Revert "s4:provision_users.ldif - Import all essential groups for Windows Server...

This reverts commit 5c174c68ccba7506147feab1d09ad676792139b3.

This series of commits broke 'make test'.

Matthias, please make sure you run a _full_ make test before every
push.

diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 58b7d159d84affeff1b05097025073aace107763..c27249d2c51e1546bb5ab808d390697434b85b6f 100644 (file)
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -75,54 +75,43 @@ isCriticalSystemObject: TRUE
 
 # Add other groups
 
 
 # Add other groups
 

-dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members of this group are Read-Only Domain Controllers in the enterprise
-objectSid: ${DOMAINSID}-498
-sAMAccountName: Enterprise Read-Only Domain Controllers
-groupType: -2147483640
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins

 isCriticalSystemObject: TRUE
 
 isCriticalSystemObject: TRUE
 

-dn: CN=Domain Admins,CN=Users,${DOMAINDN}
+dn: CN=Schema Admins,CN=Users,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Designated administrators of the domain
+description: Designated administrators of the schema

 member: CN=Administrator,CN=Users,${DOMAINDN}
 member: CN=Administrator,CN=Users,${DOMAINDN}

-objectSid: ${DOMAINSID}-512
+objectSid: ${DOMAINSID}-518

 adminCount: 1
 adminCount: 1

-sAMAccountName: Domain Admins
+sAMAccountName: Schema Admins

 isCriticalSystemObject: TRUE
 
 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group
 description: Members of this group are permitted to publish certificates to the Active Directory
 isCriticalSystemObject: TRUE
 
 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group
 description: Members of this group are permitted to publish certificates to the Active Directory

+groupType: -2147483644

 objectSid: ${DOMAINSID}-517
 sAMAccountName: Cert Publishers
 objectSid: ${DOMAINSID}-517
 sAMAccountName: Cert Publishers

-groupType: -2147483644

 isCriticalSystemObject: TRUE
 
 isCriticalSystemObject: TRUE
 

-dn: CN=Schema Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Designated administrators of the schema
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-518
-adminCount: 1
-sAMAccountName: Schema Admins
-groupType: -2147483640
-isCriticalSystemObject: TRUE
-
-dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+dn: CN=Domain Admins,CN=Users,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Designated administrators of the enterprise
+description: Designated administrators of the domain

 member: CN=Administrator,CN=Users,${DOMAINDN}
 member: CN=Administrator,CN=Users,${DOMAINDN}

-objectSid: ${DOMAINSID}-519
+objectSid: ${DOMAINSID}-512

 adminCount: 1
 adminCount: 1

-sAMAccountName: Enterprise Admins
-groupType: -2147483640
+sAMAccountName: Domain Admins

 isCriticalSystemObject: TRUE
 
 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
 isCriticalSystemObject: TRUE
 
 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}


@@ -134,39 +123,57 @@ objectSid: ${DOMAINSID}-520
 sAMAccountName: Group Policy Creator Owners
 isCriticalSystemObject: TRUE
 
 sAMAccountName: Group Policy Creator Owners
 isCriticalSystemObject: TRUE
 

+dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Servers in this group can access remote access properties of users
+objectSid: ${DOMAINSID}-553
+sAMAccountName: RAS and IAS Servers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+

 dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group
 dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
 objectClass: top
 objectClass: group

-description: Members of this group are Read-Only Domain Controllers in the domain
+description: Read-only domain controllers

 objectSid: ${DOMAINSID}-521
 objectSid: ${DOMAINSID}-521

-adminCount: 1

 sAMAccountName: Read-Only Domain Controllers
 sAMAccountName: Read-Only Domain Controllers

+groupType: -2147483644

 isCriticalSystemObject: TRUE
 
 isCriticalSystemObject: TRUE
 

-dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Servers in this group can access remote access properties of users
-objectSid: ${DOMAINSID}-553
-sAMAccountName: RAS and IAS Servers
+description: Enterprise read-only domain controllers
+objectSid: ${DOMAINSID}-498
+sAMAccountName: Enterprise Read-Only Domain Controllers

 groupType: -2147483644
 isCriticalSystemObject: TRUE
 
 groupType: -2147483644
 isCriticalSystemObject: TRUE
 

-dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN}
+dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain.
-objectSid: ${DOMAINSID}-571
-sAMAccountName: Allowed RODC Password Replication Group
+description: Certificate Service DCOM Access
+objectSid: ${DOMAINSID}-574
+sAMAccountName: Certificate Service DCOM Access

 groupType: -2147483644
 isCriticalSystemObject: TRUE
 
 groupType: -2147483644
 isCriticalSystemObject: TRUE
 

-dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN}
+dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain.
-objectSid: ${DOMAINSID}-572
-sAMAccountName: Denied RODC Password Replication Group
+description: Cryptographic Operators
+objectSid: ${DOMAINSID}-569
+sAMAccountName: Cryptographic Operators
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Event Log Readers
+objectSid: ${DOMAINSID}-573
+sAMAccountName: Event Log Readers

 groupType: -2147483644
 isCriticalSystemObject: TRUE
 
 groupType: -2147483644
 isCriticalSystemObject: TRUE
 


@@ -187,11 +194,6 @@ objectClass: top
 objectClass: foreignSecurityPrincipal
 objectSid: S-1-5-11
 
 objectClass: foreignSecurityPrincipal
 objectSid: S-1-5-11
 

-dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN}
-objectClass: top
-objectClass: foreignSecurityPrincipal
-objectSid: S-1-5-17
-

 dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
 objectClass: top
 objectClass: foreignSecurityPrincipal
 dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
 objectClass: top
 objectClass: foreignSecurityPrincipal


@@ -238,28 +240,6 @@ systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Members can administer domain user and group accounts
-objectSid: S-1-5-32-548
-adminCount: 1
-sAMAccountName: Account Operators
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-
-dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Members can administer domain servers
-objectSid: S-1-5-32-549
-adminCount: 1
-sAMAccountName: Server Operators
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-

 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group
 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group


@@ -293,17 +273,6 @@ systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: A backward compatibility group which allows read access on all users and groups in the domain
-member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
-objectSid: S-1-5-32-554
-sAMAccountName: Pre-Windows 2000 Compatible Access
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-

 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group
 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group


@@ -324,16 +293,6 @@ systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Members of this group can create incoming, one-way trusts to this forest
-objectSid: S-1-5-32-557
-sAMAccountName: Incoming Forest Trust Builders
-systemFlags: -1946157056
-groupType: -2147483643
-isCriticalSystemObject: TRUE
-

 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group
 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group


@@ -355,63 +314,76 @@ systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
+dn: CN=Server Operators,CN=Builtin,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
-member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
-objectSid: S-1-5-32-560
-sAMAccountName: Windows Authorization Access Group
+description: Members can administer domain servers
+objectSid: S-1-5-32-549
+adminCount: 1
+sAMAccountName: Server Operators

 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
+dn: CN=Account Operators,CN=Builtin,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Terminal Server License Servers
-objectSid: S-1-5-32-561
-sAMAccountName: Terminal Server License Servers
+description: Members can administer domain user and group accounts
+objectSid: S-1-5-32-548
+adminCount: 1
+sAMAccountName: Account Operators

 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
+dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
-objectSid: S-1-5-32-562
-sAMAccountName: Distributed COM Users
+description: A backward compatibility group which allows read access on all users and groups in the domain
+member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-554
+sAMAccountName: Pre-Windows 2000 Compatible Access

 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN}
+dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members are authorized to perform cryptographic operations.
-objectSid: S-1-5-32-569
-sAMAccountName: Cryptographic Operators
+description: Members of this group can create incoming, one-way trusts to this forest
+objectSid: S-1-5-32-557
+sAMAccountName: Incoming Forest Trust Builders
+systemFlags: -1946157056
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
+member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
+objectSid: S-1-5-32-560
+sAMAccountName: Windows Authorization Access Group

 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN}
+dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members of this group can read event logs from local machine.
-objectSid: S-1-5-32-573
-sAMAccountName: Event Log Readers
+description: Terminal Server License Servers
+objectSid: S-1-5-32-561
+sAMAccountName: Terminal Server License Servers

 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 
 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 

-dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN}
+dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}

 objectClass: top
 objectClass: group
 objectClass: top
 objectClass: group

-description: Members of this group are allowed to connect to Certification Authorities in the enterprise.
-objectSid: S-1-5-32-574
-sAMAccountName: Certificate Service DCOM Access
+description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
+objectSid: S-1-5-32-562
+sAMAccountName: Distributed COM Users

 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE
 systemFlags: -1946157056
 groupType: -2147483643
 isCriticalSystemObject: TRUE