Active Directory

Use the Active Directory settings to configure macOS devices to join an Active Directory (AD) domain.

The following table describes the Active Directory settings:

Policy setting	Description
Hostname	The Active Directory domain to join.
Username	The user name of the account that is used to join the domain.
Password	The password of the account that is used to join the domain.
Organizational Unit	The organizational unit (OU) where the joining computer object is added.
Mount Style	The network home protocol to use: `afp` or `smb`.
Create Mobile Account at Login	A mobile account is created at login.
Warn User Before creating Mobile Account	The user is warned before they create a mobile account.
Force Local Home Directory	The local home directory is forced.
Use UNC Path from AD for Network Home Location	The UNC path from the Active Directory that is used to determine the network home location.
Allow Multi Domain Authentication	Authentication is allowed from any domain in the forest.
Default User Shell	The default user shell. Example: /bin/bash
Map UID Attribute	The user UID that is mapped to the attribute.
Map GID Attribute	The user GID that is mapped to the attribute.
Map Group GID (GGID) Attribute	The group GID that is mapped to the attribute.
Preferred DC (Domain) Server	The preferred domain server.
Domain Administration Group List	The comma-separated list of active directory group administrators.
Name Space	The primary user account naming convention: forest or domain (default).
Packet Signing	The packet signing condition: allow (default), disable, or require.
Packet Encryption	The packet encryption condition: allow (default), disable, require, or ssl.
Restrict Dynamic DNS Updates	The Dynamic DNS updates are restricted to specific interfaces (for example: en0, en1).
Trust Change Password Interval Days	The interval to change the computer trust account password in days. The `0` value disables this setting.