3 @IDXATTR: sAMAccountName
12 userPrincipalName: CASE_INSENSITIVE
13 servicePrincipalName: CASE_INSENSITIVE
14 dnsDomain: CASE_INSENSITIVE
15 dnsRoot: CASE_INSENSITIVE
18 name: CASE_INSENSITIVE
22 sAMAccountName: CASE_INSENSITIVE
23 sAMAccountName: WILDCARD
24 objectClass: CASE_INSENSITIVE
30 createTimestamp: HIDDEN
31 modifyTimestamp: HIDDEN
39 person: organizationalPerson
40 organizationalPerson: user
42 template: userTemplate
43 template: groupTemplate
45 #Add modules to the list to activate them by default
46 #beware often order is important
48 @LIST: samldb,timestamps
50 ###############################
51 # Domain Naming Context
52 ###############################
56 objectClass: domainDNS
59 dnsDomain: ${DNSDOMAIN}
61 objectGUID: ${DOMAINGUID}
62 creationTime: ${NTTIME}
63 forceLogoff: 0x8000000000000000
64 lockoutDuration: -18000000000
65 lockOutObservationWindow: -18000000000
67 whenCreated: ${LDAPTIME}
68 whenChanged: ${LDAPTIME}
71 maxPwdAge: -37108517437440
74 modifiedCountAtLastProm: 0
78 objectSid: ${DOMAINSID}
81 msDS-Behavior-Version: 0
82 ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
85 objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
86 isCriticalSystemObject: TRUE
87 subRefs: CN=Configuration,${BASEDN}
88 subRefs: CN=Schema,CN=Configuration,${BASEDN}
90 dn: CN=Users,${BASEDN}
92 objectClass: container
94 description: Default container for upgraded user accounts
96 whenCreated: ${LDAPTIME}
97 whenChanged: ${LDAPTIME}
100 showInAdvancedViewOnly: FALSE
102 objectGUID: ${NEWGUID}
103 systemFlags: 0x8c000000
104 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
105 isCriticalSystemObject: TRUE
107 dn: CN=Computers,${BASEDN}
109 objectClass: container
111 description: Default container for upgraded computer accounts
113 whenCreated: ${LDAPTIME}
114 whenChanged: ${LDAPTIME}
117 showInAdvancedViewOnly: FALSE
119 objectGUID: ${NEWGUID}
120 systemFlags: 0x8c000000
121 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
122 isCriticalSystemObject: TRUE
124 dn: OU=Domain Controllers,${BASEDN}
126 objectClass: organizationalUnit
127 ou: Domain Controllers
128 description: Default container for domain controllers
130 whenCreated: ${LDAPTIME}
131 whenChanged: ${LDAPTIME}
134 showInAdvancedViewOnly: FALSE
135 name: Domain Controllers
136 objectGUID: ${NEWGUID}
137 systemFlags: 0x8c000000
138 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
139 isCriticalSystemObject: TRUE
141 dn: CN=ForeignSecurityPrincipals,${BASEDN}
143 objectClass: container
144 cn: ForeignSecurityPrincipals
145 description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
147 whenCreated: ${LDAPTIME}
148 whenChanged: ${LDAPTIME}
151 showInAdvancedViewOnly: FALSE
152 name: ForeignSecurityPrincipals
153 objectGUID: ${NEWGUID}
154 systemFlags: 0x8c000000
155 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
156 isCriticalSystemObject: TRUE
158 dn: CN=System,${BASEDN}
160 objectClass: container
162 description: Builtin system settings
164 whenCreated: ${LDAPTIME}
165 whenChanged: ${LDAPTIME}
168 showInAdvancedViewOnly: TRUE
170 objectGUID: ${NEWGUID}
171 systemFlags: 0x8c000000
172 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
173 isCriticalSystemObject: TRUE
175 dn: CN=RID Manager$,CN=System,${BASEDN}
177 objectclass: rIDManager
180 whenCreated: ${LDAPTIME}
181 whenChanged: ${LDAPTIME}
184 showInAdvancedViewOnly: TRUE
186 objectGUID: ${NEWGUID}
187 systemFlags: 0x8c000000
188 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
189 isCriticalSystemObject: TRUE
190 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
191 rIDAvailablePool: 4611686014132423217
193 dn: CN=DomainUpdates,CN=System,${BASEDN}
195 objectClass: container
198 whenCreated: ${LDAPTIME}
199 whenChanged: ${LDAPTIME}
202 showInAdvancedViewOnly: TRUE
204 objectGUID: ${NEWGUID}
205 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
207 dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN}
209 objectClass: container
210 cn: Windows2003Update
212 whenCreated: ${LDAPTIME}
213 whenChanged: ${LDAPTIME}
216 showInAdvancedViewOnly: TRUE
217 name: Windows2003Update
218 objectGUID: ${NEWGUID}
219 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
222 dn: CN=Infrastructure,${BASEDN}
224 objectclass: infrastructureUpdate
227 whenCreated: ${LDAPTIME}
228 whenChanged: ${LDAPTIME}
231 showInAdvancedViewOnly: TRUE
233 objectGUID: ${NEWGUID}
234 systemFlags: 0x8c000000
235 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
236 isCriticalSystemObject: TRUE
237 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
239 dn: CN=Builtin,${BASEDN}
241 objectClass: builtinDomain
244 showInAdvancedViewOnly: FALSE
246 forceLogoff: 0x8000000000000000
247 lockoutDuration: -18000000000
248 lockOutObservationWindow: -18000000000
250 maxPwdAge: -37108517437440
253 modifiedCountAtLastProm: 0
261 objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
262 isCriticalSystemObject: TRUE
264 dn: CN=Administrator,CN=Users,${BASEDN}
267 objectClass: organizationalPerson
270 description: Built-in account for administering the computer/domain
272 whenCreated: ${LDAPTIME}
273 whenChanged: ${LDAPTIME}
275 memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
276 memberOf: CN=Domain Admins,CN=Users,${BASEDN}
277 memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
278 memberOf: CN=Schema Admins,CN=Users,${BASEDN}
279 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
282 objectGUID: ${NEWGUID}
283 userAccountControl: 0x10200
292 objectSid: ${DOMAINSID}-500
296 sAMAccountName: Administrator
297 sAMAccountType: 0x30000000
298 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
299 isCriticalSystemObject: TRUE
300 unicodePwd: ${ADMINPASS}
303 dn: CN=Guest,CN=Users,${BASEDN}
306 objectClass: organizationalPerson
309 description: Built-in account for guest access to the computer/domain
311 whenCreated: ${LDAPTIME}
312 whenChanged: ${LDAPTIME}
314 memberOf: CN=Guests,CN=Builtin,${BASEDN}
317 objectGUID: ${NEWGUID}
318 userAccountControl: 0x10222
327 objectSid: ${DOMAINSID}-501
330 sAMAccountName: Guest
331 sAMAccountType: 0x30000000
332 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
333 isCriticalSystemObject: TRUE
335 dn: CN=Administrators,CN=Builtin,${BASEDN}
339 description: Administrators have complete and unrestricted access to the computer/domain
340 member: CN=Domain Admins,CN=Users,${BASEDN}
341 member: CN=Enterprise Admins,CN=Users,${BASEDN}
342 member: CN=Administrator,CN=Users,${BASEDN}
344 whenCreated: ${LDAPTIME}
345 whenChanged: ${LDAPTIME}
349 objectGUID: ${NEWGUID}
350 objectSid: S-1-5-32-544
352 sAMAccountName: Administrators
353 sAMAccountType: 0x20000000
354 systemFlags: 0x8c000000
355 groupType: 0x80000005
356 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
357 isCriticalSystemObject: TRUE
359 privilege: SeSecurityPrivilege
360 privilege: SeBackupPrivilege
361 privilege: SeRestorePrivilege
362 privilege: SeSystemtimePrivilege
363 privilege: SeShutdownPrivilege
364 privilege: SeRemoteShutdownPrivilege
365 privilege: SeTakeOwnershipPrivilege
366 privilege: SeDebugPrivilege
367 privilege: SeSystemEnvironmentPrivilege
368 privilege: SeSystemProfilePrivilege
369 privilege: SeProfileSingleProcessPrivilege
370 privilege: SeIncreaseBasePriorityPrivilege
371 privilege: SeLoadDriverPrivilege
372 privilege: SeCreatePagefilePrivilege
373 privilege: SeIncreaseQuotaPrivilege
374 privilege: SeChangeNotifyPrivilege
375 privilege: SeUndockPrivilege
376 privilege: SeManageVolumePrivilege
377 privilege: SeImpersonatePrivilege
378 privilege: SeCreateGlobalPrivilege
379 privilege: SeEnableDelegationPrivilege
380 privilege: SeInteractiveLogonRight
381 privilege: SeNetworkLogonRight
382 privilege: SeRemoteInteractiveLogonRight
385 dn: CN=Users,CN=Builtin,${BASEDN}
389 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
390 member: CN=Domain Users,CN=Users,${BASEDN}
392 whenCreated: ${LDAPTIME}
393 whenChanged: ${LDAPTIME}
397 objectGUID: ${NEWGUID}
398 objectSid: S-1-5-32-545
399 sAMAccountName: Users
400 sAMAccountType: 0x20000000
401 systemFlags: 0x8c000000
402 groupType: 0x80000005
403 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
404 isCriticalSystemObject: TRUE
406 dn: CN=Guests,CN=Builtin,${BASEDN}
410 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
411 member: CN=Domain Guests,CN=Users,${BASEDN}
412 member: CN=Guest,CN=Users,${BASEDN}
414 whenCreated: ${LDAPTIME}
415 whenChanged: ${LDAPTIME}
419 objectGUID: ${NEWGUID}
420 objectSid: S-1-5-32-546
421 sAMAccountName: Guests
422 sAMAccountType: 0x20000000
423 systemFlags: 0x8c000000
424 groupType: 0x80000005
425 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
426 isCriticalSystemObject: TRUE
429 dn: CN=Print Operators,CN=Builtin,${BASEDN}
433 description: Members can administer domain printers
435 whenCreated: ${LDAPTIME}
436 whenChanged: ${LDAPTIME}
439 name: Print Operators
440 objectGUID: ${NEWGUID}
441 objectSid: S-1-5-32-550
443 sAMAccountName: Print Operators
444 sAMAccountType: 0x20000000
445 systemFlags: 0x8c000000
446 groupType: 0x80000005
447 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
448 isCriticalSystemObject: TRUE
449 privilege: SeLoadDriverPrivilege
450 privilege: SeShutdownPrivilege
451 privilege: SeInteractiveLogonRight
453 dn: CN=Backup Operators,CN=Builtin,${BASEDN}
457 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
459 whenCreated: ${LDAPTIME}
460 whenChanged: ${LDAPTIME}
463 name: Backup Operators
464 objectGUID: ${NEWGUID}
465 objectSid: S-1-5-32-551
467 sAMAccountName: Backup Operators
468 sAMAccountType: 0x20000000
469 systemFlags: 0x8c000000
470 groupType: 0x80000005
471 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
472 isCriticalSystemObject: TRUE
473 privilege: SeBackupPrivilege
474 privilege: SeRestorePrivilege
475 privilege: SeShutdownPrivilege
476 privilege: SeInteractiveLogonRight
478 dn: CN=Replicator,CN=Builtin,${BASEDN}
482 description: Supports file replication in a domain
484 whenCreated: ${LDAPTIME}
485 whenChanged: ${LDAPTIME}
489 objectGUID: ${NEWGUID}
490 objectSid: S-1-5-32-552
492 sAMAccountName: Replicator
493 sAMAccountType: 0x20000000
494 systemFlags: 0x8c000000
495 groupType: 0x80000005
496 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
497 isCriticalSystemObject: TRUE
499 dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
502 cn: Remote Desktop Users
503 description: Members in this group are granted the right to logon remotely
505 whenCreated: ${LDAPTIME}
506 whenChanged: ${LDAPTIME}
509 name: Remote Desktop Users
510 objectGUID: ${NEWGUID}
511 objectSid: S-1-5-32-555
512 sAMAccountName: Remote Desktop Users
513 sAMAccountType: 0x20000000
514 systemFlags: 0x8c000000
515 groupType: 0x80000005
516 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
517 isCriticalSystemObject: TRUE
519 dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
522 cn: Network Configuration Operators
523 description: Members in this group can have some administrative privileges to manage configuration of networking features
525 whenCreated: ${LDAPTIME}
526 whenChanged: ${LDAPTIME}
529 name: Network Configuration Operators
530 objectGUID: ${NEWGUID}
531 objectSid: S-1-5-32-556
532 sAMAccountName: Network Configuration Operators
533 sAMAccountType: 0x20000000
534 systemFlags: 0x8c000000
535 groupType: 0x80000005
536 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
537 isCriticalSystemObject: TRUE
539 dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
542 cn: Performance Monitor Users
543 description: Members of this group have remote access to monitor this computer
545 whenCreated: ${LDAPTIME}
546 whenChanged: ${LDAPTIME}
549 name: Performance Monitor Users
550 objectGUID: ${NEWGUID}
551 objectSid: S-1-5-32-558
552 sAMAccountName: Performance Monitor Users
553 sAMAccountType: 0x20000000
554 systemFlags: 0x8c000000
555 groupType: 0x80000005
556 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
557 isCriticalSystemObject: TRUE
559 dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
562 cn: Performance Log Users
563 description: Members of this group have remote access to schedule logging of performance counters on this computer
565 whenCreated: ${LDAPTIME}
566 whenChanged: ${LDAPTIME}
569 name: Performance Log Users
570 objectGUID: ${NEWGUID}
571 objectSid: S-1-5-32-559
572 sAMAccountName: Performance Log Users
573 sAMAccountType: 0x20000000
574 systemFlags: 0x8c000000
575 groupType: 0x80000005
576 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
577 isCriticalSystemObject: TRUE
579 dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
582 objectClass: organizationalPerson
584 objectClass: computer
587 whenCreated: ${LDAPTIME}
588 whenChanged: ${LDAPTIME}
592 objectGUID: ${HOSTGUID}
593 userAccountControl: 532480
599 lastLogon: 127273269057298624
601 pwdLastSet: 127258826171655328
603 objectSid: ${DOMAINSID}-1000
604 accountExpires: 9223372036854775807
606 sAMAccountName: ${NETBIOSNAME}$
607 sAMAccountType: 805306369
608 operatingSystem: Samba
609 operatingSystemVersion: 4.0
610 dNSHostName: ${DNSNAME}
611 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
612 isCriticalSystemObject: TRUE
613 unicodePwd: ${JOINPASS}
614 servicePrincipalName: HOST/${DNSNAME}
615 servicePrincipalName: HOST/${NETBIOSNAME}
617 dn: CN=krbtgt,CN=Users,${BASEDN}
620 objectClass: organizationalPerson
623 description: Key Distribution Center Service Account
625 whenCreated: ${LDAPTIME}
626 whenChanged: ${LDAPTIME}
629 showInAdvancedViewOnly: TRUE
631 objectGUID: ${NEWGUID}
632 userAccountControl: 514
639 pwdLastSet: 127258826179466560
641 objectSid: ${DOMAINSID}-502
643 accountExpires: 9223372036854775807
645 sAMAccountName: krbtgt
646 sAMAccountType: 805306368
647 servicePrincipalName: kadmin/changepw
648 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
649 isCriticalSystemObject: TRUE
650 unicodePwd: ${RANDPASS}
652 dn: CN=Domain Computers,CN=Users,${BASEDN}
656 description: All workstations and servers joined to the domain
658 whenCreated: ${LDAPTIME}
659 whenChanged: ${LDAPTIME}
662 name: Domain Computers
663 objectGUID: ${NEWGUID}
664 objectSid: ${DOMAINSID}-515
665 sAMAccountName: Domain Computers
666 sAMAccountType: 0x10000000
667 groupType: 0x80000002
668 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
669 isCriticalSystemObject: TRUE
671 dn: CN=Domain Controllers,CN=Users,${BASEDN}
674 cn: Domain Controllers
675 description: All domain controllers in the domain
677 whenCreated: ${LDAPTIME}
678 whenChanged: ${LDAPTIME}
681 name: Domain Controllers
682 objectGUID: ${NEWGUID}
683 objectSid: ${DOMAINSID}-516
685 sAMAccountName: Domain Controllers
686 sAMAccountType: 0x10000000
687 groupType: 0x80000002
688 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
689 isCriticalSystemObject: TRUE
691 dn: CN=Schema Admins,CN=Users,${BASEDN}
695 description: Designated administrators of the schema
696 member: CN=Administrator,CN=Users,${BASEDN}
698 whenCreated: ${LDAPTIME}
699 whenChanged: ${LDAPTIME}
703 objectGUID: ${NEWGUID}
704 objectSid: ${DOMAINSID}-518
706 sAMAccountName: Schema Admins
707 sAMAccountType: 0x10000000
708 groupType: 0x80000002
709 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
710 isCriticalSystemObject: TRUE
713 dn: CN=Enterprise Admins,CN=Users,${BASEDN}
716 cn: Enterprise Admins
717 description: Designated administrators of the enterprise
718 member: CN=Administrator,CN=Users,${BASEDN}
720 whenCreated: ${LDAPTIME}
721 whenChanged: ${LDAPTIME}
723 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
725 name: Enterprise Admins
726 objectGUID: ${NEWGUID}
727 objectSid: ${DOMAINSID}-519
729 sAMAccountName: Enterprise Admins
730 sAMAccountType: 0x10000000
731 groupType: 0x80000002
732 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
733 isCriticalSystemObject: TRUE
736 dn: CN=Cert Publishers,CN=Users,${BASEDN}
740 description: Members of this group are permitted to publish certificates to the Active Directory
742 whenCreated: ${LDAPTIME}
743 whenChanged: ${LDAPTIME}
746 name: Cert Publishers
747 objectGUID: ${NEWGUID}
748 objectSid: ${DOMAINSID}-517
749 sAMAccountName: Cert Publishers
750 sAMAccountType: 0x20000000
751 groupType: 0x80000004
752 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
753 isCriticalSystemObject: TRUE
755 dn: CN=Domain Admins,CN=Users,${BASEDN}
759 description: Designated administrators of the domain
760 member: CN=Administrator,CN=Users,${BASEDN}
762 whenCreated: ${LDAPTIME}
763 whenChanged: ${LDAPTIME}
765 memberOf: CN=Administrators,CN=Builtin,${BASEDN}
768 objectGUID: ${NEWGUID}
769 objectSid: ${DOMAINSID}-512
771 sAMAccountName: Domain Admins
772 sAMAccountType: 0x10000000
773 groupType: 0x80000002
774 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
775 isCriticalSystemObject: TRUE
778 dn: CN=Domain Users,CN=Users,${BASEDN}
782 description: All domain users
784 whenCreated: ${LDAPTIME}
785 whenChanged: ${LDAPTIME}
787 memberOf: CN=Users,CN=Builtin,${BASEDN}
790 objectGUID: ${NEWGUID}
791 objectSid: ${DOMAINSID}-513
792 sAMAccountName: Domain Users
793 sAMAccountType: 0x10000000
794 groupType: 0x80000002
795 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
796 isCriticalSystemObject: TRUE
799 dn: CN=Domain Guests,CN=Users,${BASEDN}
803 description: All domain guests
805 whenCreated: ${LDAPTIME}
806 whenChanged: ${LDAPTIME}
808 memberOf: CN=Guests,CN=Builtin,${BASEDN}
811 objectGUID: ${NEWGUID}
812 objectSid: ${DOMAINSID}-514
813 sAMAccountName: Domain Guests
814 sAMAccountType: 0x10000000
815 groupType: 0x80000002
816 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
817 isCriticalSystemObject: TRUE
819 dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
822 cn: Group Policy Creator Owners
823 description: Members in this group can modify group policy for the domain
824 member: CN=Administrator,CN=Users,${BASEDN}
826 whenCreated: ${LDAPTIME}
827 whenChanged: ${LDAPTIME}
830 name: Group Policy Creator Owners
831 objectGUID: ${NEWGUID}
832 objectSid: ${DOMAINSID}-520
833 sAMAccountName: Group Policy Creator Owners
834 sAMAccountType: 0x10000000
835 groupType: 0x80000002
836 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
837 isCriticalSystemObject: TRUE
840 dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
843 cn: RAS and IAS Servers
844 description: Servers in this group can access remote access properties of users
846 whenCreated: ${LDAPTIME}
847 whenChanged: ${LDAPTIME}
850 name: RAS and IAS Servers
851 objectGUID: ${NEWGUID}
852 objectSid: ${DOMAINSID}-553
853 sAMAccountName: RAS and IAS Servers
854 sAMAccountType: 0x20000000
855 groupType: 0x80000004
856 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
857 isCriticalSystemObject: TRUE
859 dn: CN=Server Operators,CN=Builtin,${BASEDN}
863 description: Members can administer domain servers
865 whenCreated: ${LDAPTIME}
866 whenChanged: ${LDAPTIME}
869 name: Server Operators
870 objectGUID: ${NEWGUID}
871 objectSid: S-1-5-32-549
873 sAMAccountName: Server Operators
874 sAMAccountType: 0x20000000
875 systemFlags: 0x8c000000
876 groupType: 0x80000005
877 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
878 isCriticalSystemObject: TRUE
879 privilege: SeBackupPrivilege
880 privilege: SeSystemtimePrivilege
881 privilege: SeRemoteShutdownPrivilege
882 privilege: SeRestorePrivilege
883 privilege: SeShutdownPrivilege
884 privilege: SeInteractiveLogonRight
886 dn: CN=Account Operators,CN=Builtin,${BASEDN}
889 cn: Account Operators
890 description: Members can administer domain user and group accounts
892 whenCreated: ${LDAPTIME}
893 whenChanged: ${LDAPTIME}
896 name: Account Operators
897 objectGUID: ${NEWGUID}
898 objectSid: S-1-5-32-548
900 sAMAccountName: Account Operators
901 sAMAccountType: 0x20000000
902 systemFlags: 0x8c000000
903 groupType: 0x80000005
904 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
905 isCriticalSystemObject: TRUE
906 privilege: SeInteractiveLogonRight
908 dn: CN=Templates,${BASEDN}
910 objectClass: container
912 description: Container for SAM account templates
914 whenCreated: ${LDAPTIME}
915 whenChanged: ${LDAPTIME}
918 showInAdvancedViewOnly: TRUE
920 objectGUID: ${NEWGUID}
921 systemFlags: 0x8c000000
922 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
923 isCriticalSystemObject: TRUE
926 # note! the template users must not match normal searches. Be careful
927 # with what classes you put them in
930 dn: CN=TemplateUser,CN=Templates,${BASEDN}
933 objectClass: organizationalPerson
934 objectClass: Template
935 objectClass: userTemplate
939 userAccountControl: 0x202
950 sAMAccountType: 0x30000000
952 dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
954 objectClass: Template
955 objectClass: userTemplate
956 cn: TemplateMemberServer
957 name: TemplateMemberServer
959 userAccountControl: 0x1002
970 sAMAccountType: 0x30000001
972 dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
974 objectClass: Template
975 objectClass: userTemplate
976 cn: TemplateDomainController
977 name: TemplateDomainController
979 userAccountControl: 0x2002
990 sAMAccountType: 0x30000001
992 dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
994 objectClass: Template
995 objectClass: userTemplate
996 cn: TemplateTrustingDomain
997 name: TemplateTrustingDomain
999 userAccountControl: 0x820
1010 sAMAccountType: 0x30000002
1012 dn: CN=TemplateGroup,CN=Templates,${BASEDN}
1014 objectClass: Template
1015 objectClass: groupTemplate
1019 groupType: 0x80000002
1020 sAMAccountType: 0x10000000
1022 dn: CN=TemplateAlias,CN=Templates,${BASEDN}
1024 objectClass: Template
1025 objectClass: aliasTemplate
1029 groupType: 0x80000004
1030 sAMAccountType: 0x10000000
1032 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
1034 objectClass: Template
1035 objectClass: foreignSecurityPrincipalTemplate
1036 cn: TemplateForeignSecurityPrincipal
1037 name: TemplateForeignSecurityPrincipal
1039 dn: CN=TemplateSecret,CN=Templates,${BASEDN}
1042 objectClass: Template
1043 objectClass: secretTemplate
1045 name: TemplateSecret
1048 dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
1051 objectClass: Template
1052 objectClass: trustedDomainTemplate
1053 cn: TemplateTrustedDomain
1054 name: TemplateTrustedDomain
1057 ###############################
1058 # Configuration Naming Context
1059 ###############################
1060 dn: CN=Configuration,${BASEDN}
1062 objectClass: configuration
1065 whenCreated: ${LDAPTIME}
1066 whenChanged: ${LDAPTIME}
1069 showInAdvancedViewOnly: TRUE
1071 objectGUID: ${NEWGUID}
1072 objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
1073 subRefs: CN=Schema,CN=Configuration,${BASEDN}
1074 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1075 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1077 dn: CN=Partitions,CN=Configuration,${BASEDN}
1079 objectClass: crossRefContainer
1082 whenCreated: ${LDAPTIME}
1083 whenChanged: ${LDAPTIME}
1086 showInAdvancedViewOnly: TRUE
1088 objectGUID: ${NEWGUID}
1089 systemFlags: 0x80000000
1090 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
1091 msDS-Behavior-Version: 0
1092 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1094 dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN}
1096 objectClass: crossRef
1097 cn: Enterprise Configuration
1099 whenCreated: ${LDAPTIME}
1100 whenChanged: ${LDAPTIME}
1103 showInAdvancedViewOnly: TRUE
1104 name: Enterprise Configuration
1105 objectGUID: ${NEWGUID}
1106 systemFlags: 0x00000001
1107 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1108 nCName: CN=Configuration,${BASEDN}
1109 dnsRoot: ${DNSDOMAIN}
1111 dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN}
1113 objectClass: crossRef
1114 cn: Enterprise Schema
1116 whenCreated: ${LDAPTIME}
1117 whenChanged: ${LDAPTIME}
1120 showInAdvancedViewOnly: TRUE
1121 name: Enterprise Schema
1122 objectGUID: ${NEWGUID}
1123 systemFlags: 0x00000001
1124 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1125 nCName: CN=Schema,CN=Configuration,${BASEDN}
1126 dnsRoot: ${DNSDOMAIN}
1128 dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN}
1130 objectClass: crossRef
1133 whenCreated: ${LDAPTIME}
1134 whenChanged: ${LDAPTIME}
1137 showInAdvancedViewOnly: TRUE
1139 objectGUID: ${NEWGUID}
1140 systemFlags: 0x00000003
1141 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
1143 nETBIOSName: ${DOMAIN}
1144 dnsRoot: ${DNSDOMAIN}
1146 dn: CN=Sites,CN=Configuration,${BASEDN}
1148 objectClass: sitesContainer
1151 whenCreated: ${LDAPTIME}
1152 whenChanged: ${LDAPTIME}
1155 showInAdvancedViewOnly: TRUE
1157 objectGUID: ${NEWGUID}
1158 systemFlags: 0x82000000
1159 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
1161 dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1166 whenCreated: ${LDAPTIME}
1167 whenChanged: ${LDAPTIME}
1170 showInAdvancedViewOnly: TRUE
1172 objectGUID: ${NEWGUID}
1173 systemFlags: 0x82000000
1174 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
1176 dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1178 objectClass: serversContainer
1181 whenCreated: ${LDAPTIME}
1182 whenChanged: ${LDAPTIME}
1185 showInAdvancedViewOnly: TRUE
1187 objectGUID: ${NEWGUID}
1188 systemFlags: 0x82000000
1189 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
1191 dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1196 whenCreated: ${LDAPTIME}
1197 whenChanged: ${LDAPTIME}
1200 showInAdvancedViewOnly: TRUE
1201 name: ${NETBIOSNAME}
1202 objectGUID: ${NEWGUID}
1203 systemFlags: 0x52000000
1204 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
1205 dNSHostName: ${DNSNAME}
1206 serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
1208 dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1210 objectClass: applicationSettings
1211 objectClass: nTDSDSA
1214 whenCreated: ${LDAPTIME}
1215 whenChanged: ${LDAPTIME}
1218 showInAdvancedViewOnly: TRUE
1220 systemFlags: 0x02000000
1221 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
1222 dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
1223 objectGUID: ${INVOCATIONID}
1224 invocationId: ${INVOCATIONID}
1225 msDS-Behavior-Version: 2
1227 dn: CN=Services,CN=Configuration,${BASEDN}
1229 objectClass: container
1232 whenCreated: ${LDAPTIME}
1233 whenChanged: ${LDAPTIME}
1236 showInAdvancedViewOnly: TRUE
1238 systemFlags: 0x80000000
1239 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
1240 objectGUID: ${NEWGUID}
1242 dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
1244 objectClass: container
1247 whenCreated: ${LDAPTIME}
1248 whenChanged: ${LDAPTIME}
1251 showInAdvancedViewOnly: TRUE
1253 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
1254 objectGUID: ${NEWGUID}
1256 dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
1258 objectClass: nTDSService
1259 cn: Directory Service
1261 whenCreated: ${LDAPTIME}
1262 whenChanged: ${LDAPTIME}
1265 showInAdvancedViewOnly: TRUE
1266 name: Directory Service
1267 objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
1268 objectGUID: ${NEWGUID}
1269 sPNMappings: host=ldap,dns,cifs
1272 ###############################
1273 # Schema Naming Context
1274 ###############################
1275 dn: CN=Schema,CN=Configuration,${BASEDN}
1280 whenCreated: ${LDAPTIME}
1281 whenChanged: ${LDAPTIME}
1284 showInAdvancedViewOnly: TRUE
1286 objectGUID: ${NEWGUID}
1287 objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
1288 masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1289 msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
1290 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}