAvailablePool: 4611686014132423217
189 dn: CN=DomainUpdates,CN=System,${BASEDN}
191 objectClass: container
194 whenCreated: ${LDAPTIME}
195 whenChanged: ${LDAPTIME}
198 showInAdvancedViewOnly: TRUE
200 objectGUID: ${NEWGUID}
201 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
203 dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN}
205 objectClass: container
206 cn: Windows2003Update
208 whenCreated: ${LDAPTIME}
209 whenChanged: ${LDAPTIME}
212 showInAdvancedViewOnly: TRUE
213 name: Windows2003Update
214 objectGUID: ${NEWGUID}
215 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
218 dn: CN=Infrastructure,${BASEDN}
220 objectclass: infrastructureUpdate
223 whenCreated: ${LDAPTIME}
224 whenChanged: ${LDAPTIME}
227 showInAdvancedViewOnly: TRUE
229 objectGUID: ${NEWGUID}
230 systemFlags: 0x8c000000
231 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
232 isCriticalSystemObject: TRUE
233 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
235 dn: CN=Builtin,${BASEDN}
237 objectClass: builtinDomain
240 showInAdvancedViewOnly: FALSE
242 forceLogoff: 0x8000000000000000
243 lockoutDuration: -18000000000
244 lockOutObservationWindow: -18000000000
246 maxPwdAge: -37108517437440
249 modifiedCountAtLastProm: 0
257 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
258 isCriticalSystemObject: TRUE
260 dn: CN=Administrator,CN=Users,${BASEDN}
263 objectClass: organizationalPerson
266 description: Built-in account for administering the computer/domain
268 whenCreated: ${LDAPTIME}
269 whenChanged: ${LDAPTIME}
271 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
272 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
273 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
274 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
275 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
278 objectGUID: ${NEWGUID}
279 userAccountControl: 0x10200
288 objectSid: ${DOMAINSID}-500
292 sAMAccountName: Administrator
293 sAMAccountType: 0x30000000
294 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
295 isCriticalSystemObject: TRUE
296 unicodePwd: ${ADMINPASS}
299 dn: CN=Guest,CN=Users,${BASEDN}
302 objectClass: organizationalPerson
305 description: Built-in account for guest access to the computer/domain
307 whenCreated: ${LDAPTIME}
308 whenChanged: ${LDAPTIME}
310 memberOf: CN=Guests,CN=Builtin,${BASEDN}
313 objectGUID: ${NEWGUID}
314 userAccountControl: 0x10222
323 objectSid: ${DOMAINSID}-501
326 sAMAccountName: Guest
327 sAMAccountType: 0x30000000
328 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
329 isCriticalSystemObject: TRUE
331 dn: CN=Administrators,CN=Builtin,${BASEDN}
335 description: Administrators have complete and unrestricted access to the computer/domain
336 member: CN=Domain Admins,CN=Users,${BASEDN}
337 member: CN=Enterprise Admins,CN=Users,${BASEDN}
338 member: CN=Administrator,CN=Users,${BASEDN}
340 whenCreated: ${LDAPTIME}
341 whenChanged: ${LDAPTIME}
345 objectGUID: ${NEWGUID}
346 objectSid: S-1-5-32-544
348 sAMAccountName: Administrators
349 sAMAccountType: 0x20000000
350 systemFlags: 0x8c000000
351 groupType: 0x80000005
352 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
353 isCriticalSystemObject: TRUE
355 privilege: SeSecurityPrivilege
356 privilege: SeBackupPrivilege
357 privilege: SeRestorePrivilege
358 privilege: SeSystemtimePrivilege
359 privilege: SeShutdownPrivilege
360 privilege: SeRemoteShutdownPrivilege
361 privilege: SeTakeOwnershipPrivilege
362 privilege: SeDebugPrivilege
363 privilege: SeSystemEnvironmentPrivilege
364 privilege: SeSystemProfilePrivilege
365 privilege: SeProfileSingleProcessPrivilege
366 privilege: SeIncreaseBasePriorityPrivilege
367 privilege: SeLoadDriverPrivilege
368 privilege: SeCreatePagefilePrivilege
369 privilege: SeIncreaseQuotaPrivilege
370 privilege: SeChangeNotifyPrivilege
371 privilege: SeUndockPrivilege
372 privilege: SeManageVolumePrivilege
373 privilege: SeImpersonatePrivilege
374 privilege: SeCreateGlobalPrivilege
375 privilege: SeEnableDelegationPrivilege
376 privilege: SeInteractiveLogonRight
377 privilege: SeNetworkLogonRight
378 privilege: SeRemoteInteractiveLogonRight
381 dn: CN=Users,CN=Builtin,${BASEDN}
385 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
386 member: CN=Domain Users,CN=Users,${BASEDN}
388 whenCreated: ${LDAPTIME}
389 whenChanged: ${LDAPTIME}
393 objectGUID: ${NEWGUID}
394 objectSid: S-1-5-32-545
395 sAMAccountName: Users
396 sAMAccountType: 0x20000000
397 systemFlags: 0x8c000000
398 groupType: 0x80000005
399 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
400 isCriticalSystemObject: TRUE
402 dn: CN=Guests,CN=Builtin,${BASEDN}
406 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
407 member: CN=Domain Guests,CN=Users,${BASEDN}
408 member: CN=Guest,CN=Users,${BASEDN}
410 whenCreated: ${LDAPTIME}
411 whenChanged: ${LDAPTIME}
415 objectGUID: ${NEWGUID}
416 objectSid: S-1-5-32-546
417 sAMAccountName: Guests
418 sAMAccountType: 0x20000000
419 systemFlags: 0x8c000000
420 groupType: 0x80000005
421 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
422 isCriticalSystemObject: TRUE
425 dn: CN=Print Operators,CN=Builtin,${BASEDN}
429 description: Members can administer domain printers
431 whenCreated: ${LDAPTIME}
432 whenChanged: ${LDAPTIME}
435 name: Print Operators
436 objectGUID: ${NEWGUID}
437 objectSid: S-1-5-32-550
439 sAMAccountName: Print Operators
440 sAMAccountType: 0x20000000
441 systemFlags: 0x8c000000
442 groupType: 0x80000005
443 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
444 isCriticalSystemObject: TRUE
445 privilege: SeLoadDriverPrivilege
446 privilege: SeShutdownPrivilege
447 privilege: SeInteractiveLogonRight
449 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
453 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
455 whenCreated: ${LDAPTIME}
456 whenChanged: ${LDAPTIME}
459 name: Backup Operators
460 objectGUID: ${NEWGUID}
461 objectSid: S-1-5-32-551
463 sAMAccountName: Backup Operators
464 sAMAccountType: 0x20000000
465 systemFlags: 0x8c000000
466 groupType: 0x80000005
467 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
468 isCriticalSystemObject: TRUE
469 privilege: SeBackupPrivilege
470 privilege: SeRestorePrivilege
471 privilege: SeShutdownPrivilege
472 privilege: SeInteractiveLogonRight
474 dn: CN=Replicator,CN=Builtin,${BASEDN}
478 description: Supports file replication in a domain
480 whenCreated: ${LDAPTIME}
481 whenChanged: ${LDAPTIME}
485 objectGUID: ${NEWGUID}
486 objectSid: S-1-5-32-552
488 sAMAccountName: Replicator
489 sAMAccountType: 0x20000000
490 systemFlags: 0x8c000000
491 groupType: 0x80000005
492 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
493 isCriticalSystemObject: TRUE
495 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
498 cn: Remote Desktop Users
499 description: Members in this group are granted the right to logon remotely
501 whenCreated: ${LDAPTIME}
502 whenChanged: ${LDAPTIME}
505 name: Remote Desktop Users
506 objectGUID: ${NEWGUID}
507 objectSid: S-1-5-32-555
508 sAMAccountName: Remote Desktop Users
509 sAMAccountType: 0x20000000
510 systemFlags: 0x8c000000
511 groupType: 0x80000005
512 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
513 isCriticalSystemObject: TRUE
515 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
518 cn: Network Configuration Operators
519 description: Members in this group can have some administrative privileges to manage configuration of networking features
521 whenCreated: ${LDAPTIME}
522 whenChanged: ${LDAPTIME}
525 name: Network Configuration Operators
526 objectGUID: ${NEWGUID}
527 objectSid: S-1-5-32-556
528 sAMAccountName: Network Configuration Operators
529 sAMAccountType: 0x20000000
530 systemFlags: 0x8c000000
531 groupType: 0x80000005
532 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
533 isCriticalSystemObject: TRUE
535 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
538 cn: Performance Monitor Users
539 description: Members of this group have remote access to monitor this computer
541 whenCreated: ${LDAPTIME}
542 whenChanged: ${LDAPTIME}
545 name: Performance Monitor Users
546 objectGUID: ${NEWGUID}
547 objectSid: S-1-5-32-558
548 sAMAccountName: Performance Monitor Users
549 sAMAccountType: 0x20000000
550 systemFlags: 0x8c000000
551 groupType: 0x80000005
552 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
553 isCriticalSystemObject: TRUE
555 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
558 cn: Performance Log Users
559 description: Members of this group have remote access to schedule logging of performance counters on this computer
561 whenCreated: ${LDAPTIME}
562 whenChanged: ${LDAPTIME}
565 name: Performance Log Users
566 objectGUID: ${NEWGUID}
567 objectSid: S-1-5-32-559
568 sAMAccountName: Performance Log Users
569 sAMAccountType: 0x20000000
570 systemFlags: 0x8c000000
571 groupType: 0x80000005
572 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
573 isCriticalSystemObject: TRUE
575 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
578 objectClass: organizationalPerson
580 objectClass: computer
583 whenCreated: ${LDAPTIME}
584 whenChanged: ${LDAPTIME}
588 objectGUID: ${HOSTGUID}
589 userAccountControl: 532480
595 lastLogon: 127273269057298624
597 pwdLastSet: 127258826171655328
599 objectSid: ${DOMAINSID}-1000
600 accountExpires: 9223372036854775807
602 sAMAccountName: ${NETBIOSNAME}$
603 sAMAccountType: 805306369
604 operatingSystem: Samba
605 operatingSystemVersion: 4.0
606 dNSHostName: ${DNSNAME}
607 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
608 isCriticalSystemObject: TRUE
609 unicodePwd: ${JOINPASS}
610 servicePrincipalName: HOST/${DNSNAME}
611 servicePrincipalName: HOST/${NETBIOSNAME}
612 servicePrincipalName: CIFS/${DNSNAME}
613 servicePrincipalName: CIFS/${NETBIOSNAME}
614 servicePrincipalName: LDAP/${DNSNAME}
615 servicePrincipalName: LDAP/${NETBIOSNAME}
617 dn: CN=krbtgt,CN=Users,${BASEDN}
620 objectClass: organizationalPerson
623 description: Key Distribution Center Service Account
625 whenCreated: ${LDAPTIME}
626 whenChanged: ${LDAPTIME}
629 showInAdvancedViewOnly: TRUE
631 objectGUID: ${NEWGUID}
632 userAccountControl: 514
639 pwdLastSet: 127258826179466560
641 objectSid: ${DOMAINSID}-502
643 accountExpires: 9223372036854775807
645 sAMAccountName: krbtgt
646 sAMAccountType: 805306368
647 servicePrincipalName: kadmin/changepw
648 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
649 isCriticalSystemObject: TRUE
650 unicodePwd: ${RANDPASS}
652 dn: CN=Domain Computers,CN=Users,${BASEDN}
656 description: All workstations and servers joined to the domain
658 whenCreated: ${LDAPTIME}
659 whenChanged: ${LDAPTIME}
662 name: Domain Computers
663 objectGUID: ${NEWGUID}
664 objectSid: ${DOMAINSID}-515
665 sAMAccountName: Domain Computers
666 sAMAccountType: 0x10000000
667 groupType: 0x80000002
668 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
669 isCriticalSystemObject: TRUE
671 dn: CN=Domain Controllers,CN=Users,${BASEDN}
674 cn: Domain Controllers
675 description: All domain controllers in the domain
677 whenCreated: ${LDAPTIME}
678 whenChanged: ${LDAPTIME}
681 name: Domain Controllers
682 objectGUID: ${NEWGUID}
683 objectSid: ${DOMAINSID}-516
685 sAMAccountName: Domain Controllers
686 sAMAccountType: 0x10000000
687 groupType: 0x80000002
688 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
689 isCriticalSystemObject: TRUE
691 dn: CN=Schema Admins,CN=Users,${BASEDN}
695 description: Designated administrators of the schema
696 member: CN=Administrator,CN=Users,${BASEDN}
698 whenCreated: ${LDAPTIME}
699 whenChanged: ${LDAPTIME}
703 objectGUID: ${NEWGUID}
704 objectSid: ${DOMAINSID}-518
706 sAMAccountName: Schema Admins
707 sAMAccountType: 0x10000000
708 groupType: 0x80000002
709 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
710 isCriticalSystemObject: TRUE
713 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
716 cn: Enterprise Admins
717 description: Designated administrators of the enterprise
718 member: CN=Administrator,CN=Users,${BASEDN}
720 whenCreated: ${LDAPTIME}
721 whenChanged: ${LDAPTIME}
723 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
725 name: Enterprise Admins
726 objectGUID: ${NEWGUID}
727 objectSid: ${DOMAINSID}-519
729 sAMAccountName: Enterprise Admins
730 sAMAccountType: 0x10000000
731 groupType: 0x80000002
732 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
733 isCriticalSystemObject: TRUE
736 dn: CN=Cert Publishers,CN=Users,${BASEDN}
740 description: Members of this group are permitted to publish certificates to the Active Directory
742 whenCreated: ${LDAPTIME}
743 whenChanged: ${LDAPTIME}
746 name: Cert Publishers
747 objectGUID: ${NEWGUID}
748 objectSid: ${DOMAINSID}-517
749 sAMAccountName: Cert Publishers
750 sAMAccountType: 0x20000000
751 groupType: 0x80000004
752 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
753 isCriticalSystemObject: TRUE
755 dn: CN=Domain Admins,CN=Users,${BASEDN}
759 description: Designated administrators of the domain
760 member: CN=Administrator,CN=Users,${BASEDN}
762 whenCreated: ${LDAPTIME}
763 whenChanged: ${LDAPTIME}
765 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
768 objectGUID: ${NEWGUID}
769 objectSid: ${DOMAINSID}-512
771 sAMAccountName: Domain Admins
772 sAMAccountType: 0x10000000
773 groupType: 0x80000002
774 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
775 isCriticalSystemObject: TRUE
778 dn: CN=Domain Users,CN=Users,${BASEDN}
782 description: All domain users
784 whenCreated: ${LDAPTIME}
785 whenChanged: ${LDAPTIME}
787 memberOf: CN=Users,CN=Builtin,${BASEDN}
790 objectGUID: ${NEWGUID}
791 objectSid: ${DOMAINSID}-513
792 sAMAccountName: Domain Users
793 sAMAccountType: 0x10000000
794 groupType: 0x80000002
795 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
796 isCriticalSystemObject: TRUE
799 dn: CN=Domain Guests,CN=Users,${BASEDN}
803 description: All domain guests
805 whenCreated: ${LDAPTIME}
806 whenChanged: ${LDAPTIME}
808 memberOf: CN=Guests,CN=Builtin,${BASEDN}
811 objectGUID: ${NEWGUID}
812 objectSid: ${DOMAINSID}-514
813 sAMAccountName: Domain Guests
814 sAMAccountType: 0x10000000
815 groupType: 0x80000002
816 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
817 isCriticalSystemObject: TRUE
819 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
822 cn: Group Policy Creator Owners
823 description: Members in this group can modify group policy for the domain
824 member: CN=Administrator,CN=Users,${BASEDN}
826 whenCreated: ${LDAPTIME}
827 whenChanged: ${LDAPTIME}
830 name: Group Policy Creator Owners
831 objectGUID: ${NEWGUID}
832 objectSid: ${DOMAINSID}-520
833 sAMAccountName: Group Policy Creator Owners
834 sAMAccountType: 0x10000000
835 groupType: 0x80000002
836 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
837 isCriticalSystemObject: TRUE
840 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
843 cn: RAS and IAS Servers
844 description: Servers in this group can access remote access properties of users
846 whenCreated: ${LDAPTIME}
847 whenChanged: ${LDAPTIME}
850 name: RAS and IAS Servers
851 objectGUID: ${NEWGUID}
852 objectSid: ${DOMAINSID}-553
853 sAMAccountName: RAS and IAS Servers
854 sAMAccountType: 0x20000000
855 groupType: 0x80000004
856 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
857 isCriticalSystemObject: TRUE
859 dn: CN=Server Operators,CN=Builtin,${BASEDN}
863 description: Members can administer domain servers
865 whenCreated: ${LDAPTIME}
866 whenChanged: ${LDAPTIME}
869 name: Server Operators
870 objectGUID: ${NEWGUID}
871 objectSid: S-1-5-32-549
873 sAMAccountName: Server Operators
874 sAMAccountType: 0x20000000
875 systemFlags: 0x8c000000
876 groupType: 0x80000005
877 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
878 isCriticalSystemObject: TRUE
879 privilege: SeBackupPrivilege
880 privilege: SeSystemtimePrivilege
881 privilege: SeRemoteShutdownPrivilege
882 privilege: SeRestorePrivilege
883 privilege: SeShutdownPrivilege
884 privilege: SeInteractiveLogonRight
886 dn: CN=Account Operators,CN=Builtin,${BASEDN}
889 cn: Account Operators
890 description: Members can administer domain user and group accounts
892 whenCreated: ${LDAPTIME}
893 whenChanged: ${LDAPTIME}
896 name: Account Operators
897 objectGUID: ${NEWGUID}
898 objectSid: S-1-5-32-548
900 sAMAccountName: Account Operators
901 sAMAccountType: 0x20000000
902 systemFlags: 0x8c000000
903 groupType: 0x80000005
904 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
905 isCriticalSystemObject: TRUE
906 privilege: SeInteractiveLogonRight
908 dn: CN=Templates,${BASEDN}
910 objectClass: container
912 description: Container for SAM account templates
914 whenCreated: ${LDAPTIME}
915 whenChanged: ${LDAPTIME}
918 showInAdvancedViewOnly: TRUE
920 objectGUID: ${NEWGUID}
921 systemFlags: 0x8c000000
922 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
923 isCriticalSystemObject: TRUE
926 # note! the template users must not match normal searches. Be careful
927 # with what classes you put them in
930 dn: CN=TemplateUser,CN=Templates,${BASEDN}
933 objectClass: organizationalPerson
934 objectClass: Template
935 objectClass: userTemplate
939 userAccountControl: 0x202
950 sAMAccountType: 0x30000000
952 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
954 objectClass: Template
955 objectClass: userTemplate
956 cn: TemplateMemberServer
957 name: TemplateMemberServer
959 userAccountControl: 0x1002
970 sAMAccountType: 0x30000001
972 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
974 objectClass: Template
975 objectClass: userTemplate
976 cn: TemplateDomainController
977 name: TemplateDomainController
979 userAccountControl: 0x2002
990 sAMAccountType: 0x30000001
992 dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
994 objectClass: Template
995 objectClass: userTemplate
996 cn: TemplateTrustingDomain
997 name: TemplateTrustingDomain
999 userAccountControl: 0x820
1010 sAMAccountType: 0x30000002
1012 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
1014 objectClass: Template
1015 objectClass: groupTemplate
1019 groupType: 0x80000002
1020 sAMAccountType: 0x10000000
1022 dn: CN=TemplateAlias,CN=Templates,${BASEDN}
1024 objectClass: Template
1025 objectClass: aliasTemplate
1029 groupType: 0x80000004
1030 sAMAccountType: 0x10000000
1032 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
1034 objectClass: Template
1035 objectClass: foreignSecurityPrincipalTemplate
1036 cn: TemplateForeignSecurityPrincipal
1037 name: TemplateForeignSecurityPrincipal
1039 dn: CN=TemplateSecret,CN=Templates,${BASEDN}
1042 objectClass: Template
1043 objectClass: secretTemplate
1045 name: TemplateSecret
1048 dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
1051 objectClass: Template
1052 objectClass: trustedDomainTemplate
1053 cn: TemplateTrustedDomain
1054 name: TemplateTrustedDomain
1057 ###############################
1058 # Configuration Naming Context
1059 ###############################
1060 dn: CN=Configuration,${BASEDN}
1062 objectClass: configuration
1065 whenCreated: ${LDAPTIME}
1066 whenChanged: ${LDAPTIME}
1069 showInAdvancedViewOnly: TRUE
1071 objectGUID: ${NEWGUID}
1072 objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
1073 subRefs: CN=Schema,CN=Configuration,${BASEDN}
1074 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1075 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1077 dn: CN=Partitions,CN=Configuration,${BASEDN}
1079 objectClass: crossRefContainer
1082 whenCreated: ${LDAPTIME}
1083 whenChanged: ${LDAPTIME}
1086 showInAdvancedViewOnly: TRUE
1088 objectGUID: ${NEWGUID}
1089 systemFlags: 0x80000000
1090 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
1091 msDS-Behavior-Version: 0
1092 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1094 dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN}
1096 objectClass: crossRef
1097 cn: Enterprise Configuration
1099 whenCreated: ${LDAPTIME}
1100 whenChanged: ${LDAPTIME}
1103 showInAdvancedViewOnly: TRUE
1104 name: Enterprise Configuration
1105 objectGUID: ${NEWGUID}
1106 systemFlags: 0x00000001
1107 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1108 nCName: CN=Configuration,${BASEDN}
1109 dnsRoot: ${DNSDOMAIN}
1111 dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN}
1113 objectClass: crossRef
1114 cn: Enterprise Schema
1116 whenCreated: ${LDAPTIME}
1117 whenChanged: ${LDAPTIME}
1120 showInAdvancedViewOnly: TRUE
1121 name: Enterprise Schema
1122 objectGUID: ${NEWGUID}
1123 systemFlags: 0x00000001
1124 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1125 nCName: CN=Schema,CN=Configuration,${BASEDN}
1126 dnsRoot: ${DNSDOMAIN}
1128 dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN}
1130 objectClass: crossRef
1133 whenCreated: ${LDAPTIME}
1134 whenChanged: ${LDAPTIME}
1137 showInAdvancedViewOnly: TRUE
1139 objectGUID: ${NEWGUID}
1140 systemFlags: 0x00000003
1141 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1143 nETBIOSName: ${DOMAIN}
1144 dnsRoot: ${DNSDOMAIN}
1146 dn: CN=Sites,CN=Configuration,${BASEDN}
1148 objectClass: sitesContainer
1151 whenCreated: ${LDAPTIME}
1152 whenChanged: ${LDAPTIME}
1155 showInAdvancedViewOnly: TRUE
1157 objectGUID: ${NEWGUID}
1158 systemFlags: 0x82000000
1159 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
1161 dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1166 whenCreated: ${LDAPTIME}
1167 whenChanged: ${LDAPTIME}
1170 showInAdvancedViewOnly: TRUE
1172 objectGUID: ${NEWGUID}
1173 systemFlags: 0x82000000
1174 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
1176 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1178 objectClass: serversContainer
1181 whenCreated: ${LDAPTIME}
1182 whenChanged: ${LDAPTIME}
1185 showInAdvancedViewOnly: TRUE
1187 objectGUID: ${NEWGUID}
1188 systemFlags: 0x82000000
1189 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
1191 dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1196 whenCreated: ${LDAPTIME}
1197 whenChanged: ${LDAPTIME}
1200 showInAdvancedViewOnly: TRUE
1201 name: ${NETBIOSNAME}
1202 objectGUID: ${NEWGUID}
1203 systemFlags: 0x52000000
1204 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
1205 dNSHostName: ${DNSNAME}
1206 serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
1208 dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1210 objectClass: applicationSettings
1211 objectClass: nTDSDSA
1214 whenCreated: ${LDAPTIME}
1215 whenChanged: ${LDAPTIME}
1218 showInAdvancedViewOnly: TRUE
1220 systemFlags: 0x02000000
1221 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
1222 dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
1223 objectGUID: ${INVOCATIONID}
1224 invocationId: ${INVOCATIONID}
1225 msDS-Behavior-Version: 2
1227 ###############################
1228 # Schema Naming Context
1229 ###############################
1230 dn: CN=Schema,CN=Configuration,${BASEDN}
1235 whenCreated: ${LDAPTIME}
1236 whenChanged: ${LDAPTIME}
1239 showInAdvancedViewOnly: TRUE
1241 objectGUID: ${NEWGUID}
1242 objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
1243 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1244 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1245 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}