Active Directory Payload macOS
Description
This payload can be used to join a macOS device to an Active Directory and configure the domain membership options.
Active Directory (macOS) | Description | Example |
|---|---|---|
Domain |
|
|
Domain Name | The Active Directory domain to join using FQDN. |
|
User Name | User name of the account used to join the domain, using user principal name, USER@EXAMPLE.COM |
|
Password | The password of the account used to join the domain. |
|
AD organizational Unit | The organizational unit (OU) where the joining computer object is added, using the distinguished name, OU=MACOU,DC=EXAMPLE,DC=COM |
|
A Mount Style | Network home protocol to use: (afp) or (smb). |
|
Enable or disable the AD Create Mobile Account At Login key | Description | Value | Default |
|---|---|---|---|
AD Create Mobile Account At Login | Create mobile account at login. | Boolean | False |
Enable or disable the AD Warn User Before Creating MA key | Description | Value | Default |
|---|---|---|---|
AD Warn User Before Creating MA | Warn user before creating a Mobile Account. | Boolean | False |
Enable or disable the AD Force Home Local key | Description | Value | Default |
|---|---|---|---|
AD Force Home Local | Force local home directory. | Boolean | False |
Enable or disable the AD Use Windows UNC Path key | Description | Value | Default |
|---|---|---|---|
AD Use Windows UNC Path | Use UNC path from Active Directory to derive network home location. | Boolean | False |
Enable or disable the AD Allow Multi Domain Auth Key | Description | Value | Default |
|---|---|---|---|
AD Allow Multi Domain Auth | Allow authentication from any domain in the forest. | SingleValue |
Enable or disable the AD Default User Shell key | Description | Value | Default |
|---|---|---|---|
AD Default User Shell | Default user shell; e.g. /bin/bash. | SingleValue |
|
Enable or disable the AD Map UID Attribute key | Description | Value | Default |
|---|---|---|---|
AD Map UID Attribute | Map UID to attribute. | SingleValue |
|
Enable or disable the AD Map GID Attribute key | Description | Value | Default |
|---|---|---|---|
AD Map GID Attribute | Map user GID to attribute. | SingleValue |
|
Enable or disable the AD Map GGID Attribute key | Description | Value | Default |
|---|---|---|---|
AD Map GGID Attribute | Map group GID to attribute. | SingleValue |
|
Enable or disable the AD Preferred DC Server key | Description | Value | Default |
|---|---|---|---|
AD Preferred DC Server | Prefer this domain server. | SingleValue |
|
Enable or disable the AD Domain Admin Group List key | Description | Value | Default |
|---|---|---|---|
AD Domain Admin Group List, separated by semicolons ; | Allow administration by specified Active Directory groups. | SingleValue |
|
Enable or disable the AD Name space key | Description | Value | Default |
|---|---|---|---|
AD Name space | Set primary user account naming convention: (forest) or (domain) domain is default. | MultiValue |
|
Enable or disable the AD Packet Encrypt key | Description | Value | Default |
|---|---|---|---|
AD Packet Encrypt | Packet encryption: (allow), (disable), (require) or (ssl) allow is default. | MultiValue |
|
Enable or disable the AD Restrict DDNS key | Description | Value | Default |
|---|---|---|---|
AD Restrict Dynamic DNS, separated by semicolons ; | Restrict Dynamic DNS updates to the specified interfaces (e.g. en0, en1, etc). | SingleValue |
|
Enable or disable the AD Trust Change Pass Interval Days key | Description | Value | Default |
|---|---|---|---|
AD Trust Change Pass Interval Days | How often to require a change of the computer trust account password in days; 0 is disabled. | SingleValue |
|
For more information on specific features, refer to Apple’s documentation → Apple Configuration Profile Reference