1 dn: CN=Administrator
,CN=Users
,$
{DOMAINDN
}
4 description: Built
-in account for administering the computer
/domain
5 userAccountControl
: 66048
6 objectSid
: $
{DOMAINSID
}-500
8 accountExpires
: 9223372036854775807
9 sAMAccountName
: Administrator
10 userPassword:: $
{ADMINPASS_B64
}
11 isCriticalSystemObject
: TRUE
13 dn: CN=Guest
,CN=Users
,$
{DOMAINDN
}
16 description: Built
-in account for guest access to the computer
/domain
17 userAccountControl
: 66082
19 objectSid
: $
{DOMAINSID
}-501
21 isCriticalSystemObject
: TRUE
23 dn: CN=Enterprise Admins
,CN=Users
,$
{DOMAINDN
}
27 description: Designated administrators of the enterprise
28 member
: CN=Administrator
,CN=Users
,$
{DOMAINDN
}
29 objectSid
: $
{DOMAINSID
}-519
31 sAMAccountName
: Enterprise Admins
32 isCriticalSystemObject
: TRUE
34 dn: CN=krbtgt
,CN=Users
,$
{DOMAINDN
}
37 objectClass: organizationalPerson
40 description: Key Distribution Center Service Account
41 showInAdvancedViewOnly
: TRUE
42 userAccountControl
: 514
43 objectSid
: $
{DOMAINSID
}-502
45 accountExpires
: 9223372036854775807
46 sAMAccountName
: krbtgt
47 servicePrincipalName
: kadmin
/changepw
48 userPassword:: $
{KRBTGTPASS_B64
}
49 isCriticalSystemObject
: TRUE
51 dn: CN=Domain Computers
,CN=Users
,$
{DOMAINDN
}
55 description: All workstations and servers joined to the domain
56 objectSid
: $
{DOMAINSID
}-515
57 sAMAccountName
: Domain Computers
58 isCriticalSystemObject
: TRUE
60 dn: CN=Domain Controllers
,CN=Users
,$
{DOMAINDN
}
63 cn: Domain Controllers
64 description: All domain controllers in the domain
65 objectSid
: $
{DOMAINSID
}-516
67 sAMAccountName
: Domain Controllers
68 isCriticalSystemObject
: TRUE
70 dn: CN=Schema Admins
,CN=Users
,$
{DOMAINDN
}
74 description: Designated administrators of the schema
75 member
: CN=Administrator
,CN=Users
,$
{DOMAINDN
}
76 objectSid
: $
{DOMAINSID
}-518
78 sAMAccountName
: Schema Admins
79 isCriticalSystemObject
: TRUE
81 dn: CN=Cert Publishers
,CN=Users
,$
{DOMAINDN
}
85 description: Members of this group are permitted to publish certificates to the Active Directory
86 groupType
: -2147483644
87 objectSid
: $
{DOMAINSID
}-517
88 sAMAccountName
: Cert Publishers
89 isCriticalSystemObject
: TRUE
91 dn: CN=Domain Admins
,CN=Users
,$
{DOMAINDN
}
95 description: Designated administrators of the domain
96 member
: CN=Administrator
,CN=Users
,$
{DOMAINDN
}
97 objectSid
: $
{DOMAINSID
}-512
99 sAMAccountName
: Domain Admins
100 isCriticalSystemObject
: TRUE
102 dn: CN=Domain Users
,CN=Users
,$
{DOMAINDN
}
106 description: All domain users
107 objectSid
: $
{DOMAINSID
}-513
108 sAMAccountName
: Domain Users
109 isCriticalSystemObject
: TRUE
111 dn: CN=Domain Guests
,CN=Users
,$
{DOMAINDN
}
115 description: All domain guests
116 objectSid
: $
{DOMAINSID
}-514
117 sAMAccountName
: Domain Guests
118 isCriticalSystemObject
: TRUE
120 dn: CN=Group Policy Creator Owners
,CN=Users
,$
{DOMAINDN
}
123 cn: Group Policy Creator Owners
124 description: Members in this group can
modify group policy for the domain
125 member
: CN=Administrator
,CN=Users
,$
{DOMAINDN
}
126 objectSid
: $
{DOMAINSID
}-520
127 sAMAccountName
: Group Policy Creator Owners
128 isCriticalSystemObject
: TRUE
130 dn: CN=RAS and IAS Servers
,CN=Users
,$
{DOMAINDN
}
133 cn: RAS and IAS Servers
134 description: Servers in this group can access remote access properties of users
135 objectSid
: $
{DOMAINSID
}-553
136 sAMAccountName
: RAS and IAS Servers
137 groupType
: -2147483644
138 isCriticalSystemObject
: TRUE
140 dn: CN=Read
-Only Domain Controllers
,CN=Users
,$
{DOMAINDN
}
143 cn: Read
-Only Domain Controllers
144 description: read
-only domain controllers
145 objectSid
: $
{DOMAINSID
}-521
146 sAMAccountName
: Read
-Only Domain Controllers
147 groupType
: -2147483644
148 isCriticalSystemObject
: TRUE
150 dn: CN=Enterprise Read
-Only Domain Controllers
,CN=Users
,$
{DOMAINDN
}
153 cn: Enterprise Read
-Only Domain Controllers
154 description: enterprise read
-only domain controllers
155 objectSid
: $
{DOMAINSID
}-498
156 sAMAccountName
: Enterprise Read
-Only Domain Controllers
157 groupType
: -2147483644
158 isCriticalSystemObject
: TRUE
160 dn: CN=Certificate Service DCOM Access
,CN=Users
,$
{DOMAINDN
}
163 cn: Certificate Service DCOM Access
164 description: Certificate Service DCOM Access
165 objectSid
: $
{DOMAINSID
}-574
166 sAMAccountName
: Certificate Service DCOM Access
167 groupType
: -2147483644
168 isCriticalSystemObject
: TRUE
170 dn: CN=Cryptographic Operators
,CN=Users
,$
{DOMAINDN
}
173 cn: Cryptographic Operators
174 description: Cryptographic Operators
175 objectSid
: $
{DOMAINSID
}-569
176 sAMAccountName
: Cryptographic Operators
177 groupType
: -2147483644
178 isCriticalSystemObject
: TRUE
180 dn: CN=Event Log Readers
,CN=Users
,$
{DOMAINDN
}
183 cn: Event Log Readers
184 description: Event Log Readers
185 objectSid
: $
{DOMAINSID
}-573
186 sAMAccountName
: Event Log Readers
187 groupType
: -2147483644
188 isCriticalSystemObject
: TRUE
190 dn: CN=Administrators
,CN=Builtin
,$
{DOMAINDN
}
194 description: Administrators have complete and unrestricted access to the computer
/domain
195 member
: CN=Domain Admins
,CN=Users
,$
{DOMAINDN
}
196 member
: CN=Enterprise Admins
,CN=Users
,$
{DOMAINDN
}
197 member
: CN=Administrator
,CN=Users
,$
{DOMAINDN
}
198 objectSid
: S
-1-5-32-544
200 sAMAccountName
: Administrators
201 systemFlags
: -1946157056
202 groupType
: -2147483643
203 privilege
: SeSecurityPrivilege
204 privilege
: SeBackupPrivilege
205 privilege
: SeRestorePrivilege
206 privilege
: SeSystemtimePrivilege
207 privilege
: SeShutdownPrivilege
208 privilege
: SeRemoteShutdownPrivilege
209 privilege
: SeTakeOwnershipPrivilege
210 privilege
: SeDebugPrivilege
211 privilege
: SeSystemEnvironmentPrivilege
212 privilege
: SeSystemProfilePrivilege
213 privilege
: SeProfileSingleProcessPrivilege
214 privilege
: SeIncreaseBasePriorityPrivilege
215 privilege
: SeLoadDriverPrivilege
216 privilege
: SeCreatePagefilePrivilege
217 privilege
: SeIncreaseQuotaPrivilege
218 privilege
: SeChangeNotifyPrivilege
219 privilege
: SeUndockPrivilege
220 privilege
: SeManageVolumePrivilege
221 privilege
: SeImpersonatePrivilege
222 privilege
: SeCreateGlobalPrivilege
223 privilege
: SeEnableDelegationPrivilege
224 privilege
: SeInteractiveLogonRight
225 privilege
: SeNetworkLogonRight
226 privilege
: SeRemoteInteractiveLogonRight
227 isCriticalSystemObject
: TRUE
229 dn: CN=Users
,CN=Builtin
,$
{DOMAINDN
}
233 description: Users are prevented from making accidental or intentional system
-wide changes. Thus
, Users can run certified applications
, but not most legacy applications
234 member
: CN=Domain Users
,CN=Users
,$
{DOMAINDN
}
235 objectSid
: S
-1-5-32-545
236 sAMAccountName
: Users
237 systemFlags
: -1946157056
238 groupType
: -2147483643
239 isCriticalSystemObject
: TRUE
241 dn: CN=Guests
,CN=Builtin
,$
{DOMAINDN
}
245 description: Guests have the same access as members of the Users group by default
, except for the Guest account which is further restricted
246 member
: CN=Domain Guests
,CN=Users
,$
{DOMAINDN
}
247 member
: CN=Guest
,CN=Users
,$
{DOMAINDN
}
248 objectSid
: S
-1-5-32-546
249 sAMAccountName
: Guests
250 systemFlags
: -1946157056
251 groupType
: -2147483643
252 isCriticalSystemObject
: TRUE
254 dn: CN=Print Operators
,CN=Builtin
,$
{DOMAINDN
}
258 description: Members can administer domain printers
259 objectSid
: S
-1-5-32-550
261 sAMAccountName
: Print Operators
262 systemFlags
: -1946157056
263 groupType
: -2147483643
264 privilege
: SeLoadDriverPrivilege
265 privilege
: SeShutdownPrivilege
266 privilege
: SeInteractiveLogonRight
267 isCriticalSystemObject
: TRUE
269 dn: CN=Backup Operators
,CN=Builtin
,$
{DOMAINDN
}
273 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
274 objectSid
: S
-1-5-32-551
276 sAMAccountName
: Backup Operators
277 systemFlags
: -1946157056
278 groupType
: -2147483643
279 privilege
: SeBackupPrivilege
280 privilege
: SeRestorePrivilege
281 privilege
: SeShutdownPrivilege
282 privilege
: SeInteractiveLogonRight
283 isCriticalSystemObject
: TRUE
285 dn: CN=Replicator
,CN=Builtin
,$
{DOMAINDN
}
289 description: Supports file replication in a domain
290 objectSid
: S
-1-5-32-552
292 sAMAccountName
: Replicator
293 systemFlags
: -1946157056
294 groupType
: -2147483643
295 isCriticalSystemObject
: TRUE
297 dn: CN=Remote Desktop Users
,CN=Builtin
,$
{DOMAINDN
}
300 cn: Remote Desktop Users
301 description: Members in this group are granted the right to logon remotely
302 objectSid
: S
-1-5-32-555
303 sAMAccountName
: Remote Desktop Users
304 systemFlags
: -1946157056
305 groupType
: -2147483643
306 isCriticalSystemObject
: TRUE
308 dn: CN=Network Configuration Operators
,CN=Builtin
,$
{DOMAINDN
}
311 cn: Network Configuration Operators
312 description: Members in this group can have some administrative privileges to manage configuration of networking features
313 objectSid
: S
-1-5-32-556
314 sAMAccountName
: Network Configuration Operators
315 systemFlags
: -1946157056
316 groupType
: -2147483643
317 isCriticalSystemObject
: TRUE
319 dn: CN=Performance Monitor Users
,CN=Builtin
,$
{DOMAINDN
}
322 cn: Performance Monitor Users
323 description: Members of this group have remote access to monitor this computer
324 objectSid
: S
-1-5-32-558
325 sAMAccountName
: Performance Monitor Users
326 systemFlags
: -1946157056
327 groupType
: -2147483643
328 isCriticalSystemObject
: TRUE
330 dn: CN=Performance Log Users
,CN=Builtin
,$
{DOMAINDN
}
333 cn: Performance Log Users
334 description: Members of this group have remote access to schedule logging of performance counters on this computer
335 objectSid
: S
-1-5-32-559
336 sAMAccountName
: Performance Log Users
337 systemFlags
: -1946157056
338 groupType
: -2147483643
339 isCriticalSystemObject
: TRUE
341 dn: CN=Server Operators
,CN=Builtin
,$
{DOMAINDN
}
345 description: Members can administer domain servers
346 objectSid
: S
-1-5-32-549
348 sAMAccountName
: Server Operators
349 systemFlags
: -1946157056
350 groupType
: -2147483643
351 privilege
: SeBackupPrivilege
352 privilege
: SeSystemtimePrivilege
353 privilege
: SeRemoteShutdownPrivilege
354 privilege
: SeRestorePrivilege
355 privilege
: SeShutdownPrivilege
356 privilege
: SeInteractiveLogonRight
357 isCriticalSystemObject
: TRUE
359 dn: CN=Account Operators
,CN=Builtin
,$
{DOMAINDN
}
362 cn: Account Operators
363 description: Members can administer domain user and group accounts
364 objectSid
: S
-1-5-32-548
366 sAMAccountName
: Account Operators
367 systemFlags
: -1946157056
368 groupType
: -2147483643
369 privilege
: SeInteractiveLogonRight
370 isCriticalSystemObject
: TRUE
372 dn: CN=Pre
-Windows
2000 Compatible Access
,CN=Builtin
,$
{DOMAINDN
}
375 cn: Pre
-Windows
2000 Compatible Access
376 description: A backward compatibility group which allows read access on all users and groups in the domain
377 objectSid
: S
-1-5-32-554
378 sAMAccountName
: Pre
-Windows
2000 Compatible Access
379 systemFlags
: -1946157056
380 groupType
: -2147483643
381 privilege
: SeRemoteInteractiveLogonRight
382 privilege
: SeChangeNotifyPrivilege
383 isCriticalSystemObject
: TRUE
385 dn: CN=Incoming Forest Trust Builders
,CN=Builtin
,$
{DOMAINDN
}
388 cn: Incoming Forest Trust Builders
389 description: Members of this group can create incoming
, one
-way trusts to this forest
390 objectSid
: S
-1-5-32-557
391 sAMAccountName
: Incoming Forest Trust Builders
392 systemFlags
: -1946157056
393 groupType
: -2147483643
394 isCriticalSystemObject
: TRUE
396 dn: CN=Windows Authorization Access Group
,CN=Builtin
,$
{DOMAINDN
}
399 cn: Windows Authorization Access Group
400 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
401 objectSid
: S
-1-5-32-560
402 sAMAccountName
: Windows Authorization Access Group
403 systemFlags
: -1946157056
404 groupType
: -2147483643
405 isCriticalSystemObject
: TRUE
407 dn: CN=Terminal Server License Servers
,CN=Builtin
,$
{DOMAINDN
}
410 cn: Terminal Server License Servers
411 description: Terminal Server License Servers
412 objectSid
: S
-1-5-32-561
413 sAMAccountName
: Terminal Server License Servers
414 systemFlags
: -1946157056
415 groupType
: -2147483643
416 isCriticalSystemObject
: TRUE
418 dn: CN=Distributed COM Users
,CN=Builtin
,$
{DOMAINDN
}
421 cn: Distributed COM Users
422 description: Members are allowed to launch
, activate and use Distributed COM objects on this machine.
423 objectSid
: S
-1-5-32-562
424 sAMAccountName
: Distributed COM Users
425 systemFlags
: -1946157056
426 groupType
: -2147483643
427 isCriticalSystemObject
: TRUE
429 dn: CN=WellKnown Security Principals
,$
{CONFIGDN
}
431 objectClass: container
432 cn: WellKnown Security Principals
433 systemFlags
: -2147483648
435 dn: CN=Anonymous Logon
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
437 objectClass: foreignSecurityPrincipal
441 dn: CN=Authenticated Users
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
443 objectClass: foreignSecurityPrincipal
444 cn: Authenticated Users
447 dn: CN=Batch
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
449 objectClass: foreignSecurityPrincipal
453 dn: CN=Creator Group
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
455 objectClass: foreignSecurityPrincipal
459 dn: CN=Creator Owner
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
461 objectClass: foreignSecurityPrincipal
465 dn: CN=Dialup
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
467 objectClass: foreignSecurityPrincipal
471 dn: CN=Digest Authentication
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
473 objectClass: foreignSecurityPrincipal
474 cn: Digest Authentication
475 objectSid
: S
-1-5-64-21
477 dn: CN=Enterprise Domain Controllers
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
479 objectClass: foreignSecurityPrincipal
480 cn: Enterprise Domain Controllers
483 dn: CN=Everyone
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
485 objectClass: foreignSecurityPrincipal
489 dn: CN=Interactive
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
491 objectClass: foreignSecurityPrincipal
495 dn: CN=Local Service
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
497 objectClass: foreignSecurityPrincipal
501 dn: CN=Network
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
503 objectClass: foreignSecurityPrincipal
507 dn: CN=Network Service
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
509 objectClass: foreignSecurityPrincipal
513 dn: CN=NTLM Authentication
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
515 objectClass: foreignSecurityPrincipal
516 cn: NTLM Authentication
517 objectSid
: S
-1-5-64-10
519 dn: CN=Other Organization
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
521 objectClass: foreignSecurityPrincipal
522 cn: Other Organization
523 objectSid
: S
-1-5-1000
525 dn: CN=Proxy
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
527 objectClass: foreignSecurityPrincipal
531 dn: CN=Remote Interactive Logon
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
533 objectClass: foreignSecurityPrincipal
534 cn: Remote Interactive Logon
537 dn: CN=Restricted
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
539 objectClass: foreignSecurityPrincipal
543 dn: CN=SChannel Authentication
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
545 objectClass: foreignSecurityPrincipal
546 cn: SChannel Authentication
547 objectSid
: S
-1-5-64-14
549 dn: CN=Self
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
551 objectClass: foreignSecurityPrincipal
555 dn: CN=Service
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
557 objectClass: foreignSecurityPrincipal
561 dn: CN=Terminal Server User
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
563 objectClass: foreignSecurityPrincipal
564 cn: Terminal Server User
567 dn: CN=This Organization
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
569 objectClass: foreignSecurityPrincipal
570 cn: This Organization
573 dn: CN=Well
-Known
-Security
-Id
-System
,CN=WellKnown Security Principals
,$
{CONFIGDN
}
575 objectClass: foreignSecurityPrincipal
576 cn: Well
-Known
-Security
-Id
-System