1 dn: CN=Administrator,CN=Users,${DOMAINDN}
4 description: Built-in account for administering the computer/domain
5 userAccountControl: 66048
6 objectSid: ${DOMAINSID}-500
8 accountExpires: 9223372036854775807
9 sAMAccountName: Administrator
10 isCriticalSystemObject: TRUE
11 userPassword:: ${ADMINPASS_B64}
13 dn: CN=Guest,CN=Users,${DOMAINDN}
16 description: Built-in account for guest access to the computer/domain
17 userAccountControl: 66082
19 objectSid: ${DOMAINSID}-501
21 isCriticalSystemObject: TRUE
23 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
27 description: Designated administrators of the enterprise
28 member: CN=Administrator,CN=Users,${DOMAINDN}
29 objectSid: ${DOMAINSID}-519
31 sAMAccountName: Enterprise Admins
32 isCriticalSystemObject: TRUE
34 dn: CN=krbtgt,CN=Users,${DOMAINDN}
37 objectClass: organizationalPerson
40 description: Key Distribution Center Service Account
41 showInAdvancedViewOnly: TRUE
42 userAccountControl: 514
43 objectSid: ${DOMAINSID}-502
45 accountExpires: 9223372036854775807
46 sAMAccountName: krbtgt
47 servicePrincipalName: kadmin/changepw
48 isCriticalSystemObject: TRUE
49 userPassword:: ${KRBTGTPASS_B64}
51 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
55 description: All workstations and servers joined to the domain
56 objectSid: ${DOMAINSID}-515
57 sAMAccountName: Domain Computers
58 isCriticalSystemObject: TRUE
60 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
63 cn: Domain Controllers
64 description: All domain controllers in the domain
65 objectSid: ${DOMAINSID}-516
67 sAMAccountName: Domain Controllers
68 isCriticalSystemObject: TRUE
70 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
74 description: Designated administrators of the schema
75 member: CN=Administrator,CN=Users,${DOMAINDN}
76 objectSid: ${DOMAINSID}-518
78 sAMAccountName: Schema Admins
79 isCriticalSystemObject: TRUE
81 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
85 description: Members of this group are permitted to publish certificates to the Active Directory
86 groupType: -2147483644
87 objectSid: ${DOMAINSID}-517
88 sAMAccountName: Cert Publishers
89 isCriticalSystemObject: TRUE
91 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
95 description: Designated administrators of the domain
96 member: CN=Administrator,CN=Users,${DOMAINDN}
97 objectSid: ${DOMAINSID}-512
99 sAMAccountName: Domain Admins
100 isCriticalSystemObject: TRUE
102 dn: CN=Domain Users,CN=Users,${DOMAINDN}
106 description: All domain users
107 objectSid: ${DOMAINSID}-513
108 sAMAccountName: Domain Users
109 isCriticalSystemObject: TRUE
111 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
115 description: All domain guests
116 objectSid: ${DOMAINSID}-514
117 sAMAccountName: Domain Guests
118 isCriticalSystemObject: TRUE
120 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
123 cn: Group Policy Creator Owners
124 description: Members in this group can modify group policy for the domain
125 member: CN=Administrator,CN=Users,${DOMAINDN}
126 objectSid: ${DOMAINSID}-520
127 sAMAccountName: Group Policy Creator Owners
128 isCriticalSystemObject: TRUE
130 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
133 cn: RAS and IAS Servers
134 description: Servers in this group can access remote access properties of users
135 objectSid: ${DOMAINSID}-553
136 sAMAccountName: RAS and IAS Servers
137 groupType: -2147483644
138 isCriticalSystemObject: TRUE
140 dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
143 cn: Read-Only Domain Controllers
144 description: read-only domain controllers
145 objectSid: ${DOMAINSID}-521
146 sAMAccountName: Read-Only Domain Controllers
147 groupType: -2147483644
148 isCriticalSystemObject: TRUE
150 dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
153 cn: Enterprise Read-Only Domain Controllers
154 description: enterprise read-only domain controllers
155 objectSid: ${DOMAINSID}-498
156 sAMAccountName: Enterprise Read-Only Domain Controllers
157 groupType: -2147483644
158 isCriticalSystemObject: TRUE
160 dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
163 cn: Certificate Service DCOM Access
164 description: Certificate Service DCOM Access
165 objectSid: ${DOMAINSID}-574
166 sAMAccountName: Certificate Service DCOM Access
167 groupType: -2147483644
168 isCriticalSystemObject: TRUE
170 dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
173 cn: Cryptographic Operators
174 description: Cryptographic Operators
175 objectSid: ${DOMAINSID}-569
176 sAMAccountName: Cryptographic Operators
177 groupType: -2147483644
178 isCriticalSystemObject: TRUE
180 dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
183 cn: Event Log Readers
184 description: Event Log Readers
185 objectSid: ${DOMAINSID}-573
186 sAMAccountName: Event Log Readers
187 groupType: -2147483644
188 isCriticalSystemObject: TRUE
190 dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
194 description: IIS_IUSRS
195 objectSid: ${DOMAINSID}-568
196 sAMAccountName: IIS_IUSRS
197 groupType: -2147483644
198 isCriticalSystemObject: TRUE
200 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
204 description: Administrators have complete and unrestricted access to the computer/domain
205 member: CN=Domain Admins,CN=Users,${DOMAINDN}
206 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
207 member: CN=Administrator,CN=Users,${DOMAINDN}
208 objectSid: S-1-5-32-544
210 sAMAccountName: Administrators
211 systemFlags: 2348810240
212 groupType: -2147483643
213 isCriticalSystemObject: TRUE
214 privilege: SeSecurityPrivilege
215 privilege: SeBackupPrivilege
216 privilege: SeRestorePrivilege
217 privilege: SeSystemtimePrivilege
218 privilege: SeShutdownPrivilege
219 privilege: SeRemoteShutdownPrivilege
220 privilege: SeTakeOwnershipPrivilege
221 privilege: SeDebugPrivilege
222 privilege: SeSystemEnvironmentPrivilege
223 privilege: SeSystemProfilePrivilege
224 privilege: SeProfileSingleProcessPrivilege
225 privilege: SeIncreaseBasePriorityPrivilege
226 privilege: SeLoadDriverPrivilege
227 privilege: SeCreatePagefilePrivilege
228 privilege: SeIncreaseQuotaPrivilege
229 privilege: SeChangeNotifyPrivilege
230 privilege: SeUndockPrivilege
231 privilege: SeManageVolumePrivilege
232 privilege: SeImpersonatePrivilege
233 privilege: SeCreateGlobalPrivilege
234 privilege: SeEnableDelegationPrivilege
235 privilege: SeInteractiveLogonRight
236 privilege: SeNetworkLogonRight
237 privilege: SeRemoteInteractiveLogonRight
239 dn: CN=Users,CN=Builtin,${DOMAINDN}
243 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
244 member: CN=Domain Users,CN=Users,${DOMAINDN}
245 objectSid: S-1-5-32-545
246 sAMAccountName: Users
247 systemFlags: 2348810240
248 groupType: -2147483643
249 isCriticalSystemObject: TRUE
251 dn: CN=Guests,CN=Builtin,${DOMAINDN}
255 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
256 member: CN=Domain Guests,CN=Users,${DOMAINDN}
257 member: CN=Guest,CN=Users,${DOMAINDN}
258 objectSid: S-1-5-32-546
259 sAMAccountName: Guests
260 systemFlags: 2348810240
261 groupType: -2147483643
262 isCriticalSystemObject: TRUE
264 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
268 description: Members can administer domain printers
269 objectSid: S-1-5-32-550
271 sAMAccountName: Print Operators
272 systemFlags: 2348810240
273 groupType: -2147483643
274 isCriticalSystemObject: TRUE
275 privilege: SeLoadDriverPrivilege
276 privilege: SeShutdownPrivilege
277 privilege: SeInteractiveLogonRight
279 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
283 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
284 objectSid: S-1-5-32-551
286 sAMAccountName: Backup Operators
287 systemFlags: 2348810240
288 groupType: -2147483643
289 isCriticalSystemObject: TRUE
290 privilege: SeBackupPrivilege
291 privilege: SeRestorePrivilege
292 privilege: SeShutdownPrivilege
293 privilege: SeInteractiveLogonRight
295 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
299 description: Supports file replication in a domain
300 objectSid: S-1-5-32-552
302 sAMAccountName: Replicator
303 systemFlags: 2348810240
304 groupType: -2147483643
305 isCriticalSystemObject: TRUE
307 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
310 cn: Remote Desktop Users
311 description: Members in this group are granted the right to logon remotely
312 objectSid: S-1-5-32-555
313 sAMAccountName: Remote Desktop Users
314 systemFlags: 2348810240
315 groupType: -2147483643
316 isCriticalSystemObject: TRUE
318 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
321 cn: Network Configuration Operators
322 description: Members in this group can have some administrative privileges to manage configuration of networking features
323 objectSid: S-1-5-32-556
324 sAMAccountName: Network Configuration Operators
325 systemFlags: 2348810240
326 groupType: -2147483643
327 isCriticalSystemObject: TRUE
329 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
332 cn: Performance Monitor Users
333 description: Members of this group have remote access to monitor this computer
334 objectSid: S-1-5-32-558
335 sAMAccountName: Performance Monitor Users
336 systemFlags: 2348810240
337 groupType: -2147483643
338 isCriticalSystemObject: TRUE
340 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
343 cn: Performance Log Users
344 description: Members of this group have remote access to schedule logging of performance counters on this computer
345 objectSid: S-1-5-32-559
346 sAMAccountName: Performance Log Users
347 systemFlags: 2348810240
348 groupType: -2147483643
349 isCriticalSystemObject: TRUE
351 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
355 description: Members can administer domain servers
356 objectSid: S-1-5-32-549
358 sAMAccountName: Server Operators
359 systemFlags: 2348810240
360 groupType: -2147483643
361 isCriticalSystemObject: TRUE
362 privilege: SeBackupPrivilege
363 privilege: SeSystemtimePrivilege
364 privilege: SeRemoteShutdownPrivilege
365 privilege: SeRestorePrivilege
366 privilege: SeShutdownPrivilege
367 privilege: SeInteractiveLogonRight
369 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
372 cn: Account Operators
373 description: Members can administer domain user and group accounts
374 objectSid: S-1-5-32-548
376 sAMAccountName: Account Operators
377 systemFlags: 2348810240
378 groupType: -2147483643
379 isCriticalSystemObject: TRUE
380 privilege: SeInteractiveLogonRight
382 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
385 cn: Pre-Windows 2000 Compatible Access
386 description: A backward compatibility group which allows read access on all users and groups in the domain
387 objectSid: S-1-5-32-554
388 sAMAccountName: Pre-Windows 2000 Compatible Access
389 systemFlags: 2348810240
390 groupType: -2147483643
391 isCriticalSystemObject: TRUE
392 privilege: SeRemoteInteractiveLogonRight
393 privilege: SeChangeNotifyPrivilege
395 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
398 cn: Incoming Forest Trust Builders
399 description: Members of this group can create incoming, one-way trusts to this forest
400 objectSid: S-1-5-32-557
401 sAMAccountName: Incoming Forest Trust Builders
402 systemFlags: 2348810240
403 groupType: -2147483643
404 isCriticalSystemObject: TRUE
406 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
409 cn: Windows Authorization Access Group
410 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
411 objectSid: S-1-5-32-560
412 sAMAccountName: Windows Authorization Access Group
413 systemFlags: 2348810240
414 groupType: -2147483643
415 isCriticalSystemObject: TRUE
417 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
420 cn: Terminal Server License Servers
421 description: Terminal Server License Servers
422 objectSid: S-1-5-32-561
423 sAMAccountName: Terminal Server License Servers
424 systemFlags: 2348810240
425 groupType: -2147483643
426 isCriticalSystemObject: TRUE
428 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
431 cn: Distributed COM Users
432 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
433 objectSid: S-1-5-32-562
434 sAMAccountName: Distributed COM Users
435 systemFlags: 2348810240
436 groupType: -2147483643
437 isCriticalSystemObject: TRUE
439 dn: CN=WellKnown Security Principals,${CONFIGDN}
441 objectClass: container
442 cn: WellKnown Security Principals
443 systemFlags: 2147483648
445 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
447 objectClass: foreignSecurityPrincipal
451 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
453 objectClass: foreignSecurityPrincipal
454 cn: Authenticated Users
457 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
459 objectClass: foreignSecurityPrincipal
463 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
465 objectClass: foreignSecurityPrincipal
469 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
471 objectClass: foreignSecurityPrincipal
475 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
477 objectClass: foreignSecurityPrincipal
481 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
483 objectClass: foreignSecurityPrincipal
484 cn: Digest Authentication
485 objectSid: S-1-5-64-21
487 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
489 objectClass: foreignSecurityPrincipal
490 cn: Enterprise Domain Controllers
493 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
495 objectClass: foreignSecurityPrincipal
499 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
501 objectClass: foreignSecurityPrincipal
505 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
507 objectClass: foreignSecurityPrincipal
511 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
513 objectClass: foreignSecurityPrincipal
517 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
519 objectClass: foreignSecurityPrincipal
523 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
525 objectClass: foreignSecurityPrincipal
526 cn: NTLM Authentication
527 objectSid: S-1-5-64-10
529 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
531 objectClass: foreignSecurityPrincipal
532 cn: Other Organization
533 objectSid: S-1-5-1000
535 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
537 objectClass: foreignSecurityPrincipal
541 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
543 objectClass: foreignSecurityPrincipal
544 cn: Remote Interactive Logon
547 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
549 objectClass: foreignSecurityPrincipal
553 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
555 objectClass: foreignSecurityPrincipal
556 cn: SChannel Authentication
557 objectSid: S-1-5-64-14
559 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
561 objectClass: foreignSecurityPrincipal
565 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
567 objectClass: foreignSecurityPrincipal
571 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
573 objectClass: foreignSecurityPrincipal
574 cn: Terminal Server User
577 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
579 objectClass: foreignSecurityPrincipal
580 cn: This Organization
583 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
585 objectClass: foreignSecurityPrincipal
586 cn: Well-Known-Security-Id-System