This payload can be used to join a macOS device to an Active Directory and configure the domain membership options.
| Active Directory (macOS) |
Description |
Example |
| Domain |
|
|
| Domain Name |
The Active Directory domain to join using FQDN. |
|
| User Name |
User name of the account used to join the domain, using user principal name, [email protected] |
|
| Password |
The password of the account used to join the domain. |
|
| AD organizational Unit |
The organizational unit (OU) where the joining computer object is added, using the distinguished name, OU=MACOU,DC=EXAMPLE,DC=COM |
|
| A Mount Style |
Network home protocol to use: (afp) or (smb). |
|
| Enable or disable the AD Create Mobile Account At Login key |
Description |
Value |
Default |
| AD Create Mobile Account At Login |
Create mobile account at login. |
Boolean |
False |
| Enable or disable the AD Warn User Before Creating MA key |
Description |
Value |
Default |
| AD Warn User Before Creating MA |
Warn user before creating a Mobile Account. |
Boolean |
False |
| Enable or disable the AD Force Home Local key |
Description |
Value |
Default |
| AD Force Home Local |
Force local home directory. |
Boolean |
False |
| Enable or disable the AD Use Windows UNC Path key |
Description |
Value |
Default |
| AD Use Windows UNC Path |
Use UNC path from Active Directory to derive network home location. |
Boolean |
False |
| Enable or disable the AD Allow Multi Domain Auth Key |
Description |
Value |
| AD Allow Multi Domain Auth |
Allow authentication from any domain in the forest. |
SingleValue |
| Enable or disable the AD Default User Shell key |
Description |
Value |
Default |
| AD Default User Shell |
Default user shell; e.g. /bin/bash. |
SingleValue |
|
| Enable or disable the AD Map UID Attribute key |
Description |
Value |
Default |
| AD Map UID Attribute |
Map UID to attribute. |
SingleValue |
|
| Enable or disable the AD Map GID Attribute key |
Description |
Value |
Default |
| AD Map GID Attribute |
Map user GID to attribute. |
SingleValue |
|
| Enable or disable the AD Map GGID Attribute key |
Description |
Value |
Default |
| AD Map GGID Attribute |
Map group GID to attribute. |
SingleValue |
|
| Enable or disable the AD Preferred DC Server key |
Description |
Value |
Default |
| AD Preferred DC Server |
Prefer this domain server. |
SingleValue |
|
| Enable or disable the AD Domain Admin Group List key |
Description |
Value |
Default |
| AD Domain Admin Group List, separated by semicolons ; |
Allow administration by specified Active Directory groups. |
SingleValue |
|
| Enable or disable the AD Name space key |
Description |
Value |
Default |
| AD Name space |
Set primary user account naming convention: (forest) or (domain) domain is default. |
MultiValue |
|
| Enable or disable the AD Packet Encrypt key |
Description |
Value |
Default |
| AD Packet Encrypt |
Packet encryption: (allow), (disable), (require) or (ssl) allow is default. |
MultiValue |
|
| Enable or disable the AD Restrict DDNS key |
Description |
Value |
Default |
| AD Restrict Dynamic DNS, separated by semicolons ; |
Restrict Dynamic DNS updates to the specified interfaces (e.g. en0, en1, etc). |
SingleValue |
|
| Enable or disable the AD Trust Change Pass Interval Days key |
Description |
Value |
Default |
| AD Trust Change Pass Interval Days |
How often to require a change of the computer trust account password in days; 0 is disabled. |
SingleValue |
|
