Active Directory

Use the Active Directory settings to configure macOS devices to join an Active Directory (AD) domain.

The following table describes the Active Directory settings:
Policy setting Description
Hostname The Active Directory domain to join.
Username The user name of the account that is used to join the domain.
Password The password of the account that is used to join the domain.
Organizational Unit The organizational unit (OU) where the joining computer object is added.
Mount Style The network home protocol to use: afp or smb.
Create Mobile Account at Login A mobile account is created at login.
Warn User Before creating Mobile Account The user is warned before they create a mobile account.
Force Local Home Directory The local home directory is forced.
Use UNC Path from AD for Network Home Location The UNC path from the Active Directory that is used to determine the network home location.
Allow Multi Domain Authentication Authentication is allowed from any domain in the forest.
Default User Shell The default user shell. Example: /bin/bash
Map UID Attribute The user UID that is mapped to the attribute.
Map GID Attribute The user GID that is mapped to the attribute.
Map Group GID (GGID) Attribute The group GID that is mapped to the attribute.
Preferred DC (Domain) Server The preferred domain server.
Domain Administration Group List The comma-separated list of active directory group administrators.
Name Space The primary user account naming convention: forest or domain (default).
Packet Signing The packet signing condition: allow (default), disable, or require.
Packet Encryption The packet encryption condition: allow (default), disable, require, or ssl.
Restrict Dynamic DNS Updates The Dynamic DNS updates are restricted to specific interfaces (for example: en0, en1).
Trust Change Password Interval Days The interval to change the computer trust account password in days. The 0 value disables this setting.