Raymii.org
Quis custodiet ipsos custodes?Home | About | All pages | Cluster Status | RSS Feed
Join Mac OS X to an Active Directory / OpenDLAP directory from the commandline
Published: 02-05-2013 | Author: Remy van Elst | Text only version of this article
❗ This post is over eleven years old. It may no longer be up to date. Opinions may have changed.
This little snippet joins an Mac OS X computer to a Windows Active Directory or OpenLDAP Directory domain from the Command Line or via Apple Remote Desktop. It is tested on OS X 10.6, 10.7 and 10.8 combined with a Windows Server 2003/2008/2012 mixed Active Directory domain and a Fedora 389 DS domain and an OpenLDAP domain.
Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below. It means the world to me if you show your appreciation and you'll help pay the server costs:
GitHub Sponsorship
PCBWay referral link (You get $5, I get $20 after you've placed an order)
Digital Ocea referral link ($200 credit for 60 days. Spend $25 after your credit expires and I'll get $25!)
dsconfigad -add DOMAIN.EXT -computer "`hostname -s`" -mobile enable -mobileconfirm disable -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD" -ou "CN=Computers,DC=DOMAIN,DC=EXT"
The following command also add's users in the "Domain Admins" and "IT_ADM" to the local Mac OS Admin users. Those users have local administrator rights on the OS X Machine
dsconfigad -groups "DOMAIN\Domain Admins,DOMAIN\IT_ADM"
This last command removes the OS X machine from a domain:
dsconfigad -remove DOMAIN.EXT -computer "`hostname -s`" -username "DOMAIN_ADMIN_USERNAME" -password "DOMAIN_ADMIN_PASSWORD"