r8790: Finish the migration of aliases and privilages with SamSync, by adding
[kai/samba.git] / source / setup / provision_users.ldif
1 dn: CN=Administrator,CN=Users,${BASEDN}
2 objectClass: top
3 objectClass: person
4 objectClass: organizationalPerson
5 objectClass: user
6 cn: Administrator
7 description: Built-in account for administering the computer/domain
8 uSNCreated: 1
9 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
10 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
11 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
12 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
13 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
14 uSNChanged: 1
15 userAccountControl: 0x10200
16 objectSid: ${DOMAINSID}-500
17 adminCount: 1
18 accountExpires: -1
19 sAMAccountName: Administrator
20 isCriticalSystemObject: TRUE
21 unicodePwd: ${ADMINPASS}
22 unixName: ${ROOT}
23
24 dn: CN=Guest,CN=Users,${BASEDN}
25 objectClass: top
26 objectClass: person
27 objectClass: organizationalPerson
28 objectClass: user
29 cn: Guest
30 description: Built-in account for guest access to the computer/domain
31 uSNCreated: 1
32 memberOf: CN=Guests,CN=Builtin,${BASEDN}
33 uSNChanged: 1
34 userAccountControl: 0x10222
35 primaryGroupID: 514
36 objectSid: ${DOMAINSID}-501
37 sAMAccountName: Guest
38 isCriticalSystemObject: TRUE
39
40 dn: CN=Administrators,CN=Builtin,${BASEDN}
41 objectClass: top
42 objectClass: group
43 cn: Administrators
44 description: Administrators have complete and unrestricted access to the computer/domain
45 member: CN=Domain Admins,CN=Users,${BASEDN}
46 member: CN=Enterprise Admins,CN=Users,${BASEDN}
47 member: CN=Administrator,CN=Users,${BASEDN}
48 uSNCreated: 1
49 uSNChanged: 1
50 objectSid: S-1-5-32-544
51 adminCount: 1
52 sAMAccountName: Administrators
53 sAMAccountType: 0x20000000
54 systemFlags: 0x8c000000
55 groupType: 0x80000005
56 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
57 isCriticalSystemObject: TRUE
58 unixName: ${WHEEL}
59 privilege: SeSecurityPrivilege
60 privilege: SeBackupPrivilege
61 privilege: SeRestorePrivilege
62 privilege: SeSystemtimePrivilege
63 privilege: SeShutdownPrivilege
64 privilege: SeRemoteShutdownPrivilege
65 privilege: SeTakeOwnershipPrivilege
66 privilege: SeDebugPrivilege
67 privilege: SeSystemEnvironmentPrivilege
68 privilege: SeSystemProfilePrivilege
69 privilege: SeProfileSingleProcessPrivilege
70 privilege: SeIncreaseBasePriorityPrivilege
71 privilege: SeLoadDriverPrivilege
72 privilege: SeCreatePagefilePrivilege
73 privilege: SeIncreaseQuotaPrivilege
74 privilege: SeChangeNotifyPrivilege
75 privilege: SeUndockPrivilege
76 privilege: SeManageVolumePrivilege
77 privilege: SeImpersonatePrivilege
78 privilege: SeCreateGlobalPrivilege
79 privilege: SeEnableDelegationPrivilege
80 privilege: SeInteractiveLogonRight
81 privilege: SeNetworkLogonRight
82 privilege: SeRemoteInteractiveLogonRight
83
84
85 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
86 objectClass: top
87 objectClass: person
88 objectClass: organizationalPerson
89 objectClass: computer
90 cn: ${NETBIOSNAME}
91 uSNCreated: 1
92 uSNChanged: 1
93 objectGUID: ${HOSTGUID}
94 userAccountControl: 532480
95 lastLogon: 127273269057298624
96 localPolicyFlags: 0
97 pwdLastSet: 127258826171655328
98 primaryGroupID: 516
99 objectSid: ${DOMAINSID}-1000
100 accountExpires: 9223372036854775807
101 sAMAccountName: ${NETBIOSNAME}$
102 sAMAccountType: 805306369
103 operatingSystem: Samba
104 operatingSystemVersion: 4.0
105 dNSHostName: ${DNSNAME}
106 isCriticalSystemObject: TRUE
107 unicodePwd: ${MACHINEPASS}
108 servicePrincipalName: HOST/${DNSNAME}
109 servicePrincipalName: HOST/${NETBIOSNAME}
110 msDS-KeyVersionNumber: 1
111
112
113 dn: CN=Users,CN=Builtin,${BASEDN}
114 objectClass: top
115 objectClass: group
116 cn: Users
117 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
118 member: CN=Domain Users,CN=Users,${BASEDN}
119 uSNCreated: 1
120 uSNChanged: 1
121 objectSid: S-1-5-32-545
122 sAMAccountName: Users
123 sAMAccountType: 0x20000000
124 systemFlags: 0x8c000000
125 groupType: 0x80000005
126 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
127 isCriticalSystemObject: TRUE
128
129 dn: CN=Guests,CN=Builtin,${BASEDN}
130 objectClass: top
131 objectClass: group
132 cn: Guests
133 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
134 member: CN=Domain Guests,CN=Users,${BASEDN}
135 member: CN=Guest,CN=Users,${BASEDN}
136 uSNCreated: 1
137 uSNChanged: 1
138 objectSid: S-1-5-32-546
139 sAMAccountName: Guests
140 sAMAccountType: 0x20000000
141 systemFlags: 0x8c000000
142 groupType: 0x80000005
143 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
144 isCriticalSystemObject: TRUE
145 unixName: ${NOGROUP}
146
147 dn: CN=Print Operators,CN=Builtin,${BASEDN}
148 objectClass: top
149 objectClass: group
150 cn: Print Operators
151 description: Members can administer domain printers
152 uSNCreated: 1
153 uSNChanged: 1
154 objectSid: S-1-5-32-550
155 adminCount: 1
156 sAMAccountName: Print Operators
157 sAMAccountType: 0x20000000
158 systemFlags: 0x8c000000
159 groupType: 0x80000005
160 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
161 isCriticalSystemObject: TRUE
162 privilege: SeLoadDriverPrivilege
163 privilege: SeShutdownPrivilege
164 privilege: SeInteractiveLogonRight
165
166 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
167 objectClass: top
168 objectClass: group
169 cn: Backup Operators
170 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
171 uSNCreated: 1
172 uSNChanged: 1
173 objectSid: S-1-5-32-551
174 adminCount: 1
175 sAMAccountName: Backup Operators
176 sAMAccountType: 0x20000000
177 systemFlags: 0x8c000000
178 groupType: 0x80000005
179 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
180 isCriticalSystemObject: TRUE
181 privilege: SeBackupPrivilege
182 privilege: SeRestorePrivilege
183 privilege: SeShutdownPrivilege
184 privilege: SeInteractiveLogonRight
185
186 dn: CN=Replicator,CN=Builtin,${BASEDN}
187 objectClass: top
188 objectClass: group
189 cn: Replicator
190 description: Supports file replication in a domain
191 uSNCreated: 1
192 uSNChanged: 1
193 objectSid: S-1-5-32-552
194 adminCount: 1
195 sAMAccountName: Replicator
196 sAMAccountType: 0x20000000
197 systemFlags: 0x8c000000
198 groupType: 0x80000005
199 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
200 isCriticalSystemObject: TRUE
201
202 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
203 objectClass: top
204 objectClass: group
205 cn: Remote Desktop Users
206 description: Members in this group are granted the right to logon remotely
207 uSNCreated: 1
208 uSNChanged: 1
209 objectSid: S-1-5-32-555
210 sAMAccountName: Remote Desktop Users
211 sAMAccountType: 0x20000000
212 systemFlags: 0x8c000000
213 groupType: 0x80000005
214 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
215 isCriticalSystemObject: TRUE
216
217 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
218 objectClass: top
219 objectClass: group
220 cn: Network Configuration Operators
221 description: Members in this group can have some administrative privileges to manage configuration of networking features
222 uSNCreated: 1
223 uSNChanged: 1
224 objectSid: S-1-5-32-556
225 sAMAccountName: Network Configuration Operators
226 sAMAccountType: 0x20000000
227 systemFlags: 0x8c000000
228 groupType: 0x80000005
229 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
230 isCriticalSystemObject: TRUE
231
232 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
233 objectClass: top
234 objectClass: group
235 cn: Performance Monitor Users
236 description: Members of this group have remote access to monitor this computer
237 uSNCreated: 1
238 uSNChanged: 1
239 objectSid: S-1-5-32-558
240 sAMAccountName: Performance Monitor Users
241 sAMAccountType: 0x20000000
242 systemFlags: 0x8c000000
243 groupType: 0x80000005
244 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
245 isCriticalSystemObject: TRUE
246
247 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
248 objectClass: top
249 objectClass: group
250 cn: Performance Log Users
251 description: Members of this group have remote access to schedule logging of performance counters on this computer
252 uSNCreated: 1
253 uSNChanged: 1
254 objectSid: S-1-5-32-559
255 sAMAccountName: Performance Log Users
256 sAMAccountType: 0x20000000
257 systemFlags: 0x8c000000
258 groupType: 0x80000005
259 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
260 isCriticalSystemObject: TRUE
261
262 dn: CN=krbtgt,CN=Users,${BASEDN}
263 objectClass: top
264 objectClass: person
265 objectClass: organizationalPerson
266 objectClass: user
267 cn: krbtgt
268 description: Key Distribution Center Service Account
269 uSNCreated: 1
270 uSNChanged: 1
271 showInAdvancedViewOnly: TRUE
272 userAccountControl: 514
273 pwdLastSet: 127258826179466560
274 objectSid: ${DOMAINSID}-502
275 adminCount: 1
276 accountExpires: 9223372036854775807
277 sAMAccountName: krbtgt
278 sAMAccountType: 805306368
279 servicePrincipalName: kadmin/changepw
280 isCriticalSystemObject: TRUE
281 unicodePwd: ${KRBTGTPASS}
282
283 dn: CN=Domain Computers,CN=Users,${BASEDN}
284 objectClass: top
285 objectClass: group
286 cn: Domain Computers
287 description: All workstations and servers joined to the domain
288 uSNCreated: 1
289 uSNChanged: 1
290 objectSid: ${DOMAINSID}-515
291 sAMAccountName: Domain Computers
292 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
293 isCriticalSystemObject: TRUE
294
295 dn: CN=Domain Controllers,CN=Users,${BASEDN}
296 objectClass: top
297 objectClass: group
298 cn: Domain Controllers
299 description: All domain controllers in the domain
300 uSNCreated: 1
301 uSNChanged: 1
302 objectSid: ${DOMAINSID}-516
303 adminCount: 1
304 sAMAccountName: Domain Controllers
305 isCriticalSystemObject: TRUE
306
307 dn: CN=Schema Admins,CN=Users,${BASEDN}
308 objectClass: top
309 objectClass: group
310 cn: Schema Admins
311 description: Designated administrators of the schema
312 member: CN=Administrator,CN=Users,${BASEDN}
313 uSNCreated: 1
314 uSNChanged: 1
315 objectSid: ${DOMAINSID}-518
316 adminCount: 1
317 sAMAccountName: Schema Admins
318 isCriticalSystemObject: TRUE
319 unixName: ${WHEEL}
320
321 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
322 objectClass: top
323 objectClass: group
324 cn: Enterprise Admins
325 description: Designated administrators of the enterprise
326 member: CN=Administrator,CN=Users,${BASEDN}
327 uSNCreated: 1
328 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
329 uSNChanged: 1
330 objectSid: ${DOMAINSID}-519
331 adminCount: 1
332 sAMAccountName: Enterprise Admins
333 isCriticalSystemObject: TRUE
334 unixName: ${WHEEL}
335
336 dn: CN=Cert Publishers,CN=Users,${BASEDN}
337 objectClass: top
338 objectClass: group
339 cn: Cert Publishers
340 description: Members of this group are permitted to publish certificates to the Active Directory
341 uSNCreated: 1
342 uSNChanged: 1
343 groupType: 0x80000004
344 sAMAccountType: 0x20000000
345 objectSid: ${DOMAINSID}-517
346 sAMAccountName: Cert Publishers
347 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
348 isCriticalSystemObject: TRUE
349
350 dn: CN=Domain Admins,CN=Users,${BASEDN}
351 objectClass: top
352 objectClass: group
353 cn: Domain Admins
354 description: Designated administrators of the domain
355 member: CN=Administrator,CN=Users,${BASEDN}
356 uSNCreated: 1
357 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
358 uSNChanged: 1
359 objectSid: ${DOMAINSID}-512
360 adminCount: 1
361 sAMAccountName: Domain Admins
362 isCriticalSystemObject: TRUE
363 unixName: ${WHEEL}
364
365 dn: CN=Domain Users,CN=Users,${BASEDN}
366 objectClass: top
367 objectClass: group
368 cn: Domain Users
369 description: All domain users
370 uSNCreated: 1
371 memberOf: CN=Users,CN=Builtin,${BASEDN}
372 uSNChanged: 1
373 objectSid: ${DOMAINSID}-513
374 sAMAccountName: Domain Users
375 isCriticalSystemObject: TRUE
376 unixName: ${USERS}
377
378 dn: CN=Domain Guests,CN=Users,${BASEDN}
379 objectClass: top
380 objectClass: group
381 cn: Domain Guests
382 description: All domain guests
383 uSNCreated: 1
384 memberOf: CN=Guests,CN=Builtin,${BASEDN}
385 uSNChanged: 1
386 objectSid: ${DOMAINSID}-514
387 sAMAccountName: Domain Guests
388 isCriticalSystemObject: TRUE
389
390 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
391 objectClass: top
392 objectClass: group
393 cn: Group Policy Creator Owners
394 description: Members in this group can modify group policy for the domain
395 member: CN=Administrator,CN=Users,${BASEDN}
396 uSNCreated: 1
397 uSNChanged: 1
398 objectSid: ${DOMAINSID}-520
399 sAMAccountName: Group Policy Creator Owners
400 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
401 isCriticalSystemObject: TRUE
402 unixName: ${WHEEL}
403
404 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
405 objectClass: top
406 objectClass: group
407 cn: RAS and IAS Servers
408 description: Servers in this group can access remote access properties of users
409 instanceType: 4
410 uSNCreated: 1
411 uSNChanged: 1
412 objectSid: ${DOMAINSID}-553
413 sAMAccountName: RAS and IAS Servers
414 sAMAccountType: 0x20000000
415 groupType: 0x80000004
416 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
417 isCriticalSystemObject: TRUE
418
419 dn: CN=Server Operators,CN=Builtin,${BASEDN}
420 objectClass: top
421 objectClass: group
422 cn: Server Operators
423 description: Members can administer domain servers
424 instanceType: 4
425 uSNCreated: 1
426 uSNChanged: 1
427 objectSid: S-1-5-32-549
428 adminCount: 1
429 sAMAccountName: Server Operators
430 sAMAccountType: 0x20000000
431 systemFlags: 0x8c000000
432 groupType: 0x80000005
433 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
434 isCriticalSystemObject: TRUE
435 privilege: SeBackupPrivilege
436 privilege: SeSystemtimePrivilege
437 privilege: SeRemoteShutdownPrivilege
438 privilege: SeRestorePrivilege
439 privilege: SeShutdownPrivilege
440 privilege: SeInteractiveLogonRight
441
442 dn: CN=Account Operators,CN=Builtin,${BASEDN}
443 objectClass: top
444 objectClass: group
445 cn: Account Operators
446 description: Members can administer domain user and group accounts
447 instanceType: 4
448 uSNCreated: 1
449 uSNChanged: 1
450 objectSid: S-1-5-32-548
451 adminCount: 1
452 sAMAccountName: Account Operators
453 sAMAccountType: 0x20000000
454 systemFlags: 0x8c000000
455 groupType: 0x80000005
456 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
457 isCriticalSystemObject: TRUE
458 privilege: SeInteractiveLogonRight
459