3 @IDXATTR: sAMAccountName
12 realm: CASE_INSENSITIVE
13 userPrincipalName: CASE_INSENSITIVE
14 servicePrincipalName: CASE_INSENSITIVE
15 dnsDomain: CASE_INSENSITIVE
18 name: CASE_INSENSITIVE WILDCARD
19 dn: CASE_INSENSITIVE WILDCARD
20 sAMAccountName: CASE_INSENSITIVE WILDCARD
21 objectClass: CASE_INSENSITIVE
27 createTimestamp: HIDDEN
28 modifyTimestamp: HIDDEN
36 person: organizationalPerson
37 organizationalPerson: user
39 template: userTemplate
40 template: groupTemplate
42 #Add modules to the list to activate them by default
43 #beware often order is important
45 @LIST: samldb,timestamps
47 ###############################
48 # Domain Naming Context
49 ###############################
53 objectClass: domainDNS
57 dnsDomain: ${DNSDOMAIN}
59 objectGUID: ${DOMAINGUID}
60 creationTime: ${NTTIME}
61 forceLogoff: 0x8000000000000000
62 lockoutDuration: -18000000000
63 lockOutObservationWindow: -18000000000
65 whenCreated: ${LDAPTIME}
66 whenChanged: ${LDAPTIME}
69 maxPwdAge: -37108517437440
72 modifiedCountAtLastProm: 0
76 objectSid: ${DOMAINSID}
79 msDS-Behavior-Version: 0
80 ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
83 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
84 isCriticalSystemObject: TRUE
85 subRefs: CN=Configuration,${BASEDN}
86 subRefs: CN=Schema,CN=Configuration,${BASEDN}
88 dn: CN=Users,${BASEDN}
90 objectClass: container
92 description: Default container for upgraded user accounts
94 whenCreated: ${LDAPTIME}
95 whenChanged: ${LDAPTIME}
98 showInAdvancedViewOnly: FALSE
100 objectGUID: ${NEWGUID}
101 systemFlags: 0x8c000000
102 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
103 isCriticalSystemObject: TRUE
105 dn: CN=Computers,${BASEDN}
107 objectClass: container
109 description: Default container for upgraded computer accounts
111 whenCreated: ${LDAPTIME}
112 whenChanged: ${LDAPTIME}
115 showInAdvancedViewOnly: FALSE
117 objectGUID: ${NEWGUID}
118 systemFlags: 0x8c000000
119 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
120 isCriticalSystemObject: TRUE
122 dn: OU=Domain Controllers,${BASEDN}
124 objectClass: organizationalUnit
125 ou: Domain Controllers
126 description: Default container for domain controllers
128 whenCreated: ${LDAPTIME}
129 whenChanged: ${LDAPTIME}
132 showInAdvancedViewOnly: FALSE
133 name: Domain Controllers
134 objectGUID: ${NEWGUID}
135 systemFlags: 0x8c000000
136 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
137 isCriticalSystemObject: TRUE
139 dn: CN=ForeignSecurityPrincipals,${BASEDN}
141 objectClass: container
142 cn: ForeignSecurityPrincipals
143 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
145 whenCreated: ${LDAPTIME}
146 whenChanged: ${LDAPTIME}
149 showInAdvancedViewOnly: FALSE
150 name: ForeignSecurityPrincipals
151 objectGUID: ${NEWGUID}
152 systemFlags: 0x8c000000
153 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
154 isCriticalSystemObject: TRUE
156 dn: CN=System,${BASEDN}
158 objectClass: container
160 description: Builtin system settings
162 whenCreated: ${LDAPTIME}
163 whenChanged: ${LDAPTIME}
166 showInAdvancedViewOnly: TRUE
168 objectGUID: ${NEWGUID}
169 systemFlags: 0x8c000000
170 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
171 isCriticalSystemObject: TRUE
173 dn: CN=RID Manager$,CN=System,${BASEDN}
175 objectclass: rIDManager
178 whenCreated: ${LDAPTIME}
179 whenChanged: ${LDAPTIME}
182 showInAdvancedViewOnly: TRUE
184 objectGUID: ${NEWGUID}
185 systemFlags: 0x8c000000
186 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
187 isCriticalSystemObject: TRUE
188 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
189 rIDAvailablePool: 4611686014132423217
191 dn: CN=DomainUpdates,CN=System,${BASEDN}
193 objectClass: container
196 whenCreated: ${LDAPTIME}
197 whenChanged: ${LDAPTIME}
200 showInAdvancedViewOnly: TRUE
202 objectGUID: ${NEWGUID}
203 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
205 dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN}
207 objectClass: container
208 cn: Windows2003Update
210 whenCreated: ${LDAPTIME}
211 whenChanged: ${LDAPTIME}
214 showInAdvancedViewOnly: TRUE
215 name: Windows2003Update
216 objectGUID: ${NEWGUID}
217 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
220 dn: CN=Infrastructure,${BASEDN}
222 objectclass: infrastructureUpdate
225 whenCreated: ${LDAPTIME}
226 whenChanged: ${LDAPTIME}
229 showInAdvancedViewOnly: TRUE
231 objectGUID: ${NEWGUID}
232 systemFlags: 0x8c000000
233 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
234 isCriticalSystemObject: TRUE
235 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
237 dn: CN=Builtin,${BASEDN}
239 objectClass: builtinDomain
242 showInAdvancedViewOnly: FALSE
244 forceLogoff: 0x8000000000000000
245 lockoutDuration: -18000000000
246 lockOutObservationWindow: -18000000000
248 maxPwdAge: -37108517437440
251 modifiedCountAtLastProm: 0
259 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
260 isCriticalSystemObject: TRUE
262 dn: CN=Administrator,CN=Users,${BASEDN}
265 objectClass: organizationalPerson
268 description: Built-in account for administering the computer/domain
270 whenCreated: ${LDAPTIME}
271 whenChanged: ${LDAPTIME}
273 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
274 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
275 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
276 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
277 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
280 objectGUID: ${NEWGUID}
281 userAccountControl: 0x10200
290 objectSid: ${DOMAINSID}-500
294 sAMAccountName: Administrator
295 sAMAccountType: 0x30000000
296 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
297 isCriticalSystemObject: TRUE
298 unicodePwd: ${ADMINPASS}
301 dn: CN=Guest,CN=Users,${BASEDN}
304 objectClass: organizationalPerson
307 description: Built-in account for guest access to the computer/domain
309 whenCreated: ${LDAPTIME}
310 whenChanged: ${LDAPTIME}
312 memberOf: CN=Guests,CN=Builtin,${BASEDN}
315 objectGUID: ${NEWGUID}
316 userAccountControl: 0x10222
325 objectSid: ${DOMAINSID}-501
328 sAMAccountName: Guest
329 sAMAccountType: 0x30000000
330 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
331 isCriticalSystemObject: TRUE
333 dn: CN=Administrators,CN=Builtin,${BASEDN}
337 description: Administrators have complete and unrestricted access to the computer/domain
338 member: CN=Domain Admins,CN=Users,${BASEDN}
339 member: CN=Enterprise Admins,CN=Users,${BASEDN}
340 member: CN=Administrator,CN=Users,${BASEDN}
342 whenCreated: ${LDAPTIME}
343 whenChanged: ${LDAPTIME}
347 objectGUID: ${NEWGUID}
348 objectSid: S-1-5-32-544
350 sAMAccountName: Administrators
351 sAMAccountType: 0x20000000
352 systemFlags: 0x8c000000
353 groupType: 0x80000005
354 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
355 isCriticalSystemObject: TRUE
357 privilege: SeSecurityPrivilege
358 privilege: SeBackupPrivilege
359 privilege: SeRestorePrivilege
360 privilege: SeSystemtimePrivilege
361 privilege: SeShutdownPrivilege
362 privilege: SeRemoteShutdownPrivilege
363 privilege: SeTakeOwnershipPrivilege
364 privilege: SeDebugPrivilege
365 privilege: SeSystemEnvironmentPrivilege
366 privilege: SeSystemProfilePrivilege
367 privilege: SeProfileSingleProcessPrivilege
368 privilege: SeIncreaseBasePriorityPrivilege
369 privilege: SeLoadDriverPrivilege
370 privilege: SeCreatePagefilePrivilege
371 privilege: SeIncreaseQuotaPrivilege
372 privilege: SeChangeNotifyPrivilege
373 privilege: SeUndockPrivilege
374 privilege: SeManageVolumePrivilege
375 privilege: SeImpersonatePrivilege
376 privilege: SeCreateGlobalPrivilege
377 privilege: SeEnableDelegationPrivilege
378 privilege: SeInteractiveLogonRight
379 privilege: SeNetworkLogonRight
380 privilege: SeRemoteInteractiveLogonRight
383 dn: CN=Users,CN=Builtin,${BASEDN}
387 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
388 member: CN=Domain Users,CN=Users,${BASEDN}
390 whenCreated: ${LDAPTIME}
391 whenChanged: ${LDAPTIME}
395 objectGUID: ${NEWGUID}
396 objectSid: S-1-5-32-545
397 sAMAccountName: Users
398 sAMAccountType: 0x20000000
399 systemFlags: 0x8c000000
400 groupType: 0x80000005
401 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
402 isCriticalSystemObject: TRUE
404 dn: CN=Guests,CN=Builtin,${BASEDN}
408 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
409 member: CN=Domain Guests,CN=Users,${BASEDN}
410 member: CN=Guest,CN=Users,${BASEDN}
412 whenCreated: ${LDAPTIME}
413 whenChanged: ${LDAPTIME}
417 objectGUID: ${NEWGUID}
418 objectSid: S-1-5-32-546
419 sAMAccountName: Guests
420 sAMAccountType: 0x20000000
421 systemFlags: 0x8c000000
422 groupType: 0x80000005
423 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
424 isCriticalSystemObject: TRUE
427 dn: CN=Print Operators,CN=Builtin,${BASEDN}
431 description: Members can administer domain printers
433 whenCreated: ${LDAPTIME}
434 whenChanged: ${LDAPTIME}
437 name: Print Operators
438 objectGUID: ${NEWGUID}
439 objectSid: S-1-5-32-550
441 sAMAccountName: Print Operators
442 sAMAccountType: 0x20000000
443 systemFlags: 0x8c000000
444 groupType: 0x80000005
445 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
446 isCriticalSystemObject: TRUE
447 privilege: SeLoadDriverPrivilege
448 privilege: SeShutdownPrivilege
449 privilege: SeInteractiveLogonRight
451 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
455 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
457 whenCreated: ${LDAPTIME}
458 whenChanged: ${LDAPTIME}
461 name: Backup Operators
462 objectGUID: ${NEWGUID}
463 objectSid: S-1-5-32-551
465 sAMAccountName: Backup Operators
466 sAMAccountType: 0x20000000
467 systemFlags: 0x8c000000
468 groupType: 0x80000005
469 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
470 isCriticalSystemObject: TRUE
471 privilege: SeBackupPrivilege
472 privilege: SeRestorePrivilege
473 privilege: SeShutdownPrivilege
474 privilege: SeInteractiveLogonRight
476 dn: CN=Replicator,CN=Builtin,${BASEDN}
480 description: Supports file replication in a domain
482 whenCreated: ${LDAPTIME}
483 whenChanged: ${LDAPTIME}
487 objectGUID: ${NEWGUID}
488 objectSid: S-1-5-32-552
490 sAMAccountName: Replicator
491 sAMAccountType: 0x20000000
492 systemFlags: 0x8c000000
493 groupType: 0x80000005
494 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
495 isCriticalSystemObject: TRUE
497 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
500 cn: Remote Desktop Users
501 description: Members in this group are granted the right to logon remotely
503 whenCreated: ${LDAPTIME}
504 whenChanged: ${LDAPTIME}
507 name: Remote Desktop Users
508 objectGUID: ${NEWGUID}
509 objectSid: S-1-5-32-555
510 sAMAccountName: Remote Desktop Users
511 sAMAccountType: 0x20000000
512 systemFlags: 0x8c000000
513 groupType: 0x80000005
514 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
515 isCriticalSystemObject: TRUE
517 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
520 cn: Network Configuration Operators
521 description: Members in this group can have some administrative privileges to manage configuration of networking features
523 whenCreated: ${LDAPTIME}
524 whenChanged: ${LDAPTIME}
527 name: Network Configuration Operators
528 objectGUID: ${NEWGUID}
529 objectSid: S-1-5-32-556
530 sAMAccountName: Network Configuration Operators
531 sAMAccountType: 0x20000000
532 systemFlags: 0x8c000000
533 groupType: 0x80000005
534 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
535 isCriticalSystemObject: TRUE
537 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
540 cn: Performance Monitor Users
541 description: Members of this group have remote access to monitor this computer
543 whenCreated: ${LDAPTIME}
544 whenChanged: ${LDAPTIME}
547 name: Performance Monitor Users
548 objectGUID: ${NEWGUID}
549 objectSid: S-1-5-32-558
550 sAMAccountName: Performance Monitor Users
551 sAMAccountType: 0x20000000
552 systemFlags: 0x8c000000
553 groupType: 0x80000005
554 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
555 isCriticalSystemObject: TRUE
557 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
560 cn: Performance Log Users
561 description: Members of this group have remote access to schedule logging of performance counters on this computer
563 whenCreated: ${LDAPTIME}
564 whenChanged: ${LDAPTIME}
567 name: Performance Log Users
568 objectGUID: ${NEWGUID}
569 objectSid: S-1-5-32-559
570 sAMAccountName: Performance Log Users
571 sAMAccountType: 0x20000000
572 systemFlags: 0x8c000000
573 groupType: 0x80000005
574 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
575 isCriticalSystemObject: TRUE
577 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
580 objectClass: organizationalPerson
582 objectClass: computer
585 whenCreated: ${LDAPTIME}
586 whenChanged: ${LDAPTIME}
590 objectGUID: ${HOSTGUID}
591 userAccountControl: 532480
597 lastLogon: 127273269057298624
599 pwdLastSet: 127258826171655328
601 objectSid: ${DOMAINSID}-1000
602 accountExpires: 9223372036854775807
604 sAMAccountName: ${NETBIOSNAME}$
605 sAMAccountType: 805306369
606 operatingSystem: Samba
607 operatingSystemVersion: 4.0
608 dNSHostName: ${DNSNAME}
609 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
610 isCriticalSystemObject: TRUE
611 unicodePwd: ${JOINPASS}
612 servicePrincipalName: HOST/${DNSNAME}
613 servicePrincipalName: HOST/${NETBIOSNAME}
614 servicePrincipalName: CIFS/${DNSNAME}
615 servicePrincipalName: CIFS/${NETBIOSNAME}
616 servicePrincipalName: LDAP/${DNSNAME}
617 servicePrincipalName: LDAP/${NETBIOSNAME}
619 dn: CN=krbtgt,CN=Users,${BASEDN}
622 objectClass: organizationalPerson
625 description: Key Distribution Center Service Account
627 whenCreated: ${LDAPTIME}
628 whenChanged: ${LDAPTIME}
631 showInAdvancedViewOnly: TRUE
633 objectGUID: ${NEWGUID}
634 userAccountControl: 514
641 pwdLastSet: 127258826179466560
643 objectSid: ${DOMAINSID}-502
645 accountExpires: 9223372036854775807
647 sAMAccountName: krbtgt
648 sAMAccountType: 805306368
649 servicePrincipalName: kadmin/changepw
650 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
651 isCriticalSystemObject: TRUE
652 unicodePwd: ${RANDPASS}
654 dn: CN=Domain Computers,CN=Users,${BASEDN}
658 description: All workstations and servers joined to the domain
660 whenCreated: ${LDAPTIME}
661 whenChanged: ${LDAPTIME}
664 name: Domain Computers
665 objectGUID: ${NEWGUID}
666 objectSid: ${DOMAINSID}-515
667 sAMAccountName: Domain Computers
668 sAMAccountType: 0x10000000
669 groupType: 0x80000002
670 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
671 isCriticalSystemObject: TRUE
673 dn: CN=Domain Controllers,CN=Users,${BASEDN}
676 cn: Domain Controllers
677 description: All domain controllers in the domain
679 whenCreated: ${LDAPTIME}
680 whenChanged: ${LDAPTIME}
683 name: Domain Controllers
684 objectGUID: ${NEWGUID}
685 objectSid: ${DOMAINSID}-516
687 sAMAccountName: Domain Controllers
688 sAMAccountType: 0x10000000
689 groupType: 0x80000002
690 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
691 isCriticalSystemObject: TRUE
693 dn: CN=Schema Admins,CN=Users,${BASEDN}
697 description: Designated administrators of the schema
698 member: CN=Administrator,CN=Users,${BASEDN}
700 whenCreated: ${LDAPTIME}
701 whenChanged: ${LDAPTIME}
705 objectGUID: ${NEWGUID}
706 objectSid: ${DOMAINSID}-518
708 sAMAccountName: Schema Admins
709 sAMAccountType: 0x10000000
710 groupType: 0x80000002
711 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
712 isCriticalSystemObject: TRUE
715 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
718 cn: Enterprise Admins
719 description: Designated administrators of the enterprise
720 member: CN=Administrator,CN=Users,${BASEDN}
722 whenCreated: ${LDAPTIME}
723 whenChanged: ${LDAPTIME}
725 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
727 name: Enterprise Admins
728 objectGUID: ${NEWGUID}
729 objectSid: ${DOMAINSID}-519
731 sAMAccountName: Enterprise Admins
732 sAMAccountType: 0x10000000
733 groupType: 0x80000002
734 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
735 isCriticalSystemObject: TRUE
738 dn: CN=Cert Publishers,CN=Users,${BASEDN}
742 description: Members of this group are permitted to publish certificates to the Active Directory
744 whenCreated: ${LDAPTIME}
745 whenChanged: ${LDAPTIME}
748 name: Cert Publishers
749 objectGUID: ${NEWGUID}
750 objectSid: ${DOMAINSID}-517
751 sAMAccountName: Cert Publishers
752 sAMAccountType: 0x20000000
753 groupType: 0x80000004
754 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
755 isCriticalSystemObject: TRUE
757 dn: CN=Domain Admins,CN=Users,${BASEDN}
761 description: Designated administrators of the domain
762 member: CN=Administrator,CN=Users,${BASEDN}
764 whenCreated: ${LDAPTIME}
765 whenChanged: ${LDAPTIME}
767 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
770 objectGUID: ${NEWGUID}
771 objectSid: ${DOMAINSID}-512
773 sAMAccountName: Domain Admins
774 sAMAccountType: 0x10000000
775 groupType: 0x80000002
776 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
777 isCriticalSystemObject: TRUE
780 dn: CN=Domain Users,CN=Users,${BASEDN}
784 description: All domain users
786 whenCreated: ${LDAPTIME}
787 whenChanged: ${LDAPTIME}
789 memberOf: CN=Users,CN=Builtin,${BASEDN}
792 objectGUID: ${NEWGUID}
793 objectSid: ${DOMAINSID}-513
794 sAMAccountName: Domain Users
795 sAMAccountType: 0x10000000
796 groupType: 0x80000002
797 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
798 isCriticalSystemObject: TRUE
801 dn: CN=Domain Guests,CN=Users,${BASEDN}
805 description: All domain guests
807 whenCreated: ${LDAPTIME}
808 whenChanged: ${LDAPTIME}
810 memberOf: CN=Guests,CN=Builtin,${BASEDN}
813 objectGUID: ${NEWGUID}
814 objectSid: ${DOMAINSID}-514
815 sAMAccountName: Domain Guests
816 sAMAccountType: 0x10000000
817 groupType: 0x80000002
818 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
819 isCriticalSystemObject: TRUE
821 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
824 cn: Group Policy Creator Owners
825 description: Members in this group can modify group policy for the domain
826 member: CN=Administrator,CN=Users,${BASEDN}
828 whenCreated: ${LDAPTIME}
829 whenChanged: ${LDAPTIME}
832 name: Group Policy Creator Owners
833 objectGUID: ${NEWGUID}
834 objectSid: ${DOMAINSID}-520
835 sAMAccountName: Group Policy Creator Owners
836 sAMAccountType: 0x10000000
837 groupType: 0x80000002
838 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
839 isCriticalSystemObject: TRUE
842 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
845 cn: RAS and IAS Servers
846 description: Servers in this group can access remote access properties of users
848 whenCreated: ${LDAPTIME}
849 whenChanged: ${LDAPTIME}
852 name: RAS and IAS Servers
853 objectGUID: ${NEWGUID}
854 objectSid: ${DOMAINSID}-553
855 sAMAccountName: RAS and IAS Servers
856 sAMAccountType: 0x20000000
857 groupType: 0x80000004
858 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
859 isCriticalSystemObject: TRUE
861 dn: CN=Server Operators,CN=Builtin,${BASEDN}
865 description: Members can administer domain servers
867 whenCreated: ${LDAPTIME}
868 whenChanged: ${LDAPTIME}
871 name: Server Operators
872 objectGUID: ${NEWGUID}
873 objectSid: S-1-5-32-549
875 sAMAccountName: Server Operators
876 sAMAccountType: 0x20000000
877 systemFlags: 0x8c000000
878 groupType: 0x80000005
879 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
880 isCriticalSystemObject: TRUE
881 privilege: SeBackupPrivilege
882 privilege: SeSystemtimePrivilege
883 privilege: SeRemoteShutdownPrivilege
884 privilege: SeRestorePrivilege
885 privilege: SeShutdownPrivilege
886 privilege: SeInteractiveLogonRight
888 dn: CN=Account Operators,CN=Builtin,${BASEDN}
891 cn: Account Operators
892 description: Members can administer domain user and group accounts
894 whenCreated: ${LDAPTIME}
895 whenChanged: ${LDAPTIME}
898 name: Account Operators
899 objectGUID: ${NEWGUID}
900 objectSid: S-1-5-32-548
902 sAMAccountName: Account Operators
903 sAMAccountType: 0x20000000
904 systemFlags: 0x8c000000
905 groupType: 0x80000005
906 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
907 isCriticalSystemObject: TRUE
908 privilege: SeInteractiveLogonRight
910 dn: CN=Templates,${BASEDN}
912 objectClass: container
914 description: Container for SAM account templates
916 whenCreated: ${LDAPTIME}
917 whenChanged: ${LDAPTIME}
920 showInAdvancedViewOnly: TRUE
922 objectGUID: ${NEWGUID}
923 systemFlags: 0x8c000000
924 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
925 isCriticalSystemObject: TRUE
928 # note! the template users must not match normal searches. Be careful
929 # with what classes you put them in
932 dn: CN=TemplateUser,CN=Templates,${BASEDN}
935 objectClass: organizationalPerson
936 objectClass: Template
937 objectClass: userTemplate
941 userAccountControl: 0x202
952 sAMAccountType: 0x30000000
954 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
956 objectClass: Template
957 objectClass: userTemplate
958 cn: TemplateMemberServer
959 name: TemplateMemberServer
961 userAccountControl: 0x1002
972 sAMAccountType: 0x30000001
974 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
976 objectClass: Template
977 objectClass: userTemplate
978 cn: TemplateDomainController
979 name: TemplateDomainController
981 userAccountControl: 0x2002
992 sAMAccountType: 0x30000001
994 dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
996 objectClass: Template
997 objectClass: userTemplate
998 cn: TemplateTrustingDomain
999 name: TemplateTrustingDomain
1001 userAccountControl: 0x820
1012 sAMAccountType: 0x30000002
1014 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
1016 objectClass: Template
1017 objectClass: groupTemplate
1021 groupType: 0x80000002
1022 sAMAccountType: 0x10000000
1024 dn: CN=TemplateAlias,CN=Templates,${BASEDN}
1026 objectClass: Template
1027 objectClass: aliasTemplate
1031 groupType: 0x80000004
1032 sAMAccountType: 0x10000000
1034 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
1036 objectClass: Template
1037 objectClass: foreignSecurityPrincipalTemplate
1038 cn: TemplateForeignSecurityPrincipal
1039 name: TemplateForeignSecurityPrincipal
1041 dn: CN=TemplateSecret,CN=Templates,${BASEDN}
1044 objectClass: Template
1045 objectClass: secretTemplate
1047 name: TemplateSecret
1050 dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
1053 objectClass: Template
1054 objectClass: trustedDomainTemplate
1055 cn: TemplateTrustedDomain
1056 name: TemplateTrustedDomain
1059 ###############################
1060 # Configuration Naming Context
1061 ###############################
1062 dn: CN=Configuration,${BASEDN}
1064 objectClass: configuration
1067 whenCreated: ${LDAPTIME}
1068 whenChanged: ${LDAPTIME}
1071 showInAdvancedViewOnly: TRUE
1073 objectGUID: ${NEWGUID}
1074 objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
1075 subRefs: CN=Schema,CN=Configuration,${BASEDN}
1076 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1077 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1079 dn: CN=Partitions,CN=Configuration,${BASEDN}
1081 objectClass: crossRefContainer
1084 whenCreated: ${LDAPTIME}
1085 whenChanged: ${LDAPTIME}
1088 showInAdvancedViewOnly: TRUE
1090 objectGUID: ${NEWGUID}
1091 systemFlags: 0x80000000
1092 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
1093 msDS-Behavior-Version: 0
1094 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1096 dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN}
1098 objectClass: crossRef
1099 cn: Enterprise Configuration
1101 whenCreated: ${LDAPTIME}
1102 whenChanged: ${LDAPTIME}
1105 showInAdvancedViewOnly: TRUE
1106 name: Enterprise Configuration
1107 objectGUID: ${NEWGUID}
1108 systemFlags: 0x00000001
1109 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1110 nCName: CN=Configuration,${BASEDN}
1111 dnsRoot: ${DNSDOMAIN}
1113 dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN}
1115 objectClass: crossRef
1116 cn: Enterprise Schema
1118 whenCreated: ${LDAPTIME}
1119 whenChanged: ${LDAPTIME}
1122 showInAdvancedViewOnly: TRUE
1123 name: Enterprise Schema
1124 objectGUID: ${NEWGUID}
1125 systemFlags: 0x00000001
1126 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1127 nCName: CN=Schema,CN=Configuration,${BASEDN}
1128 dnsRoot: ${DNSDOMAIN}
1130 dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN}
1132 objectClass: crossRef
1135 whenCreated: ${LDAPTIME}
1136 whenChanged: ${LDAPTIME}
1139 showInAdvancedViewOnly: TRUE
1141 objectGUID: ${NEWGUID}
1142 systemFlags: 0x00000003
1143 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1145 nETBIOSName: ${DOMAIN}
1146 dnsRoot: ${DNSDOMAIN}
1148 dn: CN=Sites,CN=Configuration,${BASEDN}
1150 objectClass: sitesContainer
1153 whenCreated: ${LDAPTIME}
1154 whenChanged: ${LDAPTIME}
1157 showInAdvancedViewOnly: TRUE
1159 objectGUID: ${NEWGUID}
1160 systemFlags: 0x82000000
1161 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
1163 dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1168 whenCreated: ${LDAPTIME}
1169 whenChanged: ${LDAPTIME}
1172 showInAdvancedViewOnly: TRUE
1174 objectGUID: ${NEWGUID}
1175 systemFlags: 0x82000000
1176 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
1178 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1180 objectClass: serversContainer
1183 whenCreated: ${LDAPTIME}
1184 whenChanged: ${LDAPTIME}
1187 showInAdvancedViewOnly: TRUE
1189 objectGUID: ${NEWGUID}
1190 systemFlags: 0x82000000
1191 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
1193 dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1198 whenCreated: ${LDAPTIME}
1199 whenChanged: ${LDAPTIME}
1202 showInAdvancedViewOnly: TRUE
1203 name: ${NETBIOSNAME}
1204 objectGUID: ${NEWGUID}
1205 systemFlags: 0x52000000
1206 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
1207 dNSHostName: ${DNSNAME}
1208 serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
1210 dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1212 objectClass: applicationSettings
1213 objectClass: nTDSDSA
1216 whenCreated: ${LDAPTIME}
1217 whenChanged: ${LDAPTIME}
1220 showInAdvancedViewOnly: TRUE
1222 systemFlags: 0x02000000
1223 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
1224 dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
1225 objectGUID: ${INVOCATIONID}
1226 invocationId: ${INVOCATIONID}
1227 msDS-Behavior-Version: 2
1229 ###############################
1230 # Schema Naming Context
1231 ###############################
1232 dn: CN=Schema,CN=Configuration,${BASEDN}
1237 whenCreated: ${LDAPTIME}
1238 whenChanged: ${LDAPTIME}
1241 showInAdvancedViewOnly: TRUE
1243 objectGUID: ${NEWGUID}
1244 objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
1245 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1246 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1247 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}