Skip to main content Logo (IEC resistor symbol) logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

Join Mac OS X to an Active Directory / OpenDLAP directory from the commandline

Published: 02-05-2013 | Author: Remy van Elst | Text only version of this article

Table of Contents

This little snippet joins an Mac OS X computer to a Windows Active Directory or OpenLDAP Directory domain from the Command Line or via Apple Remote Desktop. It is tested on OS X 10.6, 10.7 and 10.8 combined with a Windows Server 2003/2008/2012 mixed Active Directory domain and a Fedora 389 DS domain and an OpenLDAP domain.

If you like this article, consider sponsoring me by trying out a Digital Ocean VPS. With this link you'll get $100 credit for 60 days). (referral link)

dsconfigad -add DOMAIN.EXT -computer "`hostname -s`" -mobile enable -mobileconfirm disable -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD" -ou "CN=Computers,DC=DOMAIN,DC=EXT"

The following command also add's users in the "Domain Admins" and "IT_ADM" to the local Mac OS Admin users. Those users have local administrator rights on the OS X Machine

dsconfigad -groups "DOMAIN\Domain Admins,DOMAIN\IT_ADM"

This last command removes the OS X machine from a domain:

dsconfigad -remove DOMAIN.EXT -computer "`hostname -s`" -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD"
Tags: 389-ds , active-directory , apple , apple-remote-desktop , ard , mac , openldap , os-x , snippets , windows