1
dn: CN=Administrator,CN=Users,${DOMAINDN}
4
description: Built-in account for administering the computer/domain
5
userAccountControl: 66048
6
objectSid: ${DOMAINSID}-500
8
accountExpires: 9223372036854775807
9
sAMAccountName: Administrator
10
isCriticalSystemObject: TRUE
11
userPassword:: ${ADMINPASS_B64}
13
dn: CN=Guest,CN=Users,${DOMAINDN}
16
description: Built-in account for guest access to the computer/domain
17
userAccountControl: 66082
19
objectSid: ${DOMAINSID}-501
21
isCriticalSystemObject: TRUE
23
dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
27
description: Designated administrators of the enterprise
28
member: CN=Administrator,CN=Users,${DOMAINDN}
29
objectSid: ${DOMAINSID}-519
31
sAMAccountName: Enterprise Admins
32
isCriticalSystemObject: TRUE
34
dn: CN=krbtgt,CN=Users,${DOMAINDN}
37
objectClass: organizationalPerson
40
description: Key Distribution Center Service Account
41
showInAdvancedViewOnly: TRUE
42
userAccountControl: 514
43
objectSid: ${DOMAINSID}-502
45
accountExpires: 9223372036854775807
46
sAMAccountName: krbtgt
47
servicePrincipalName: kadmin/changepw
48
isCriticalSystemObject: TRUE
49
userPassword:: ${KRBTGTPASS_B64}
51
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
55
description: All workstations and servers joined to the domain
56
objectSid: ${DOMAINSID}-515
57
sAMAccountName: Domain Computers
58
isCriticalSystemObject: TRUE
60
dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
63
cn: Domain Controllers
64
description: All domain controllers in the domain
65
objectSid: ${DOMAINSID}-516
67
sAMAccountName: Domain Controllers
68
isCriticalSystemObject: TRUE
70
dn: CN=Schema Admins,CN=Users,${DOMAINDN}
74
description: Designated administrators of the schema
75
member: CN=Administrator,CN=Users,${DOMAINDN}
76
objectSid: ${DOMAINSID}-518
78
sAMAccountName: Schema Admins
79
isCriticalSystemObject: TRUE
81
dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
85
description: Members of this group are permitted to publish certificates to the Active Directory
86
groupType: -2147483644
87
objectSid: ${DOMAINSID}-517
88
sAMAccountName: Cert Publishers
89
isCriticalSystemObject: TRUE
91
dn: CN=Domain Admins,CN=Users,${DOMAINDN}
95
description: Designated administrators of the domain
96
member: CN=Administrator,CN=Users,${DOMAINDN}
97
objectSid: ${DOMAINSID}-512
99
sAMAccountName: Domain Admins
100
isCriticalSystemObject: TRUE
102
dn: CN=Domain Users,CN=Users,${DOMAINDN}
106
description: All domain users
107
objectSid: ${DOMAINSID}-513
108
sAMAccountName: Domain Users
109
isCriticalSystemObject: TRUE
111
dn: CN=Domain Guests,CN=Users,${DOMAINDN}
115
description: All domain guests
116
objectSid: ${DOMAINSID}-514
117
sAMAccountName: Domain Guests
118
isCriticalSystemObject: TRUE
120
dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
123
cn: Group Policy Creator Owners
124
description: Members in this group can modify group policy for the domain
125
member: CN=Administrator,CN=Users,${DOMAINDN}
126
objectSid: ${DOMAINSID}-520
127
sAMAccountName: Group Policy Creator Owners
128
isCriticalSystemObject: TRUE
130
dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
133
cn: RAS and IAS Servers
134
description: Servers in this group can access remote access properties of users
135
objectSid: ${DOMAINSID}-553
136
sAMAccountName: RAS and IAS Servers
137
groupType: -2147483644
138
isCriticalSystemObject: TRUE
140
dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
143
cn: Read-Only Domain Controllers
144
description: read-only domain controllers
145
objectSid: ${DOMAINSID}-521
146
sAMAccountName: Read-Only Domain Controllers
147
groupType: -2147483644
148
isCriticalSystemObject: TRUE
150
dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
153
cn: Enterprise Read-Only Domain Controllers
154
description: enterprise read-only domain controllers
155
objectSid: ${DOMAINSID}-498
156
sAMAccountName: Enterprise Read-Only Domain Controllers
157
groupType: -2147483644
158
isCriticalSystemObject: TRUE
160
dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
163
cn: Certificate Service DCOM Access
164
description: Certificate Service DCOM Access
165
objectSid: ${DOMAINSID}-574
166
sAMAccountName: Certificate Service DCOM Access
167
groupType: -2147483644
168
isCriticalSystemObject: TRUE
170
dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
173
cn: Cryptographic Operators
174
description: Cryptographic Operators
175
objectSid: ${DOMAINSID}-569
176
sAMAccountName: Cryptographic Operators
177
groupType: -2147483644
178
isCriticalSystemObject: TRUE
180
dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
183
cn: Event Log Readers
184
description: Event Log Readers
185
objectSid: ${DOMAINSID}-573
186
sAMAccountName: Event Log Readers
187
groupType: -2147483644
188
isCriticalSystemObject: TRUE
190
dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
194
description: IIS_IUSRS
195
objectSid: ${DOMAINSID}-568
196
sAMAccountName: IIS_IUSRS
197
groupType: -2147483644
198
isCriticalSystemObject: TRUE
200
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
204
description: Administrators have complete and unrestricted access to the computer/domain
205
member: CN=Domain Admins,CN=Users,${DOMAINDN}
206
member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
207
member: CN=Administrator,CN=Users,${DOMAINDN}
208
objectSid: S-1-5-32-544
210
sAMAccountName: Administrators
211
systemFlags: 2348810240
212
groupType: -2147483643
213
isCriticalSystemObject: TRUE
214
privilege: SeSecurityPrivilege
215
privilege: SeBackupPrivilege
216
privilege: SeRestorePrivilege
217
privilege: SeSystemtimePrivilege
218
privilege: SeShutdownPrivilege
219
privilege: SeRemoteShutdownPrivilege
220
privilege: SeTakeOwnershipPrivilege
221
privilege: SeDebugPrivilege
222
privilege: SeSystemEnvironmentPrivilege
223
privilege: SeSystemProfilePrivilege
224
privilege: SeProfileSingleProcessPrivilege
225
privilege: SeIncreaseBasePriorityPrivilege
226
privilege: SeLoadDriverPrivilege
227
privilege: SeCreatePagefilePrivilege
228
privilege: SeIncreaseQuotaPrivilege
229
privilege: SeChangeNotifyPrivilege
230
privilege: SeUndockPrivilege
231
privilege: SeManageVolumePrivilege
232
privilege: SeImpersonatePrivilege
233
privilege: SeCreateGlobalPrivilege
234
privilege: SeEnableDelegationPrivilege
235
privilege: SeInteractiveLogonRight
236
privilege: SeNetworkLogonRight
237
privilege: SeRemoteInteractiveLogonRight
239
dn: CN=Users,CN=Builtin,${DOMAINDN}
243
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
244
member: CN=Domain Users,CN=Users,${DOMAINDN}
245
objectSid: S-1-5-32-545
246
sAMAccountName: Users
247
systemFlags: 2348810240
248
groupType: -2147483643
249
isCriticalSystemObject: TRUE
251
dn: CN=Guests,CN=Builtin,${DOMAINDN}
255
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
256
member: CN=Domain Guests,CN=Users,${DOMAINDN}
257
member: CN=Guest,CN=Users,${DOMAINDN}
258
objectSid: S-1-5-32-546
259
sAMAccountName: Guests
260
systemFlags: 2348810240
261
groupType: -2147483643
262
isCriticalSystemObject: TRUE
264
dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
268
description: Members can administer domain printers
269
objectSid: S-1-5-32-550
271
sAMAccountName: Print Operators
272
systemFlags: 2348810240
273
groupType: -2147483643
274
isCriticalSystemObject: TRUE
275
privilege: SeLoadDriverPrivilege
276
privilege: SeShutdownPrivilege
277
privilege: SeInteractiveLogonRight
279
dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
283
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
284
objectSid: S-1-5-32-551
286
sAMAccountName: Backup Operators
287
systemFlags: 2348810240
288
groupType: -2147483643
289
isCriticalSystemObject: TRUE
290
privilege: SeBackupPrivilege
291
privilege: SeRestorePrivilege
292
privilege: SeShutdownPrivilege
293
privilege: SeInteractiveLogonRight
295
dn: CN=Replicator,CN=Builtin,${DOMAINDN}
299
description: Supports file replication in a domain
300
objectSid: S-1-5-32-552
302
sAMAccountName: Replicator
303
systemFlags: 2348810240
304
groupType: -2147483643
305
isCriticalSystemObject: TRUE
307
dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
310
cn: Remote Desktop Users
311
description: Members in this group are granted the right to logon remotely
312
objectSid: S-1-5-32-555
313
sAMAccountName: Remote Desktop Users
314
systemFlags: 2348810240
315
groupType: -2147483643
316
isCriticalSystemObject: TRUE
318
dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
321
cn: Network Configuration Operators
322
description: Members in this group can have some administrative privileges to manage configuration of networking features
323
objectSid: S-1-5-32-556
324
sAMAccountName: Network Configuration Operators
325
systemFlags: 2348810240
326
groupType: -2147483643
327
isCriticalSystemObject: TRUE
329
dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
332
cn: Performance Monitor Users
333
description: Members of this group have remote access to monitor this computer
334
objectSid: S-1-5-32-558
335
sAMAccountName: Performance Monitor Users
336
systemFlags: 2348810240
337
groupType: -2147483643
338
isCriticalSystemObject: TRUE
340
dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
343
cn: Performance Log Users
344
description: Members of this group have remote access to schedule logging of performance counters on this computer
345
objectSid: S-1-5-32-559
346
sAMAccountName: Performance Log Users
347
systemFlags: 2348810240
348
groupType: -2147483643
349
isCriticalSystemObject: TRUE
351
dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
355
description: Members can administer domain servers
356
objectSid: S-1-5-32-549
358
sAMAccountName: Server Operators
359
systemFlags: 2348810240
360
groupType: -2147483643
361
isCriticalSystemObject: TRUE
362
privilege: SeBackupPrivilege
363
privilege: SeSystemtimePrivilege
364
privilege: SeRemoteShutdownPrivilege
365
privilege: SeRestorePrivilege
366
privilege: SeShutdownPrivilege
367
privilege: SeInteractiveLogonRight
369
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
372
cn: Account Operators
373
description: Members can administer domain user and group accounts
374
objectSid: S-1-5-32-548
376
sAMAccountName: Account Operators
377
systemFlags: 2348810240
378
groupType: -2147483643
379
isCriticalSystemObject: TRUE
380
privilege: SeInteractiveLogonRight
382
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
385
cn: Pre-Windows 2000 Compatible Access
386
description: A backward compatibility group which allows read access on all users and groups in the domain
387
objectSid: S-1-5-32-554
388
sAMAccountName: Pre-Windows 2000 Compatible Access
389
systemFlags: 2348810240
390
groupType: -2147483643
391
isCriticalSystemObject: TRUE
392
privilege: SeRemoteInteractiveLogonRight
393
privilege: SeChangeNotifyPrivilege
395
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
398
cn: Incoming Forest Trust Builders
399
description: Members of this group can create incoming, one-way trusts to this forest
400
objectSid: S-1-5-32-557
401
sAMAccountName: Incoming Forest Trust Builders
402
systemFlags: 2348810240
403
groupType: -2147483643
404
isCriticalSystemObject: TRUE
406
dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
409
cn: Windows Authorization Access Group
410
description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
411
objectSid: S-1-5-32-560
412
sAMAccountName: Windows Authorization Access Group
413
systemFlags: 2348810240
414
groupType: -2147483643
415
isCriticalSystemObject: TRUE
417
dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
420
cn: Terminal Server License Servers
421
description: Terminal Server License Servers
422
objectSid: S-1-5-32-561
423
sAMAccountName: Terminal Server License Servers
424
systemFlags: 2348810240
425
groupType: -2147483643
426
isCriticalSystemObject: TRUE
428
dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
431
cn: Distributed COM Users
432
description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
433
objectSid: S-1-5-32-562
434
sAMAccountName: Distributed COM Users
435
systemFlags: 2348810240
436
groupType: -2147483643
437
isCriticalSystemObject: TRUE
439
dn: CN=WellKnown Security Principals,${CONFIGDN}
441
objectClass: container
442
cn: WellKnown Security Principals
443
systemFlags: 2147483648
445
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
447
objectClass: foreignSecurityPrincipal
451
dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
453
objectClass: foreignSecurityPrincipal
454
cn: Authenticated Users
457
dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
459
objectClass: foreignSecurityPrincipal
463
dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
465
objectClass: foreignSecurityPrincipal
469
dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
471
objectClass: foreignSecurityPrincipal
475
dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
477
objectClass: foreignSecurityPrincipal
481
dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
483
objectClass: foreignSecurityPrincipal
484
cn: Digest Authentication
485
objectSid: S-1-5-64-21
487
dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
489
objectClass: foreignSecurityPrincipal
490
cn: Enterprise Domain Controllers
493
dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
495
objectClass: foreignSecurityPrincipal
499
dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
501
objectClass: foreignSecurityPrincipal
505
dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
507
objectClass: foreignSecurityPrincipal
511
dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
513
objectClass: foreignSecurityPrincipal
517
dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
519
objectClass: foreignSecurityPrincipal
523
dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
525
objectClass: foreignSecurityPrincipal
526
cn: NTLM Authentication
527
objectSid: S-1-5-64-10
529
dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
531
objectClass: foreignSecurityPrincipal
532
cn: Other Organization
533
objectSid: S-1-5-1000
535
dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
537
objectClass: foreignSecurityPrincipal
541
dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
543
objectClass: foreignSecurityPrincipal
544
cn: Remote Interactive Logon
547
dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
549
objectClass: foreignSecurityPrincipal
553
dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
555
objectClass: foreignSecurityPrincipal
556
cn: SChannel Authentication
557
objectSid: S-1-5-64-14
559
dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
561
objectClass: foreignSecurityPrincipal
565
dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
567
objectClass: foreignSecurityPrincipal
571
dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
573
objectClass: foreignSecurityPrincipal
574
cn: Terminal Server User
577
dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
579
objectClass: foreignSecurityPrincipal
580
cn: This Organization
583
dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
585
objectClass: foreignSecurityPrincipal
586
cn: Well-Known-Security-Id-System