mirror of
https://github.com/samba-team/samba.git
synced 2025-01-07 17:18:11 +03:00
bdee131f30
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.
metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)
This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:
- the ltdb index records need to use the string form of the objectSid
(to keep the DNs sane). Until that it done I have disabled indexing on
objectSid, which is a big performance hit, but allows us to pass
all our tests while I rejig the indexing system to use a externally
supplied conversion function
- I haven't yet put in place the code that allows client to use the
"S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
supports this, presumably by looking for the "S-" prefix to
determine what type of objectSid form is being used by the client. I
have been working on ways to handle this, but am not happy with
them yet so they aren't part of this patch
- I need to change pidl to generate push functions that take a
"const void *" instead of a "void*" for the data pointer. That will
fix the couple of new warnings this code generates.
Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
(This used to be commit d40bc2fa8d)
1296 lines
33 KiB
Plaintext
1296 lines
33 KiB
Plaintext
dn: @INDEXLIST
|
|
@IDXATTR: name
|
|
@IDXATTR: sAMAccountName
|
|
@IDXATTR: objectSid_DISABLED_BY_TRIDGE
|
|
@IDXATTR: objectClass
|
|
@IDXATTR: member
|
|
@IDXATTR: unixID
|
|
@IDXATTR: unixName
|
|
@IDXATTR: privilege
|
|
|
|
dn: @ATTRIBUTES
|
|
userPrincipalName: CASE_INSENSITIVE
|
|
servicePrincipalName: CASE_INSENSITIVE
|
|
dnsDomain: CASE_INSENSITIVE
|
|
dnsRoot: CASE_INSENSITIVE
|
|
cn: CASE_INSENSITIVE
|
|
dc: CASE_INSENSITIVE
|
|
name: CASE_INSENSITIVE
|
|
name: WILDCARD
|
|
dn: CASE_INSENSITIVE
|
|
dn: WILDCARD
|
|
sAMAccountName: CASE_INSENSITIVE
|
|
sAMAccountName: WILDCARD
|
|
objectClass: CASE_INSENSITIVE
|
|
unicodePwd: HIDDEN
|
|
ntPwdHash: HIDDEN
|
|
ntPwdHistory: HIDDEN
|
|
lmPwdHash: HIDDEN
|
|
lmPwdHistory: HIDDEN
|
|
createTimestamp: HIDDEN
|
|
modifyTimestamp: HIDDEN
|
|
groupType: INTEGER
|
|
sAMAccountType: INTEGER
|
|
systemFlags: INTEGER
|
|
userAccountControl: INTEGER
|
|
|
|
dn: @SUBCLASSES
|
|
top: domain
|
|
top: person
|
|
top: group
|
|
domain: domainDNS
|
|
domain: builtinDomain
|
|
person: organizationalPerson
|
|
organizationalPerson: user
|
|
user: computer
|
|
template: userTemplate
|
|
template: groupTemplate
|
|
|
|
#Add modules to the list to activate them by default
|
|
#beware often order is important
|
|
dn: @MODULES
|
|
@LIST: samldb,timestamps
|
|
|
|
###############################
|
|
# Domain Naming Context
|
|
###############################
|
|
dn: ${BASEDN}
|
|
objectClass: top
|
|
objectClass: domain
|
|
objectClass: domainDNS
|
|
name: ${DOMAIN}
|
|
flatname: ${DOMAIN}
|
|
dnsDomain: ${DNSDOMAIN}
|
|
dc: ${DOMAIN}
|
|
objectGUID: ${DOMAINGUID}
|
|
creationTime: ${NTTIME}
|
|
forceLogoff: 0x8000000000000000
|
|
lockoutDuration: -18000000000
|
|
lockOutObservationWindow: -18000000000
|
|
lockoutThreshold: 0
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
maxPwdAge: -37108517437440
|
|
minPwdAge: 0
|
|
minPwdLength: 7
|
|
modifiedCountAtLastProm: 0
|
|
nextRid: 1001
|
|
pwdProperties: 1
|
|
pwdHistoryLength: 24
|
|
objectSid: ${DOMAINSID}
|
|
serverState: 1
|
|
nTMixedDomain: 1
|
|
msDS-Behavior-Version: 0
|
|
ridManagerReference: CN=RID Manager$,CN=System,${BASEDN}
|
|
uASCompat: 1
|
|
modifiedCount: 1
|
|
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
subRefs: CN=Configuration,${BASEDN}
|
|
subRefs: CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Users
|
|
description: Default container for upgraded user accounts
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: FALSE
|
|
name: Users
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Computers,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Computers
|
|
description: Default container for upgraded computer accounts
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: FALSE
|
|
name: Computers
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: OU=Domain Controllers,${BASEDN}
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
ou: Domain Controllers
|
|
description: Default container for domain controllers
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: FALSE
|
|
name: Domain Controllers
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=ForeignSecurityPrincipals,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: ForeignSecurityPrincipals
|
|
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: FALSE
|
|
name: ForeignSecurityPrincipals
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=System,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: System
|
|
description: Builtin system settings
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
name: System
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=RID Manager$,CN=System,${BASEDN}
|
|
objectclass: top
|
|
objectclass: rIDManager
|
|
cn: RID Manager$
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
name: RID Manager$
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
rIDAvailablePool: 4611686014132423217
|
|
|
|
dn: CN=DomainUpdates,CN=System,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: DomainUpdates
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
name: DomainUpdates
|
|
objectGUID: ${NEWGUID}
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=Windows2003Update,CN=DomainUpdates,CN=System,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Windows2003Update
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Windows2003Update
|
|
objectGUID: ${NEWGUID}
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
revision: 8
|
|
|
|
dn: CN=Infrastructure,${BASEDN}
|
|
objectclass: top
|
|
objectclass: infrastructureUpdate
|
|
cn: Infrastructure
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Infrastructure
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: builtinDomain
|
|
cn: Builtin
|
|
instanceType: 4
|
|
showInAdvancedViewOnly: FALSE
|
|
name: Builtin
|
|
forceLogoff: 0x8000000000000000
|
|
lockoutDuration: -18000000000
|
|
lockOutObservationWindow: -18000000000
|
|
lockoutThreshold: 0
|
|
maxPwdAge: -37108517437440
|
|
minPwdAge: 0
|
|
minPwdLength: 0
|
|
modifiedCountAtLastProm: 0
|
|
nextRid: 1000
|
|
pwdProperties: 0
|
|
pwdHistoryLength: 0
|
|
objectSid: S-1-5-32
|
|
serverState: 1
|
|
uASCompat: 1
|
|
modifiedCount: 1
|
|
objectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Administrator,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
cn: Administrator
|
|
description: Built-in account for administering the computer/domain
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
memberOf: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
|
memberOf: CN=Domain Admins,CN=Users,${BASEDN}
|
|
memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
|
|
memberOf: CN=Schema Admins,CN=Users,${BASEDN}
|
|
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
|
uSNChanged: 1
|
|
name: Administrator
|
|
objectGUID: ${NEWGUID}
|
|
userAccountControl: 0x10200
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
objectSid: ${DOMAINSID}-500
|
|
adminCount: 1
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountName: Administrator
|
|
sAMAccountType: 0x30000000
|
|
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unicodePwd: ${ADMINPASS}
|
|
unixName: ${ROOT}
|
|
|
|
dn: CN=Guest,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
cn: Guest
|
|
description: Built-in account for guest access to the computer/domain
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
|
uSNChanged: 1
|
|
name: Guest
|
|
objectGUID: ${NEWGUID}
|
|
userAccountControl: 0x10222
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 514
|
|
objectSid: ${DOMAINSID}-501
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountName: Guest
|
|
sAMAccountType: 0x30000000
|
|
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Administrators,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Administrators
|
|
description: Administrators have complete and unrestricted access to the computer/domain
|
|
member: CN=Domain Admins,CN=Users,${BASEDN}
|
|
member: CN=Enterprise Admins,CN=Users,${BASEDN}
|
|
member: CN=Administrator,CN=Users,${BASEDN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Administrators
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-544
|
|
adminCount: 1
|
|
sAMAccountName: Administrators
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unixName: ${WHEEL}
|
|
privilege: SeSecurityPrivilege
|
|
privilege: SeBackupPrivilege
|
|
privilege: SeRestorePrivilege
|
|
privilege: SeSystemtimePrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeRemoteShutdownPrivilege
|
|
privilege: SeTakeOwnershipPrivilege
|
|
privilege: SeDebugPrivilege
|
|
privilege: SeSystemEnvironmentPrivilege
|
|
privilege: SeSystemProfilePrivilege
|
|
privilege: SeProfileSingleProcessPrivilege
|
|
privilege: SeIncreaseBasePriorityPrivilege
|
|
privilege: SeLoadDriverPrivilege
|
|
privilege: SeCreatePagefilePrivilege
|
|
privilege: SeIncreaseQuotaPrivilege
|
|
privilege: SeChangeNotifyPrivilege
|
|
privilege: SeUndockPrivilege
|
|
privilege: SeManageVolumePrivilege
|
|
privilege: SeImpersonatePrivilege
|
|
privilege: SeCreateGlobalPrivilege
|
|
privilege: SeEnableDelegationPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
privilege: SeNetworkLogonRight
|
|
privilege: SeRemoteInteractiveLogonRight
|
|
|
|
|
|
dn: CN=Users,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Users
|
|
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
|
|
member: CN=Domain Users,CN=Users,${BASEDN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Users
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-545
|
|
sAMAccountName: Users
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Guests,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Guests
|
|
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
|
|
member: CN=Domain Guests,CN=Users,${BASEDN}
|
|
member: CN=Guest,CN=Users,${BASEDN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Guests
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-546
|
|
sAMAccountName: Guests
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unixName: ${NOGROUP}
|
|
|
|
dn: CN=Print Operators,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Print Operators
|
|
description: Members can administer domain printers
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Print Operators
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-550
|
|
adminCount: 1
|
|
sAMAccountName: Print Operators
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeLoadDriverPrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Backup Operators,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Backup Operators
|
|
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Backup Operators
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-551
|
|
adminCount: 1
|
|
sAMAccountName: Backup Operators
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeBackupPrivilege
|
|
privilege: SeRestorePrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Replicator,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Replicator
|
|
description: Supports file replication in a domain
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Replicator
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-552
|
|
adminCount: 1
|
|
sAMAccountName: Replicator
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Remote Desktop Users,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Remote Desktop Users
|
|
description: Members in this group are granted the right to logon remotely
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Remote Desktop Users
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-555
|
|
sAMAccountName: Remote Desktop Users
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Network Configuration Operators,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Network Configuration Operators
|
|
description: Members in this group can have some administrative privileges to manage configuration of networking features
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Network Configuration Operators
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-556
|
|
sAMAccountName: Network Configuration Operators
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Performance Monitor Users,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Performance Monitor Users
|
|
description: Members of this group have remote access to monitor this computer
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Performance Monitor Users
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-558
|
|
sAMAccountName: Performance Monitor Users
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Performance Log Users,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Performance Log Users
|
|
description: Members of this group have remote access to schedule logging of performance counters on this computer
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Performance Log Users
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-559
|
|
sAMAccountName: Performance Log Users
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
objectClass: computer
|
|
cn: ${NETBIOSNAME}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: ${NETBIOSNAME}
|
|
objectGUID: ${HOSTGUID}
|
|
userAccountControl: 532480
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 127273269057298624
|
|
localPolicyFlags: 0
|
|
pwdLastSet: 127258826171655328
|
|
primaryGroupID: 516
|
|
objectSid: ${DOMAINSID}-1000
|
|
accountExpires: 9223372036854775807
|
|
logonCount: 30
|
|
sAMAccountName: ${NETBIOSNAME}$
|
|
sAMAccountType: 805306369
|
|
operatingSystem: Samba
|
|
operatingSystemVersion: 4.0
|
|
dNSHostName: ${DNSNAME}
|
|
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unicodePwd: ${JOINPASS}
|
|
servicePrincipalName: HOST/${DNSNAME}
|
|
servicePrincipalName: HOST/${NETBIOSNAME}
|
|
|
|
dn: CN=krbtgt,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
cn: krbtgt
|
|
description: Key Distribution Center Service Account
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
name: krbtgt
|
|
objectGUID: ${NEWGUID}
|
|
userAccountControl: 514
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 127258826179466560
|
|
primaryGroupID: 513
|
|
objectSid: ${DOMAINSID}-502
|
|
adminCount: 1
|
|
accountExpires: 9223372036854775807
|
|
logonCount: 0
|
|
sAMAccountName: krbtgt
|
|
sAMAccountType: 805306368
|
|
servicePrincipalName: kadmin/changepw
|
|
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unicodePwd: ${RANDPASS}
|
|
|
|
dn: CN=Domain Computers,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Computers
|
|
description: All workstations and servers joined to the domain
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Domain Computers
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-515
|
|
sAMAccountName: Domain Computers
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Domain Controllers,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Controllers
|
|
description: All domain controllers in the domain
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Domain Controllers
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-516
|
|
adminCount: 1
|
|
sAMAccountName: Domain Controllers
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Schema Admins,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Schema Admins
|
|
description: Designated administrators of the schema
|
|
member: CN=Administrator,CN=Users,${BASEDN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Schema Admins
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-518
|
|
adminCount: 1
|
|
sAMAccountName: Schema Admins
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unixName: ${WHEEL}
|
|
|
|
dn: CN=Enterprise Admins,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Enterprise Admins
|
|
description: Designated administrators of the enterprise
|
|
member: CN=Administrator,CN=Users,${BASEDN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
|
uSNChanged: 1
|
|
name: Enterprise Admins
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-519
|
|
adminCount: 1
|
|
sAMAccountName: Enterprise Admins
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unixName: ${WHEEL}
|
|
|
|
dn: CN=Cert Publishers,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Cert Publishers
|
|
description: Members of this group are permitted to publish certificates to the Active Directory
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Cert Publishers
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-517
|
|
sAMAccountName: Cert Publishers
|
|
sAMAccountType: 0x20000000
|
|
groupType: 0x80000004
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Domain Admins,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Admins
|
|
description: Designated administrators of the domain
|
|
member: CN=Administrator,CN=Users,${BASEDN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
|
|
uSNChanged: 1
|
|
name: Domain Admins
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-512
|
|
adminCount: 1
|
|
sAMAccountName: Domain Admins
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unixName: ${WHEEL}
|
|
|
|
dn: CN=Domain Users,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Users
|
|
description: All domain users
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
memberOf: CN=Users,CN=Builtin,${BASEDN}
|
|
uSNChanged: 1
|
|
name: Domain Users
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-513
|
|
sAMAccountName: Domain Users
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unixName: ${USERS}
|
|
|
|
dn: CN=Domain Guests,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Guests
|
|
description: All domain guests
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
memberOf: CN=Guests,CN=Builtin,${BASEDN}
|
|
uSNChanged: 1
|
|
name: Domain Guests
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-514
|
|
sAMAccountName: Domain Guests
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Group Policy Creator Owners,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Group Policy Creator Owners
|
|
description: Members in this group can modify group policy for the domain
|
|
member: CN=Administrator,CN=Users,${BASEDN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Group Policy Creator Owners
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-520
|
|
sAMAccountName: Group Policy Creator Owners
|
|
sAMAccountType: 0x10000000
|
|
groupType: 0x80000002
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
unixName: ${WHEEL}
|
|
|
|
dn: CN=RAS and IAS Servers,CN=Users,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: RAS and IAS Servers
|
|
description: Servers in this group can access remote access properties of users
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: RAS and IAS Servers
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: ${DOMAINSID}-553
|
|
sAMAccountName: RAS and IAS Servers
|
|
sAMAccountType: 0x20000000
|
|
groupType: 0x80000004
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Server Operators,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Server Operators
|
|
description: Members can administer domain servers
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Server Operators
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-549
|
|
adminCount: 1
|
|
sAMAccountName: Server Operators
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeBackupPrivilege
|
|
privilege: SeSystemtimePrivilege
|
|
privilege: SeRemoteShutdownPrivilege
|
|
privilege: SeRestorePrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Account Operators,CN=Builtin,${BASEDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Account Operators
|
|
description: Members can administer domain user and group accounts
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
name: Account Operators
|
|
objectGUID: ${NEWGUID}
|
|
objectSid: S-1-5-32-548
|
|
adminCount: 1
|
|
sAMAccountName: Account Operators
|
|
sAMAccountType: 0x20000000
|
|
systemFlags: 0x8c000000
|
|
groupType: 0x80000005
|
|
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Templates
|
|
description: Container for SAM account templates
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: 1
|
|
uSNChanged: 1
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Templates
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x8c000000
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
isCriticalSystemObject: TRUE
|
|
|
|
###
|
|
# note! the template users must not match normal searches. Be careful
|
|
# with what classes you put them in
|
|
###
|
|
|
|
dn: CN=TemplateUser,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateUser
|
|
name: TemplateUser
|
|
instanceType: 4
|
|
userAccountControl: 0x202
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000000
|
|
|
|
dn: CN=TemplateMemberServer,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateMemberServer
|
|
name: TemplateMemberServer
|
|
instanceType: 4
|
|
userAccountControl: 0x1002
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000001
|
|
|
|
dn: CN=TemplateDomainController,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateDomainController
|
|
name: TemplateDomainController
|
|
instanceType: 4
|
|
userAccountControl: 0x2002
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000001
|
|
|
|
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: userTemplate
|
|
cn: TemplateTrustingDomain
|
|
name: TemplateTrustingDomain
|
|
instanceType: 4
|
|
userAccountControl: 0x820
|
|
badPwdCount: 0
|
|
codePage: 0
|
|
countryCode: 0
|
|
badPasswordTime: 0
|
|
lastLogoff: 0
|
|
lastLogon: 0
|
|
pwdLastSet: 0
|
|
primaryGroupID: 513
|
|
accountExpires: -1
|
|
logonCount: 0
|
|
sAMAccountType: 0x30000002
|
|
|
|
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: groupTemplate
|
|
cn: TemplateGroup
|
|
name: TemplateGroup
|
|
instanceType: 4
|
|
groupType: 0x80000002
|
|
sAMAccountType: 0x10000000
|
|
|
|
dn: CN=TemplateAlias,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: aliasTemplate
|
|
cn: TemplateAlias
|
|
name: TemplateAlias
|
|
instanceType: 4
|
|
groupType: 0x80000004
|
|
sAMAccountType: 0x10000000
|
|
|
|
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: Template
|
|
objectClass: foreignSecurityPrincipalTemplate
|
|
cn: TemplateForeignSecurityPrincipal
|
|
name: TemplateForeignSecurityPrincipal
|
|
|
|
dn: CN=TemplateSecret,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: leaf
|
|
objectClass: Template
|
|
objectClass: secretTemplate
|
|
cn: TemplateSecret
|
|
name: TemplateSecret
|
|
instanceType: 4
|
|
|
|
dn: CN=TemplateTrustedDomain,CN=Templates,${BASEDN}
|
|
objectClass: top
|
|
objectClass: leaf
|
|
objectClass: Template
|
|
objectClass: trustedDomainTemplate
|
|
cn: TemplateTrustedDomain
|
|
name: TemplateTrustedDomain
|
|
instanceType: 4
|
|
|
|
###############################
|
|
# Configuration Naming Context
|
|
###############################
|
|
dn: CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: configuration
|
|
cn: Configuration
|
|
instanceType: 13
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Configuration
|
|
objectGUID: ${NEWGUID}
|
|
objectCategory: CN=Configuration,CN=Schema,CN=Configuration,${BASEDN}
|
|
subRefs: CN=Schema,CN=Configuration,${BASEDN}
|
|
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=Partitions,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: crossRefContainer
|
|
cn: Partitions
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Partitions
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x80000000
|
|
objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
msDS-Behavior-Version: 0
|
|
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=Enterprise Configuration,CN=Partitions,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: crossRef
|
|
cn: Enterprise Configuration
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Enterprise Configuration
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x00000001
|
|
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
|
|
nCName: CN=Configuration,${BASEDN}
|
|
dnsRoot: ${DNSDOMAIN}
|
|
|
|
dn: CN=Enterprise Schema,CN=Partitions,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: crossRef
|
|
cn: Enterprise Schema
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Enterprise Schema
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x00000001
|
|
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
|
|
nCName: CN=Schema,CN=Configuration,${BASEDN}
|
|
dnsRoot: ${DNSDOMAIN}
|
|
|
|
dn: CN=${DOMAIN},CN=Partitions,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: crossRef
|
|
cn: ${DOMAIN}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: ${DOMAIN}
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x00000003
|
|
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
|
|
nCName: ${BASEDN}
|
|
nETBIOSName: ${DOMAIN}
|
|
dnsRoot: ${DNSDOMAIN}
|
|
|
|
dn: CN=Sites,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: sitesContainer
|
|
cn: Sites
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Sites
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x82000000
|
|
objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: site
|
|
cn: Sites
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Sites
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x82000000
|
|
objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: serversContainer
|
|
cn: Servers
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Servers
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x82000000
|
|
objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
|
|
dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: server
|
|
cn: ${NETBIOSNAME}
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: ${NETBIOSNAME}
|
|
objectGUID: ${NEWGUID}
|
|
systemFlags: 0x52000000
|
|
objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
|
|
dNSHostName: ${DNSNAME}
|
|
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
|
|
|
|
dn: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: applicationSettings
|
|
objectClass: nTDSDSA
|
|
cn: NTDS Settings
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: NTDS Settings
|
|
systemFlags: 0x02000000
|
|
objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
|
|
dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
|
|
objectGUID: ${INVOCATIONID}
|
|
invocationId: ${INVOCATIONID}
|
|
msDS-Behavior-Version: 2
|
|
|
|
dn: CN=Services,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Services
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Services
|
|
systemFlags: 0x80000000
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
objectGUID: ${NEWGUID}
|
|
|
|
dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: Windows NT
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Windows NT
|
|
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
|
|
objectGUID: ${NEWGUID}
|
|
|
|
dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: nTDSService
|
|
cn: Directory Service
|
|
instanceType: 4
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Directory Service
|
|
objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
|
|
objectGUID: ${NEWGUID}
|
|
sPNMappings: host=ldap,dns,cifs
|
|
|
|
|
|
###############################
|
|
# Schema Naming Context
|
|
###############################
|
|
dn: CN=Schema,CN=Configuration,${BASEDN}
|
|
objectClass: top
|
|
objectClass: dMD
|
|
cn: Schema
|
|
instanceType: 13
|
|
whenCreated: ${LDAPTIME}
|
|
whenChanged: ${LDAPTIME}
|
|
uSNCreated: ${USN}
|
|
uSNChanged: ${USN}
|
|
showInAdvancedViewOnly: TRUE
|
|
name: Schema
|
|
objectGUID: ${NEWGUID}
|
|
objectCategory: CN=DMD,CN=Schema,CN=Configuration,${BASEDN}
|
|
masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
msDs-masteredBy: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
|
|
objectVersion: 30
|