summaryrefslogtreecommitdiff
path: root/source4/setup
diff options
context:
space:
mode:
Diffstat (limited to 'source4/setup')
-rw-r--r--source4/setup/provision_users.ldif61
1 files changed, 35 insertions, 26 deletions
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 041262de14..8669d8a4e6 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -1,3 +1,24 @@
+# Add default primary groups (domain users, domain guests) - needed for
+# the users to find valid primary groups (samldb module)
+
+dn: CN=Domain Users,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain users
+objectSid: ${DOMAINSID}-513
+sAMAccountName: Domain Users
+isCriticalSystemObject: TRUE
+
+dn: CN=Domain Guests,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: All domain guests
+objectSid: ${DOMAINSID}-514
+sAMAccountName: Domain Guests
+isCriticalSystemObject: TRUE
+
+# Add users
+
dn: CN=Administrator,CN=Users,${DOMAINDN}
objectClass: user
description: Built-in account for administering the computer/domain
@@ -18,16 +39,6 @@ objectSid: ${DOMAINSID}-501
sAMAccountName: Guest
isCriticalSystemObject: TRUE
-dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: Designated administrators of the enterprise
-member: CN=Administrator,CN=Users,${DOMAINDN}
-objectSid: ${DOMAINSID}-519
-adminCount: 1
-sAMAccountName: Enterprise Admins
-isCriticalSystemObject: TRUE
-
dn: CN=krbtgt,CN=Users,${DOMAINDN}
objectClass: top
objectClass: person
@@ -44,6 +55,18 @@ servicePrincipalName: kadmin/changepw
userPassword:: ${KRBTGTPASS_B64}
isCriticalSystemObject: TRUE
+# Add other groups
+
+dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+description: Designated administrators of the enterprise
+member: CN=Administrator,CN=Users,${DOMAINDN}
+objectSid: ${DOMAINSID}-519
+adminCount: 1
+sAMAccountName: Enterprise Admins
+isCriticalSystemObject: TRUE
+
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
@@ -90,22 +113,6 @@ adminCount: 1
sAMAccountName: Domain Admins
isCriticalSystemObject: TRUE
-dn: CN=Domain Users,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: All domain users
-objectSid: ${DOMAINSID}-513
-sAMAccountName: Domain Users
-isCriticalSystemObject: TRUE
-
-dn: CN=Domain Guests,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: group
-description: All domain guests
-objectSid: ${DOMAINSID}-514
-sAMAccountName: Domain Guests
-isCriticalSystemObject: TRUE
-
dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
@@ -391,6 +398,8 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
+# Add well known security principals
+
dn: CN=WellKnown Security Principals,${CONFIGDN}
objectClass: top
objectClass: container