Changeset 745 for trunk/server/source4/setup/provision_users.ldif
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source4/setup/provision_users.ldif (modified) (22 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/setup/provision_users.ldif
r414 r745 1 # Add default primary groups (domain users, domain guests) - needed for 2 # the users to find valid primary groups (samldb module) 1 # Add default primary groups (domain users, domain guests, domain computers & 2 # domain controllers) - needed for the users to find valid primary groups 3 # (samldb module) 3 4 4 5 dn: CN=Domain Users,CN=Users,${DOMAINDN} … … 18 19 isCriticalSystemObject: TRUE 19 20 21 dn: CN=Domain Computers,CN=Users,${DOMAINDN} 22 objectClass: top 23 objectClass: group 24 description: All workstations and servers joined to the domain 25 objectSid: ${DOMAINSID}-515 26 sAMAccountName: Domain Computers 27 isCriticalSystemObject: TRUE 28 29 dn: CN=Domain Controllers,CN=Users,${DOMAINDN} 30 objectClass: top 31 objectClass: group 32 description: All domain controllers in the domain 33 objectSid: ${DOMAINSID}-516 34 adminCount: 1 35 sAMAccountName: Domain Controllers 36 isCriticalSystemObject: TRUE 37 20 38 # Add users 21 39 … … 23 41 objectClass: user 24 42 description: Built-in account for administering the computer/domain 25 userAccountControl: 6604843 userAccountControl: 512 26 44 objectSid: ${DOMAINSID}-500 27 45 adminCount: 1 28 46 accountExpires: 9223372036854775807 29 47 sAMAccountName: Administrator 30 userPassword:: ${ADMINPASS_B64}48 clearTextPassword:: ${ADMINPASS_B64} 31 49 isCriticalSystemObject: TRUE 32 50 … … 53 71 sAMAccountName: krbtgt 54 72 servicePrincipalName: kadmin/changepw 55 userPassword:: ${KRBTGTPASS_B64}73 clearTextPassword:: ${KRBTGTPASS_B64} 56 74 isCriticalSystemObject: TRUE 57 75 58 76 # Add other groups 77 78 dn: CN=Enterprise Read-only Domain Controllers,CN=Users,${DOMAINDN} 79 objectClass: top 80 objectClass: group 81 description: Members of this group are Read-Only Domain Controllers in the enterprise 82 objectSid: ${DOMAINSID}-498 83 sAMAccountName: Enterprise Read-Only Domain Controllers 84 groupType: -2147483640 85 isCriticalSystemObject: TRUE 86 87 dn: CN=Domain Admins,CN=Users,${DOMAINDN} 88 objectClass: top 89 objectClass: group 90 description: Designated administrators of the domain 91 member: CN=Administrator,CN=Users,${DOMAINDN} 92 objectSid: ${DOMAINSID}-512 93 adminCount: 1 94 sAMAccountName: Domain Admins 95 isCriticalSystemObject: TRUE 96 97 dn: CN=Cert Publishers,CN=Users,${DOMAINDN} 98 objectClass: top 99 objectClass: group 100 description: Members of this group are permitted to publish certificates to the directory 101 objectSid: ${DOMAINSID}-517 102 sAMAccountName: Cert Publishers 103 groupType: -2147483644 104 isCriticalSystemObject: TRUE 105 106 dn: CN=Schema Admins,CN=Users,${DOMAINDN} 107 objectClass: top 108 objectClass: group 109 description: Designated administrators of the schema 110 member: CN=Administrator,CN=Users,${DOMAINDN} 111 objectSid: ${DOMAINSID}-518 112 adminCount: 1 113 sAMAccountName: Schema Admins 114 groupType: -2147483640 115 isCriticalSystemObject: TRUE 59 116 60 117 dn: CN=Enterprise Admins,CN=Users,${DOMAINDN} … … 66 123 adminCount: 1 67 124 sAMAccountName: Enterprise Admins 68 isCriticalSystemObject: TRUE 69 70 dn: CN=Domain Computers,CN=Users,${DOMAINDN} 71 objectClass: top 72 objectClass: group 73 description: All workstations and servers joined to the domain 74 objectSid: ${DOMAINSID}-515 75 sAMAccountName: Domain Computers 76 isCriticalSystemObject: TRUE 77 78 dn: CN=Domain Controllers,CN=Users,${DOMAINDN} 79 objectClass: top 80 objectClass: group 81 description: All domain controllers in the domain 82 objectSid: ${DOMAINSID}-516 83 adminCount: 1 84 sAMAccountName: Domain Controllers 85 isCriticalSystemObject: TRUE 86 87 dn: CN=Schema Admins,CN=Users,${DOMAINDN} 88 objectClass: top 89 objectClass: group 90 description: Designated administrators of the schema 91 member: CN=Administrator,CN=Users,${DOMAINDN} 92 objectSid: ${DOMAINSID}-518 93 adminCount: 1 94 sAMAccountName: Schema Admins 95 isCriticalSystemObject: TRUE 96 97 dn: CN=Cert Publishers,CN=Users,${DOMAINDN} 98 objectClass: top 99 objectClass: group 100 description: Members of this group are permitted to publish certificates to the Active Directory 101 groupType: -2147483644 102 objectSid: ${DOMAINSID}-517 103 sAMAccountName: Cert Publishers 104 isCriticalSystemObject: TRUE 105 106 dn: CN=Domain Admins,CN=Users,${DOMAINDN} 107 objectClass: top 108 objectClass: group 109 description: Designated administrators of the domain 110 member: CN=Administrator,CN=Users,${DOMAINDN} 111 objectSid: ${DOMAINSID}-512 112 adminCount: 1 113 sAMAccountName: Domain Admins 125 groupType: -2147483640 114 126 isCriticalSystemObject: TRUE 115 127 … … 123 135 isCriticalSystemObject: TRUE 124 136 137 dn: CN=Read-only Domain Controllers,CN=Users,${DOMAINDN} 138 objectClass: top 139 objectClass: group 140 description: Members of this group are Read-Only Domain Controllers in the domain 141 objectSid: ${DOMAINSID}-521 142 adminCount: 1 143 sAMAccountName: Read-Only Domain Controllers 144 isCriticalSystemObject: TRUE 145 125 146 dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN} 126 147 objectClass: top … … 132 153 isCriticalSystemObject: TRUE 133 154 134 dn: CN= Read-Only Domain Controllers,CN=Users,${DOMAINDN}135 objectClass: top 136 objectClass: group 137 description: read-only domain controllers138 objectSid: ${DOMAINSID}-5 21139 sAMAccountName: Read-Only Domain Controllers155 dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN} 156 objectClass: top 157 objectClass: group 158 description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain 159 objectSid: ${DOMAINSID}-571 160 sAMAccountName: Allowed RODC Password Replication Group 140 161 groupType: -2147483644 141 162 isCriticalSystemObject: TRUE 142 163 143 dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} 144 objectClass: top 145 objectClass: group 146 description: enterprise read-only domain controllers 147 objectSid: ${DOMAINSID}-498 148 sAMAccountName: Enterprise Read-Only Domain Controllers 164 dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN} 165 objectClass: top 166 objectClass: group 167 description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain 168 member: CN=Read-only Domain Controllers,CN=Users,${DOMAINDN} 169 member: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN} 170 member: CN=Domain Admins,CN=Users,${DOMAINDN} 171 member: CN=Cert Publishers,CN=Users,${DOMAINDN} 172 member: CN=Enterprise Admins,CN=Users,${DOMAINDN} 173 member: CN=Schema Admins,CN=Users,${DOMAINDN} 174 member: CN=Domain Controllers,CN=Users,${DOMAINDN} 175 member: CN=krbtgt,CN=Users,${DOMAINDN} 176 objectSid: ${DOMAINSID}-572 177 sAMAccountName: Denied RODC Password Replication Group 149 178 groupType: -2147483644 150 179 isCriticalSystemObject: TRUE 151 180 152 dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN} 153 objectClass: top 154 objectClass: group 155 description: Certificate Service DCOM Access 156 objectSid: ${DOMAINSID}-574 157 sAMAccountName: Certificate Service DCOM Access 158 groupType: -2147483644 159 isCriticalSystemObject: TRUE 160 161 dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN} 162 objectClass: top 163 objectClass: group 164 description: Cryptographic Operators 165 objectSid: ${DOMAINSID}-569 166 sAMAccountName: Cryptographic Operators 167 groupType: -2147483644 168 isCriticalSystemObject: TRUE 169 170 dn: CN=Event Log Readers,CN=Users,${DOMAINDN} 171 objectClass: top 172 objectClass: group 173 description: Event Log Readers 174 objectSid: ${DOMAINSID}-573 175 sAMAccountName: Event Log Readers 176 groupType: -2147483644 177 isCriticalSystemObject: TRUE 181 # NOTICE: Some other users and groups which rely on automatic SIDs are located 182 # in "provision_self_join_modify.ldif" 178 183 179 184 # Add foreign security principals … … 194 199 objectSid: S-1-5-11 195 200 196 dn: CN=S-1-5- 20,CN=ForeignSecurityPrincipals,${DOMAINDN}197 objectClass: top 198 objectClass: foreignSecurityPrincipal 199 objectSid: S-1-5- 20201 dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} 202 objectClass: top 203 objectClass: foreignSecurityPrincipal 204 objectSid: S-1-5-17 200 205 201 206 # Add builtin objects … … 213 218 systemFlags: -1946157056 214 219 groupType: -2147483643 215 privilege: SeSecurityPrivilege216 privilege: SeBackupPrivilege217 privilege: SeRestorePrivilege218 privilege: SeSystemtimePrivilege219 privilege: SeShutdownPrivilege220 privilege: SeRemoteShutdownPrivilege221 privilege: SeTakeOwnershipPrivilege222 privilege: SeDebugPrivilege223 privilege: SeSystemEnvironmentPrivilege224 privilege: SeSystemProfilePrivilege225 privilege: SeProfileSingleProcessPrivilege226 privilege: SeIncreaseBasePriorityPrivilege227 privilege: SeLoadDriverPrivilege228 privilege: SeCreatePagefilePrivilege229 privilege: SeIncreaseQuotaPrivilege230 privilege: SeChangeNotifyPrivilege231 privilege: SeUndockPrivilege232 privilege: SeManageVolumePrivilege233 privilege: SeImpersonatePrivilege234 privilege: SeCreateGlobalPrivilege235 privilege: SeEnableDelegationPrivilege236 privilege: SeInteractiveLogonRight237 privilege: SeNetworkLogonRight238 privilege: SeRemoteInteractiveLogonRight239 220 isCriticalSystemObject: TRUE 240 221 … … 242 223 objectClass: top 243 224 objectClass: group 244 description: Users are prevented from making accidental or intentional system-wide changes . Thus, Users can run certified applications, but not most legacyapplications225 description: Users are prevented from making accidental or intentional system-wide changes and can run most applications 245 226 member: CN=Domain Users,CN=Users,${DOMAINDN} 246 227 member: CN=S-1-5-4,CN=ForeignSecurityPrincipals,${DOMAINDN} … … 264 245 isCriticalSystemObject: TRUE 265 246 247 dn: CN=Account Operators,CN=Builtin,${DOMAINDN} 248 objectClass: top 249 objectClass: group 250 description: Members can administer domain user and group accounts 251 objectSid: S-1-5-32-548 252 adminCount: 1 253 sAMAccountName: Account Operators 254 systemFlags: -1946157056 255 groupType: -2147483643 256 isCriticalSystemObject: TRUE 257 258 dn: CN=Server Operators,CN=Builtin,${DOMAINDN} 259 objectClass: top 260 objectClass: group 261 description: Members can administer domain servers 262 objectSid: S-1-5-32-549 263 adminCount: 1 264 sAMAccountName: Server Operators 265 systemFlags: -1946157056 266 groupType: -2147483643 267 isCriticalSystemObject: TRUE 268 266 269 dn: CN=Print Operators,CN=Builtin,${DOMAINDN} 267 270 objectClass: top … … 273 276 systemFlags: -1946157056 274 277 groupType: -2147483643 275 privilege: SeLoadDriverPrivilege276 privilege: SeShutdownPrivilege277 privilege: SeInteractiveLogonRight278 278 isCriticalSystemObject: TRUE 279 279 … … 287 287 systemFlags: -1946157056 288 288 groupType: -2147483643 289 privilege: SeBackupPrivilege290 privilege: SeRestorePrivilege291 privilege: SeShutdownPrivilege292 privilege: SeInteractiveLogonRight293 289 isCriticalSystemObject: TRUE 294 290 … … 302 298 systemFlags: -1946157056 303 299 groupType: -2147483643 304 isCriticalSystemObject: TRUE305 306 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}307 objectClass: top308 objectClass: group309 description: Members in this group are granted the right to logon remotely310 objectSid: S-1-5-32-555311 sAMAccountName: Remote Desktop Users312 systemFlags: -1946157056313 groupType: -2147483643314 isCriticalSystemObject: TRUE315 316 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}317 objectClass: top318 objectClass: group319 description: Members in this group can have some administrative privileges to manage configuration of networking features320 objectSid: S-1-5-32-556321 sAMAccountName: Network Configuration Operators322 systemFlags: -1946157056323 groupType: -2147483643324 isCriticalSystemObject: TRUE325 326 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}327 objectClass: top328 objectClass: group329 description: Members of this group have remote access to monitor this computer330 objectSid: S-1-5-32-558331 sAMAccountName: Performance Monitor Users332 systemFlags: -1946157056333 groupType: -2147483643334 isCriticalSystemObject: TRUE335 336 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}337 objectClass: top338 objectClass: group339 description: Members of this group have remote access to schedule logging of performance counters on this computer340 member: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}341 objectSid: S-1-5-32-559342 sAMAccountName: Performance Log Users343 systemFlags: -1946157056344 groupType: -2147483643345 isCriticalSystemObject: TRUE346 347 dn: CN=Server Operators,CN=Builtin,${DOMAINDN}348 objectClass: top349 objectClass: group350 description: Members can administer domain servers351 objectSid: S-1-5-32-549352 adminCount: 1353 sAMAccountName: Server Operators354 systemFlags: -1946157056355 groupType: -2147483643356 privilege: SeBackupPrivilege357 privilege: SeSystemtimePrivilege358 privilege: SeRemoteShutdownPrivilege359 privilege: SeRestorePrivilege360 privilege: SeShutdownPrivilege361 privilege: SeInteractiveLogonRight362 isCriticalSystemObject: TRUE363 364 dn: CN=Account Operators,CN=Builtin,${DOMAINDN}365 objectClass: top366 objectClass: group367 description: Members can administer domain user and group accounts368 objectSid: S-1-5-32-548369 adminCount: 1370 sAMAccountName: Account Operators371 systemFlags: -1946157056372 groupType: -2147483643373 privilege: SeInteractiveLogonRight374 300 isCriticalSystemObject: TRUE 375 301 … … 383 309 systemFlags: -1946157056 384 310 groupType: -2147483643 385 privilege: SeRemoteInteractiveLogonRight 386 privilege: SeChangeNotifyPrivilege 311 isCriticalSystemObject: TRUE 312 313 dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN} 314 objectClass: top 315 objectClass: group 316 description: Members in this group are granted the right to logon remotely 317 objectSid: S-1-5-32-555 318 sAMAccountName: Remote Desktop Users 319 systemFlags: -1946157056 320 groupType: -2147483643 321 isCriticalSystemObject: TRUE 322 323 dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN} 324 objectClass: top 325 objectClass: group 326 description: Members in this group can have some administrative privileges to manage configuration of networking features 327 objectSid: S-1-5-32-556 328 sAMAccountName: Network Configuration Operators 329 systemFlags: -1946157056 330 groupType: -2147483643 387 331 isCriticalSystemObject: TRUE 388 332 … … 393 337 objectSid: S-1-5-32-557 394 338 sAMAccountName: Incoming Forest Trust Builders 339 systemFlags: -1946157056 340 groupType: -2147483643 341 isCriticalSystemObject: TRUE 342 343 dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN} 344 objectClass: top 345 objectClass: group 346 description: Members of this group can access performance counter data locally and remotely 347 objectSid: S-1-5-32-558 348 sAMAccountName: Performance Monitor Users 349 systemFlags: -1946157056 350 groupType: -2147483643 351 isCriticalSystemObject: TRUE 352 353 dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN} 354 objectClass: top 355 objectClass: group 356 description: Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer 357 objectSid: S-1-5-32-559 358 sAMAccountName: Performance Log Users 395 359 systemFlags: -1946157056 396 360 groupType: -2147483643 … … 411 375 objectClass: top 412 376 objectClass: group 413 description: Terminal Server License Servers377 description: Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage 414 378 objectSid: S-1-5-32-561 415 379 sAMAccountName: Terminal Server License Servers … … 428 392 isCriticalSystemObject: TRUE 429 393 394 dn: CN=IIS_IUSRS,CN=Builtin,${DOMAINDN} 395 objectClass: top 396 objectClass: group 397 description: Built-in group used by Internet Information Services. 398 member: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN} 399 objectSid: S-1-5-32-568 400 sAMAccountName: IIS_IUSRS 401 systemFlags: -1946157056 402 groupType: -2147483643 403 isCriticalSystemObject: TRUE 404 405 dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN} 406 objectClass: top 407 objectClass: group 408 description: Members are authorized to perform cryptographic operations. 409 objectSid: S-1-5-32-569 410 sAMAccountName: Cryptographic Operators 411 systemFlags: -1946157056 412 groupType: -2147483643 413 isCriticalSystemObject: TRUE 414 415 dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN} 416 objectClass: top 417 objectClass: group 418 description: Members of this group can read event logs from local machine 419 objectSid: S-1-5-32-573 420 sAMAccountName: Event Log Readers 421 systemFlags: -1946157056 422 groupType: -2147483643 423 isCriticalSystemObject: TRUE 424 425 dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN} 426 objectClass: top 427 objectClass: group 428 description: Members of this group are allowed to connect to Certification Authorities in the enterprise 429 objectSid: S-1-5-32-574 430 sAMAccountName: Certificate Service DCOM Access 431 systemFlags: -1946157056 432 groupType: -2147483643 433 isCriticalSystemObject: TRUE 434 430 435 # Add well known security principals 431 436 … … 485 490 objectSid: S-1-5-4 486 491 492 dn: CN=IUSR,CN=WellKnown Security Principals,${CONFIGDN} 493 objectClass: top 494 objectClass: foreignSecurityPrincipal 495 objectSid: S-1-5-17 496 487 497 dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN} 488 498 objectClass: top … … 510 520 objectSid: S-1-5-1000 511 521 522 dn: CN=Owner Rights,CN=WellKnown Security Principals,${CONFIGDN} 523 objectClass: top 524 objectClass: foreignSecurityPrincipal 525 objectSid: S-1-3-4 526 512 527 dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN} 513 528 objectClass: top … … 540 555 objectSid: S-1-5-6 541 556 557 dn: CN=System,CN=WellKnown Security Principals,${CONFIGDN} 558 objectClass: top 559 objectClass: foreignSecurityPrincipal 560 objectSid: S-1-5-18 561 542 562 dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN} 543 563 objectClass: top … … 549 569 objectClass: foreignSecurityPrincipal 550 570 objectSid: S-1-5-15 551 552 dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}553 objectClass: top554 objectClass: foreignSecurityPrincipal555 objectSid: S-1-5-18
Note:
See TracChangeset
for help on using the changeset viewer.
