search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-netlogon: implement dcesrv_netr_DsRAddressToSitenamesExW
[Samba/aatanasov.git] / source4 / setup / provision_users.ldif
blobbc5616ba5b671c031782d6ca1182e8d04e5d52e8
1 # Add default primary groups (domain users, domain guests) - needed for
2 # the users to find valid primary groups (samldb module)
3
4 dn: CN=Domain Users,CN=Users,${DOMAINDN}
5 objectClass: top
6 objectClass: group
7 description: All domain users
8 objectSid: ${DOMAINSID}-513
9 sAMAccountName: Domain Users
10 isCriticalSystemObject: TRUE
11
12 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
13 objectClass: top
14 objectClass: group
15 description: All domain guests
16 objectSid: ${DOMAINSID}-514
17 sAMAccountName: Domain Guests
18 isCriticalSystemObject: TRUE
19
20 # Add users
21
22 dn: CN=Administrator,CN=Users,${DOMAINDN}
23 objectClass: user
24 description: Built-in account for administering the computer/domain
25 userAccountControl: 66048
26 objectSid: ${DOMAINSID}-500
27 adminCount: 1
28 accountExpires: 9223372036854775807
29 sAMAccountName: Administrator
30 userPassword:: ${ADMINPASS_B64}
31 isCriticalSystemObject: TRUE
32
33 dn: CN=Guest,CN=Users,${DOMAINDN}
34 objectClass: user
35 description: Built-in account for guest access to the computer/domain
36 userAccountControl: 66082
37 primaryGroupID: 514
38 objectSid: ${DOMAINSID}-501
39 sAMAccountName: Guest
40 isCriticalSystemObject: TRUE
41
42 dn: CN=krbtgt,CN=Users,${DOMAINDN}
43 objectClass: top
44 objectClass: person
45 objectClass: organizationalPerson
46 objectClass: user
47 description: Key Distribution Center Service Account
48 showInAdvancedViewOnly: TRUE
49 userAccountControl: 514
50 objectSid: ${DOMAINSID}-502
51 adminCount: 1
52 accountExpires: 9223372036854775807
53 sAMAccountName: krbtgt
54 servicePrincipalName: kadmin/changepw
55 userPassword:: ${KRBTGTPASS_B64}
56 isCriticalSystemObject: TRUE
57
58 # Add other groups
59
60 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
61 objectClass: top
62 objectClass: group
63 description: Designated administrators of the enterprise
64 member: CN=Administrator,CN=Users,${DOMAINDN}
65 objectSid: ${DOMAINSID}-519
66 adminCount: 1
67 sAMAccountName: Enterprise Admins
68 isCriticalSystemObject: TRUE
69
70 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
71 objectClass: top
72 objectClass: group
73 description: All workstations and servers joined to the domain
74 objectSid: ${DOMAINSID}-515
75 sAMAccountName: Domain Computers
76 isCriticalSystemObject: TRUE
77
78 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
79 objectClass: top
80 objectClass: group
81 description: All domain controllers in the domain
82 objectSid: ${DOMAINSID}-516
83 adminCount: 1
84 sAMAccountName: Domain Controllers
85 isCriticalSystemObject: TRUE
86
87 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
88 objectClass: top
89 objectClass: group
90 description: Designated administrators of the schema
91 member: CN=Administrator,CN=Users,${DOMAINDN}
92 objectSid: ${DOMAINSID}-518
93 adminCount: 1
94 sAMAccountName: Schema Admins
95 isCriticalSystemObject: TRUE
96
97 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
98 objectClass: top
99 objectClass: group
100 description: Members of this group are permitted to publish certificates to the Active Directory
101 groupType: -2147483644
102 objectSid: ${DOMAINSID}-517
103 sAMAccountName: Cert Publishers
104 isCriticalSystemObject: TRUE
105
106 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
107 objectClass: top
108 objectClass: group
109 description: Designated administrators of the domain
110 member: CN=Administrator,CN=Users,${DOMAINDN}
111 objectSid: ${DOMAINSID}-512
112 adminCount: 1
113 sAMAccountName: Domain Admins
114 isCriticalSystemObject: TRUE
115
116 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
117 objectClass: top
118 objectClass: group
119 description: Members in this group can modify group policy for the domain
120 member: CN=Administrator,CN=Users,${DOMAINDN}
121 objectSid: ${DOMAINSID}-520
122 sAMAccountName: Group Policy Creator Owners
123 isCriticalSystemObject: TRUE
124
125 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
126 objectClass: top
127 objectClass: group
128 description: Servers in this group can access remote access properties of users
129 objectSid: ${DOMAINSID}-553
130 sAMAccountName: RAS and IAS Servers
131 groupType: -2147483644
132 isCriticalSystemObject: TRUE
133
134 dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
135 objectClass: top
136 objectClass: group
137 description: read-only domain controllers
138 objectSid: ${DOMAINSID}-521
139 sAMAccountName: Read-Only Domain Controllers
140 groupType: -2147483644
141 isCriticalSystemObject: TRUE
142
143 dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
144 objectClass: top
145 objectClass: group
146 description: enterprise read-only domain controllers
147 objectSid: ${DOMAINSID}-498
148 sAMAccountName: Enterprise Read-Only Domain Controllers
149 groupType: -2147483644
150 isCriticalSystemObject: TRUE
151
152 dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
153 objectClass: top
154 objectClass: group
155 description: Certificate Service DCOM Access
156 objectSid: ${DOMAINSID}-574
157 sAMAccountName: Certificate Service DCOM Access
158 groupType: -2147483644
159 isCriticalSystemObject: TRUE
160
161 dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
162 objectClass: top
163 objectClass: group
164 description: Cryptographic Operators
165 objectSid: ${DOMAINSID}-569
166 sAMAccountName: Cryptographic Operators
167 groupType: -2147483644
168 isCriticalSystemObject: TRUE
169
170 dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
171 objectClass: top
172 objectClass: group
173 description: Event Log Readers
174 objectSid: ${DOMAINSID}-573
175 sAMAccountName: Event Log Readers
176 groupType: -2147483644
177 isCriticalSystemObject: TRUE
178
179 # Add foreign security principals
180
181 dn: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN}
182 objectClass: top
183 objectClass: foreignSecurityPrincipal
184 objectSid: S-1-5-4
185
186 dn: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
187 objectClass: top
188 objectClass: foreignSecurityPrincipal
189 objectSid: S-1-5-9
190
191 dn: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
192 objectClass: top
193 objectClass: foreignSecurityPrincipal
194 objectSid: S-1-5-11
195
196 dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
197 objectClass: top
198 objectClass: foreignSecurityPrincipal
199 objectSid: S-1-5-20
200
201 # Add builtin objects
202
203 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
204 objectClass: top
205 objectClass: group
206 description: Administrators have complete and unrestricted access to the computer/domain
207 member: CN=Domain Admins,CN=Users,${DOMAINDN}
208 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
209 member: CN=Administrator,CN=Users,${DOMAINDN}
210 objectSid: S-1-5-32-544
211 adminCount: 1
212 sAMAccountName: Administrators
213 systemFlags: -1946157056
214 groupType: -2147483643
215 privilege: SeSecurityPrivilege
216 privilege: SeBackupPrivilege
217 privilege: SeRestorePrivilege
218 privilege: SeSystemtimePrivilege
219 privilege: SeShutdownPrivilege
220 privilege: SeRemoteShutdownPrivilege
221 privilege: SeTakeOwnershipPrivilege
222 privilege: SeDebugPrivilege
223 privilege: SeSystemEnvironmentPrivilege
224 privilege: SeSystemProfilePrivilege
225 privilege: SeProfileSingleProcessPrivilege
226 privilege: SeIncreaseBasePriorityPrivilege
227 privilege: SeLoadDriverPrivilege
228 privilege: SeCreatePagefilePrivilege
229 privilege: SeIncreaseQuotaPrivilege
230 privilege: SeChangeNotifyPrivilege
231 privilege: SeUndockPrivilege
232 privilege: SeManageVolumePrivilege
233 privilege: SeImpersonatePrivilege
234 privilege: SeCreateGlobalPrivilege
235 privilege: SeEnableDelegationPrivilege
236 privilege: SeInteractiveLogonRight
237 privilege: SeNetworkLogonRight
238 privilege: SeRemoteInteractiveLogonRight
239 isCriticalSystemObject: TRUE
240
241 dn: CN=Users,CN=Builtin,${DOMAINDN}
242 objectClass: top
243 objectClass: group
244 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
245 member: CN=Domain Users,CN=Users,${DOMAINDN}
246 member: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN}
247 member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
248 objectSid: S-1-5-32-545
249 sAMAccountName: Users
250 systemFlags: -1946157056
251 groupType: -2147483643
252 isCriticalSystemObject: TRUE
253
254 dn: CN=Guests,CN=Builtin,${DOMAINDN}
255 objectClass: top
256 objectClass: group
257 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
258 member: CN=Domain Guests,CN=Users,${DOMAINDN}
259 member: CN=Guest,CN=Users,${DOMAINDN}
260 objectSid: S-1-5-32-546
261 sAMAccountName: Guests
262 systemFlags: -1946157056
263 groupType: -2147483643
264 isCriticalSystemObject: TRUE
265
266 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
267 objectClass: top
268 objectClass: group
269 description: Members can administer domain printers
270 objectSid: S-1-5-32-550
271 adminCount: 1
272 sAMAccountName: Print Operators
273 systemFlags: -1946157056
274 groupType: -2147483643
275 privilege: SeLoadDriverPrivilege
276 privilege: SeShutdownPrivilege
277 privilege: SeInteractiveLogonRight
278 isCriticalSystemObject: TRUE
279
280 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
281 objectClass: top
282 objectClass: group
283 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
284 objectSid: S-1-5-32-551
285 adminCount: 1
286 sAMAccountName: Backup Operators
287 systemFlags: -1946157056
288 groupType: -2147483643
289 privilege: SeBackupPrivilege
290 privilege: SeRestorePrivilege
291 privilege: SeShutdownPrivilege
292 privilege: SeInteractiveLogonRight
293 isCriticalSystemObject: TRUE
294
295 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
296 objectClass: top
297 objectClass: group
298 description: Supports file replication in a domain
299 objectSid: S-1-5-32-552
300 adminCount: 1
301 sAMAccountName: Replicator
302 systemFlags: -1946157056
303 groupType: -2147483643
304 isCriticalSystemObject: TRUE
305
306 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
307 objectClass: top
308 objectClass: group
309 description: Members in this group are granted the right to logon remotely
310 objectSid: S-1-5-32-555
311 sAMAccountName: Remote Desktop Users
312 systemFlags: -1946157056
313 groupType: -2147483643
314 isCriticalSystemObject: TRUE
315
316 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
317 objectClass: top
318 objectClass: group
319 description: Members in this group can have some administrative privileges to manage configuration of networking features
320 objectSid: S-1-5-32-556
321 sAMAccountName: Network Configuration Operators
322 systemFlags: -1946157056
323 groupType: -2147483643
324 isCriticalSystemObject: TRUE
325
326 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
327 objectClass: top
328 objectClass: group
329 description: Members of this group have remote access to monitor this computer
330 objectSid: S-1-5-32-558
331 sAMAccountName: Performance Monitor Users
332 systemFlags: -1946157056
333 groupType: -2147483643
334 isCriticalSystemObject: TRUE
335
336 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
337 objectClass: top
338 objectClass: group
339 description: Members of this group have remote access to schedule logging of performance counters on this computer
340 member: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
341 objectSid: S-1-5-32-559
342 sAMAccountName: Performance Log Users
343 systemFlags: -1946157056
344 groupType: -2147483643
345 isCriticalSystemObject: TRUE
346
347 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
348 objectClass: top
349 objectClass: group
350 description: Members can administer domain servers
351 objectSid: S-1-5-32-549
352 adminCount: 1
353 sAMAccountName: Server Operators
354 systemFlags: -1946157056
355 groupType: -2147483643
356 privilege: SeBackupPrivilege
357 privilege: SeSystemtimePrivilege
358 privilege: SeRemoteShutdownPrivilege
359 privilege: SeRestorePrivilege
360 privilege: SeShutdownPrivilege
361 privilege: SeInteractiveLogonRight
362 isCriticalSystemObject: TRUE
363
364 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
365 objectClass: top
366 objectClass: group
367 description: Members can administer domain user and group accounts
368 objectSid: S-1-5-32-548
369 adminCount: 1
370 sAMAccountName: Account Operators
371 systemFlags: -1946157056
372 groupType: -2147483643
373 privilege: SeInteractiveLogonRight
374 isCriticalSystemObject: TRUE
375
376 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
377 objectClass: top
378 objectClass: group
379 description: A backward compatibility group which allows read access on all users and groups in the domain
380 member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
381 objectSid: S-1-5-32-554
382 sAMAccountName: Pre-Windows 2000 Compatible Access
383 systemFlags: -1946157056
384 groupType: -2147483643
385 privilege: SeRemoteInteractiveLogonRight
386 privilege: SeChangeNotifyPrivilege
387 isCriticalSystemObject: TRUE
388
389 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
390 objectClass: top
391 objectClass: group
392 description: Members of this group can create incoming, one-way trusts to this forest
393 objectSid: S-1-5-32-557
394 sAMAccountName: Incoming Forest Trust Builders
395 systemFlags: -1946157056
396 groupType: -2147483643
397 isCriticalSystemObject: TRUE
398
399 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
400 objectClass: top
401 objectClass: group
402 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
403 member: CN=S-1-5-9,CN=ForeignSecurityPrincipals,${DOMAINDN}
404 objectSid: S-1-5-32-560
405 sAMAccountName: Windows Authorization Access Group
406 systemFlags: -1946157056
407 groupType: -2147483643
408 isCriticalSystemObject: TRUE
409
410 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
411 objectClass: top
412 objectClass: group
413 description: Terminal Server License Servers
414 objectSid: S-1-5-32-561
415 sAMAccountName: Terminal Server License Servers
416 systemFlags: -1946157056
417 groupType: -2147483643
418 isCriticalSystemObject: TRUE
419
420 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
421 objectClass: top
422 objectClass: group
423 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
424 objectSid: S-1-5-32-562
425 sAMAccountName: Distributed COM Users
426 systemFlags: -1946157056
427 groupType: -2147483643
428 isCriticalSystemObject: TRUE
429
430 # Add well known security principals
431
432 dn: CN=WellKnown Security Principals,${CONFIGDN}
433 objectClass: top
434 objectClass: container
435 systemFlags: -2147483648
436
437 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
438 objectClass: top
439 objectClass: foreignSecurityPrincipal
440 objectSid: S-1-5-7
441
442 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
443 objectClass: top
444 objectClass: foreignSecurityPrincipal
445 objectSid: S-1-5-11
446
447 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
448 objectClass: top
449 objectClass: foreignSecurityPrincipal
450 objectSid: S-1-5-3
451
452 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
453 objectClass: top
454 objectClass: foreignSecurityPrincipal
455 objectSid: S-1-3-1
456
457 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
458 objectClass: top
459 objectClass: foreignSecurityPrincipal
460 objectSid: S-1-3-0
461
462 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
463 objectClass: top
464 objectClass: foreignSecurityPrincipal
465 objectSid: S-1-5-1
466
467 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
468 objectClass: top
469 objectClass: foreignSecurityPrincipal
470 objectSid: S-1-5-64-21
471
472 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
473 objectClass: top
474 objectClass: foreignSecurityPrincipal
475 objectSid: S-1-5-9
476
477 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
478 objectClass: top
479 objectClass: foreignSecurityPrincipal
480 objectSid: S-1-1-0
481
482 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
483 objectClass: top
484 objectClass: foreignSecurityPrincipal
485 objectSid: S-1-5-4
486
487 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
488 objectClass: top
489 objectClass: foreignSecurityPrincipal
490 objectSid: S-1-5-19
491
492 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
493 objectClass: top
494 objectClass: foreignSecurityPrincipal
495 objectSid: S-1-5-2
496
497 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
498 objectClass: top
499 objectClass: foreignSecurityPrincipal
500 objectSid: S-1-5-20
501
502 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
503 objectClass: top
504 objectClass: foreignSecurityPrincipal
505 objectSid: S-1-5-64-10
506
507 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
508 objectClass: top
509 objectClass: foreignSecurityPrincipal
510 objectSid: S-1-5-1000
511
512 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
513 objectClass: top
514 objectClass: foreignSecurityPrincipal
515 objectSid: S-1-5-8
516
517 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
518 objectClass: top
519 objectClass: foreignSecurityPrincipal
520 objectSid: S-1-5-14
521
522 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
523 objectClass: top
524 objectClass: foreignSecurityPrincipal
525 objectSid: S-1-5-12
526
527 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
528 objectClass: top
529 objectClass: foreignSecurityPrincipal
530 objectSid: S-1-5-64-14
531
532 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
533 objectClass: top
534 objectClass: foreignSecurityPrincipal
535 objectSid: S-1-5-10
536
537 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
538 objectClass: top
539 objectClass: foreignSecurityPrincipal
540 objectSid: S-1-5-6
541
542 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
543 objectClass: top
544 objectClass: foreignSecurityPrincipal
545 objectSid: S-1-5-13
546
547 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
548 objectClass: top
549 objectClass: foreignSecurityPrincipal
550 objectSid: S-1-5-15
551
552 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
553 objectClass: top
554 objectClass: foreignSecurityPrincipal
555 objectSid: S-1-5-18
aatanasov's samba4 branch