Skip to content

Instantly share code, notes, and snippets.

@bzerangue

bzerangue/macs-on-active-directory.md

Last active August 6, 2025 19:23
Show Gist options
  • Save bzerangue/6886182 to your computer and use it in GitHub Desktop.
Save bzerangue/6886182 to your computer and use it in GitHub Desktop.
Download ZIP
Binding and Unbinding to Active Directory from Mac OS via Command Line
Raw
macs-on-active-directory.md

Binding and Unbinding to Active Directory from Mac OS via Command Line

  • Open the Terminal Application
  • Type in sudo -i and type in your Mac Administrator account password. sudo gives you root level or administrator level privileges.

To View current Active Directory Settings

dsconfigad -show

To Unbind a Computer from an Active Directory Domain

dsconfigad -remove -username <username> -password <password> [-localuser <localadmin> -localpassword <localpass>]

Note: <username> needs to be replaced with domain administrator who has binding/unbinding rights.

To Bind a Mac Laptop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -add <domain> -computer <computer-name> -username <username> -password <password> -ou "CN=Computers,DC=network,DC=example,DC=com" [-force] [-localuser <localadmin> -localpassword <localpass>] -mobile enable -mobileconfirm enable -localhome enable -useuncpath enable -protocol smb -groups "Domain Admins,Enterprise Admins" -alldomains enable -packetsign require -packetencrypt require

To Bind a Mac Desktop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -add <domain> -computer <computer-name> -username <username> -password <password> -ou "CN=Computers,DC=network,DC=example,DC=com" [-force] [-localuser <localadmin> -localpassword <localpass>] -localhome enable -useuncpath enable -protocol smb -groups "Domain Admins,Enterprise Admins" -alldomains enable -packetsign require -packetencrypt require

@jszabo98
Copy link

jszabo98 commented May 6, 2025
edited
Loading

I don't see < username > after "dsconfigad -f -r -u".

@bzerangue
Copy link
Author

@jszabo98 - in your macOS Terminal, run the following help command, that will show what options you have available to you.

dsconfigad -h

@jszabo98
Copy link

jszabo98 commented May 6, 2025
edited
Loading

I'm pointing out a typo in this document. Oh it's fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment