3 @IDXATTR
: sAMAccountName
12 realm
: CASE_INSENSITIVE
13 userPrincipalName
: CASE_INSENSITIVE
14 servicePrincipalName
: CASE_INSENSITIVE
15 name
: CASE_INSENSITIVE WILDCARD
16 dn: CASE_INSENSITIVE WILDCARD
17 sAMAccountName
: CASE_INSENSITIVE WILDCARD
18 objectClass: CASE_INSENSITIVE
24 createTimestamp: HIDDEN
25 modifyTimestamp: HIDDEN
33 person: organizationalPerson
34 organizationalPerson: user
36 template
: userTemplate
37 template
: groupTemplate
39 #Add modules to the list to activate them by default
40 #beware often order is important
44 ###############################
45 # Domain Naming Context
46 ###############################
50 objectClass: domainDNS
53 dnsDomain
: $
{DNSDOMAIN
}
55 objectGUID
: $
{DOMAINGUID
}
56 creationTime
: $
{NTTIME
}
57 forceLogoff
: 0x8000000000000000
58 lockoutDuration
: -18000000000
59 lockOutObservationWindow
: -18000000000
61 whenCreated
: $
{LDAPTIME
}
62 whenChanged
: $
{LDAPTIME
}
65 maxPwdAge
: -37108517437440
68 modifiedCountAtLastProm
: 0
72 objectSid
: $
{DOMAINSID
}
75 msDS
-Behavior
-Version
: 0
76 ridManagerReference
: CN=RID
Manager$
,CN=System
,$
{BASEDN
}
79 objectCategory
: CN=Domain
-DNS
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
80 isCriticalSystemObject
: TRUE
81 subRefs
: CN=Configuration
,$
{BASEDN
}
82 subRefs
: CN=Schema
,CN=Configuration
,$
{BASEDN
}
84 dn: CN=Users
,$
{BASEDN
}
86 objectClass: container
88 description: Default container for upgraded user accounts
90 whenCreated
: $
{LDAPTIME
}
91 whenChanged
: $
{LDAPTIME
}
94 showInAdvancedViewOnly
: FALSE
96 objectGUID
: $
{NEWGUID
}
97 systemFlags
: 0x8c000000
98 objectCategory
: CN=Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
99 isCriticalSystemObject
: TRUE
101 dn: CN=Computers
,$
{BASEDN
}
103 objectClass: container
105 description: Default container for upgraded computer accounts
107 whenCreated
: $
{LDAPTIME
}
108 whenChanged
: $
{LDAPTIME
}
111 showInAdvancedViewOnly
: FALSE
113 objectGUID
: $
{NEWGUID
}
114 systemFlags
: 0x8c000000
115 objectCategory
: CN=Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
116 isCriticalSystemObject
: TRUE
118 dn: OU=Domain Controllers
,$
{BASEDN
}
120 objectClass: organizationalUnit
121 ou: Domain Controllers
122 description: Default container for domain controllers
124 whenCreated
: $
{LDAPTIME
}
125 whenChanged
: $
{LDAPTIME
}
128 showInAdvancedViewOnly
: FALSE
129 name
: Domain Controllers
130 objectGUID
: $
{NEWGUID
}
131 systemFlags
: 0x8c000000
132 objectCategory
: CN=Organizational
-Unit
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
133 isCriticalSystemObject
: TRUE
135 dn: CN=ForeignSecurityPrincipals
,$
{BASEDN
}
137 objectClass: container
138 cn: ForeignSecurityPrincipals
139 description: Default container for security identifiers
(SIDs
) associated with objects from external
, trusted domains
141 whenCreated
: $
{LDAPTIME
}
142 whenChanged
: $
{LDAPTIME
}
145 showInAdvancedViewOnly
: FALSE
146 name
: ForeignSecurityPrincipals
147 objectGUID
: $
{NEWGUID
}
148 systemFlags
: 0x8c000000
149 objectCategory
: CN=Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
150 isCriticalSystemObject
: TRUE
152 dn: CN=System
,$
{BASEDN
}
154 objectClass: container
156 description: Builtin system settings
158 whenCreated
: $
{LDAPTIME
}
159 whenChanged
: $
{LDAPTIME
}
162 showInAdvancedViewOnly
: TRUE
164 objectGUID
: $
{NEWGUID
}
165 systemFlags
: 0x8c000000
166 objectCategory
: CN=Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
167 isCriticalSystemObject
: TRUE
169 dn: CN=RID
Manager$
,CN=System
,$
{BASEDN
}
171 objectclass: rIDManager
174 whenCreated
: $
{LDAPTIME
}
175 whenChanged
: $
{LDAPTIME
}
178 showInAdvancedViewOnly
: TRUE
180 objectGUID
: $
{NEWGUID
}
181 systemFlags
: 0x8c000000
182 objectCategory
: CN=RID
-Manager,CN=Schema
,CN=Configuration
,$
{BASEDN
}
183 isCriticalSystemObject
: TRUE
184 fSMORoleOwner
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
185 rIDAvailablePool
: 4611686014132423217
187 dn: CN=DomainUpdates
,CN=System
,$
{BASEDN
}
189 objectClass: container
192 whenCreated
: $
{LDAPTIME
}
193 whenChanged
: $
{LDAPTIME
}
196 showInAdvancedViewOnly
: TRUE
198 objectGUID
: $
{NEWGUID
}
199 objectCategory
: CN=Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
201 dn: CN=Windows2003Update
,CN=DomainUpdates
,CN=System
,$
{BASEDN
}
203 objectClass: container
204 cn: Windows2003Update
206 whenCreated
: $
{LDAPTIME
}
207 whenChanged
: $
{LDAPTIME
}
210 showInAdvancedViewOnly
: TRUE
211 name
: Windows2003Update
212 objectGUID
: $
{NEWGUID
}
213 objectCategory
: CN=Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
216 dn: CN=Infrastructure
,$
{BASEDN
}
218 objectclass: infrastructureUpdate
221 whenCreated
: $
{LDAPTIME
}
222 whenChanged
: $
{LDAPTIME
}
225 showInAdvancedViewOnly
: TRUE
227 objectGUID
: $
{NEWGUID
}
228 systemFlags
: 0x8c000000
229 objectCategory
: CN=Infrastructure
-Update
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
230 isCriticalSystemObject
: TRUE
231 fSMORoleOwner
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
233 dn: CN=Builtin
,$
{BASEDN
}
235 objectClass: builtinDomain
238 showInAdvancedViewOnly
: FALSE
240 forceLogoff
: 0x8000000000000000
241 lockoutDuration
: -18000000000
242 lockOutObservationWindow
: -18000000000
244 maxPwdAge
: -37108517437440
247 modifiedCountAtLastProm
: 0
255 objectCategory
: CN=Builtin
-Domain
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
256 isCriticalSystemObject
: TRUE
258 dn: CN=Administrator
,CN=Users
,$
{BASEDN
}
261 objectClass: organizationalPerson
264 description: Built
-in account for administering the computer
/domain
266 whenCreated
: $
{LDAPTIME
}
267 whenChanged
: $
{LDAPTIME
}
269 memberOf
: CN=Group Policy Creator Owners
,CN=Users
,$
{BASEDN
}
270 memberOf
: CN=Domain Admins
,CN=Users
,$
{BASEDN
}
271 memberOf
: CN=Enterprise Admins
,CN=Users
,$
{BASEDN
}
272 memberOf
: CN=Schema Admins
,CN=Users
,$
{BASEDN
}
273 memberOf
: CN=Administrators
,CN=Builtin
,$
{BASEDN
}
276 objectGUID
: $
{NEWGUID
}
277 userAccountControl
: 0x10200
286 objectSid
: $
{DOMAINSID
}-500
290 sAMAccountName
: Administrator
291 sAMAccountType
: 0x30000000
292 objectCategory
: CN=Person,CN=Schema
,CN=Configuration
,$
{BASEDN
}
293 isCriticalSystemObject
: TRUE
294 unicodePwd
: $
{ADMINPASS
}
297 dn: CN=Guest
,CN=Users
,$
{BASEDN
}
300 objectClass: organizationalPerson
303 description: Built
-in account for guest access to the computer
/domain
305 whenCreated
: $
{LDAPTIME
}
306 whenChanged
: $
{LDAPTIME
}
308 memberOf
: CN=Guests
,CN=Builtin
,$
{BASEDN
}
311 objectGUID
: $
{NEWGUID
}
312 userAccountControl
: 0x10222
321 objectSid
: $
{DOMAINSID
}-501
324 sAMAccountName
: Guest
325 sAMAccountType
: 0x30000000
326 objectCategory
: CN=Person,CN=Schema
,CN=Configuration
,$
{BASEDN
}
327 isCriticalSystemObject
: TRUE
329 dn: CN=Administrators
,CN=Builtin
,$
{BASEDN
}
333 description: Administrators have complete and unrestricted access to the computer
/domain
334 member
: CN=Domain Admins
,CN=Users
,$
{BASEDN
}
335 member
: CN=Enterprise Admins
,CN=Users
,$
{BASEDN
}
336 member
: CN=Administrator
,CN=Users
,$
{BASEDN
}
338 whenCreated
: $
{LDAPTIME
}
339 whenChanged
: $
{LDAPTIME
}
343 objectGUID
: $
{NEWGUID
}
344 objectSid
: S
-1-5-32-544
346 sAMAccountName
: Administrators
347 sAMAccountType
: 0x20000000
348 systemFlags
: 0x8c000000
349 groupType
: 0x80000005
350 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
351 isCriticalSystemObject
: TRUE
353 privilege
: SeSecurityPrivilege
354 privilege
: SeBackupPrivilege
355 privilege
: SeRestorePrivilege
356 privilege
: SeSystemtimePrivilege
357 privilege
: SeShutdownPrivilege
358 privilege
: SeRemoteShutdownPrivilege
359 privilege
: SeTakeOwnershipPrivilege
360 privilege
: SeDebugPrivilege
361 privilege
: SeSystemEnvironmentPrivilege
362 privilege
: SeSystemProfilePrivilege
363 privilege
: SeProfileSingleProcessPrivilege
364 privilege
: SeIncreaseBasePriorityPrivilege
365 privilege
: SeLoadDriverPrivilege
366 privilege
: SeCreatePagefilePrivilege
367 privilege
: SeIncreaseQuotaPrivilege
368 privilege
: SeChangeNotifyPrivilege
369 privilege
: SeUndockPrivilege
370 privilege
: SeManageVolumePrivilege
371 privilege
: SeImpersonatePrivilege
372 privilege
: SeCreateGlobalPrivilege
373 privilege
: SeEnableDelegationPrivilege
374 privilege
: SeInteractiveLogonRight
375 privilege
: SeNetworkLogonRight
376 privilege
: SeRemoteInteractiveLogonRight
379 dn: CN=Users
,CN=Builtin
,$
{BASEDN
}
383 description: Users are prevented from making accidental or intentional system
-wide changes. Thus
, Users can run certified applications
, but not most legacy applications
384 member
: CN=Domain Users
,CN=Users
,$
{BASEDN
}
386 whenCreated
: $
{LDAPTIME
}
387 whenChanged
: $
{LDAPTIME
}
391 objectGUID
: $
{NEWGUID
}
392 objectSid
: S
-1-5-32-545
393 sAMAccountName
: Users
394 sAMAccountType
: 0x20000000
395 systemFlags
: 0x8c000000
396 groupType
: 0x80000005
397 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
398 isCriticalSystemObject
: TRUE
400 dn: CN=Guests
,CN=Builtin
,$
{BASEDN
}
404 description: Guests have the same access as members of the Users group by default
, except for the Guest account which is further restricted
405 member
: CN=Domain Guests
,CN=Users
,$
{BASEDN
}
406 member
: CN=Guest
,CN=Users
,$
{BASEDN
}
408 whenCreated
: $
{LDAPTIME
}
409 whenChanged
: $
{LDAPTIME
}
413 objectGUID
: $
{NEWGUID
}
414 objectSid
: S
-1-5-32-546
415 sAMAccountName
: Guests
416 sAMAccountType
: 0x20000000
417 systemFlags
: 0x8c000000
418 groupType
: 0x80000005
419 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
420 isCriticalSystemObject
: TRUE
423 dn: CN=Print Operators
,CN=Builtin
,$
{BASEDN
}
427 description: Members can administer domain printers
429 whenCreated
: $
{LDAPTIME
}
430 whenChanged
: $
{LDAPTIME
}
433 name
: Print Operators
434 objectGUID
: $
{NEWGUID
}
435 objectSid
: S
-1-5-32-550
437 sAMAccountName
: Print Operators
438 sAMAccountType
: 0x20000000
439 systemFlags
: 0x8c000000
440 groupType
: 0x80000005
441 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
442 isCriticalSystemObject
: TRUE
443 privilege
: SeLoadDriverPrivilege
444 privilege
: SeShutdownPrivilege
445 privilege
: SeInteractiveLogonRight
447 dn: CN=Backup Operators
,CN=Builtin
,$
{BASEDN
}
451 description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
453 whenCreated
: $
{LDAPTIME
}
454 whenChanged
: $
{LDAPTIME
}
457 name
: Backup Operators
458 objectGUID
: $
{NEWGUID
}
459 objectSid
: S
-1-5-32-551
461 sAMAccountName
: Backup Operators
462 sAMAccountType
: 0x20000000
463 systemFlags
: 0x8c000000
464 groupType
: 0x80000005
465 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
466 isCriticalSystemObject
: TRUE
467 privilege
: SeBackupPrivilege
468 privilege
: SeRestorePrivilege
469 privilege
: SeShutdownPrivilege
470 privilege
: SeInteractiveLogonRight
472 dn: CN=Replicator
,CN=Builtin
,$
{BASEDN
}
476 description: Supports file replication in a domain
478 whenCreated
: $
{LDAPTIME
}
479 whenChanged
: $
{LDAPTIME
}
483 objectGUID
: $
{NEWGUID
}
484 objectSid
: S
-1-5-32-552
486 sAMAccountName
: Replicator
487 sAMAccountType
: 0x20000000
488 systemFlags
: 0x8c000000
489 groupType
: 0x80000005
490 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
491 isCriticalSystemObject
: TRUE
493 dn: CN=Remote Desktop Users
,CN=Builtin
,$
{BASEDN
}
496 cn: Remote Desktop Users
497 description: Members in this group are granted the right to logon remotely
499 whenCreated
: $
{LDAPTIME
}
500 whenChanged
: $
{LDAPTIME
}
503 name
: Remote Desktop Users
504 objectGUID
: $
{NEWGUID
}
505 objectSid
: S
-1-5-32-555
506 sAMAccountName
: Remote Desktop Users
507 sAMAccountType
: 0x20000000
508 systemFlags
: 0x8c000000
509 groupType
: 0x80000005
510 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
511 isCriticalSystemObject
: TRUE
513 dn: CN=Network Configuration Operators
,CN=Builtin
,$
{BASEDN
}
516 cn: Network Configuration Operators
517 description: Members in this group can have some administrative privileges to manage configuration of networking features
519 whenCreated
: $
{LDAPTIME
}
520 whenChanged
: $
{LDAPTIME
}
523 name
: Network Configuration Operators
524 objectGUID
: $
{NEWGUID
}
525 objectSid
: S
-1-5-32-556
526 sAMAccountName
: Network Configuration Operators
527 sAMAccountType
: 0x20000000
528 systemFlags
: 0x8c000000
529 groupType
: 0x80000005
530 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
531 isCriticalSystemObject
: TRUE
533 dn: CN=Performance Monitor Users
,CN=Builtin
,$
{BASEDN
}
536 cn: Performance Monitor Users
537 description: Members of this group have remote access to monitor this computer
539 whenCreated
: $
{LDAPTIME
}
540 whenChanged
: $
{LDAPTIME
}
543 name
: Performance Monitor Users
544 objectGUID
: $
{NEWGUID
}
545 objectSid
: S
-1-5-32-558
546 sAMAccountName
: Performance Monitor Users
547 sAMAccountType
: 0x20000000
548 systemFlags
: 0x8c000000
549 groupType
: 0x80000005
550 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
551 isCriticalSystemObject
: TRUE
553 dn: CN=Performance Log Users
,CN=Builtin
,$
{BASEDN
}
556 cn: Performance Log Users
557 description: Members of this group have remote access to schedule logging of performance counters on this computer
559 whenCreated
: $
{LDAPTIME
}
560 whenChanged
: $
{LDAPTIME
}
563 name
: Performance Log Users
564 objectGUID
: $
{NEWGUID
}
565 objectSid
: S
-1-5-32-559
566 sAMAccountName
: Performance Log Users
567 sAMAccountType
: 0x20000000
568 systemFlags
: 0x8c000000
569 groupType
: 0x80000005
570 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
571 isCriticalSystemObject
: TRUE
573 dn: CN=$
{NETBIOSNAME
},OU=Domain Controllers
,$
{BASEDN
}
576 objectClass: organizationalPerson
578 objectClass: computer
581 whenCreated
: $
{LDAPTIME
}
582 whenChanged
: $
{LDAPTIME
}
586 objectGUID
: $
{HOSTGUID
}
587 userAccountControl
: 532480
593 lastLogon
: 127273269057298624
595 pwdLastSet
: 127258826171655328
597 objectSid
: $
{DOMAINSID
}-1000
598 accountExpires
: 9223372036854775807
600 sAMAccountName
: $
{NETBIOSNAME
}$
601 sAMAccountType
: 805306369
602 operatingSystem
: Samba
603 operatingSystemVersion
: 4.0
604 dNSHostName
: $
{DNSNAME
}
605 objectCategory
: CN=Computer
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
606 isCriticalSystemObject
: TRUE
607 unicodePwd
: $
{JOINPASS
}
608 servicePrincipalName
: HOST
/$
{DNSNAME
}
609 servicePrincipalName
: HOST
/$
{NETBIOSNAME
}
610 servicePrincipalName
: CIFS
/$
{DNSNAME
}
611 servicePrincipalName
: CIFS
/$
{NETBIOSNAME
}
612 servicePrincipalName
: LDAP
/$
{DNSNAME
}
613 servicePrincipalName
: LDAP
/$
{NETBIOSNAME
}
615 dn: CN=krbtgt
,CN=Users
,$
{BASEDN
}
618 objectClass: organizationalPerson
621 description: Key Distribution Center Service Account
623 whenCreated
: $
{LDAPTIME
}
624 whenChanged
: $
{LDAPTIME
}
627 showInAdvancedViewOnly
: TRUE
629 objectGUID
: $
{NEWGUID
}
630 userAccountControl
: 514
637 pwdLastSet
: 127258826179466560
639 objectSid
: $
{DOMAINSID
}-502
641 accountExpires
: 9223372036854775807
643 sAMAccountName
: krbtgt
644 sAMAccountType
: 805306368
645 servicePrincipalName
: kadmin
/changepw
646 objectCategory
: CN=Person,CN=Schema
,CN=Configuration
,$
{BASEDN
}
647 isCriticalSystemObject
: TRUE
648 unicodePwd
: $
{RANDPASS
}
650 dn: CN=Domain Computers
,CN=Users
,$
{BASEDN
}
654 description: All workstations and servers joined to the domain
656 whenCreated
: $
{LDAPTIME
}
657 whenChanged
: $
{LDAPTIME
}
660 name
: Domain Computers
661 objectGUID
: $
{NEWGUID
}
662 objectSid
: $
{DOMAINSID
}-515
663 sAMAccountName
: Domain Computers
664 sAMAccountType
: 0x10000000
665 groupType
: 0x80000002
666 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
667 isCriticalSystemObject
: TRUE
669 dn: CN=Domain Controllers
,CN=Users
,$
{BASEDN
}
672 cn: Domain Controllers
673 description: All domain controllers in the domain
675 whenCreated
: $
{LDAPTIME
}
676 whenChanged
: $
{LDAPTIME
}
679 name
: Domain Controllers
680 objectGUID
: $
{NEWGUID
}
681 objectSid
: $
{DOMAINSID
}-516
683 sAMAccountName
: Domain Controllers
684 sAMAccountType
: 0x10000000
685 groupType
: 0x80000002
686 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
687 isCriticalSystemObject
: TRUE
689 dn: CN=Schema Admins
,CN=Users
,$
{BASEDN
}
693 description: Designated administrators of the schema
694 member
: CN=Administrator
,CN=Users
,$
{BASEDN
}
696 whenCreated
: $
{LDAPTIME
}
697 whenChanged
: $
{LDAPTIME
}
701 objectGUID
: $
{NEWGUID
}
702 objectSid
: $
{DOMAINSID
}-518
704 sAMAccountName
: Schema Admins
705 sAMAccountType
: 0x10000000
706 groupType
: 0x80000002
707 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
708 isCriticalSystemObject
: TRUE
711 dn: CN=Enterprise Admins
,CN=Users
,$
{BASEDN
}
714 cn: Enterprise Admins
715 description: Designated administrators of the enterprise
716 member
: CN=Administrator
,CN=Users
,$
{BASEDN
}
718 whenCreated
: $
{LDAPTIME
}
719 whenChanged
: $
{LDAPTIME
}
721 memberOf
: CN=Administrators
,CN=Builtin
,$
{BASEDN
}
723 name
: Enterprise Admins
724 objectGUID
: $
{NEWGUID
}
725 objectSid
: $
{DOMAINSID
}-519
727 sAMAccountName
: Enterprise Admins
728 sAMAccountType
: 0x10000000
729 groupType
: 0x80000002
730 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
731 isCriticalSystemObject
: TRUE
734 dn: CN=Cert Publishers
,CN=Users
,$
{BASEDN
}
738 description: Members of this group are permitted to publish certificates to the Active Directory
740 whenCreated
: $
{LDAPTIME
}
741 whenChanged
: $
{LDAPTIME
}
744 name
: Cert Publishers
745 objectGUID
: $
{NEWGUID
}
746 objectSid
: $
{DOMAINSID
}-517
747 sAMAccountName
: Cert Publishers
748 sAMAccountType
: 0x20000000
749 groupType
: 0x80000004
750 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
751 isCriticalSystemObject
: TRUE
753 dn: CN=Domain Admins
,CN=Users
,$
{BASEDN
}
757 description: Designated administrators of the domain
758 member
: CN=Administrator
,CN=Users
,$
{BASEDN
}
760 whenCreated
: $
{LDAPTIME
}
761 whenChanged
: $
{LDAPTIME
}
763 memberOf
: CN=Administrators
,CN=Builtin
,$
{BASEDN
}
766 objectGUID
: $
{NEWGUID
}
767 objectSid
: $
{DOMAINSID
}-512
769 sAMAccountName
: Domain Admins
770 sAMAccountType
: 0x10000000
771 groupType
: 0x80000002
772 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
773 isCriticalSystemObject
: TRUE
776 dn: CN=Domain Users
,CN=Users
,$
{BASEDN
}
780 description: All domain users
782 whenCreated
: $
{LDAPTIME
}
783 whenChanged
: $
{LDAPTIME
}
785 memberOf
: CN=Users
,CN=Builtin
,$
{BASEDN
}
788 objectGUID
: $
{NEWGUID
}
789 objectSid
: $
{DOMAINSID
}-513
790 sAMAccountName
: Domain Users
791 sAMAccountType
: 0x10000000
792 groupType
: 0x80000002
793 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
794 isCriticalSystemObject
: TRUE
797 dn: CN=Domain Guests
,CN=Users
,$
{BASEDN
}
801 description: All domain guests
803 whenCreated
: $
{LDAPTIME
}
804 whenChanged
: $
{LDAPTIME
}
806 memberOf
: CN=Guests
,CN=Builtin
,$
{BASEDN
}
809 objectGUID
: $
{NEWGUID
}
810 objectSid
: $
{DOMAINSID
}-514
811 sAMAccountName
: Domain Guests
812 sAMAccountType
: 0x10000000
813 groupType
: 0x80000002
814 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
815 isCriticalSystemObject
: TRUE
817 dn: CN=Group Policy Creator Owners
,CN=Users
,$
{BASEDN
}
820 cn: Group Policy Creator Owners
821 description: Members in this group can
modify group policy for the domain
822 member
: CN=Administrator
,CN=Users
,$
{BASEDN
}
824 whenCreated
: $
{LDAPTIME
}
825 whenChanged
: $
{LDAPTIME
}
828 name
: Group Policy Creator Owners
829 objectGUID
: $
{NEWGUID
}
830 objectSid
: $
{DOMAINSID
}-520
831 sAMAccountName
: Group Policy Creator Owners
832 sAMAccountType
: 0x10000000
833 groupType
: 0x80000002
834 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
835 isCriticalSystemObject
: TRUE
838 dn: CN=RAS and IAS Servers
,CN=Users
,$
{BASEDN
}
841 cn: RAS and IAS Servers
842 description: Servers in this group can access remote access properties of users
844 whenCreated
: $
{LDAPTIME
}
845 whenChanged
: $
{LDAPTIME
}
848 name
: RAS and IAS Servers
849 objectGUID
: $
{NEWGUID
}
850 objectSid
: $
{DOMAINSID
}-553
851 sAMAccountName
: RAS and IAS Servers
852 sAMAccountType
: 0x20000000
853 groupType
: 0x80000004
854 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
855 isCriticalSystemObject
: TRUE
857 dn: CN=Server Operators
,CN=Builtin
,$
{BASEDN
}
861 description: Members can administer domain servers
863 whenCreated
: $
{LDAPTIME
}
864 whenChanged
: $
{LDAPTIME
}
867 name
: Server Operators
868 objectGUID
: $
{NEWGUID
}
869 objectSid
: S
-1-5-32-549
871 sAMAccountName
: Server Operators
872 sAMAccountType
: 0x20000000
873 systemFlags
: 0x8c000000
874 groupType
: 0x80000005
875 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
876 isCriticalSystemObject
: TRUE
877 privilege
: SeBackupPrivilege
878 privilege
: SeSystemtimePrivilege
879 privilege
: SeRemoteShutdownPrivilege
880 privilege
: SeRestorePrivilege
881 privilege
: SeShutdownPrivilege
882 privilege
: SeInteractiveLogonRight
884 dn: CN=Account Operators
,CN=Builtin
,$
{BASEDN
}
887 cn: Account Operators
888 description: Members can administer domain user and group accounts
890 whenCreated
: $
{LDAPTIME
}
891 whenChanged
: $
{LDAPTIME
}
894 name
: Account Operators
895 objectGUID
: $
{NEWGUID
}
896 objectSid
: S
-1-5-32-548
898 sAMAccountName
: Account Operators
899 sAMAccountType
: 0x20000000
900 systemFlags
: 0x8c000000
901 groupType
: 0x80000005
902 objectCategory
: CN=Group
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
903 isCriticalSystemObject
: TRUE
904 privilege
: SeInteractiveLogonRight
906 dn: CN=Templates
,$
{BASEDN
}
908 objectClass: container
910 description: Container for SAM account templates
912 whenCreated
: $
{LDAPTIME
}
913 whenChanged
: $
{LDAPTIME
}
916 showInAdvancedViewOnly
: TRUE
918 objectGUID
: $
{NEWGUID
}
919 systemFlags
: 0x8c000000
920 objectCategory
: CN=Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
921 isCriticalSystemObject
: TRUE
924 # note! the template users must not match normal searches. Be careful
925 # with what classes you put them in
928 dn: CN=TemplateUser
,CN=Templates
,$
{BASEDN
}
931 objectClass: organizationalPerson
932 objectClass: Template
933 objectClass: userTemplate
937 userAccountControl
: 0x202
948 sAMAccountType
: 0x30000000
950 dn: CN=TemplateMemberServer
,CN=Templates
,$
{BASEDN
}
952 objectClass: Template
953 objectClass: userTemplate
954 cn: TemplateMemberServer
955 name
: TemplateMemberServer
957 userAccountControl
: 0x1002
968 sAMAccountType
: 0x30000001
970 dn: CN=TemplateDomainController
,CN=Templates
,$
{BASEDN
}
972 objectClass: Template
973 objectClass: userTemplate
974 cn: TemplateDomainController
975 name
: TemplateDomainController
977 userAccountControl
: 0x2002
988 sAMAccountType
: 0x30000001
990 dn: CN=TemplateTrustingDomain
,CN=Templates
,$
{BASEDN
}
992 objectClass: Template
993 objectClass: userTemplate
994 cn: TemplateTrustingDomain
995 name
: TemplateTrustingDomain
997 userAccountControl
: 0x820
1008 sAMAccountType
: 0x30000002
1010 dn: CN=TemplateGroup
,CN=Templates
,$
{BASEDN
}
1012 objectClass: Template
1013 objectClass: groupTemplate
1017 groupType
: 0x80000002
1018 sAMAccountType
: 0x10000000
1020 dn: CN=TemplateAlias
,CN=Templates
,$
{BASEDN
}
1022 objectClass: Template
1023 objectClass: aliasTemplate
1027 groupType
: 0x80000004
1028 sAMAccountType
: 0x10000000
1030 dn: CN=TemplateForeignSecurityPrincipal
,CN=Templates
,$
{BASEDN
}
1032 objectClass: Template
1033 objectClass: foreignSecurityPrincipalTemplate
1034 cn: TemplateForeignSecurityPrincipal
1035 name
: TemplateForeignSecurityPrincipal
1037 dn: CN=TemplateSecret
,CN=Templates
,$
{BASEDN
}
1040 objectClass: Template
1041 objectClass: secretTemplate
1043 name
: TemplateSecret
1046 dn: CN=TemplateTrustedDomain
,CN=Templates
,$
{BASEDN
}
1049 objectClass: Template
1050 objectClass: trustedDomainTemplate
1051 cn: TemplateTrustedDomain
1052 name
: TemplateTrustedDomain
1055 ###############################
1056 # Configuration Naming Context
1057 ###############################
1058 dn: CN=Configuration
,$
{BASEDN
}
1060 objectClass: configuration
1063 whenCreated
: $
{LDAPTIME
}
1064 whenChanged
: $
{LDAPTIME
}
1067 showInAdvancedViewOnly
: TRUE
1069 objectGUID
: $
{NEWGUID
}
1070 objectCategory
: CN=Configuration
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1071 subRefs
: CN=Schema
,CN=Configuration
,$
{BASEDN
}
1072 masteredBy
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1073 msDs
-masteredBy
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1075 dn: CN=Partitions
,CN=Configuration
,$
{BASEDN
}
1077 objectClass: crossRefContainer
1080 whenCreated
: $
{LDAPTIME
}
1081 whenChanged
: $
{LDAPTIME
}
1084 showInAdvancedViewOnly
: TRUE
1086 objectGUID
: $
{NEWGUID
}
1087 systemFlags
: 0x80000000
1088 objectCategory
: CN=Cross
-Ref
-Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1089 msDS
-Behavior
-Version
: 0
1090 fSMORoleOwner
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1092 dn: CN=Enterprise Configuration
,CN=Partitions
,CN=Configuration
,$
{BASEDN
}
1094 objectClass: crossRef
1095 cn: Enterprise Configuration
1097 whenCreated
: $
{LDAPTIME
}
1098 whenChanged
: $
{LDAPTIME
}
1101 showInAdvancedViewOnly
: TRUE
1102 name
: Enterprise Configuration
1103 objectGUID
: $
{NEWGUID
}
1104 systemFlags
: 0x00000001
1105 objectCategory
: CN=Cross
-Ref
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1106 nCName
: CN=Configuration
,$
{BASEDN
}
1107 dnsRoot
: $
{DNSDOMAIN
}
1109 dn: CN=Enterprise Schema
,CN=Partitions
,CN=Configuration
,$
{BASEDN
}
1111 objectClass: crossRef
1112 cn: Enterprise Schema
1114 whenCreated
: $
{LDAPTIME
}
1115 whenChanged
: $
{LDAPTIME
}
1118 showInAdvancedViewOnly
: TRUE
1119 name
: Enterprise Schema
1120 objectGUID
: $
{NEWGUID
}
1121 systemFlags
: 0x00000001
1122 objectCategory
: CN=Cross
-Ref
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1123 nCName
: CN=Schema
,CN=Configuration
,$
{BASEDN
}
1124 dnsRoot
: $
{DNSDOMAIN
}
1126 dn: CN=$
{DOMAIN
},CN=Partitions
,CN=Configuration
,$
{BASEDN
}
1128 objectClass: crossRef
1131 whenCreated
: $
{LDAPTIME
}
1132 whenChanged
: $
{LDAPTIME
}
1135 showInAdvancedViewOnly
: TRUE
1137 objectGUID
: $
{NEWGUID
}
1138 systemFlags
: 0x00000003
1139 objectCategory
: CN=Cross
-Ref
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1141 nETBIOSName
: $
{DOMAIN
}
1142 dnsRoot
: $
{DNSDOMAIN
}
1144 dn: CN=Sites
,CN=Configuration
,$
{BASEDN
}
1146 objectClass: sitesContainer
1149 whenCreated
: $
{LDAPTIME
}
1150 whenChanged
: $
{LDAPTIME
}
1153 showInAdvancedViewOnly
: TRUE
1155 objectGUID
: $
{NEWGUID
}
1156 systemFlags
: 0x82000000
1157 objectCategory
: CN=Sites
-Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1159 dn: CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1164 whenCreated
: $
{LDAPTIME
}
1165 whenChanged
: $
{LDAPTIME
}
1168 showInAdvancedViewOnly
: TRUE
1170 objectGUID
: $
{NEWGUID
}
1171 systemFlags
: 0x82000000
1172 objectCategory
: CN=Site
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1174 dn: CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1176 objectClass: serversContainer
1179 whenCreated
: $
{LDAPTIME
}
1180 whenChanged
: $
{LDAPTIME
}
1183 showInAdvancedViewOnly
: TRUE
1185 objectGUID
: $
{NEWGUID
}
1186 systemFlags
: 0x82000000
1187 objectCategory
: CN=Servers
-Container
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1189 dn: CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1194 whenCreated
: $
{LDAPTIME
}
1195 whenChanged
: $
{LDAPTIME
}
1198 showInAdvancedViewOnly
: TRUE
1199 name
: $
{NETBIOSNAME
}
1200 objectGUID
: $
{NEWGUID
}
1201 systemFlags
: 0x52000000
1202 objectCategory
: CN=Server
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1203 dNSHostName
: $
{DNSNAME
}
1204 serverReference
: CN=$
{NETBIOSNAME
},OU=Domain Controllers
,$
{BASEDN
}
1206 dn: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1208 objectClass: applicationSettings
1209 objectClass: nTDSDSA
1212 whenCreated
: $
{LDAPTIME
}
1213 whenChanged
: $
{LDAPTIME
}
1216 showInAdvancedViewOnly
: TRUE
1218 systemFlags
: 0x02000000
1219 objectCategory
: CN=NTDS
-DSA
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1220 dMDLocation
: CN=Schema
,CN=Configuration
,$
{BASEDN
}
1221 objectGUID
: $
{INVOCATIONID
}
1222 invocationId
: $
{INVOCATIONID
}
1223 msDS
-Behavior
-Version
: 2
1225 ###############################
1226 # Schema Naming Context
1227 ###############################
1228 dn: CN=Schema
,CN=Configuration
,$
{BASEDN
}
1233 whenCreated
: $
{LDAPTIME
}
1234 whenChanged
: $
{LDAPTIME
}
1237 showInAdvancedViewOnly
: TRUE
1239 objectGUID
: $
{NEWGUID
}
1240 objectCategory
: CN=DMD
,CN=Schema
,CN=Configuration
,$
{BASEDN
}
1241 masteredBy
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1242 msDs
-masteredBy
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}
1243 fSMORoleOwner
: CN=NTDS Settings
,CN=$
{NETBIOSNAME
},CN=Servers
,CN=$
{DEFAULTSITE
},CN=Sites
,CN=Configuration
,$
{BASEDN
}