summaryrefslogtreecommitdiff
path: root/source4/setup/provision_users.ldif
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup/provision_users.ldif')
-rw-r--r--source4/setup/provision_users.ldif528
1 files changed, 528 insertions, 0 deletions
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
new file mode 100644
index 0000000000..854c42d07c
--- /dev/null
+++ b/source4/setup/provision_users.ldif
@@ -0,0 +1,528 @@
+dn: CN=Administrator,CN=Users,${DOMAINDN}
+objectClass: user
+cn: Administrator
+description: Built-in account for administering the computer/domain
+userAccountControl: 66048
+objectSid: ${DOMAINSID}-500
+adminCount: 1
+accountExpires: 9223372036854775807
+sAMAccountName: Administrator
+isCriticalSystemObject: TRUE
+userPassword:: ${ADMINPASS_B64}
+
+dn: CN=Guest,CN=Users,${DOMAINDN}
+objectClass: user
+cn: Guest
+description: Built-in account for guest access to the computer/domain
+userAccountControl: 66082
+primaryGroupID: 514
+objectSid: ${DOMAINSID}-501
+sAMAccountName: Guest
+isCriticalSystemObject: TRUE
+
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Enterprise Admins
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=krbtgt,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: krbtgt
+description: Key Distribution Center Service Account
+showInAdvancedViewOnly: TRUE
+userAccountControl: 514
+objectSid: ${DOMAINSID}-502
+adminCount: 1
+accountExpires: 9223372036854775807
+sAMAccountName: krbtgt
+servicePrincipalName: kadmin/changepw
+isCriticalSystemObject: TRUE
+userPassword:: ${KRBTGTPASS_B64}
+
+dn: CN=Domain Computers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Computers
+description: All workstations and servers joined to the domain
+objectSid: ${DOMAINSID}-515
+sAMAccountName: Domain Computers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Controllers
+description: All domain controllers in the domain
+objectSid: ${DOMAINSID}-516
+adminCount: 1
+sAMAccountName: Domain Controllers
+isCriticalSystemObject: TRUE
+
+dn: CN=Schema Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Schema Admins
+description: Designated administrators of the schema
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-518
+adminCount: 1
+sAMAccountName: Schema Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Cert Publishers
+description: Members of this group are permitted to publish certificates to the Active Directory
+groupType: -2147483644
+objectSid: ${DOMAINSID}-517
+sAMAccountName: Cert Publishers
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Admins
+description: Designated administrators of the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-512
+adminCount: 1
+sAMAccountName: Domain Admins
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Users,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Users
+description: All domain users
+objectSid: ${DOMAINSID}-513
+sAMAccountName: Domain Users
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Guests,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Domain Guests
+description: All domain guests
+objectSid: ${DOMAINSID}-514
+sAMAccountName: Domain Guests
+isCriticalSystemObject: TRUE
+
+dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Group Policy Creator Owners
+description: Members in this group can modify group policy for the domain
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-520
+sAMAccountName: Group Policy Creator Owners
+isCriticalSystemObject: TRUE
+
+dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: RAS and IAS Servers
+description: Servers in this group can access remote access properties of users
+objectSid: ${DOMAINSID}-553
+sAMAccountName: RAS and IAS Servers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Administrators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Administrators
+description: Administrators have complete and unrestricted access to the computer/domain
+member: CN=Domain Admins,CN=Users,${DOMAINDN}
+member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: S-1-5-32-544
+adminCount: 1
+sAMAccountName: Administrators
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+privilege: SeSecurityPrivilege
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeTakeOwnershipPrivilege
+privilege: SeDebugPrivilege
+privilege: SeSystemEnvironmentPrivilege
+privilege: SeSystemProfilePrivilege
+privilege: SeProfileSingleProcessPrivilege
+privilege: SeIncreaseBasePriorityPrivilege
+privilege: SeLoadDriverPrivilege
+privilege: SeCreatePagefilePrivilege
+privilege: SeIncreaseQuotaPrivilege
+privilege: SeChangeNotifyPrivilege
+privilege: SeUndockPrivilege
+privilege: SeManageVolumePrivilege
+privilege: SeImpersonatePrivilege
+privilege: SeCreateGlobalPrivilege
+privilege: SeEnableDelegationPrivilege
+privilege: SeInteractiveLogonRight
+privilege: SeNetworkLogonRight
+privilege: SeRemoteInteractiveLogonRight
+
+dn: CN=Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Users
+description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
+member: CN=Domain Users,CN=Users,${DOMAINDN}
+objectSid: S-1-5-32-545
+sAMAccountName: Users
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Guests,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Guests
+description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
+member: CN=Domain Guests,CN=Users,${DOMAINDN}
+member: CN=Guest,CN=Users,${DOMAINDN}
+objectSid: S-1-5-32-546
+sAMAccountName: Guests
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Print Operators
+description: Members can administer domain printers
+objectSid: S-1-5-32-550
+adminCount: 1
+sAMAccountName: Print Operators
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+privilege: SeLoadDriverPrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
+
+dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Backup Operators
+description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
+objectSid: S-1-5-32-551
+adminCount: 1
+sAMAccountName: Backup Operators
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
+
+dn: CN=Replicator,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Replicator
+description: Supports file replication in a domain
+objectSid: S-1-5-32-552
+adminCount: 1
+sAMAccountName: Replicator
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Remote Desktop Users
+description: Members in this group are granted the right to logon remotely
+objectSid: S-1-5-32-555
+sAMAccountName: Remote Desktop Users
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Network Configuration Operators
+description: Members in this group can have some administrative privileges to manage configuration of networking features
+objectSid: S-1-5-32-556
+sAMAccountName: Network Configuration Operators
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Performance Monitor Users
+description: Members of this group have remote access to monitor this computer
+objectSid: S-1-5-32-558
+sAMAccountName: Performance Monitor Users
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Performance Log Users
+description: Members of this group have remote access to schedule logging of performance counters on this computer
+objectSid: S-1-5-32-559
+sAMAccountName: Performance Log Users
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Server Operators
+description: Members can administer domain servers
+objectSid: S-1-5-32-549
+adminCount: 1
+sAMAccountName: Server Operators
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+privilege: SeBackupPrivilege
+privilege: SeSystemtimePrivilege
+privilege: SeRemoteShutdownPrivilege
+privilege: SeRestorePrivilege
+privilege: SeShutdownPrivilege
+privilege: SeInteractiveLogonRight
+
+dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Account Operators
+description: Members can administer domain user and group accounts
+objectSid: S-1-5-32-548
+adminCount: 1
+sAMAccountName: Account Operators
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+privilege: SeInteractiveLogonRight
+
+dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Pre-Windows 2000 Compatible Access
+description: A backward compatibility group which allows read access on all users and groups in the domain
+objectSid: S-1-5-32-554
+sAMAccountName: Pre-Windows 2000 Compatible Access
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+privilege: SeRemoteInteractiveLogonRight
+privilege: SeChangeNotifyPrivilege
+
+dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Incoming Forest Trust Builders
+description: Members of this group can create incoming, one-way trusts to this forest
+objectSid: S-1-5-32-557
+sAMAccountName: Incoming Forest Trust Builders
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Windows Authorization Access Group
+description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
+objectSid: S-1-5-32-560
+sAMAccountName: Windows Authorization Access Group
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Terminal Server License Servers
+description: Terminal Server License Servers
+objectSid: S-1-5-32-561
+sAMAccountName: Terminal Server License Servers
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Distributed COM Users
+description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
+objectSid: S-1-5-32-562
+sAMAccountName: Distributed COM Users
+systemFlags: 2348810240
+groupType: -2147483643
+isCriticalSystemObject: TRUE
+
+dn: CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: container
+cn: WellKnown Security Principals
+systemFlags: 2147483648
+
+dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Anonymous Logon
+objectSid: S-1-5-7
+
+dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Authenticated Users
+objectSid: S-1-5-11
+
+dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Batch
+objectSid: S-1-5-3
+
+dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Creator Group
+objectSid: S-1-3-1
+
+dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Creator Owner
+objectSid: S-1-3-0
+
+dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Dialup
+objectSid: S-1-5-1
+
+dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Digest Authentication
+objectSid: S-1-5-64-21
+
+dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Enterprise Domain Controllers
+objectSid: S-1-5-9
+
+dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Everyone
+objectSid: S-1-1-0
+
+dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Interactive
+objectSid: S-1-5-4
+
+dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Local Service
+objectSid: S-1-5-19
+
+dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Network
+objectSid: S-1-5-2
+
+dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Network Service
+objectSid: S-1-5-20
+
+dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: NTLM Authentication
+objectSid: S-1-5-64-10
+
+dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Other Organization
+objectSid: S-1-5-1000
+
+dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Proxy
+objectSid: S-1-5-8
+
+dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Remote Interactive Logon
+objectSid: S-1-5-14
+
+dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Restricted
+objectSid: S-1-5-12
+
+dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: SChannel Authentication
+objectSid: S-1-5-64-14
+
+dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Self
+objectSid: S-1-5-10
+
+dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Service
+objectSid: S-1-5-6
+
+dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Terminal Server User
+objectSid: S-1-5-13
+
+dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: This Organization
+objectSid: S-1-5-15
+
+dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
+objectClass: top
+objectClass: foreignSecurityPrincipal
+cn: Well-Known-Security-Id-System
+objectSid: S-1-5-18
+