diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 93 | ||||
-rw-r--r-- | source4/setup/provision.ldif | 38 | ||||
-rw-r--r-- | source4/setup/provision_templates.ldif | 36 | ||||
-rw-r--r-- | source4/setup/provision_users.ldif | 84 |
4 files changed, 121 insertions, 130 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 389db73e3d..66994778da 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -37,15 +37,6 @@ #include "db_wrap.h" -/* - This is a bad temporary hack until we have at least some kind of schema - support -*/ -static char *ldb_hexstr(TALLOC_CTX *mem_ctx, uint32_t val) -{ - return talloc_asprintf(mem_ctx, "0x%.8x", val); -} - /* samr_Connect @@ -418,7 +409,7 @@ static NTSTATUS samr_info_DomInfo1(struct samr_domain_state *state, static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx, struct samr_DomInfo2 *info) { - const char * const dom_attrs[] = { "comment", NULL }; + const char * const dom_attrs[] = { "comment", "forceLogoff", NULL }; int ret; struct ldb_message **dom_msgs; const char *domain_name; @@ -430,8 +421,9 @@ static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX * } domain_name = state->domain_name; - /* where is this supposed to come from? is it settable? */ - info->force_logoff_time = 0x8000000000000000LL; + + info->force_logoff_time = ldb_msg_find_uint64(dom_msgs[0], "forceLogoff", + 0x8000000000000000LL); info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL); info->domain_name.string = domain_name; @@ -457,8 +449,18 @@ static NTSTATUS samr_info_DomInfo3(struct samr_domain_state *state, TALLOC_CTX *mem_ctx, struct samr_DomInfo3 *info) { - /* where is this supposed to come from? is it settable? */ - info->force_logoff_time = 0x8000000000000000LL; + const char * const dom_attrs[] = { "comment", "forceLogoff", NULL }; + int ret; + struct ldb_message **dom_msgs; + + ret = gendb_search_dn(state->sam_ctx, mem_ctx, + state->domain_dn, &dom_msgs, dom_attrs); + if (ret != 1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + info->force_logoff_time = ldb_msg_find_uint64(dom_msgs[0], "forceLogoff", + 0x8000000000000000LL); return NT_STATUS_OK; } @@ -639,9 +641,8 @@ static NTSTATUS samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, d_state->domain_sid, - "(&(grouptype=%s)(objectclass=group))", - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_GLOBAL_GROUP)); + "(&(grouptype=%d)(objectclass=group))", + GTYPE_SECURITY_GLOBAL_GROUP); if (ldb_cnt == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1083,7 +1084,7 @@ static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_C samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", alias_name); samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group"); - samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "groupType", "0x80000004"); + samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "groupType", 0x80000004); /* create the alias */ ret = samdb_add(d_state->sam_ctx, mem_ctx, msg); @@ -1154,12 +1155,10 @@ static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLO d_state->domain_dn, &res, attrs, d_state->domain_sid, - "(&(|(grouptype=%s)(grouptype=%s)))" + "(&(|(grouptype=%d)(grouptype=%d)))" "(objectclass=group))", - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)); + GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, + GTYPE_SECURITY_DOMAIN_LOCAL_GROUP); if (ldb_cnt == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1245,12 +1244,10 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL const char * const attrs[2] = { "objectSid", NULL }; filter = talloc_asprintf(mem_ctx, - "(&(|(grouptype=%s)(grouptype=%s))" + "(&(|(grouptype=%d)(grouptype=%d))" "(objectclass=group)(|", - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)); + GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, + GTYPE_SECURITY_DOMAIN_LOCAL_GROUP); if (filter == NULL) return NT_STATUS_NO_MEMORY; @@ -1497,10 +1494,9 @@ static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *m ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &msgs, attrs, "(&(objectSid=%s)(objectclass=group)" - "(grouptype=%s))", + "(grouptype=%d))", ldap_encode_ndr_dom_sid(mem_ctx, sid), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_GLOBAL_GROUP)); + GTYPE_SECURITY_GLOBAL_GROUP); if (ret == 0) { return NT_STATUS_NO_SUCH_GROUP; } @@ -1969,12 +1965,10 @@ static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *m ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &msgs, attrs, "(&(objectSid=%s)(objectclass=group)" - "(|(grouptype=%s)(grouptype=%s)))", + "(|(grouptype=%d)(grouptype=%d)))", ldap_encode_ndr_dom_sid(mem_ctx, sid), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)); + GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, + GTYPE_SECURITY_DOMAIN_LOCAL_GROUP); if (ret == 0) { return NT_STATUS_NO_SUCH_ALIAS; } @@ -2916,10 +2910,9 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res, attrs, d_state->domain_sid, - "(&(member=%s)(grouptype=%s)(objectclass=group))", + "(&(member=%s)(grouptype=%d)(objectclass=group))", ldb_dn_linearize(mem_ctx, a_state->account_dn), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_GLOBAL_GROUP)); + GTYPE_SECURITY_GLOBAL_GROUP); if (count < 0) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2986,21 +2979,19 @@ static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC case 1: case 4: filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)" - "(sAMAccountType=%s))", - ldb_hexstr(mem_ctx, - ATYPE_NORMAL_ACCOUNT)); + "(sAMAccountType=%u))", + ATYPE_NORMAL_ACCOUNT); break; case 2: filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)" - "(sAMAccountType=%s))", - ldb_hexstr(mem_ctx, - ATYPE_WORKSTATION_TRUST)); + "(sAMAccountType=%u))", + ATYPE_WORKSTATION_TRUST); break; case 3: case 5: - filter = talloc_asprintf(mem_ctx, "(&(grouptype=%s)" + filter = talloc_asprintf(mem_ctx, "(&(grouptype=%d)" "(objectclass=group))", - ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP)); + GTYPE_SECURITY_GLOBAL_GROUP); break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -3246,12 +3237,10 @@ static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce d_state->domain_dn, &res, attrs, d_state->domain_sid, "(&(member=%s)(objectClass=group)" - "(|(groupType=%s)(groupType=%s)))", + "(|(groupType=%d)(groupType=%d)))", memberdn, - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)); + GTYPE_SECURITY_BUILTIN_LOCAL_GROUP, + GTYPE_SECURITY_DOMAIN_LOCAL_GROUP); if (count < 0) return NT_STATUS_INTERNAL_DB_CORRUPTION; diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index ee62115435..f59d92e769 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -9,7 +9,7 @@ dnsDomain: ${DNSDOMAIN} dc: ${RDN_DC} objectGUID: ${DOMAINGUID} creationTime: ${NTTIME} -forceLogoff: 0x8000000000000000 +forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 @@ -40,7 +40,7 @@ cn: Users description: Default container for upgraded user accounts instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE allowedChildClassesEffective: user @@ -53,7 +53,7 @@ cn: Computers description: Default container for upgraded computer accounts instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -64,7 +64,7 @@ ou: Domain Controllers description: Default container for domain controllers instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -75,7 +75,7 @@ cn: ForeignSecurityPrincipals description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains instanceType: 4 showInAdvancedViewOnly: FALSE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -86,7 +86,7 @@ cn: System description: Builtin system settings instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -96,7 +96,7 @@ objectclass: rIDManager cn: RID Manager$ instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -125,7 +125,7 @@ objectclass: infrastructureUpdate cn: Infrastructure instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -136,7 +136,7 @@ objectClass: builtinDomain cn: Builtin instanceType: 4 showInAdvancedViewOnly: FALSE -forceLogoff: 0x8000000000000000 +forceLogoff: 9223372036854775808 lockoutDuration: -18000000000 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 @@ -174,7 +174,7 @@ objectClass: crossRefContainer cn: Partitions instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x80000000 +systemFlags: 2147483648 objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN} msDS-Behavior-Version: 0 fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -185,7 +185,7 @@ objectClass: crossRef cn: Enterprise Configuration instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x00000001 +systemFlags: 1 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Configuration,${BASEDN} dnsRoot: ${DNSDOMAIN} @@ -196,7 +196,7 @@ objectClass: crossRef cn: Enterprise Schema instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x00000001 +systemFlags: 1 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: CN=Schema,CN=Configuration,${BASEDN} dnsRoot: ${DNSDOMAIN} @@ -207,7 +207,7 @@ objectClass: crossRef cn: ${DOMAIN} instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x00000003 +systemFlags: 3 objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN} nCName: ${BASEDN} nETBIOSName: ${DOMAIN} @@ -219,7 +219,7 @@ objectClass: sitesContainer cn: Sites instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x82000000 +systemFlags: 2181038080 objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -228,7 +228,7 @@ objectClass: site cn: ${DEFAULTSITE} instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x82000000 +systemFlags: 2181038080 objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -237,7 +237,7 @@ objectClass: serversContainer cn: Servers instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x82000000 +systemFlags: 2181038080 objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN} @@ -246,7 +246,7 @@ objectClass: server cn: ${NETBIOSNAME} instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x52000000 +systemFlags: 1375731712 objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN} dNSHostName: ${DNSNAME} serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN} @@ -258,7 +258,7 @@ objectClass: nTDSDSA cn: NTDS Settings instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x02000000 +systemFlags: 33554432 objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN} dMDLocation: CN=Schema,CN=Configuration,${BASEDN} objectGUID: ${INVOCATIONID} @@ -271,7 +271,7 @@ objectClass: container cn: Services instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x80000000 +systemFlags: 2147483648 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN} diff --git a/source4/setup/provision_templates.ldif b/source4/setup/provision_templates.ldif index 9aa94c9d8c..11501a5b42 100644 --- a/source4/setup/provision_templates.ldif +++ b/source4/setup/provision_templates.ldif @@ -5,7 +5,7 @@ cn: Templates description: Container for SAM account templates instanceType: 4 showInAdvancedViewOnly: TRUE -systemFlags: 0x8c000000 +systemFlags: 2348810240 objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -22,7 +22,7 @@ objectClass: Template objectClass: userTemplate cn: TemplateUser instanceType: 4 -userAccountControl: 0x202 +userAccountControl: 514 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -33,7 +33,7 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 0x30000000 +sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN} dn: CN=TemplateComputer,CN=Templates,${BASEDN} @@ -44,7 +44,7 @@ objectClass: Template objectClass: userTemplate cn: TemplateComputer instanceType: 4 -userAccountControl: 0x1002 +userAccountControl: 4098 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -55,7 +55,7 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 0x30000001 +sAMAccountType: 805306369 objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN} dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN} @@ -64,7 +64,7 @@ objectClass: Template objectClass: userTemplate cn: TemplateTrustingDomain instanceType: 4 -userAccountControl: 0x820 +userAccountControl: 2080 badPwdCount: 0 codePage: 0 countryCode: 0 @@ -75,7 +75,7 @@ pwdLastSet: 0 primaryGroupID: 513 accountExpires: -1 logonCount: 0 -sAMAccountType: 0x30000002 +sAMAccountType: 805306370 dn: CN=TemplateGroup,CN=Templates,${BASEDN} objectClass: top @@ -83,18 +83,20 @@ objectClass: Template objectClass: groupTemplate cn: TemplateGroup instanceType: 4 -groupType: 0x80000002 -sAMAccountType: 0x10000000 +groupType: -2147483646 +sAMAccountType: 268435456 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} -dn: CN=TemplateAlias,CN=Templates,${BASEDN} -objectClass: top -objectClass: Template -objectClass: aliasTemplate -cn: TemplateAlias -instanceType: 4 -groupType: 0x80000004 -sAMAccountType: 0x10000000 +# Currently this isn't used, we don't have a way to detect it different from an incoming alias +# +# dn: CN=TemplateAlias,CN=Templates,${BASEDN} +# objectClass: top +# objectClass: Template +# objectClass: aliasTemplate +# cn: TemplateAlias +# instanceType: 4 +# groupType: -2147483644 +# sAMAccountType: 268435456 dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN} objectClass: top diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 652c0b6494..dc7bc016d5 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -7,7 +7,7 @@ memberOf: CN=Domain Admins,CN=Users,${BASEDN} memberOf: CN=Enterprise Admins,CN=Users,${BASEDN} memberOf: CN=Schema Admins,CN=Users,${BASEDN} memberOf: CN=Administrators,CN=Builtin,${BASEDN} -userAccountControl: 0x10200 +userAccountControl: 66048 objectSid: ${DOMAINSID}-500 adminCount: 1 accountExpires: -1 @@ -20,7 +20,7 @@ objectClass: user cn: Guest description: Built-in account for guest access to the computer/domain memberOf: CN=Guests,CN=Builtin,${BASEDN} -userAccountControl: 0x10222 +userAccountControl: 66082 primaryGroupID: 514 objectSid: ${DOMAINSID}-501 sAMAccountName: Guest @@ -37,9 +37,9 @@ member: CN=Administrator,CN=Users,${BASEDN} objectSid: S-1-5-32-544 adminCount: 1 sAMAccountName: Administrators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeSecurityPrivilege @@ -99,9 +99,9 @@ description: Users are prevented from making accidental or intentional system-wi member: CN=Domain Users,CN=Users,${BASEDN} objectSid: S-1-5-32-545 sAMAccountName: Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -114,9 +114,9 @@ member: CN=Domain Guests,CN=Users,${BASEDN} member: CN=Guest,CN=Users,${BASEDN} objectSid: S-1-5-32-546 sAMAccountName: Guests -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -128,9 +128,9 @@ description: Members can administer domain printers objectSid: S-1-5-32-550 adminCount: 1 sAMAccountName: Print Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeLoadDriverPrivilege @@ -145,9 +145,9 @@ description: Backup Operators can override security restrictions for the sole pu objectSid: S-1-5-32-551 adminCount: 1 sAMAccountName: Backup Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege @@ -163,9 +163,9 @@ description: Supports file replication in a domain objectSid: S-1-5-32-552 adminCount: 1 sAMAccountName: Replicator -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -176,9 +176,9 @@ cn: Remote Desktop Users description: Members in this group are granted the right to logon remotely objectSid: S-1-5-32-555 sAMAccountName: Remote Desktop Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -189,9 +189,9 @@ cn: Network Configuration Operators description: Members in this group can have some administrative privileges to manage configuration of networking features objectSid: S-1-5-32-556 sAMAccountName: Network Configuration Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -202,9 +202,9 @@ cn: Performance Monitor Users description: Members of this group have remote access to monitor this computer objectSid: S-1-5-32-558 sAMAccountName: Performance Monitor Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -215,9 +215,9 @@ cn: Performance Log Users description: Members of this group have remote access to schedule logging of performance counters on this computer objectSid: S-1-5-32-559 sAMAccountName: Performance Log Users -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -287,8 +287,8 @@ objectClass: top objectClass: group cn: Cert Publishers description: Members of this group are permitted to publish certificates to the Active Directory -groupType: 0x80000004 -sAMAccountType: 0x20000000 +groupType: 2147483652 +sAMAccountType: 536870912 objectSid: ${DOMAINSID}-517 sAMAccountName: Cert Publishers objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} @@ -345,8 +345,8 @@ description: Servers in this group can access remote access properties of users instanceType: 4 objectSid: ${DOMAINSID}-553 sAMAccountName: RAS and IAS Servers -sAMAccountType: 0x20000000 -groupType: 0x80000004 +sAMAccountType: 536870912 +groupType: 2147483652 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE @@ -359,9 +359,9 @@ instanceType: 4 objectSid: S-1-5-32-549 adminCount: 1 sAMAccountName: Server Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeBackupPrivilege @@ -380,9 +380,9 @@ instanceType: 4 objectSid: S-1-5-32-548 adminCount: 1 sAMAccountName: Account Operators -sAMAccountType: 0x20000000 -systemFlags: 0x8c000000 -groupType: 0x80000005 +sAMAccountType: 536870912 +systemFlags: 2348810240 +groupType: 2147483653 objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN} isCriticalSystemObject: TRUE privilege: SeInteractiveLogonRight |