summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c93
-rw-r--r--source4/setup/provision.ldif38
-rw-r--r--source4/setup/provision_templates.ldif36
-rw-r--r--source4/setup/provision_users.ldif84
4 files changed, 121 insertions, 130 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 389db73e3d..66994778da 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -37,15 +37,6 @@
#include "db_wrap.h"
-/*
- This is a bad temporary hack until we have at least some kind of schema
- support
-*/
-static char *ldb_hexstr(TALLOC_CTX *mem_ctx, uint32_t val)
-{
- return talloc_asprintf(mem_ctx, "0x%.8x", val);
-}
-
/*
samr_Connect
@@ -418,7 +409,7 @@ static NTSTATUS samr_info_DomInfo1(struct samr_domain_state *state,
static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
struct samr_DomInfo2 *info)
{
- const char * const dom_attrs[] = { "comment", NULL };
+ const char * const dom_attrs[] = { "comment", "forceLogoff", NULL };
int ret;
struct ldb_message **dom_msgs;
const char *domain_name;
@@ -430,8 +421,9 @@ static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *
}
domain_name = state->domain_name;
- /* where is this supposed to come from? is it settable? */
- info->force_logoff_time = 0x8000000000000000LL;
+
+ info->force_logoff_time = ldb_msg_find_uint64(dom_msgs[0], "forceLogoff",
+ 0x8000000000000000LL);
info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL);
info->domain_name.string = domain_name;
@@ -457,8 +449,18 @@ static NTSTATUS samr_info_DomInfo3(struct samr_domain_state *state,
TALLOC_CTX *mem_ctx,
struct samr_DomInfo3 *info)
{
- /* where is this supposed to come from? is it settable? */
- info->force_logoff_time = 0x8000000000000000LL;
+ const char * const dom_attrs[] = { "comment", "forceLogoff", NULL };
+ int ret;
+ struct ldb_message **dom_msgs;
+
+ ret = gendb_search_dn(state->sam_ctx, mem_ctx,
+ state->domain_dn, &dom_msgs, dom_attrs);
+ if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ info->force_logoff_time = ldb_msg_find_uint64(dom_msgs[0], "forceLogoff",
+ 0x8000000000000000LL);
return NT_STATUS_OK;
}
@@ -639,9 +641,8 @@ static NTSTATUS samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
d_state->domain_sid,
- "(&(grouptype=%s)(objectclass=group))",
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_GLOBAL_GROUP));
+ "(&(grouptype=%d)(objectclass=group))",
+ GTYPE_SECURITY_GLOBAL_GROUP);
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1083,7 +1084,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", alias_name);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
- samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "groupType", "0x80000004");
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "groupType", 0x80000004);
/* create the alias */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
@@ -1154,12 +1155,10 @@ static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLO
d_state->domain_dn,
&res, attrs,
d_state->domain_sid,
- "(&(|(grouptype=%s)(grouptype=%s)))"
+ "(&(|(grouptype=%d)(grouptype=%d)))"
"(objectclass=group))",
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
@@ -1245,12 +1244,10 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL
const char * const attrs[2] = { "objectSid", NULL };
filter = talloc_asprintf(mem_ctx,
- "(&(|(grouptype=%s)(grouptype=%s))"
+ "(&(|(grouptype=%d)(grouptype=%d))"
"(objectclass=group)(|",
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (filter == NULL)
return NT_STATUS_NO_MEMORY;
@@ -1497,10 +1494,9 @@ static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
ret = gendb_search(d_state->sam_ctx,
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
- "(grouptype=%s))",
+ "(grouptype=%d))",
ldap_encode_ndr_dom_sid(mem_ctx, sid),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_GLOBAL_GROUP));
+ GTYPE_SECURITY_GLOBAL_GROUP);
if (ret == 0) {
return NT_STATUS_NO_SUCH_GROUP;
}
@@ -1969,12 +1965,10 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
ret = gendb_search(d_state->sam_ctx,
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
- "(|(grouptype=%s)(grouptype=%s)))",
+ "(|(grouptype=%d)(grouptype=%d)))",
ldap_encode_ndr_dom_sid(mem_ctx, sid),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (ret == 0) {
return NT_STATUS_NO_SUCH_ALIAS;
}
@@ -2916,10 +2910,9 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res,
attrs, d_state->domain_sid,
- "(&(member=%s)(grouptype=%s)(objectclass=group))",
+ "(&(member=%s)(grouptype=%d)(objectclass=group))",
ldb_dn_linearize(mem_ctx, a_state->account_dn),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_GLOBAL_GROUP));
+ GTYPE_SECURITY_GLOBAL_GROUP);
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -2986,21 +2979,19 @@ static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC
case 1:
case 4:
filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)"
- "(sAMAccountType=%s))",
- ldb_hexstr(mem_ctx,
- ATYPE_NORMAL_ACCOUNT));
+ "(sAMAccountType=%u))",
+ ATYPE_NORMAL_ACCOUNT);
break;
case 2:
filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)"
- "(sAMAccountType=%s))",
- ldb_hexstr(mem_ctx,
- ATYPE_WORKSTATION_TRUST));
+ "(sAMAccountType=%u))",
+ ATYPE_WORKSTATION_TRUST);
break;
case 3:
case 5:
- filter = talloc_asprintf(mem_ctx, "(&(grouptype=%s)"
+ filter = talloc_asprintf(mem_ctx, "(&(grouptype=%d)"
"(objectclass=group))",
- ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP));
+ GTYPE_SECURITY_GLOBAL_GROUP);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
@@ -3246,12 +3237,10 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce
d_state->domain_dn, &res, attrs,
d_state->domain_sid,
"(&(member=%s)(objectClass=group)"
- "(|(groupType=%s)(groupType=%s)))",
+ "(|(groupType=%d)(groupType=%d)))",
memberdn,
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index ee62115435..f59d92e769 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -9,7 +9,7 @@ dnsDomain: ${DNSDOMAIN}
dc: ${RDN_DC}
objectGUID: ${DOMAINGUID}
creationTime: ${NTTIME}
-forceLogoff: 0x8000000000000000
+forceLogoff: 9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
@@ -40,7 +40,7 @@ cn: Users
description: Default container for upgraded user accounts
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
allowedChildClassesEffective: user
@@ -53,7 +53,7 @@ cn: Computers
description: Default container for upgraded computer accounts
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -64,7 +64,7 @@ ou: Domain Controllers
description: Default container for domain controllers
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -75,7 +75,7 @@ cn: ForeignSecurityPrincipals
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -86,7 +86,7 @@ cn: System
description: Builtin system settings
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -96,7 +96,7 @@ objectclass: rIDManager
cn: RID Manager$
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
@@ -125,7 +125,7 @@ objectclass: infrastructureUpdate
cn: Infrastructure
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
@@ -136,7 +136,7 @@ objectClass: builtinDomain
cn: Builtin
instanceType: 4
showInAdvancedViewOnly: FALSE
-forceLogoff: 0x8000000000000000
+forceLogoff: 9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
@@ -174,7 +174,7 @@ objectClass: crossRefContainer
cn: Partitions
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x80000000
+systemFlags: 2147483648
objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
msDS-Behavior-Version: 0
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
@@ -185,7 +185,7 @@ objectClass: crossRef
cn: Enterprise Configuration
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x00000001
+systemFlags: 1
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: CN=Configuration,${BASEDN}
dnsRoot: ${DNSDOMAIN}
@@ -196,7 +196,7 @@ objectClass: crossRef
cn: Enterprise Schema
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x00000001
+systemFlags: 1
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: CN=Schema,CN=Configuration,${BASEDN}
dnsRoot: ${DNSDOMAIN}
@@ -207,7 +207,7 @@ objectClass: crossRef
cn: ${DOMAIN}
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x00000003
+systemFlags: 3
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: ${BASEDN}
nETBIOSName: ${DOMAIN}
@@ -219,7 +219,7 @@ objectClass: sitesContainer
cn: Sites
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x82000000
+systemFlags: 2181038080
objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
@@ -228,7 +228,7 @@ objectClass: site
cn: ${DEFAULTSITE}
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x82000000
+systemFlags: 2181038080
objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
@@ -237,7 +237,7 @@ objectClass: serversContainer
cn: Servers
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x82000000
+systemFlags: 2181038080
objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
@@ -246,7 +246,7 @@ objectClass: server
cn: ${NETBIOSNAME}
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x52000000
+systemFlags: 1375731712
objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
dNSHostName: ${DNSNAME}
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
@@ -258,7 +258,7 @@ objectClass: nTDSDSA
cn: NTDS Settings
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x02000000
+systemFlags: 33554432
objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
objectGUID: ${INVOCATIONID}
@@ -271,7 +271,7 @@ objectClass: container
cn: Services
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x80000000
+systemFlags: 2147483648
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif
index 9aa94c9d8c..11501a5b42 100644
--- a/source4/setup/provision_templates.ldif
+++ b/source4/setup/provision_templates.ldif
@@ -5,7 +5,7 @@ cn: Templates
description: Container for SAM account templates
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -22,7 +22,7 @@ objectClass: Template
objectClass: userTemplate
cn: TemplateUser
instanceType: 4
-userAccountControl: 0x202
+userAccountControl: 514
badPwdCount: 0
codePage: 0
countryCode: 0
@@ -33,7 +33,7 @@ pwdLastSet: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 0x30000000
+sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=TemplateComputer,CN=Templates,${BASEDN}
@@ -44,7 +44,7 @@ objectClass: Template
objectClass: userTemplate
cn: TemplateComputer
instanceType: 4
-userAccountControl: 0x1002
+userAccountControl: 4098
badPwdCount: 0
codePage: 0
countryCode: 0
@@ -55,7 +55,7 @@ pwdLastSet: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 0x30000001
+sAMAccountType: 805306369
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
@@ -64,7 +64,7 @@ objectClass: Template
objectClass: userTemplate
cn: TemplateTrustingDomain
instanceType: 4
-userAccountControl: 0x820
+userAccountControl: 2080
badPwdCount: 0
codePage: 0
countryCode: 0
@@ -75,7 +75,7 @@ pwdLastSet: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 0x30000002
+sAMAccountType: 805306370
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
objectClass: top
@@ -83,18 +83,20 @@ objectClass: Template
objectClass: groupTemplate
cn: TemplateGroup
instanceType: 4
-groupType: 0x80000002
-sAMAccountType: 0x10000000
+groupType: -2147483646
+sAMAccountType: 268435456
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
-dn: CN=TemplateAlias,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: aliasTemplate
-cn: TemplateAlias
-instanceType: 4
-groupType: 0x80000004
-sAMAccountType: 0x10000000
+# Currently this isn't used, we don't have a way to detect it different from an incoming alias
+#
+# dn: CN=TemplateAlias,CN=Templates,${BASEDN}
+# objectClass: top
+# objectClass: Template
+# objectClass: aliasTemplate
+# cn: TemplateAlias
+# instanceType: 4
+# groupType: -2147483644
+# sAMAccountType: 268435456
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
objectClass: top
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 652c0b6494..dc7bc016d5 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -7,7 +7,7 @@ memberOf: CN=Domain Admins,CN=Users,${BASEDN}
memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
memberOf: CN=Schema Admins,CN=Users,${BASEDN}
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
-userAccountControl: 0x10200
+userAccountControl: 66048
objectSid: ${DOMAINSID}-500
adminCount: 1
accountExpires: -1
@@ -20,7 +20,7 @@ objectClass: user
cn: Guest
description: Built-in account for guest access to the computer/domain
memberOf: CN=Guests,CN=Builtin,${BASEDN}
-userAccountControl: 0x10222
+userAccountControl: 66082
primaryGroupID: 514
objectSid: ${DOMAINSID}-501
sAMAccountName: Guest
@@ -37,9 +37,9 @@ member: CN=Administrator,CN=Users,${BASEDN}
objectSid: S-1-5-32-544
adminCount: 1
sAMAccountName: Administrators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeSecurityPrivilege
@@ -99,9 +99,9 @@ description: Users are prevented from making accidental or intentional system-wi
member: CN=Domain Users,CN=Users,${BASEDN}
objectSid: S-1-5-32-545
sAMAccountName: Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -114,9 +114,9 @@ member: CN=Domain Guests,CN=Users,${BASEDN}
member: CN=Guest,CN=Users,${BASEDN}
objectSid: S-1-5-32-546
sAMAccountName: Guests
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -128,9 +128,9 @@ description: Members can administer domain printers
objectSid: S-1-5-32-550
adminCount: 1
sAMAccountName: Print Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeLoadDriverPrivilege
@@ -145,9 +145,9 @@ description: Backup Operators can override security restrictions for the sole pu
objectSid: S-1-5-32-551
adminCount: 1
sAMAccountName: Backup Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
@@ -163,9 +163,9 @@ description: Supports file replication in a domain
objectSid: S-1-5-32-552
adminCount: 1
sAMAccountName: Replicator
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -176,9 +176,9 @@ cn: Remote Desktop Users
description: Members in this group are granted the right to logon remotely
objectSid: S-1-5-32-555
sAMAccountName: Remote Desktop Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -189,9 +189,9 @@ cn: Network Configuration Operators
description: Members in this group can have some administrative privileges to manage configuration of networking features
objectSid: S-1-5-32-556
sAMAccountName: Network Configuration Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -202,9 +202,9 @@ cn: Performance Monitor Users
description: Members of this group have remote access to monitor this computer
objectSid: S-1-5-32-558
sAMAccountName: Performance Monitor Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -215,9 +215,9 @@ cn: Performance Log Users
description: Members of this group have remote access to schedule logging of performance counters on this computer
objectSid: S-1-5-32-559
sAMAccountName: Performance Log Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -287,8 +287,8 @@ objectClass: top
objectClass: group
cn: Cert Publishers
description: Members of this group are permitted to publish certificates to the Active Directory
-groupType: 0x80000004
-sAMAccountType: 0x20000000
+groupType: 2147483652
+sAMAccountType: 536870912
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
@@ -345,8 +345,8 @@ description: Servers in this group can access remote access properties of users
instanceType: 4
objectSid: ${DOMAINSID}-553
sAMAccountName: RAS and IAS Servers
-sAMAccountType: 0x20000000
-groupType: 0x80000004
+sAMAccountType: 536870912
+groupType: 2147483652
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
@@ -359,9 +359,9 @@ instanceType: 4
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
@@ -380,9 +380,9 @@ instanceType: 4
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight