Set the values like Windows Server 2003 R2.
objectClass: organizationalUnit
cn: Domain Controllers
description: Default container for domain controllers
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
objectClass: container
cn: ForeignSecurityPrincipals
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
objectClass: container
cn: System
description: Builtin system settings
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
dn: CN=RID Manager$,CN=System,${DOMAINDN}
objectclass: top
objectclass: rIDManager
cn: RID Manager$
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
rIDAvailablePool: 4611686014132423217
objectclass: top
objectclass: infrastructureUpdate
cn: Infrastructure
-systemFlags: 2348810240
+systemFlags: -1946157056
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
objectClass: top
objectClass: builtinDomain
cn: Builtin
-forceLogoff: 9223372036854775808
+forceLogoff: -9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
modifiedCount: 1
isCriticalSystemObject: TRUE
showInAdvancedViewOnly: FALSE
+systemFlags: -1946157056
dn: CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+systemFlags: -1946157056
dn: CN=IP Security,CN=System,${DOMAINDN}
objectClass: top
showInAdvancedViewOnly: FALSE
-
replace: systemFlags
-systemFlags: 2348810240
+systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE
objectClass: top
objectClass: crossRefContainer
cn: Partitions
-systemFlags: 2147483648
+systemFlags: -2147483648
msDS-Behavior-Version: 0
fSMORoleOwner: CN=NTDS Settings,${SERVERDN}
objectClass: top
objectClass: sitesContainer
cn: Sites
-systemFlags: 2181038080
+systemFlags: -2113929216
dn: CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: site
cn: ${DEFAULTSITE}
-systemFlags: 2181038080
+systemFlags: 1107296256
dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
objectClass: top
objectClass: serversContainer
cn: Servers
-systemFlags: 2181038080
+systemFlags: 33554432
dn: CN=Services,${CONFIGDN}
objectClass: top
objectClass: container
cn: Services
-systemFlags: 2147483648
+systemFlags: -2147483648
dn: CN=Windows NT,CN=Services,${CONFIGDN}
objectClass: top
dn: CN=Default Domain Policy,CN=System,${DOMAINDN}
objectClass: top
+objectClass: leaf
objectClass: domainPolicy
isCriticalSystemObject: TRUE
displayName: Default Domain Policy
gPCFunctionalityVersion: 2
gPCFileSysPath: \\${DNSDOMAIN}\sysvol\${DNSDOMAIN}\Policies\{${POLICYGUID}}
-versionNumber: 1
+versionNumber: 65543
flags: 0
gPCMachineExtensionNames: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{53D6AB1B-248
8-11D1-A28C-00C04FB94F17}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
1D2-842D-00C04FA372D4}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-
11D1-A7CC-0000F87571E3}]
nTSecurityDescriptor: O:${DOMAINSID}-512G:${DOMAINSID}-512D:PAI(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-519)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;${DOMAINSID}-512)(A;CIIO;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;RPLCLORC;;;ED)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+systemFlags: -1946157056
dn: CN=User,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+systemFlags: -1946157056
dn: CN=Machine,CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN}
objectClass: top
objectClass: container
+systemFlags: -1946157056
configurationNamingContext: ${CONFIGDN}
schemaNamingContext: ${SCHEMADN}
supportedLDAPVersion: 3
+supportedLDAPVersion: 2
dnsHostName: ${DNSNAME}
ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
serverName: ${SERVERDN}
objectSid: S-1-5-32-544
adminCount: 1
sAMAccountName: Administrators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeSecurityPrivilege
member: CN=Domain Users,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-545
sAMAccountName: Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
member: CN=Guest,CN=Users,${DOMAINDN}
objectSid: S-1-5-32-546
sAMAccountName: Guests
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
objectSid: S-1-5-32-550
adminCount: 1
sAMAccountName: Print Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeLoadDriverPrivilege
objectSid: S-1-5-32-551
adminCount: 1
sAMAccountName: Backup Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
objectSid: S-1-5-32-552
adminCount: 1
sAMAccountName: Replicator
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
description: Members in this group are granted the right to logon remotely
objectSid: S-1-5-32-555
sAMAccountName: Remote Desktop Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
description: Members in this group can have some administrative privileges to manage configuration of networking features
objectSid: S-1-5-32-556
sAMAccountName: Network Configuration Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
description: Members of this group have remote access to monitor this computer
objectSid: S-1-5-32-558
sAMAccountName: Performance Monitor Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
description: Members of this group have remote access to schedule logging of performance counters on this computer
objectSid: S-1-5-32-559
sAMAccountName: Performance Log Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight
description: A backward compatibility group which allows read access on all users and groups in the domain
objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
privilege: SeRemoteInteractiveLogonRight
description: Members of this group can create incoming, one-way trusts to this forest
objectSid: S-1-5-32-557
sAMAccountName: Incoming Forest Trust Builders
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
objectSid: S-1-5-32-560
sAMAccountName: Windows Authorization Access Group
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
description: Terminal Server License Servers
objectSid: S-1-5-32-561
sAMAccountName: Terminal Server License Servers
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
objectSid: S-1-5-32-562
sAMAccountName: Distributed COM Users
-systemFlags: 2348810240
+systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
objectClass: top
objectClass: container
cn: WellKnown Security Principals
-systemFlags: 2147483648
+systemFlags: -2147483648
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
showInAdvancedViewOnly: FALSE
-
replace: systemFlags
-systemFlags: 2348810240
+systemFlags: -1946157056
-
replace: isCriticalSystemObject
isCriticalSystemObject: TRUE