sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-21 09:49:28 +03:00
Code Activity

s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode

Browse Source 
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
This commit is contained in:
Matthias Dieter Wallnöfer
2010-01-10 10:47:30 +01:00
parent a3e089db19
commit 5c174c68cc
1 changed files with 131 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

234
source4/setup/provision_users.ldif
View File

@ -75,33 +75,13 @@ isCriticalSystemObject: TRUE
# Add other groups
dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Designated administrators of the enterprise
member: CN=Administrator,CN=Users,${DOMAINDN}
objectSid: ${DOMAINSID}-519
adminCount: 1
sAMAccountName: Enterprise Admins
isCriticalSystemObject: TRUE
dn: CN=Schema Admins,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Designated administrators of the schema
member: CN=Administrator,CN=Users,${DOMAINDN}
objectSid: ${DOMAINSID}-518
adminCount: 1
sAMAccountName: Schema Admins
isCriticalSystemObject: TRUE
dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group are permitted to publish certificates to the Active Directory
groupType: -2147483644
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
description: Members of this group are Read-Only Domain Controllers in the enterprise
objectSid: ${DOMAINSID}-498
sAMAccountName: Enterprise Read-Only Domain Controllers
groupType: -2147483640
isCriticalSystemObject: TRUE
dn: CN=Domain Admins,CN=Users,${DOMAINDN}
@ -114,6 +94,37 @@ adminCount: 1
sAMAccountName: Domain Admins
isCriticalSystemObject: TRUE
dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group are permitted to publish certificates to the Active Directory
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=Schema Admins,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Designated administrators of the schema
member: CN=Administrator,CN=Users,${DOMAINDN}
objectSid: ${DOMAINSID}-518
adminCount: 1
sAMAccountName: Schema Admins
groupType: -2147483640
isCriticalSystemObject: TRUE
dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Designated administrators of the enterprise
member: CN=Administrator,CN=Users,${DOMAINDN}
objectSid: ${DOMAINSID}-519
adminCount: 1
sAMAccountName: Enterprise Admins
groupType: -2147483640
isCriticalSystemObject: TRUE
dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
@ -123,6 +134,15 @@ objectSid: ${DOMAINSID}-520
sAMAccountName: Group Policy Creator Owners
isCriticalSystemObject: TRUE
dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group are Read-Only Domain Controllers in the domain
objectSid: ${DOMAINSID}-521
adminCount: 1
sAMAccountName: Read-Only Domain Controllers
isCriticalSystemObject: TRUE
dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
@ -132,48 +152,21 @@ sAMAccountName: RAS and IAS Servers
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
dn: CN=Allowed RODC Password Replication Group,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Read-only domain controllers
objectSid: ${DOMAINSID}-521
sAMAccountName: Read-Only Domain Controllers
description: Members in this group can have their passwords replicated to all read-only domain controllers in the domain.
objectSid: ${DOMAINSID}-571
sAMAccountName: Allowed RODC Password Replication Group
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
dn: CN=Denied RODC Password Replication Group,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Enterprise read-only domain controllers
objectSid: ${DOMAINSID}-498
sAMAccountName: Enterprise Read-Only Domain Controllers
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Certificate Service DCOM Access
objectSid: ${DOMAINSID}-574
sAMAccountName: Certificate Service DCOM Access
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Cryptographic Operators
objectSid: ${DOMAINSID}-569
sAMAccountName: Cryptographic Operators
groupType: -2147483644
isCriticalSystemObject: TRUE
dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
objectClass: top
objectClass: group
description: Event Log Readers
objectSid: ${DOMAINSID}-573
sAMAccountName: Event Log Readers
description: Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain.
objectSid: ${DOMAINSID}-572
sAMAccountName: Denied RODC Password Replication Group
groupType: -2147483644
isCriticalSystemObject: TRUE
@ -194,6 +187,11 @@ objectClass: top
objectClass: foreignSecurityPrincipal
objectSid: S-1-5-11
dn: CN=S-1-5-17,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectClass: top
objectClass: foreignSecurityPrincipal
objectSid: S-1-5-17
dn: CN=S-1-5-20,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectClass: top
objectClass: foreignSecurityPrincipal
@ -240,6 +238,28 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members can administer domain user and group accounts
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members can administer domain servers
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@ -273,6 +293,17 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: A backward compatibility group which allows read access on all users and groups in the domain
member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@ -293,6 +324,16 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group can create incoming, one-way trusts to this forest
objectSid: S-1-5-32-557
sAMAccountName: Incoming Forest Trust Builders
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@ -314,49 +355,6 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members can administer domain servers
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members can administer domain user and group accounts
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: A backward compatibility group which allows read access on all users and groups in the domain
member: CN=S-1-5-11,CN=ForeignSecurityPrincipals,${DOMAINDN}
objectSid: S-1-5-32-554
sAMAccountName: Pre-Windows 2000 Compatible Access
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group can create incoming, one-way trusts to this forest
objectSid: S-1-5-32-557
sAMAccountName: Incoming Forest Trust Builders
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
@ -388,6 +386,36 @@ systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Cryptographic Operators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members are authorized to perform cryptographic operations.
objectSid: S-1-5-32-569
sAMAccountName: Cryptographic Operators
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Event Log Readers,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group can read event logs from local machine.
objectSid: S-1-5-32-573
sAMAccountName: Event Log Readers
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
dn: CN=Certificate Service DCOM Access,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group
description: Members of this group are allowed to connect to Certification Authorities in the enterprise.
objectSid: S-1-5-32-574
sAMAccountName: Certificate Service DCOM Access
systemFlags: -1946157056
groupType: -2147483643
isCriticalSystemObject: TRUE
# Add well known security principals
dn: CN=WellKnown Security Principals,${CONFIGDN}