mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
ee257e902a
This must be set to either 'domain controller', 'domain member' or 'standalone'.
The default for the provision now changes to 'standalone'.
This is not because Samba4 is particularlly useful in that mode, but
because we still want a positive sign from the administrator that we
should advertise as a DC.
We now do more to ensure the 'standalone' and 'member server'
provision output is reasonable, and try not to set odd things into the
database that only belong for the DC.
Andrew Bartlett
(This used to be commit 4cc4ed7719)
587 lines
17 KiB
Plaintext
587 lines
17 KiB
Plaintext
dn: CN=Administrator,CN=Users,${DOMAINDN}
|
|
objectClass: user
|
|
cn: Administrator
|
|
description: Built-in account for administering the computer/domain
|
|
memberOf: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
|
|
memberOf: CN=Domain Admins,CN=Users,${DOMAINDN}
|
|
memberOf: CN=Enterprise Admins,CN=Users,${DOMAINDN}
|
|
memberOf: CN=Schema Admins,CN=Users,${DOMAINDN}
|
|
memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
|
|
userAccountControl: 66048
|
|
objectSid: ${DOMAINSID}-500
|
|
adminCount: 1
|
|
accountExpires: -1
|
|
sAMAccountName: Administrator
|
|
isCriticalSystemObject: TRUE
|
|
sambaPassword:: ${ADMINPASS_B64}
|
|
|
|
dn: CN=Guest,CN=Users,${DOMAINDN}
|
|
objectClass: user
|
|
cn: Guest
|
|
description: Built-in account for guest access to the computer/domain
|
|
memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
|
|
userAccountControl: 66082
|
|
primaryGroupID: 514
|
|
objectSid: ${DOMAINSID}-501
|
|
sAMAccountName: Guest
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Administrators
|
|
description: Administrators have complete and unrestricted access to the computer/domain
|
|
member: CN=Domain Admins,CN=Users,${DOMAINDN}
|
|
member: CN=Enterprise Admins,CN=Users,${DOMAINDN}
|
|
member: CN=Administrator,CN=Users,${DOMAINDN}
|
|
objectSid: S-1-5-32-544
|
|
adminCount: 1
|
|
sAMAccountName: Administrators
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeSecurityPrivilege
|
|
privilege: SeBackupPrivilege
|
|
privilege: SeRestorePrivilege
|
|
privilege: SeSystemtimePrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeRemoteShutdownPrivilege
|
|
privilege: SeTakeOwnershipPrivilege
|
|
privilege: SeDebugPrivilege
|
|
privilege: SeSystemEnvironmentPrivilege
|
|
privilege: SeSystemProfilePrivilege
|
|
privilege: SeProfileSingleProcessPrivilege
|
|
privilege: SeIncreaseBasePriorityPrivilege
|
|
privilege: SeLoadDriverPrivilege
|
|
privilege: SeCreatePagefilePrivilege
|
|
privilege: SeIncreaseQuotaPrivilege
|
|
privilege: SeChangeNotifyPrivilege
|
|
privilege: SeUndockPrivilege
|
|
privilege: SeManageVolumePrivilege
|
|
privilege: SeImpersonatePrivilege
|
|
privilege: SeCreateGlobalPrivilege
|
|
privilege: SeEnableDelegationPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
privilege: SeNetworkLogonRight
|
|
privilege: SeRemoteInteractiveLogonRight
|
|
|
|
dn: CN=Users,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Users
|
|
description: Users are prevented from making accidental or intentional system-wide changes. Thus, Users can run certified applications, but not most legacy applications
|
|
member: CN=Domain Users,CN=Users,${DOMAINDN}
|
|
objectSid: S-1-5-32-545
|
|
sAMAccountName: Users
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Guests,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Guests
|
|
description: Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
|
|
member: CN=Domain Guests,CN=Users,${DOMAINDN}
|
|
member: CN=Guest,CN=Users,${DOMAINDN}
|
|
objectSid: S-1-5-32-546
|
|
sAMAccountName: Guests
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Print Operators,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Print Operators
|
|
description: Members can administer domain printers
|
|
objectSid: S-1-5-32-550
|
|
adminCount: 1
|
|
sAMAccountName: Print Operators
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeLoadDriverPrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Backup Operators,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Backup Operators
|
|
description: Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
|
|
objectSid: S-1-5-32-551
|
|
adminCount: 1
|
|
sAMAccountName: Backup Operators
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeBackupPrivilege
|
|
privilege: SeRestorePrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Replicator,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Replicator
|
|
description: Supports file replication in a domain
|
|
objectSid: S-1-5-32-552
|
|
adminCount: 1
|
|
sAMAccountName: Replicator
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Remote Desktop Users,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Remote Desktop Users
|
|
description: Members in this group are granted the right to logon remotely
|
|
objectSid: S-1-5-32-555
|
|
sAMAccountName: Remote Desktop Users
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Network Configuration Operators,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Network Configuration Operators
|
|
description: Members in this group can have some administrative privileges to manage configuration of networking features
|
|
objectSid: S-1-5-32-556
|
|
sAMAccountName: Network Configuration Operators
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Performance Monitor Users,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Performance Monitor Users
|
|
description: Members of this group have remote access to monitor this computer
|
|
objectSid: S-1-5-32-558
|
|
sAMAccountName: Performance Monitor Users
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Performance Log Users,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Performance Log Users
|
|
description: Members of this group have remote access to schedule logging of performance counters on this computer
|
|
objectSid: S-1-5-32-559
|
|
sAMAccountName: Performance Log Users
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=krbtgt,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
objectClass: user
|
|
cn: krbtgt
|
|
description: Key Distribution Center Service Account
|
|
showInAdvancedViewOnly: TRUE
|
|
userAccountControl: 514
|
|
objectSid: ${DOMAINSID}-502
|
|
adminCount: 1
|
|
accountExpires: 9223372036854775807
|
|
sAMAccountName: krbtgt
|
|
sAMAccountType: 805306368
|
|
servicePrincipalName: kadmin/changepw
|
|
isCriticalSystemObject: TRUE
|
|
sambaPassword:: ${KRBTGTPASS_B64}
|
|
|
|
dn: CN=Domain Computers,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Computers
|
|
description: All workstations and servers joined to the domain
|
|
objectSid: ${DOMAINSID}-515
|
|
sAMAccountName: Domain Computers
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Domain Controllers,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Controllers
|
|
description: All domain controllers in the domain
|
|
objectSid: ${DOMAINSID}-516
|
|
adminCount: 1
|
|
sAMAccountName: Domain Controllers
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Schema Admins,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Schema Admins
|
|
description: Designated administrators of the schema
|
|
member: CN=Administrator,CN=Users,${DOMAINDN}
|
|
objectSid: ${DOMAINSID}-518
|
|
adminCount: 1
|
|
sAMAccountName: Schema Admins
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Enterprise Admins,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Enterprise Admins
|
|
description: Designated administrators of the enterprise
|
|
member: CN=Administrator,CN=Users,${DOMAINDN}
|
|
memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
|
|
objectSid: ${DOMAINSID}-519
|
|
adminCount: 1
|
|
sAMAccountName: Enterprise Admins
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Cert Publishers,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Cert Publishers
|
|
description: Members of this group are permitted to publish certificates to the Active Directory
|
|
groupType: 2147483652
|
|
sAMAccountType: 536870912
|
|
objectSid: ${DOMAINSID}-517
|
|
sAMAccountName: Cert Publishers
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Domain Admins,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Admins
|
|
description: Designated administrators of the domain
|
|
member: CN=Administrator,CN=Users,${DOMAINDN}
|
|
memberOf: CN=Administrators,CN=Builtin,${DOMAINDN}
|
|
objectSid: ${DOMAINSID}-512
|
|
adminCount: 1
|
|
sAMAccountName: Domain Admins
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Domain Users,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Users
|
|
description: All domain users
|
|
memberOf: CN=Users,CN=Builtin,${DOMAINDN}
|
|
objectSid: ${DOMAINSID}-513
|
|
sAMAccountName: Domain Users
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Domain Guests,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Domain Guests
|
|
description: All domain guests
|
|
memberOf: CN=Guests,CN=Builtin,${DOMAINDN}
|
|
objectSid: ${DOMAINSID}-514
|
|
sAMAccountName: Domain Guests
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Group Policy Creator Owners,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Group Policy Creator Owners
|
|
description: Members in this group can modify group policy for the domain
|
|
member: CN=Administrator,CN=Users,${DOMAINDN}
|
|
objectSid: ${DOMAINSID}-520
|
|
sAMAccountName: Group Policy Creator Owners
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=RAS and IAS Servers,CN=Users,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: RAS and IAS Servers
|
|
description: Servers in this group can access remote access properties of users
|
|
instanceType: 4
|
|
objectSid: ${DOMAINSID}-553
|
|
sAMAccountName: RAS and IAS Servers
|
|
sAMAccountType: 536870912
|
|
groupType: 2147483652
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Server Operators,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Server Operators
|
|
description: Members can administer domain servers
|
|
instanceType: 4
|
|
objectSid: S-1-5-32-549
|
|
adminCount: 1
|
|
sAMAccountName: Server Operators
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeBackupPrivilege
|
|
privilege: SeSystemtimePrivilege
|
|
privilege: SeRemoteShutdownPrivilege
|
|
privilege: SeRestorePrivilege
|
|
privilege: SeShutdownPrivilege
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Account Operators,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Account Operators
|
|
description: Members can administer domain user and group accounts
|
|
instanceType: 4
|
|
objectSid: S-1-5-32-548
|
|
adminCount: 1
|
|
sAMAccountName: Account Operators
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeInteractiveLogonRight
|
|
|
|
dn: CN=Pre-Windows 2000 Compatible Access,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Pre-Windows 2000 Compatible Access
|
|
description: A backward compatibility group which allows read access on all users and groups in the domain
|
|
objectSid: S-1-5-32-554
|
|
sAMAccountName: Pre-Windows 2000 Compatible Access
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
privilege: SeRemoteInteractiveLogonRight
|
|
privilege: SeChangeNotifyPrivilege
|
|
|
|
dn: CN=Incoming Forest Trust Builders,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Incoming Forest Trust Builders
|
|
description: Members of this group can create incoming, one-way trusts to this forest
|
|
objectSid: S-1-5-32-557
|
|
sAMAccountName: Incoming Forest Trust Builders
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Windows Authorization Access Group,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Windows Authorization Access Group
|
|
description: Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
|
|
objectSid: S-1-5-32-560
|
|
sAMAccountName: Windows Authorization Access Group
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Terminal Server License Servers,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Terminal Server License Servers
|
|
description: Terminal Server License Servers
|
|
objectSid: S-1-5-32-561
|
|
sAMAccountName: Terminal Server License Servers
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=Distributed COM Users,CN=Builtin,${DOMAINDN}
|
|
objectClass: top
|
|
objectClass: group
|
|
cn: Distributed COM Users
|
|
description: Members are allowed to launch, activate and use Distributed COM objects on this machine.
|
|
objectSid: S-1-5-32-562
|
|
sAMAccountName: Distributed COM Users
|
|
sAMAccountType: 536870912
|
|
systemFlags: 2348810240
|
|
groupType: 2147483653
|
|
isCriticalSystemObject: TRUE
|
|
|
|
dn: CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: container
|
|
cn: WellKnown Security Principals
|
|
systemFlags: 2147483648
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Anonymous Logon,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Anonymous Logon
|
|
objectSid: S-1-5-7
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Authenticated Users,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Authenticated Users
|
|
objectSid: S-1-5-11
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Batch,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Batch
|
|
objectSid: S-1-5-3
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Creator Group,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Creator Group
|
|
objectSid: S-1-3-1
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Creator Owner,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Creator Owner
|
|
objectSid: S-1-3-0
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Dialup,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Dialup
|
|
objectSid: S-1-5-1
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Digest Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Digest Authentication
|
|
objectSid: S-1-5-64-21
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Enterprise Domain Controllers,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Enterprise Domain Controllers
|
|
objectSid: S-1-5-9
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Everyone,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Everyone
|
|
objectSid: S-1-1-0
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Interactive,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Interactive
|
|
objectSid: S-1-5-4
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Local Service,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Local Service
|
|
objectSid: S-1-5-19
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Network,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Network
|
|
objectSid: S-1-5-2
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Network Service,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Network Service
|
|
objectSid: S-1-5-20
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=NTLM Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: NTLM Authentication
|
|
objectSid: S-1-5-64-10
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Other Organization,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Other Organization
|
|
objectSid: S-1-5-1000
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Proxy,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Proxy
|
|
objectSid: S-1-5-8
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Remote Interactive Logon,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Remote Interactive Logon
|
|
objectSid: S-1-5-14
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Restricted,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Restricted
|
|
objectSid: S-1-5-12
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=SChannel Authentication,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: SChannel Authentication
|
|
objectSid: S-1-5-64-14
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Self,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Self
|
|
objectSid: S-1-5-10
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Service,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Service
|
|
objectSid: S-1-5-6
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Terminal Server User,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Terminal Server User
|
|
objectSid: S-1-5-13
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=This Organization,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: This Organization
|
|
objectSid: S-1-5-15
|
|
showInAdvancedViewOnly: TRUE
|
|
|
|
dn: CN=Well-Known-Security-Id-System,CN=WellKnown Security Principals,${CONFIGDN}
|
|
objectClass: top
|
|
objectClass: foreignSecurityPrincipal
|
|
cn: Well-Known-Security-Id-System
|
|
objectSid: S-1-5-18
|
|
showInAdvancedViewOnly: TRUE
|
|
|