diff options
Diffstat (limited to 'source4/setup/provision_users.ldif')
-rw-r--r-- | source4/setup/provision_users.ldif | 528 |
1 files changed, 528 insertions, 0 deletions
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif new file mode 100644 index 0000000000..854c42d07c --- /dev/null +++ b/source4/setup/provision_users.ldif @@ -0,0 +1,528 @@ +dn: CN=Administrator,CN=Users,${DOMAINDN} +objectClass: user +cn: Administrator +description: Built-in account for administering the computer/domain +userAccountControl: 66048 +objectSid: ${DOMAINSID}-500 +adminCount: 1 +accountExpires: 9223372036854775807 +sAMAccountName: Administrator +isCriticalSystemObject: TRUE +userPassword:: ${ADMINPASS_B64} + +dn: CN=Guest,CN=Users,${DOMAINDN} +objectClass: user +cn: Guest +description: Built-in account for guest access to the computer/domain +userAccountControl: 66082 +primaryGroupID: 514 +objectSid: ${DOMAINSID}-501 +sAMAccountName: Guest +isCriticalSystemObject: TRUE + +dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Enterprise Admins +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-519 +adminCount: 1 +sAMAccountName: Enterprise Admins +isCriticalSystemObject: TRUE + +dn: CN=krbtgt,CN=Users,${DOMAINDN} +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: krbtgt +description: Key Distribution Center Service Account +showInAdvancedViewOnly: TRUE +userAccountControl: 514 +objectSid: ${DOMAINSID}-502 +adminCount: 1 +accountExpires: 9223372036854775807 +sAMAccountName: krbtgt +servicePrincipalName: kadmin/changepw +isCriticalSystemObject: TRUE +userPassword:: ${KRBTGTPASS_B64} + +dn: CN=Domain Computers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Computers +description: All workstations and servers joined to the domain +objectSid: ${DOMAINSID}-515 +sAMAccountName: Domain Computers +isCriticalSystemObject: TRUE + +dn: CN=Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Controllers +description: All domain controllers in the domain +objectSid: ${DOMAINSID}-516 +adminCount: 1 +sAMAccountName: Domain Controllers +isCriticalSystemObject: TRUE + +dn: CN=Schema Admins,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Schema Admins +description: Designated administrators of the schema +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-518 +adminCount: 1 +sAMAccountName: Schema Admins +isCriticalSystemObject: TRUE + +dn: CN=Cert Publishers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Cert Publishers +description: Members of this group are permitted to publish certificates to the Active Directory +groupType: -2147483644 +objectSid: ${DOMAINSID}-517 +sAMAccountName: Cert Publishers +isCriticalSystemObject: TRUE + +dn: CN=Domain Admins,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Admins +description: Designated administrators of the domain +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-512 +adminCount: 1 +sAMAccountName: Domain Admins +isCriticalSystemObject: TRUE + +dn: CN=Domain Users,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Users +description: All domain users +objectSid: ${DOMAINSID}-513 +sAMAccountName: Domain Users +isCriticalSystemObject: TRUE + +dn: CN=Domain Guests,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Domain Guests +description: All domain guests +objectSid: ${DOMAINSID}-514 +sAMAccountName: Domain Guests +isCriticalSystemObject: TRUE + +dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Group Policy Creator Owners +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: ${DOMAINSID}-520 +sAMAccountName: Group Policy Creator Owners +isCriticalSystemObject: TRUE + +dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: RAS and IAS Servers +description: Servers in this group can access remote access properties of users +objectSid: ${DOMAINSID}-553 +sAMAccountName: RAS and IAS Servers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Administrators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Administrators +description: Administrators have complete and unrestricted access to the computer/domain +member: CN=Domain Admins,CN=Users,${DOMAINDN} +member: CN=Enterprise Admins,CN=Users,${DOMAINDN} +member: CN=Administrator,CN=Users,${DOMAINDN} +objectSid: S-1-5-32-544 +adminCount: 1 +sAMAccountName: Administrators +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE +privilege: SeSecurityPrivilege +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeSystemtimePrivilege +privilege: SeShutdownPrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeTakeOwnershipPrivilege +privilege: SeDebugPrivilege +privilege: SeSystemEnvironmentPrivilege +privilege: SeSystemProfilePrivilege +privilege: SeProfileSingleProcessPrivilege +privilege: SeIncreaseBasePriorityPrivilege +privilege: SeLoadDriverPrivilege +privilege: SeCreatePagefilePrivilege +privilege: SeIncreaseQuotaPrivilege +privilege: SeChangeNotifyPrivilege +privilege: SeUndockPrivilege +privilege: SeManageVolumePrivilege +privilege: SeImpersonatePrivilege +privilege: SeCreateGlobalPrivilege +privilege: SeEnableDelegationPrivilege +privilege: SeInteractiveLogonRight +privilege: SeNetworkLogonRight +privilege: SeRemoteInteractiveLogonRight + +dn: CN=Users,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Users +description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications +member: CN=Domain Users,CN=Users,${DOMAINDN} +objectSid: S-1-5-32-545 +sAMAccountName: Users +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Guests,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Guests +description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted +member: CN=Domain Guests,CN=Users,${DOMAINDN} +member: CN=Guest,CN=Users,${DOMAINDN} +objectSid: S-1-5-32-546 +sAMAccountName: Guests +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Print Operators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Print Operators +description: Members can administer domain printers +objectSid: S-1-5-32-550 +adminCount: 1 +sAMAccountName: Print Operators +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE +privilege: SeLoadDriverPrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Backup Operators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Backup Operators +description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files +objectSid: S-1-5-32-551 +adminCount: 1 +sAMAccountName: Backup Operators +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Replicator,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Replicator +description: Supports file replication in a domain +objectSid: S-1-5-32-552 +adminCount: 1 +sAMAccountName: Replicator +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Remote Desktop Users +description: Members in this group are granted the right to logon remotely +objectSid: S-1-5-32-555 +sAMAccountName: Remote Desktop Users +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Network Configuration Operators +description: Members in this group can have some administrative privileges to manage configuration of networking features +objectSid: S-1-5-32-556 +sAMAccountName: Network Configuration Operators +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Performance Monitor Users +description: Members of this group have remote access to monitor this computer +objectSid: S-1-5-32-558 +sAMAccountName: Performance Monitor Users +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Performance Log Users +description: Members of this group have remote access to schedule logging of performance counters on this computer +objectSid: S-1-5-32-559 +sAMAccountName: Performance Log Users +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Server Operators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Server Operators +description: Members can administer domain servers +objectSid: S-1-5-32-549 +adminCount: 1 +sAMAccountName: Server Operators +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE +privilege: SeBackupPrivilege +privilege: SeSystemtimePrivilege +privilege: SeRemoteShutdownPrivilege +privilege: SeRestorePrivilege +privilege: SeShutdownPrivilege +privilege: SeInteractiveLogonRight + +dn: CN=Account Operators,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Account Operators +description: Members can administer domain user and group accounts +objectSid: S-1-5-32-548 +adminCount: 1 +sAMAccountName: Account Operators +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE +privilege: SeInteractiveLogonRight + +dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Pre-Windows 2000 Compatible Access +description: A backward compatibility group which allows read access on all users and groups in the domain +objectSid: S-1-5-32-554 +sAMAccountName: Pre-Windows 2000 Compatible Access +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE +privilege: SeRemoteInteractiveLogonRight +privilege: SeChangeNotifyPrivilege + +dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Incoming Forest Trust Builders +description: Members of this group can create incoming, one-way trusts to this forest +objectSid: S-1-5-32-557 +sAMAccountName: Incoming Forest Trust Builders +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Windows Authorization Access Group +description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects +objectSid: S-1-5-32-560 +sAMAccountName: Windows Authorization Access Group +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Terminal Server License Servers +description: Terminal Server License Servers +objectSid: S-1-5-32-561 +sAMAccountName: Terminal Server License Servers +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN} +objectClass: top +objectClass: group +cn: Distributed COM Users +description: Members are allowed to launch, activate and use Distributed COM objects on this machine. +objectSid: S-1-5-32-562 +sAMAccountName: Distributed COM Users +systemFlags: 2348810240 +groupType: -2147483643 +isCriticalSystemObject: TRUE + +dn: CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: container +cn: WellKnown Security Principals +systemFlags: 2147483648 + +dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Anonymous Logon +objectSid: S-1-5-7 + +dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Authenticated Users +objectSid: S-1-5-11 + +dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Batch +objectSid: S-1-5-3 + +dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Creator Group +objectSid: S-1-3-1 + +dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Creator Owner +objectSid: S-1-3-0 + +dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Dialup +objectSid: S-1-5-1 + +dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Digest Authentication +objectSid: S-1-5-64-21 + +dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Enterprise Domain Controllers +objectSid: S-1-5-9 + +dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Everyone +objectSid: S-1-1-0 + +dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Interactive +objectSid: S-1-5-4 + +dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Local Service +objectSid: S-1-5-19 + +dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Network +objectSid: S-1-5-2 + +dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Network Service +objectSid: S-1-5-20 + +dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: NTLM Authentication +objectSid: S-1-5-64-10 + +dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Other Organization +objectSid: S-1-5-1000 + +dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Proxy +objectSid: S-1-5-8 + +dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Remote Interactive Logon +objectSid: S-1-5-14 + +dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Restricted +objectSid: S-1-5-12 + +dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: SChannel Authentication +objectSid: S-1-5-64-14 + +dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Self +objectSid: S-1-5-10 + +dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Service +objectSid: S-1-5-6 + +dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Terminal Server User +objectSid: S-1-5-13 + +dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: This Organization +objectSid: S-1-5-15 + +dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN} +objectClass: top +objectClass: foreignSecurityPrincipal +cn: Well-Known-Security-Id-System +objectSid: S-1-5-18 + |