search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tdb: fix define of tdbdir when srcdir != "."
[Samba/bb.git] / source4 / setup / provision_users.ldif
blob88146d8cac7947f8a5ac3c06e7cbe773915b6ce0
1 dn: CN=Administrator,CN=Users,${DOMAINDN}
2 objectClass: user
3 cn: Administrator
4 description: Built-in account for administering the computer/domain
5 userAccountControl: 66048
6 objectSid: ${DOMAINSID}-500
7 adminCount: 1
8 accountExpires: 9223372036854775807
9 sAMAccountName: Administrator
10 isCriticalSystemObject: TRUE
11 userPassword:: ${ADMINPASS_B64}
12
13 dn: CN=Guest,CN=Users,${DOMAINDN}
14 objectClass: user
15 cn: Guest
16 description: Built-in account for guest access to the computer/domain
17 userAccountControl: 66082
18 primaryGroupID: 514
19 objectSid: ${DOMAINSID}-501
20 sAMAccountName: Guest
21 isCriticalSystemObject: TRUE
22
23 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
24 objectClass: top
25 objectClass: group
26 cn: Enterprise Admins
27 description: Designated administrators of the enterprise
28 member: CN=Administrator,CN=Users,${DOMAINDN}
29 objectSid: ${DOMAINSID}-519
30 adminCount: 1
31 sAMAccountName: Enterprise Admins
32 isCriticalSystemObject: TRUE
33
34 dn: CN=krbtgt,CN=Users,${DOMAINDN}
35 objectClass: top
36 objectClass: person
37 objectClass: organizationalPerson
38 objectClass: user
39 cn: krbtgt
40 description: Key Distribution Center Service Account
41 showInAdvancedViewOnly: TRUE
42 userAccountControl: 514
43 objectSid: ${DOMAINSID}-502
44 adminCount: 1
45 accountExpires: 9223372036854775807
46 sAMAccountName: krbtgt
47 servicePrincipalName: kadmin/changepw
48 isCriticalSystemObject: TRUE
49 userPassword:: ${KRBTGTPASS_B64}
50
51 dn: CN=Domain Computers,CN=Users,${DOMAINDN}
52 objectClass: top
53 objectClass: group
54 cn: Domain Computers
55 description: All workstations and servers joined to the domain
56 objectSid: ${DOMAINSID}-515
57 sAMAccountName: Domain Computers
58 isCriticalSystemObject: TRUE
59
60 dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
61 objectClass: top
62 objectClass: group
63 cn: Domain Controllers
64 description: All domain controllers in the domain
65 objectSid: ${DOMAINSID}-516
66 adminCount: 1
67 sAMAccountName: Domain Controllers
68 isCriticalSystemObject: TRUE
69
70 dn: CN=Schema Admins,CN=Users,${DOMAINDN}
71 objectClass: top
72 objectClass: group
73 cn: Schema Admins
74 description: Designated administrators of the schema
75 member: CN=Administrator,CN=Users,${DOMAINDN}
76 objectSid: ${DOMAINSID}-518
77 adminCount: 1
78 sAMAccountName: Schema Admins
79 isCriticalSystemObject: TRUE
80
81 dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
82 objectClass: top
83 objectClass: group
84 cn: Cert Publishers
85 description: Members of this group are permitted to publish certificates to the Active Directory
86 groupType: -2147483644
87 objectSid: ${DOMAINSID}-517
88 sAMAccountName: Cert Publishers
89 isCriticalSystemObject: TRUE
90
91 dn: CN=Domain Admins,CN=Users,${DOMAINDN}
92 objectClass: top
93 objectClass: group
94 cn: Domain Admins
95 description: Designated administrators of the domain
96 member: CN=Administrator,CN=Users,${DOMAINDN}
97 objectSid: ${DOMAINSID}-512
98 adminCount: 1
99 sAMAccountName: Domain Admins
100 isCriticalSystemObject: TRUE
101
102 dn: CN=Domain Users,CN=Users,${DOMAINDN}
103 objectClass: top
104 objectClass: group
105 cn: Domain Users
106 description: All domain users
107 objectSid: ${DOMAINSID}-513
108 sAMAccountName: Domain Users
109 isCriticalSystemObject: TRUE
110
111 dn: CN=Domain Guests,CN=Users,${DOMAINDN}
112 objectClass: top
113 objectClass: group
114 cn: Domain Guests
115 description: All domain guests
116 objectSid: ${DOMAINSID}-514
117 sAMAccountName: Domain Guests
118 isCriticalSystemObject: TRUE
119
120 dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
121 objectClass: top
122 objectClass: group
123 cn: Group Policy Creator Owners
124 description: Members in this group can modify group policy for the domain
125 member: CN=Administrator,CN=Users,${DOMAINDN}
126 objectSid: ${DOMAINSID}-520
127 sAMAccountName: Group Policy Creator Owners
128 isCriticalSystemObject: TRUE
129
130 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
131 objectClass: top
132 objectClass: group
133 cn: RAS and IAS Servers
134 description: Servers in this group can access remote access properties of users
135 objectSid: ${DOMAINSID}-553
136 sAMAccountName: RAS and IAS Servers
137 groupType: -2147483644
138 isCriticalSystemObject: TRUE
139
140 dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
141 objectClass: top
142 objectClass: group
143 cn: Read-Only Domain Controllers
144 description: read-only domain controllers
145 objectSid: ${DOMAINSID}-521
146 sAMAccountName: Read-Only Domain Controllers
147 groupType: -2147483644
148 isCriticalSystemObject: TRUE
149
150 dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
151 objectClass: top
152 objectClass: group
153 cn: Enterprise Read-Only Domain Controllers
154 description: enterprise read-only domain controllers
155 objectSid: ${DOMAINSID}-498
156 sAMAccountName: Enterprise Read-Only Domain Controllers
157 groupType: -2147483644
158 isCriticalSystemObject: TRUE
159
160 dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
161 objectClass: top
162 objectClass: group
163 cn: Certificate Service DCOM Access
164 description: Certificate Service DCOM Access
165 objectSid: ${DOMAINSID}-574
166 sAMAccountName: Certificate Service DCOM Access
167 groupType: -2147483644
168 isCriticalSystemObject: TRUE
169
170 dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
171 objectClass: top
172 objectClass: group
173 cn: Cryptographic Operators
174 description: Cryptographic Operators
175 objectSid: ${DOMAINSID}-569
176 sAMAccountName: Cryptographic Operators
177 groupType: -2147483644
178 isCriticalSystemObject: TRUE
179
180 dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
181 objectClass: top
182 objectClass: group
183 cn: Event Log Readers
184 description: Event Log Readers
185 objectSid: ${DOMAINSID}-573
186 sAMAccountName: Event Log Readers
187 groupType: -2147483644
188 isCriticalSystemObject: TRUE
189
190 dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
191 objectClass: top
192 objectClass: group
193 cn: IIS_IUSRS
194 description: IIS_IUSRS
195 objectSid: ${DOMAINSID}-568
196 sAMAccountName: IIS_IUSRS
197 groupType: -2147483644
198 isCriticalSystemObject: TRUE
199
200 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
201 objectClass: top
202 objectClass: group
203 cn: Administrators
204 description: Administrators have complete and unrestricted access to the computer/domain
205 member: CN=Domain Admins,CN=Users,${DOMAINDN}
206 member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
207 member: CN=Administrator,CN=Users,${DOMAINDN}
208 objectSid: S-1-5-32-544
209 adminCount: 1
210 sAMAccountName: Administrators
211 systemFlags: -1946157056
212 groupType: -2147483643
213 isCriticalSystemObject: TRUE
214 privilege: SeSecurityPrivilege
215 privilege: SeBackupPrivilege
216 privilege: SeRestorePrivilege
217 privilege: SeSystemtimePrivilege
218 privilege: SeShutdownPrivilege
219 privilege: SeRemoteShutdownPrivilege
220 privilege: SeTakeOwnershipPrivilege
221 privilege: SeDebugPrivilege
222 privilege: SeSystemEnvironmentPrivilege
223 privilege: SeSystemProfilePrivilege
224 privilege: SeProfileSingleProcessPrivilege
225 privilege: SeIncreaseBasePriorityPrivilege
226 privilege: SeLoadDriverPrivilege
227 privilege: SeCreatePagefilePrivilege
228 privilege: SeIncreaseQuotaPrivilege
229 privilege: SeChangeNotifyPrivilege
230 privilege: SeUndockPrivilege
231 privilege: SeManageVolumePrivilege
232 privilege: SeImpersonatePrivilege
233 privilege: SeCreateGlobalPrivilege
234 privilege: SeEnableDelegationPrivilege
235 privilege: SeInteractiveLogonRight
236 privilege: SeNetworkLogonRight
237 privilege: SeRemoteInteractiveLogonRight
238
239 dn: CN=Users,CN=Builtin,${DOMAINDN}
240 objectClass: top
241 objectClass: group
242 cn: Users
243 description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
244 member: CN=Domain Users,CN=Users,${DOMAINDN}
245 objectSid: S-1-5-32-545
246 sAMAccountName: Users
247 systemFlags: -1946157056
248 groupType: -2147483643
249 isCriticalSystemObject: TRUE
250
251 dn: CN=Guests,CN=Builtin,${DOMAINDN}
252 objectClass: top
253 objectClass: group
254 cn: Guests
255 description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
256 member: CN=Domain Guests,CN=Users,${DOMAINDN}
257 member: CN=Guest,CN=Users,${DOMAINDN}
258 objectSid: S-1-5-32-546
259 sAMAccountName: Guests
260 systemFlags: -1946157056
261 groupType: -2147483643
262 isCriticalSystemObject: TRUE
263
264 dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
265 objectClass: top
266 objectClass: group
267 cn: Print Operators
268 description: Members can administer domain printers
269 objectSid: S-1-5-32-550
270 adminCount: 1
271 sAMAccountName: Print Operators
272 systemFlags: -1946157056
273 groupType: -2147483643
274 isCriticalSystemObject: TRUE
275 privilege: SeLoadDriverPrivilege
276 privilege: SeShutdownPrivilege
277 privilege: SeInteractiveLogonRight
278
279 dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
280 objectClass: top
281 objectClass: group
282 cn: Backup Operators
283 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
284 objectSid: S-1-5-32-551
285 adminCount: 1
286 sAMAccountName: Backup Operators
287 systemFlags: -1946157056
288 groupType: -2147483643
289 isCriticalSystemObject: TRUE
290 privilege: SeBackupPrivilege
291 privilege: SeRestorePrivilege
292 privilege: SeShutdownPrivilege
293 privilege: SeInteractiveLogonRight
294
295 dn: CN=Replicator,CN=Builtin,${DOMAINDN}
296 objectClass: top
297 objectClass: group
298 cn: Replicator
299 description: Supports file replication in a domain
300 objectSid: S-1-5-32-552
301 adminCount: 1
302 sAMAccountName: Replicator
303 systemFlags: -1946157056
304 groupType: -2147483643
305 isCriticalSystemObject: TRUE
306
307 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
308 objectClass: top
309 objectClass: group
310 cn: Remote Desktop Users
311 description: Members in this group are granted the right to logon remotely
312 objectSid: S-1-5-32-555
313 sAMAccountName: Remote Desktop Users
314 systemFlags: -1946157056
315 groupType: -2147483643
316 isCriticalSystemObject: TRUE
317
318 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
319 objectClass: top
320 objectClass: group
321 cn: Network Configuration Operators
322 description: Members in this group can have some administrative privileges to manage configuration of networking features
323 objectSid: S-1-5-32-556
324 sAMAccountName: Network Configuration Operators
325 systemFlags: -1946157056
326 groupType: -2147483643
327 isCriticalSystemObject: TRUE
328
329 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
330 objectClass: top
331 objectClass: group
332 cn: Performance Monitor Users
333 description: Members of this group have remote access to monitor this computer
334 objectSid: S-1-5-32-558
335 sAMAccountName: Performance Monitor Users
336 systemFlags: -1946157056
337 groupType: -2147483643
338 isCriticalSystemObject: TRUE
339
340 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
341 objectClass: top
342 objectClass: group
343 cn: Performance Log Users
344 description: Members of this group have remote access to schedule logging of performance counters on this computer
345 objectSid: S-1-5-32-559
346 sAMAccountName: Performance Log Users
347 systemFlags: -1946157056
348 groupType: -2147483643
349 isCriticalSystemObject: TRUE
350
351 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
352 objectClass: top
353 objectClass: group
354 cn: Server Operators
355 description: Members can administer domain servers
356 objectSid: S-1-5-32-549
357 adminCount: 1
358 sAMAccountName: Server Operators
359 systemFlags: -1946157056
360 groupType: -2147483643
361 isCriticalSystemObject: TRUE
362 privilege: SeBackupPrivilege
363 privilege: SeSystemtimePrivilege
364 privilege: SeRemoteShutdownPrivilege
365 privilege: SeRestorePrivilege
366 privilege: SeShutdownPrivilege
367 privilege: SeInteractiveLogonRight
368
369 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
370 objectClass: top
371 objectClass: group
372 cn: Account Operators
373 description: Members can administer domain user and group accounts
374 objectSid: S-1-5-32-548
375 adminCount: 1
376 sAMAccountName: Account Operators
377 systemFlags: -1946157056
378 groupType: -2147483643
379 isCriticalSystemObject: TRUE
380 privilege: SeInteractiveLogonRight
381
382 dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
383 objectClass: top
384 objectClass: group
385 cn: Pre-Windows 2000 Compatible Access
386 description: A backward compatibility group which allows read access on all users and groups in the domain
387 objectSid: S-1-5-32-554
388 sAMAccountName: Pre-Windows 2000 Compatible Access
389 systemFlags: -1946157056
390 groupType: -2147483643
391 isCriticalSystemObject: TRUE
392 privilege: SeRemoteInteractiveLogonRight
393 privilege: SeChangeNotifyPrivilege
394
395 dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
396 objectClass: top
397 objectClass: group
398 cn: Incoming Forest Trust Builders
399 description: Members of this group can create incoming, one-way trusts to this forest
400 objectSid: S-1-5-32-557
401 sAMAccountName: Incoming Forest Trust Builders
402 systemFlags: -1946157056
403 groupType: -2147483643
404 isCriticalSystemObject: TRUE
405
406 dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
407 objectClass: top
408 objectClass: group
409 cn: Windows Authorization Access Group
410 description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
411 objectSid: S-1-5-32-560
412 sAMAccountName: Windows Authorization Access Group
413 systemFlags: -1946157056
414 groupType: -2147483643
415 isCriticalSystemObject: TRUE
416
417 dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
418 objectClass: top
419 objectClass: group
420 cn: Terminal Server License Servers
421 description: Terminal Server License Servers
422 objectSid: S-1-5-32-561
423 sAMAccountName: Terminal Server License Servers
424 systemFlags: -1946157056
425 groupType: -2147483643
426 isCriticalSystemObject: TRUE
427
428 dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
429 objectClass: top
430 objectClass: group
431 cn: Distributed COM Users
432 description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
433 objectSid: S-1-5-32-562
434 sAMAccountName: Distributed COM Users
435 systemFlags: -1946157056
436 groupType: -2147483643
437 isCriticalSystemObject: TRUE
438
439 dn: CN=WellKnown Security Principals,${CONFIGDN}
440 objectClass: top
441 objectClass: container
442 cn: WellKnown Security Principals
443 systemFlags: -2147483648
444
445 dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
446 objectClass: top
447 objectClass: foreignSecurityPrincipal
448 cn: Anonymous Logon
449 objectSid: S-1-5-7
450
451 dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
452 objectClass: top
453 objectClass: foreignSecurityPrincipal
454 cn: Authenticated Users
455 objectSid: S-1-5-11
456
457 dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
458 objectClass: top
459 objectClass: foreignSecurityPrincipal
460 cn: Batch
461 objectSid: S-1-5-3
462
463 dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
464 objectClass: top
465 objectClass: foreignSecurityPrincipal
466 cn: Creator Group
467 objectSid: S-1-3-1
468
469 dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
470 objectClass: top
471 objectClass: foreignSecurityPrincipal
472 cn: Creator Owner
473 objectSid: S-1-3-0
474
475 dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
476 objectClass: top
477 objectClass: foreignSecurityPrincipal
478 cn: Dialup
479 objectSid: S-1-5-1
480
481 dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
482 objectClass: top
483 objectClass: foreignSecurityPrincipal
484 cn: Digest Authentication
485 objectSid: S-1-5-64-21
486
487 dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
488 objectClass: top
489 objectClass: foreignSecurityPrincipal
490 cn: Enterprise Domain Controllers
491 objectSid: S-1-5-9
492
493 dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
494 objectClass: top
495 objectClass: foreignSecurityPrincipal
496 cn: Everyone
497 objectSid: S-1-1-0
498
499 dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
500 objectClass: top
501 objectClass: foreignSecurityPrincipal
502 cn: Interactive
503 objectSid: S-1-5-4
504
505 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
506 objectClass: top
507 objectClass: foreignSecurityPrincipal
508 cn: Local Service
509 objectSid: S-1-5-19
510
511 dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
512 objectClass: top
513 objectClass: foreignSecurityPrincipal
514 cn: Network
515 objectSid: S-1-5-2
516
517 dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
518 objectClass: top
519 objectClass: foreignSecurityPrincipal
520 cn: Network Service
521 objectSid: S-1-5-20
522
523 dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
524 objectClass: top
525 objectClass: foreignSecurityPrincipal
526 cn: NTLM Authentication
527 objectSid: S-1-5-64-10
528
529 dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
530 objectClass: top
531 objectClass: foreignSecurityPrincipal
532 cn: Other Organization
533 objectSid: S-1-5-1000
534
535 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
536 objectClass: top
537 objectClass: foreignSecurityPrincipal
538 cn: Proxy
539 objectSid: S-1-5-8
540
541 dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
542 objectClass: top
543 objectClass: foreignSecurityPrincipal
544 cn: Remote Interactive Logon
545 objectSid: S-1-5-14
546
547 dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
548 objectClass: top
549 objectClass: foreignSecurityPrincipal
550 cn: Restricted
551 objectSid: S-1-5-12
552
553 dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
554 objectClass: top
555 objectClass: foreignSecurityPrincipal
556 cn: SChannel Authentication
557 objectSid: S-1-5-64-14
558
559 dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
560 objectClass: top
561 objectClass: foreignSecurityPrincipal
562 cn: Self
563 objectSid: S-1-5-10
564
565 dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
566 objectClass: top
567 objectClass: foreignSecurityPrincipal
568 cn: Service
569 objectSid: S-1-5-6
570
571 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
572 objectClass: top
573 objectClass: foreignSecurityPrincipal
574 cn: Terminal Server User
575 objectSid: S-1-5-13
576
577 dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
578 objectClass: top
579 objectClass: foreignSecurityPrincipal
580 cn: This Organization
581 objectSid: S-1-5-15
582
583 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
584 objectClass: top
585 objectClass: foreignSecurityPrincipal
586 cn: Well-Known-Security-Id-System
587 objectSid: S-1-5-18
588