Active Directory

Template

Join an active directory domain.

Advanced AD options available via Directory Utility or the dsconfigad command line tool can also be set using a configuration profile.

  • ClientID does not appear in the official documentation.

Summary

PayloadType:com.apple.DirectoryService.managed
Supervised Only:
 N/A
macOS:10.9
macOS Deprecated:
 N/A
iOS:N/A
iOS Deprecated:N/A
Highlander:N/A

Keys

HostName

Active Directory Domain

The Active Directory domain to join.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

Note

Apple documentation says the domain name, Profile Manager refers to a domain controller hostname.

UserName

User name

User name of the account used to join the domain.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

Password

Password

Password of the account used to join the domain.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

ClientID

Client ID

The directory server client ID.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

ADOrganizationalUnit

Organizational Unit

The organizational unit (OU) where the joining computer object is added.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

ADCreateMobileAccountAtLoginFlag

Enable ADCreateMobileAccountAtLogin Flag

Enable ADCreateMobileAccountAtLogin Flag

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADCreateMobileAccountAtLogin

Create mobile account at login

Create mobile account at login.

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADWarnUserBeforeCreatingMAFlag

Enable ADWarnUserBeforeCreatingMA Flag

Enable ADWarnUserBeforeCreatingMA Flag

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADWarnUserBeforeCreatingMA

Require confirmation before creating mobile account

Require confirmation before creating mobile account

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADForceHomeLocalFlag

Enable ADForceHomeLocal Flag

Enable ADForceHomeLocal Flag

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADForceHomeLocal

Force local home directory on startup disk

Force local home directory on startup disk

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADUseWindowsUNCPathFlag

Enable ADUseWindowsUNCPath Flag

Enable ADUseWindowsUNCPath Flag

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADUseWindowsUNCPath

Use UNC path for network home location

Use UNC path from Active Directory to derive network home location

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADMountStyle

Mount Style

Network protocol to be used to mount home directory.

Type Default Required Regex iOS macOS Supervised
string smb N/A N/A N/A N/A N/A

Valid Choices

  • afp
  • smb

ADDefaultUserShellFlag

Enable ADDefaultUserShell Key

Enable ADDefaultUserShell Key

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADDefaultUserShell

Default user shell

Default user shell

Type Default Required Regex iOS macOS Supervised
string /bin/bash N/A N/A N/A N/A N/A

ADMapUIDAttributeFlag

Enable ADMapUIDAttribute Key

Enable ADMapUIDAttribute Key

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADMapUIDAttribute

Map UID to attribute

Map UID to attribute

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

ADMapGIDAttributeFlag

Enable ADMapGIDAttribute Key

Enable ADMapGIDAttribute Key

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADMapGIDAttribute

Map user GID to attribute

Map user GID to attribute

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

ADMapGGIDAttributeFlag

Enable ADMapGGIDAttribute Key

Enable ADMapGGIDAttribute Key

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADMapGGIDAttribute

Map group GID to attribute

Map group GID to attribute

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

ADPreferredDCServerFlag

Enable ADPreferredDCServer Key

Enable ADPreferredDCServer Key

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADPreferredDCServer

Preferred domain server

Preferred domain server

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

ADDomainAdminGroupListFlag

Enable ADDomainAdminGroupList Key

Enable ADDomainAdminGroupList Key

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADDomainAdminGroupList

Allow administration by specified Active Directory groups.

Allow administration by specified Active Directory groups.

Type Default Required Regex iOS macOS Supervised
array N/A N/A N/A N/A N/A N/A

ADAllowMultiDomainAuthFlag

Enable ADAllowMultiDomainAuth Key

Enable ADAllowMultiDomainAuth Key

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADAllowMultiDomainAuth

Allow authentication from any domain in the forest

Allow authentication from any domain in the forest

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADNamespaceFlag

Enable ADNamespace Key

Enable ADNamespace Key

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADNamespace

Set primary user account naming convention: “forest” or “domain”

Set primary user account naming convention: “forest” or “domain”

Type Default Required Regex iOS macOS Supervised
string domain N/A N/A N/A N/A N/A

Valid Choices

  • domain
  • forest

ADPacketSignFlag

Enable ADPacketSign Key

Enable ADPacketSign Key

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADPacketSign

Packet signing

Packet signing

Type Default Required Regex iOS macOS Supervised
string allow N/A N/A N/A N/A N/A

Valid Choices

  • allow
  • disable
  • require

ADPacketEncryptFlag

Enable ADPacketEncrypt Key

Enable ADPacketEncrypt Key

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADPacketEncrypt

Packet encryption

Packet encryption

Type Default Required Regex iOS macOS Supervised
string allow N/A N/A N/A N/A N/A

Valid Choices

  • allow
  • disable
  • require
  • ssl

ADRestrictDDNSFlag

Enable ADRestrictDDNS Key

Enable ADRestrictDDNS Key

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

ADRestrictDDNS

Restrict DDNS on interfaces

Restrict Dynamic DNS updates to the specified interfaces (e.g. en0, en1, etc).

Type Default Required Regex iOS macOS Supervised
array N/A N/A N/A N/A N/A N/A

ADTrustChangePassIntervalDaysFlag

Enable ADTrustChangePassIntervalDays Key

Enable ADTrustChangePassIntervalDays Key

Type Default Required Regex iOS macOS Supervised
boolean True N/A N/A N/A N/A N/A

ADTrustChangePassIntervalDays

Password trust interval

How often to change computer trust account password in days

Type Default Required Regex iOS macOS Supervised
integer 14 N/A N/A N/A N/A N/A