source4/provision.ldif

   1 dn: @INDEXLIST
   2 @IDXATTR: name
   3 @IDXATTR: sAMAccountName
   4 @IDXATTR: objectSid
   5 @IDXATTR: objectClass
   6 @IDXATTR: member
   7 @IDXATTR: unixID
   8 @IDXATTR: unixName
   9
  10 dn: @ATTRIBUTES
  11 realm: CASE_INSENSITIVE
  12 userPrincipalName: CASE_INSENSITIVE
  13 servicePrincipalName: CASE_INSENSITIVE
  14 name: CASE_INSENSITIVE WILDCARD
  15 dn: CASE_INSENSITIVE WILDCARD
  16 sAMAccountName: CASE_INSENSITIVE WILDCARD
  17 objectClass: CASE_INSENSITIVE
  18 unicodePwd: HIDDEN
  19 ntPwdHash: HIDDEN
  20 ntPwdHistory: HIDDEN
  21 lmPwdHash: HIDDEN
  22 lmPwdHistory: HIDDEN
  23 createTimestamp: HIDDEN
  24 modifyTimestamp: HIDDEN
  25
  26 dn: @SUBCLASSES
  27 top: domain
  28 top: person
  29 top: group
  30 domain: domainDNS
  31 domain: builtinDomain
  32 person: organizationalPerson
  33 organizationalPerson: user
  34 user: computer
  35 template: userTemplate
  36 template: groupTemplate
  37
  38 dn: @MODULES
  39 @MODULE: timestamps
  40
  41 dn: ${BASEDN}
  42 objectClass: top
  43 objectClass: domain
  44 objectClass: domainDNS
  45 name: ${DOMAIN}
  46 realm: ${REALM}
  47 dnsDomain: ${DNSDOMAIN}
  48 dc: ${DOMAIN}
  49 objectGUID: ${DOMAINGUID}
  50 creationTime: ${NTTIME}
  51 forceLogoff: 0x8000000000000000
  52 lockoutDuration: -18000000000
  53 lockOutObservationWindow: -18000000000
  54 lockoutThreshold: 0
  55 whenCreated: ${LDAPTIME}
  56 whenChanged: ${LDAPTIME}
  57 uSNCreated: 1
  58 uSNChanged: 1
  59 maxPwdAge: -37108517437440
  60 minPwdAge: 0
  61 minPwdLength: 7
  62 modifiedCountAtLastProm: 0
  63 nextRid: 1001
  64 pwdProperties: 1
  65 pwdHistoryLength: 24
  66 objectSid: ${DOMAINSID}
  67 serverState: 1
  68 uASCompat: 1
  69 modifiedCount: 1
  70 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
  71 isCriticalSystemObject: TRUE
  72
  73 dn: CN=Users,${BASEDN}
  74 objectClass: top
  75 objectClass: container
  76 cn: Users
  77 description: Default container for upgraded user accounts
  78 instanceType: 4
  79 whenCreated: ${LDAPTIME}
  80 whenChanged: ${LDAPTIME}
  81 uSNCreated: 1
  82 uSNChanged: 1
  83 showInAdvancedViewOnly: FALSE
  84 name: Users
  85 objectGUID: ${NEWGUID}
  86 systemFlags: 0x8c000000
  87 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
  88 isCriticalSystemObject: TRUE
  89
  90 dn: CN=Computers,${BASEDN}
  91 objectClass: top
  92 objectClass: container
  93 cn: Computers
  94 description: Default container for upgraded computer accounts
  95 instanceType: 4
  96 whenCreated: ${LDAPTIME}
  97 whenChanged: ${LDAPTIME}
  98 uSNCreated: 1
  99 uSNChanged: 1
 100 showInAdvancedViewOnly: FALSE
 101 name: Computers
 102 objectGUID: ${NEWGUID}
 103 systemFlags: 0x8c000000
 104 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 105 isCriticalSystemObject: TRUE
 106
 107 dn: OU=Domain Controllers,${BASEDN}
 108 objectClass: top
 109 objectClass: organizationalUnit
 110 ou: Domain Controllers
 111 description: Default container for domain controllers
 112 instanceType: 4
 113 whenCreated: ${LDAPTIME}
 114 whenChanged: ${LDAPTIME}
 115 uSNCreated: 1
 116 uSNChanged: 1
 117 showInAdvancedViewOnly: FALSE
 118 name: Domain Controllers
 119 objectGUID: ${NEWGUID}
 120 systemFlags: 0x8c000000
 121 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
 122 isCriticalSystemObject: TRUE
 123
 124 dn: CN=ForeignSecurityPrincipals,${BASEDN}
 125 objectClass: top
 126 objectClass: container
 127 cn: ForeignSecurityPrincipals
 128 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
 129 instanceType: 4
 130 whenCreated: ${LDAPTIME}
 131 whenChanged: ${LDAPTIME}
 132 uSNCreated: 1
 133 uSNChanged: 1
 134 showInAdvancedViewOnly: FALSE
 135 name: ForeignSecurityPrincipals
 136 objectGUID: ${NEWGUID}
 137 systemFlags: 0x8c000000
 138 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 139 isCriticalSystemObject: TRUE
 140
 141 dn: CN=Builtin,${BASEDN}
 142 objectClass: top
 143 objectClass: builtinDomain
 144 cn: Builtin
 145 instanceType: 4
 146 showInAdvancedViewOnly: FALSE
 147 name: Builtin
 148 forceLogoff: 0x8000000000000000
 149 lockoutDuration: -18000000000
 150 lockOutObservationWindow: -18000000000
 151 lockoutThreshold: 0
 152 maxPwdAge: -37108517437440
 153 minPwdAge: 0
 154 minPwdLength: 0
 155 modifiedCountAtLastProm: 0
 156 nextRid: 1000
 157 pwdProperties: 0
 158 pwdHistoryLength: 0
 159 objectSid: S-1-5-32
 160 serverState: 1
 161 uASCompat: 1
 162 modifiedCount: 1
 163 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
 164 isCriticalSystemObject: TRUE
 165
 166 dn: CN=Administrator,CN=Users,${BASEDN}
 167 objectClass: top
 168 objectClass: person
 169 objectClass: organizationalPerson
 170 objectClass: user
 171 cn: Administrator
 172 description: Built-in account for administering the computer/domain
 173 instanceType: 4
 174 whenCreated: ${LDAPTIME}
 175 whenChanged: ${LDAPTIME}
 176 uSNCreated: 1
 177 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
 178 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
 179 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
 180 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
 181 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 182 uSNChanged: 1
 183 name: Administrator
 184 objectGUID: ${NEWGUID}
 185 userAccountControl: 0x10200
 186 badPwdCount: 0
 187 codePage: 0
 188 countryCode: 0
 189 badPasswordTime: 0
 190 lastLogoff: 0
 191 lastLogon: 0
 192 pwdLastSet: 0
 193 primaryGroupID: 513
 194 objectSid: ${DOMAINSID}-500
 195 adminCount: 1
 196 accountExpires: -1
 197 logonCount: 0
 198 sAMAccountName: Administrator
 199 sAMAccountType: 0x30000000
 200 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 201 isCriticalSystemObject: TRUE
 202 unicodePwd: ${ADMINPASS}
 203 unixName: root
 204
 205 dn: CN=Guest,CN=Users,${BASEDN}
 206 objectClass: top
 207 objectClass: person
 208 objectClass: organizationalPerson
 209 objectClass: user
 210 cn: Guest
 211 description: Built-in account for guest access to the computer/domain
 212 instanceType: 4
 213 whenCreated: ${LDAPTIME}
 214 whenChanged: ${LDAPTIME}
 215 uSNCreated: 1
 216 memberOf: CN=Guests,CN=Builtin,${BASEDN}
 217 uSNChanged: 1
 218 name: Guest
 219 objectGUID: ${NEWGUID}
 220 userAccountControl: 0x10222
 221 badPwdCount: 0
 222 codePage: 0
 223 countryCode: 0
 224 badPasswordTime: 0
 225 lastLogoff: 0
 226 lastLogon: 0
 227 pwdLastSet: 0
 228 primaryGroupID: 514
 229 objectSid: ${DOMAINSID}-501
 230 accountExpires: -1
 231 logonCount: 0
 232 sAMAccountName: Guest
 233 sAMAccountType: 0x30000000
 234 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 235 isCriticalSystemObject: TRUE
 236
 237 dn: CN=Administrators,CN=Builtin,${BASEDN}
 238 objectClass: top
 239 objectClass: group
 240 cn: Administrators
 241 description: Administrators have complete and unrestricted access to the computer/domain
 242 member: CN=Domain Admins,CN=Users,${BASEDN}
 243 member: CN=Enterprise Admins,CN=Users,${BASEDN}
 244 member: CN=Administrator,CN=Users,${BASEDN}
 245 instanceType: 4
 246 whenCreated: ${LDAPTIME}
 247 whenChanged: ${LDAPTIME}
 248 uSNCreated: 1
 249 uSNChanged: 1
 250 name: Administrators
 251 objectGUID: ${NEWGUID}
 252 objectSid: S-1-5-32-544
 253 adminCount: 1
 254 sAMAccountName: Administrators
 255 sAMAccountType: 0x20000000
 256 systemFlags: 0x8c000000
 257 groupType: 0x80000005
 258 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 259 isCriticalSystemObject: TRUE
 260 unixName: ${WHEEL}
 261
 262 dn: CN=Users,CN=Builtin,${BASEDN}
 263 objectClass: top
 264 objectClass: group
 265 cn: Users
 266 description: Users are prevented from making accidental or intentional system-wide changes.  Thus, Users can run certified applications, but not most legacy applications
 267 member: CN=Domain Users,CN=Users,${BASEDN}
 268 instanceType: 4
 269 whenCreated: ${LDAPTIME}
 270 whenChanged: ${LDAPTIME}
 271 uSNCreated: 1
 272 uSNChanged: 1
 273 name: Users
 274 objectGUID: ${NEWGUID}
 275 objectSid: S-1-5-32-545
 276 sAMAccountName: Users
 277 sAMAccountType: 0x20000000
 278 systemFlags: 0x8c000000
 279 groupType: 0x80000005
 280 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 281 isCriticalSystemObject: TRUE
 282
 283 dn: CN=Guests,CN=Builtin,${BASEDN}
 284 objectClass: top
 285 objectClass: group
 286 cn: Guests
 287 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
 288 member: CN=Domain Guests,CN=Users,${BASEDN}
 289 member: CN=Guest,CN=Users,${BASEDN}
 290 instanceType: 4
 291 whenCreated: ${LDAPTIME}
 292 whenChanged: ${LDAPTIME}
 293 uSNCreated: 1
 294 uSNChanged: 1
 295 name: Guests
 296 objectGUID: ${NEWGUID}
 297 objectSid: S-1-5-32-546
 298 sAMAccountName: Guests
 299 sAMAccountType: 0x20000000
 300 systemFlags: 0x8c000000
 301 groupType: 0x80000005
 302 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 303 isCriticalSystemObject: TRUE
 304 unixName: ${NOGROUP}
 305
 306 dn: CN=Print Operators,CN=Builtin,${BASEDN}
 307 objectClass: top
 308 objectClass: group
 309 cn: Print Operators
 310 description: Members can administer domain printers
 311 instanceType: 4
 312 whenCreated: ${LDAPTIME}
 313 whenChanged: ${LDAPTIME}
 314 uSNCreated: 1
 315 uSNChanged: 1
 316 name: Print Operators
 317 objectGUID: ${NEWGUID}
 318 objectSid: S-1-5-32-550
 319 adminCount: 1
 320 sAMAccountName: Print Operators
 321 sAMAccountType: 0x20000000
 322 systemFlags: 0x8c000000
 323 groupType: 0x80000005
 324 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 325 isCriticalSystemObject: TRUE
 326
 327 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
 328 objectClass: top
 329 objectClass: group
 330 cn: Backup Operators
 331 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
 332 instanceType: 4
 333 whenCreated: ${LDAPTIME}
 334 whenChanged: ${LDAPTIME}
 335 uSNCreated: 1
 336 uSNChanged: 1
 337 name: Backup Operators
 338 objectGUID: ${NEWGUID}
 339 objectSid: S-1-5-32-551
 340 adminCount: 1
 341 sAMAccountName: Backup Operators
 342 sAMAccountType: 0x20000000
 343 systemFlags: 0x8c000000
 344 groupType: 0x80000005
 345 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 346 isCriticalSystemObject: TRUE
 347
 348 dn: CN=Replicator,CN=Builtin,${BASEDN}
 349 objectClass: top
 350 objectClass: group
 351 cn: Replicator
 352 description: Supports file replication in a domain
 353 instanceType: 4
 354 whenCreated: ${LDAPTIME}
 355 whenChanged: ${LDAPTIME}
 356 uSNCreated: 1
 357 uSNChanged: 1
 358 name: Replicator
 359 objectGUID: ${NEWGUID}
 360 objectSid: S-1-5-32-552
 361 adminCount: 1
 362 sAMAccountName: Replicator
 363 sAMAccountType: 0x20000000
 364 systemFlags: 0x8c000000
 365 groupType: 0x80000005
 366 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 367 isCriticalSystemObject: TRUE
 368
 369 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
 370 objectClass: top
 371 objectClass: group
 372 cn: Remote Desktop Users
 373 description: Members in this group are granted the right to logon remotely
 374 instanceType: 4
 375 whenCreated: ${LDAPTIME}
 376 whenChanged: ${LDAPTIME}
 377 uSNCreated: 1
 378 uSNChanged: 1
 379 name: Remote Desktop Users
 380 objectGUID: ${NEWGUID}
 381 objectSid: S-1-5-32-555
 382 sAMAccountName: Remote Desktop Users
 383 sAMAccountType: 0x20000000
 384 systemFlags: 0x8c000000
 385 groupType: 0x80000005
 386 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 387 isCriticalSystemObject: TRUE
 388
 389 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
 390 objectClass: top
 391 objectClass: group
 392 cn: Network Configuration Operators
 393 description: Members in this group can have some administrative privileges to manage configuration of networking features
 394 instanceType: 4
 395 whenCreated: ${LDAPTIME}
 396 whenChanged: ${LDAPTIME}
 397 uSNCreated: 1
 398 uSNChanged: 1
 399 name: Network Configuration Operators
 400 objectGUID: ${NEWGUID}
 401 objectSid: S-1-5-32-556
 402 sAMAccountName: Network Configuration Operators
 403 sAMAccountType: 0x20000000
 404 systemFlags: 0x8c000000
 405 groupType: 0x80000005
 406 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 407 isCriticalSystemObject: TRUE
 408
 409 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
 410 objectClass: top
 411 objectClass: group
 412 cn: Performance Monitor Users
 413 description: Members of this group have remote access to monitor this computer
 414 instanceType: 4
 415 whenCreated: ${LDAPTIME}
 416 whenChanged: ${LDAPTIME}
 417 uSNCreated: 1
 418 uSNChanged: 1
 419 name: Performance Monitor Users
 420 objectGUID: ${NEWGUID}
 421 objectSid: S-1-5-32-558
 422 sAMAccountName: Performance Monitor Users
 423 sAMAccountType: 0x20000000
 424 systemFlags: 0x8c000000
 425 groupType: 0x80000005
 426 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 427 isCriticalSystemObject: TRUE
 428
 429 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
 430 objectClass: top
 431 objectClass: group
 432 cn: Performance Log Users
 433 description: Members of this group have remote access to schedule logging of performance counters on this computer
 434 instanceType: 4
 435 whenCreated: ${LDAPTIME}
 436 whenChanged: ${LDAPTIME}
 437 uSNCreated: 1
 438 uSNChanged: 1
 439 name: Performance Log Users
 440 objectGUID: ${NEWGUID}
 441 objectSid: S-1-5-32-559
 442 sAMAccountName: Performance Log Users
 443 sAMAccountType: 0x20000000
 444 systemFlags: 0x8c000000
 445 groupType: 0x80000005
 446 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 447 isCriticalSystemObject: TRUE
 448
 449 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
 450 objectClass: top
 451 objectClass: person
 452 objectClass: organizationalPerson
 453 objectClass: user
 454 objectClass: computer
 455 cn: ${NETBIOSNAME}
 456 instanceType: 4
 457 whenCreated: ${LDAPTIME}
 458 whenChanged: ${LDAPTIME}
 459 uSNCreated: 1
 460 uSNChanged: 1
 461 name: ${NETBIOSNAME}
 462 objectGUID: ${HOSTGUID}
 463 userAccountControl: 532480
 464 badPwdCount: 0
 465 codePage: 0
 466 countryCode: 0
 467 badPasswordTime: 0
 468 lastLogoff: 0
 469 lastLogon: 127273269057298624
 470 localPolicyFlags: 0
 471 pwdLastSet: 127258826171655328
 472 primaryGroupID: 516
 473 objectSid: ${DOMAINSID}-1000
 474 accountExpires: 9223372036854775807
 475 logonCount: 30
 476 sAMAccountName: ${NETBIOSNAME}$
 477 sAMAccountType: 805306369
 478 operatingSystem: Samba
 479 operatingSystemVersion: 4.0
 480 dNSHostName: ${DNSNAME}
 481 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
 482 isCriticalSystemObject: TRUE
 483 unicodePwd: ${RANDPASS}
 484 servicePrincipalName: HOST/${DNSNAME}
 485
 486 dn: CN=krbtgt,CN=Users,${BASEDN}
 487 objectClass: top
 488 objectClass: person
 489 objectClass: organizationalPerson
 490 objectClass: user
 491 cn: krbtgt
 492 description: Key Distribution Center Service Account
 493 instanceType: 4
 494 whenCreated: ${LDAPTIME}
 495 whenChanged: ${LDAPTIME}
 496 uSNCreated: 1
 497 uSNChanged: 1
 498 showInAdvancedViewOnly: TRUE
 499 name: krbtgt
 500 objectGUID: ${NEWGUID}
 501 userAccountControl: 514
 502 badPwdCount: 0
 503 codePage: 0
 504 countryCode: 0
 505 badPasswordTime: 0
 506 lastLogoff: 0
 507 lastLogon: 0
 508 pwdLastSet: 127258826179466560
 509 primaryGroupID: 513
 510 objectSid: ${DOMAINSID}-502
 511 adminCount: 1
 512 accountExpires: 9223372036854775807
 513 logonCount: 0
 514 sAMAccountName: krbtgt
 515 sAMAccountType: 805306368
 516 servicePrincipalName: kadmin/changepw
 517 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
 518 isCriticalSystemObject: TRUE
 519 unicodePwd: ${RANDPASS}
 520
 521 dn: CN=Domain Computers,CN=Users,${BASEDN}
 522 objectClass: top
 523 objectClass: group
 524 cn: Domain Computers
 525 description: All workstations and servers joined to the domain
 526 instanceType: 4
 527 whenCreated: ${LDAPTIME}
 528 whenChanged: ${LDAPTIME}
 529 uSNCreated: 1
 530 uSNChanged: 1
 531 name: Domain Computers
 532 objectGUID: ${NEWGUID}
 533 objectSid: ${DOMAINSID}-515
 534 sAMAccountName: Domain Computers
 535 sAMAccountType: 268435456
 536 groupType: -2147483646
 537 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 538 isCriticalSystemObject: TRUE
 539
 540 dn: CN=Domain Controllers,CN=Users,${BASEDN}
 541 objectClass: top
 542 objectClass: group
 543 cn: Domain Controllers
 544 description: All domain controllers in the domain
 545 instanceType: 4
 546 whenCreated: ${LDAPTIME}
 547 whenChanged: ${LDAPTIME}
 548 uSNCreated: 1
 549 uSNChanged: 1
 550 name: Domain Controllers
 551 objectGUID: ${NEWGUID}
 552 objectSid: ${DOMAINSID}-516
 553 adminCount: 1
 554 sAMAccountName: Domain Controllers
 555 sAMAccountType: 268435456
 556 groupType: -2147483646
 557 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 558 isCriticalSystemObject: TRUE
 559
 560 dn: CN=Schema Admins,CN=Users,${BASEDN}
 561 objectClass: top
 562 objectClass: group
 563 cn: Schema Admins
 564 description: Designated administrators of the schema
 565 member: CN=Administrator,CN=Users,${BASEDN}
 566 instanceType: 4
 567 whenCreated: ${LDAPTIME}
 568 whenChanged: ${LDAPTIME}
 569 uSNCreated: 1
 570 uSNChanged: 1
 571 name: Schema Admins
 572 objectGUID: ${NEWGUID}
 573 objectSid: ${DOMAINSID}-518
 574 adminCount: 1
 575 sAMAccountName: Schema Admins
 576 sAMAccountType: 268435456
 577 groupType: -2147483646
 578 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 579 isCriticalSystemObject: TRUE
 580 unixName: ${WHEEL}
 581
 582 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
 583 objectClass: top
 584 objectClass: group
 585 cn: Enterprise Admins
 586 description: Designated administrators of the enterprise
 587 member: CN=Administrator,CN=Users,${BASEDN}
 588 instanceType: 4
 589 whenCreated: ${LDAPTIME}
 590 whenChanged: ${LDAPTIME}
 591 uSNCreated: 1
 592 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 593 uSNChanged: 1
 594 name: Enterprise Admins
 595 objectGUID: ${NEWGUID}
 596 objectSid: ${DOMAINSID}-519
 597 adminCount: 1
 598 sAMAccountName: Enterprise Admins
 599 sAMAccountType: 268435456
 600 groupType: -2147483646
 601 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 602 isCriticalSystemObject: TRUE
 603 unixName: ${WHEEL}
 604
 605 dn: CN=Cert Publishers,CN=Users,${BASEDN}
 606 objectClass: top
 607 objectClass: group
 608 cn: Cert Publishers
 609 description: Members of this group are permitted to publish certificates to the Active Directory
 610 instanceType: 4
 611 whenCreated: ${LDAPTIME}
 612 whenChanged: ${LDAPTIME}
 613 uSNCreated: 1
 614 uSNChanged: 1
 615 name: Cert Publishers
 616 objectGUID: ${NEWGUID}
 617 objectSid: ${DOMAINSID}-517
 618 sAMAccountName: Cert Publishers
 619 sAMAccountType: 0x20000000
 620 groupType: -2147483644
 621 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 622 isCriticalSystemObject: TRUE
 623
 624 dn: CN=Domain Admins,CN=Users,${BASEDN}
 625 objectClass: top
 626 objectClass: group
 627 cn: Domain Admins
 628 description: Designated administrators of the domain
 629 member: CN=Administrator,CN=Users,${BASEDN}
 630 instanceType: 4
 631 whenCreated: ${LDAPTIME}
 632 whenChanged: ${LDAPTIME}
 633 uSNCreated: 1
 634 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
 635 uSNChanged: 1
 636 name: Domain Admins
 637 objectGUID: ${NEWGUID}
 638 objectSid: ${DOMAINSID}-512
 639 adminCount: 1
 640 sAMAccountName: Domain Admins
 641 sAMAccountType: 268435456
 642 groupType: -2147483646
 643 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 644 isCriticalSystemObject: TRUE
 645 unixName: ${WHEEL}
 646
 647 dn: CN=Domain Users,CN=Users,${BASEDN}
 648 objectClass: top
 649 objectClass: group
 650 cn: Domain Users
 651 description: All domain users
 652 instanceType: 4
 653 whenCreated: ${LDAPTIME}
 654 whenChanged: ${LDAPTIME}
 655 uSNCreated: 1
 656 memberOf: CN=Users,CN=Builtin,${BASEDN}
 657 uSNChanged: 1
 658 name: Domain Users
 659 objectGUID: ${NEWGUID}
 660 objectSid: ${DOMAINSID}-513
 661 sAMAccountName: Domain Users
 662 sAMAccountType: 268435456
 663 groupType: -2147483646
 664 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 665 isCriticalSystemObject: TRUE
 666 unixName: ${USERS}
 667
 668 dn: CN=Domain Guests,CN=Users,${BASEDN}
 669 objectClass: top
 670 objectClass: group
 671 cn: Domain Guests
 672 description: All domain guests
 673 instanceType: 4
 674 whenCreated: ${LDAPTIME}
 675 whenChanged: ${LDAPTIME}
 676 uSNCreated: 1
 677 memberOf: CN=Guests,CN=Builtin,${BASEDN}
 678 uSNChanged: 1
 679 name: Domain Guests
 680 objectGUID: ${NEWGUID}
 681 objectSid: ${DOMAINSID}-514
 682 sAMAccountName: Domain Guests
 683 sAMAccountType: 268435456
 684 groupType: -2147483646
 685 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 686 isCriticalSystemObject: TRUE
 687
 688 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
 689 objectClass: top
 690 objectClass: group
 691 cn: Group Policy Creator Owners
 692 description: Members in this group can modify group policy for the domain
 693 member: CN=Administrator,CN=Users,${BASEDN}
 694 instanceType: 4
 695 whenCreated: ${LDAPTIME}
 696 whenChanged: ${LDAPTIME}
 697 uSNCreated: 1
 698 uSNChanged: 1
 699 name: Group Policy Creator Owners
 700 objectGUID: ${NEWGUID}
 701 objectSid: ${DOMAINSID}-520
 702 sAMAccountName: Group Policy Creator Owners
 703 sAMAccountType: 268435456
 704 groupType: -2147483646
 705 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 706 isCriticalSystemObject: TRUE
 707 unixName: ${WHEEL}
 708
 709 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
 710 objectClass: top
 711 objectClass: group
 712 cn: RAS and IAS Servers
 713 description: Servers in this group can access remote access properties of users
 714 instanceType: 4
 715 whenCreated: ${LDAPTIME}
 716 whenChanged: ${LDAPTIME}
 717 uSNCreated: 1
 718 uSNChanged: 1
 719 name: RAS and IAS Servers
 720 objectGUID: ${NEWGUID}
 721 objectSid: ${DOMAINSID}-553
 722 sAMAccountName: RAS and IAS Servers
 723 sAMAccountType: 0x20000000
 724 groupType: -2147483644
 725 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 726 isCriticalSystemObject: TRUE
 727
 728 dn: CN=Server Operators,CN=Builtin,${BASEDN}
 729 objectClass: top
 730 objectClass: group
 731 cn: Server Operators
 732 description: Members can administer domain servers
 733 instanceType: 4
 734 whenCreated: ${LDAPTIME}
 735 whenChanged: ${LDAPTIME}
 736 uSNCreated: 1
 737 uSNChanged: 1
 738 name: Server Operators
 739 objectGUID: ${NEWGUID}
 740 objectSid: S-1-5-32-549
 741 adminCount: 1
 742 sAMAccountName: Server Operators
 743 sAMAccountType: 0x20000000
 744 systemFlags: 0x8c000000
 745 groupType: 0x80000005
 746 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 747 isCriticalSystemObject: TRUE
 748
 749 dn: CN=Account Operators,CN=Builtin,${BASEDN}
 750 objectClass: top
 751 objectClass: group
 752 cn: Account Operators
 753 description: Members can administer domain user and group accounts
 754 instanceType: 4
 755 whenCreated: ${LDAPTIME}
 756 whenChanged: ${LDAPTIME}
 757 uSNCreated: 1
 758 uSNChanged: 1
 759 name: Account Operators
 760 objectGUID: ${NEWGUID}
 761 objectSid: S-1-5-32-548
 762 adminCount: 1
 763 sAMAccountName: Account Operators
 764 sAMAccountType: 0x20000000
 765 systemFlags: 0x8c000000
 766 groupType: 0x80000005
 767 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
 768 isCriticalSystemObject: TRUE
 769
 770 dn: CN=Templates,${BASEDN}
 771 objectClass: top
 772 objectClass: container
 773 cn: Templates
 774 description: Container for SAM account templates
 775 instanceType: 4
 776 whenCreated: ${LDAPTIME}
 777 whenChanged: ${LDAPTIME}
 778 uSNCreated: 1
 779 uSNChanged: 1
 780 showInAdvancedViewOnly: FALSE
 781 name: Templates
 782 objectGUID: ${NEWGUID}
 783 systemFlags: 0x8c000000
 784 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
 785 isCriticalSystemObject: TRUE
 786
 787 ###
 788 # note! the template users must not match normal searches. Be careful
 789 # with what classes you put them in
 790 ###
 791
 792 dn: CN=TemplateUser,CN=Templates,${BASEDN}
 793 objectClass: top
 794 objectClass: person
 795 objectClass: organizationalPerson
 796 objectClass: Template
 797 objectClass: userTemplate
 798 cn: TemplateUser
 799 name: TemplateUser
 800 instanceType: 4
 801 userAccountControl: 0x202
 802 badPwdCount: 0
 803 codePage: 0
 804 countryCode: 0
 805 badPasswordTime: 0
 806 lastLogoff: 0
 807 lastLogon: 0
 808 pwdLastSet: 0
 809 primaryGroupID: 513
 810 accountExpires: -1
 811 logonCount: 0
 812 sAMAccountType: 0x30000000
 813
 814 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
 815 objectClass: top
 816 objectClass: Template
 817 objectClass: userTemplate
 818 cn: TemplateMemberServer
 819 name: TemplateMemberServer
 820 instanceType: 4
 821 userAccountControl: 0x1002
 822 badPwdCount: 0
 823 codePage: 0
 824 countryCode: 0
 825 badPasswordTime: 0
 826 lastLogoff: 0
 827 lastLogon: 0
 828 pwdLastSet: 0
 829 primaryGroupID: 513
 830 accountExpires: -1
 831 logonCount: 0
 832 sAMAccountType: 0x30000001
 833
 834 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
 835 objectClass: top
 836 objectClass: Template
 837 objectClass: userTemplate
 838 cn: TemplateDomainController
 839 name: TemplateDomainController
 840 instanceType: 4
 841 userAccountControl: 0x2002
 842 badPwdCount: 0
 843 codePage: 0
 844 countryCode: 0
 845 badPasswordTime: 0
 846 lastLogoff: 0
 847 lastLogon: 0
 848 pwdLastSet: 0
 849 primaryGroupID: 513
 850 accountExpires: -1
 851 logonCount: 0
 852 sAMAccountType: 0x30000001
 853
 854 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
 855 objectClass: top
 856 objectClass: Template
 857 objectClass: groupTemplate
 858 cn: TemplateGroup
 859 name: TemplateGroup
 860 instanceType: 4
 861 sAMAccountType: 0x10000000
 862