Skip to main content

Raymii.org Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Join Mac OS X to an Active Directory / OpenDLAP directory from the commandline

Published: 02-05-2013 | Author: Remy van Elst | Text only version of this article


Table of Contents


This little snippet joins an Mac OS X computer to a Windows Active Directory orOpenLDAP Directory domain from the Command Line or via Apple Remote Desktop. Itis tested on OS X 10.6, 10.7 and 10.8 combined with a Windows Server2003/2008/2012 mixed Active Directory domain and a Fedora 389 DS domain and anOpenLDAP domain.

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

dsconfigad -add DOMAIN.EXT -computer "`hostname -s`" -mobile enable -mobileconfirm disable -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD" -ou "CN=Computers,DC=DOMAIN,DC=EXT"

The following command also add's users in the "Domain Admins" and "IT_ADM" tothe local Mac OS Admin users. Those users have local administrator rights on theOS X Machine

dsconfigad -groups "DOMAIN\Domain Admins,DOMAIN\IT_ADM"

This last command removes the OS X machine from a domain:

dsconfigad -remove DOMAIN.EXT -computer "`hostname -s`" -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD"
Tags: 389-ds, active-directory, apple, apple-remote-desktop, ard, mac, openldap, os-x, snippets, windows