Skip to content

Instantly share code, notes, and snippets.

@bzerangue

bzerangue/macs-on-active-directory.md

Last active August 6, 2025 19:23
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bzerangue/6886182 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bzerangue/6886182 to your computer and use it in GitHub Desktop.
Download ZIP
Binding and Unbinding to Active Directory from Mac OS via Command Line
Raw
macs-on-active-directory.md

Binding and Unbinding to Active Directory from Mac OS via Command Line

  • Open the Terminal Application
  • Type in sudo -i and type in your Mac Administrator account password. sudo gives you root level or administrator level privileges.

To View current Active Directory Settings

dsconfigad -show

To Unbind a Computer from an Active Directory Domain

dsconfigad -remove -username <username> -password <password> [-localuser <localadmin> -localpassword <localpass>]

Note: <username> needs to be replaced with domain administrator who has binding/unbinding rights.

To Bind a Mac Laptop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -add <domain> -computer <computer-name> -username <username> -password <password> -ou "CN=Computers,DC=network,DC=example,DC=com" [-force] [-localuser <localadmin> -localpassword <localpass>] -mobile enable -mobileconfirm enable -localhome enable -useuncpath enable -protocol smb -groups "Domain Admins,Enterprise Admins" -alldomains enable -packetsign require -packetencrypt require

To Bind a Mac Desktop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -add <domain> -computer <computer-name> -username <username> -password <password> -ou "CN=Computers,DC=network,DC=example,DC=com" [-force] [-localuser <localadmin> -localpassword <localpass>] -localhome enable -useuncpath enable -protocol smb -groups "Domain Admins,Enterprise Admins" -alldomains enable -packetsign require -packetencrypt require

@kvellano
Copy link

kvellano commented Aug 8, 2019

Is there special syntax associated with the -u and -p for unbinding? I don't want to force unbind leaving cruft in AD. I keep getting "Invalid Credentials supplied to remove the bound server" I've tried:

For -u
ou\admin-account
ou\admin-account
admin-account

For -p
pa$$w0rd^
pa$$w0rd^

NOTE - these are random credentials but I am structuring them here to be very similar, including the $ in the password.

I believe bash is messing with my credentials...If I echo the password with the "" in front of the $ signs, it echos properly. If I echo ou\admin-account with the additional , it echoes properly.

Help please :D

@azwarners
Copy link

azwarners commented Sep 10, 2020
edited
Loading

Has anyone ever found a cause for "Node name wasn't found. (2000)" besides time difference or DNS?

I ran "net time" on our AD controller and it matches the time on my MacBook nearly to the second. It's using our network's DHCP for DNS settings.

I haven't been able to find any other reasons for this error when searching online. I had no problems binding it to the domain manually through System Preferences.

UPDATE:
Turned out to be a switch that wasn't working after all. When configuring MacBooks at work, we're supposed to check the box, "Prefer this domain server:", and then enter our organization's domain. I tried automating this by adding the -preferred switch followed by our domain, but apparently that breaks dsconfigad.

@jszabo98
Copy link

jszabo98 commented May 6, 2025
edited
Loading

I don't see < username > after "dsconfigad -f -r -u".

@bzerangue
Copy link
Author

bzerangue commented May 6, 2025

@jszabo98 - in your macOS Terminal, run the following help command, that will show what options you have available to you.

dsconfigad -h

@jszabo98
Copy link

jszabo98 commented May 6, 2025
edited
Loading

I'm pointing out a typo in this document. Oh it's fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment