Active Directory
Use the Active Directory settings to configure macOS devices to join an Active Directory (AD) domain.
The following table describes the Active Directory settings:
Policy setting | Description |
---|---|
Hostname | The Active Directory domain to join. |
Username | The user name of the account that is used to join the domain. |
Password | The password of the account that is used to join the domain. |
Organizational Unit | The organizational unit (OU) where the joining computer object is added. |
Mount Style | The network home protocol to use: afp or smb. |
Create Mobile Account at Login | A mobile account is created at login. |
Warn User Before creating Mobile Account | The user is warned before they create a mobile account. |
Force Local Home Directory | The local home directory is forced. |
Use UNC Path from AD for Network Home Location | The UNC path from the Active Directory that is used to determine the network home location. |
Allow Multi Domain Authentication | Authentication is allowed from any domain in the forest. |
Default User Shell | The default user shell. Example: /bin/bash |
Map UID Attribute | The user UID that is mapped to the attribute. |
Map GID Attribute | The user GID that is mapped to the attribute. |
Map Group GID (GGID) Attribute | The group GID that is mapped to the attribute. |
Preferred DC (Domain) Server | The preferred domain server. |
Domain Administration Group List | The comma-separated list of active directory group administrators. |
Name Space | The primary user account naming convention: forest or domain (default). |
Packet Signing | The packet signing condition: allow (default), disable, or require. |
Packet Encryption | The packet encryption condition: allow (default), disable, require, or ssl. |
Restrict Dynamic DNS Updates | The Dynamic DNS updates are restricted to specific interfaces (for example: en0, en1). |
Trust Change Password Interval Days | The interval to change the computer trust account password in days. The 0 value disables this setting. |