-# Add default primary groups (domain users, domain guests) - needed for
-# the users to find valid primary groups (samldb module)
+# Add default primary groups (domain users, domain guests, domain computers &
+# domain controllers) - needed for the users to find valid primary groups
+# (samldb module)
dn: CN=Domain Users,CN=Users,${DOMAINDN}
objectClass: top
sAMAccountName: Domain Guests
isCriticalSystemObject: TRUE
+dn: CN=Domain Computers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All workstations and servers joined to the domain
+objectSid: ${DOMAINSID}-515
+sAMAccountName: Domain Computers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain controllers in the domain
+objectSid: ${DOMAINSID}-516
+adminCount: 1
+sAMAccountName: Domain Controllers
+isCriticalSystemObject: TRUE
+
# Add users
dn: CN=Administrator,CN=Users,${DOMAINDN}
sAMAccountName: Enterprise Admins
isCriticalSystemObject: TRUE
-dn: CN=Domain Computers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: All workstations and servers joined to the domain
-objectSid: ${DOMAINSID}-515
-sAMAccountName: Domain Computers
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: All domain controllers in the domain
-objectSid: ${DOMAINSID}-516
-adminCount: 1
-sAMAccountName: Domain Controllers
-isCriticalSystemObject: TRUE
-
dn: CN=Schema Admins,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: read-only domain controllers
+description: Read-only domain controllers
objectSid: ${DOMAINSID}-521
sAMAccountName: Read-Only Domain Controllers
groupType: -2147483644
dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
-description: enterprise read-only domain controllers
+description: Enterprise read-only domain controllers
objectSid: ${DOMAINSID}-498
sAMAccountName: Enterprise Read-Only Domain Controllers
groupType: -2147483644
isCriticalSystemObject: TRUE
-dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Certificate Service DCOM Access
-objectSid: ${DOMAINSID}-574
-sAMAccountName: Certificate Service DCOM Access
-groupType: -2147483644
-isCriticalSystemObject: TRUE
-
-dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Cryptographic Operators
-objectSid: ${DOMAINSID}-569
-sAMAccountName: Cryptographic Operators
-groupType: -2147483644
-isCriticalSystemObject: TRUE
-
-dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Event Log Readers
-objectSid: ${DOMAINSID}-573
-sAMAccountName: Event Log Readers
-groupType: -2147483644
-isCriticalSystemObject: TRUE
-
# Add foreign security principals
dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN}
sAMAccountName: Administrators
systemFlags: -1946157056
groupType: -2147483643
-privilege: SeSecurityPrivilege
-privilege: SeBackupPrivilege
-privilege: SeRestorePrivilege
-privilege: SeSystemtimePrivilege
-privilege: SeShutdownPrivilege
-privilege: SeRemoteShutdownPrivilege
-privilege: SeTakeOwnershipPrivilege
-privilege: SeDebugPrivilege
-privilege: SeSystemEnvironmentPrivilege
-privilege: SeSystemProfilePrivilege
-privilege: SeProfileSingleProcessPrivilege
-privilege: SeIncreaseBasePriorityPrivilege
-privilege: SeLoadDriverPrivilege
-privilege: SeCreatePagefilePrivilege
-privilege: SeIncreaseQuotaPrivilege
-privilege: SeChangeNotifyPrivilege
-privilege: SeUndockPrivilege
-privilege: SeManageVolumePrivilege
-privilege: SeImpersonatePrivilege
-privilege: SeCreateGlobalPrivilege
-privilege: SeEnableDelegationPrivilege
-privilege: SeInteractiveLogonRight
-privilege: SeNetworkLogonRight
-privilege: SeRemoteInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Users,CN=Builtin,${DOMAINDN}
sAMAccountName: Print Operators
systemFlags: -1946157056
groupType: -2147483643
-privilege: SeLoadDriverPrivilege
-privilege: SeShutdownPrivilege
-privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
sAMAccountName: Backup Operators
systemFlags: -1946157056
groupType: -2147483643
-privilege: SeBackupPrivilege
-privilege: SeRestorePrivilege
-privilege: SeShutdownPrivilege
-privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Replicator,CN=Builtin,${DOMAINDN}
sAMAccountName: Server Operators
systemFlags: -1946157056
groupType: -2147483643
-privilege: SeBackupPrivilege
-privilege: SeSystemtimePrivilege
-privilege: SeRemoteShutdownPrivilege
-privilege: SeRestorePrivilege
-privilege: SeShutdownPrivilege
-privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
sAMAccountName: Account Operators
systemFlags: -1946157056
groupType: -2147483643
-privilege: SeInteractiveLogonRight
isCriticalSystemObject: TRUE
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
sAMAccountName: Pre-Windows 2000 Compatible Access
systemFlags: -1946157056
groupType: -2147483643
-privilege: SeRemoteInteractiveLogonRight
-privilege: SeChangeNotifyPrivilege
isCriticalSystemObject: TRUE
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}