Skip to main content

Raymii.org Raymii.org Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed | Gopher

Join Mac OS X to an Active Directory / OpenDLAP directory from the commandline

Published: 02-05-2013 | Author: Remy van Elst | Text only version of this article


❗ This post is over eight years old. It may no longer be up to date. Opinions may have changed.

This little snippet joins an Mac OS X computer to a Windows Active Directory or OpenLDAP Directory domain from the Command Line or via Apple Remote Desktop. It is tested on OS X 10.6, 10.7 and 10.8 combined with a Windows Server 2003/2008/2012 mixed Active Directory domain and a Fedora 389 DS domain and an OpenLDAP domain.

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.

dsconfigad -add DOMAIN.EXT -computer "`hostname -s`" -mobile enable -mobileconfirm disable -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD" -ou "CN=Computers,DC=DOMAIN,DC=EXT"

The following command also add's users in the "Domain Admins" and "IT_ADM" to the local Mac OS Admin users. Those users have local administrator rights on the OS X Machine

dsconfigad -groups "DOMAIN\Domain Admins,DOMAIN\IT_ADM"

This last command removes the OS X machine from a domain:

dsconfigad -remove DOMAIN.EXT -computer "`hostname -s`" -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD"
Tags: 389-ds , active-directory , apple , apple-remote-desktop , ard , mac , openldap , os-x , snippets , windows