Active Directory¶
Template
Join an active directory domain.
Advanced AD options available via Directory Utility or the dsconfigad command line tool can also be set using a configuration profile.
- ClientID does not appear in the official documentation.
Contents
- Active Directory
- Summary
- Keys
- HostName
- UserName
- Password
- ClientID
- ADOrganizationalUnit
- ADCreateMobileAccountAtLoginFlag
- ADCreateMobileAccountAtLogin
- ADWarnUserBeforeCreatingMAFlag
- ADWarnUserBeforeCreatingMA
- ADForceHomeLocalFlag
- ADForceHomeLocal
- ADUseWindowsUNCPathFlag
- ADUseWindowsUNCPath
- ADMountStyle
- ADDefaultUserShellFlag
- ADDefaultUserShell
- ADMapUIDAttributeFlag
- ADMapUIDAttribute
- ADMapGIDAttributeFlag
- ADMapGIDAttribute
- ADMapGGIDAttributeFlag
- ADMapGGIDAttribute
- ADPreferredDCServerFlag
- ADPreferredDCServer
- ADDomainAdminGroupListFlag
- ADDomainAdminGroupList
- ADAllowMultiDomainAuthFlag
- ADAllowMultiDomainAuth
- ADNamespaceFlag
- ADNamespace
- ADPacketSignFlag
- ADPacketSign
- ADPacketEncryptFlag
- ADPacketEncrypt
- ADRestrictDDNSFlag
- ADRestrictDDNS
- ADTrustChangePassIntervalDaysFlag
- ADTrustChangePassIntervalDays
- Links
Summary¶
| PayloadType: | com.apple.DirectoryService.managed |
|---|---|
| Supervised Only: | |
| N/A | |
| macOS: | 10.9 |
| macOS Deprecated: | |
| N/A | |
| iOS: | N/A |
| iOS Deprecated: | N/A |
| Highlander: | N/A |
Keys¶
HostName¶
Active Directory Domain
The Active Directory domain to join.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
Note
Apple documentation says the domain name, Profile Manager refers to a domain controller hostname.
UserName¶
User name
User name of the account used to join the domain.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
Password¶
Password
Password of the account used to join the domain.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
ClientID¶
Client ID
The directory server client ID.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
ADOrganizationalUnit¶
Organizational Unit
The organizational unit (OU) where the joining computer object is added.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
ADCreateMobileAccountAtLoginFlag¶
Enable ADCreateMobileAccountAtLogin Flag
Enable ADCreateMobileAccountAtLogin Flag
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADCreateMobileAccountAtLogin¶
Create mobile account at login
Create mobile account at login.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADWarnUserBeforeCreatingMAFlag¶
Enable ADWarnUserBeforeCreatingMA Flag
Enable ADWarnUserBeforeCreatingMA Flag
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADWarnUserBeforeCreatingMA¶
Require confirmation before creating mobile account
Require confirmation before creating mobile account
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADForceHomeLocalFlag¶
Enable ADForceHomeLocal Flag
Enable ADForceHomeLocal Flag
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADForceHomeLocal¶
Force local home directory on startup disk
Force local home directory on startup disk
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADUseWindowsUNCPathFlag¶
Enable ADUseWindowsUNCPath Flag
Enable ADUseWindowsUNCPath Flag
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADUseWindowsUNCPath¶
Use UNC path for network home location
Use UNC path from Active Directory to derive network home location
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADMountStyle¶
Mount Style
Network protocol to be used to mount home directory.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | smb | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- afp
- smb
ADDefaultUserShellFlag¶
Enable ADDefaultUserShell Key
Enable ADDefaultUserShell Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADDefaultUserShell¶
Default user shell
Default user shell
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | /bin/bash | N/A | N/A | N/A | N/A | N/A |
ADMapUIDAttributeFlag¶
Enable ADMapUIDAttribute Key
Enable ADMapUIDAttribute Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADMapUIDAttribute¶
Map UID to attribute
Map UID to attribute
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
ADMapGIDAttributeFlag¶
Enable ADMapGIDAttribute Key
Enable ADMapGIDAttribute Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADMapGIDAttribute¶
Map user GID to attribute
Map user GID to attribute
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
ADMapGGIDAttributeFlag¶
Enable ADMapGGIDAttribute Key
Enable ADMapGGIDAttribute Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADMapGGIDAttribute¶
Map group GID to attribute
Map group GID to attribute
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
ADPreferredDCServerFlag¶
Enable ADPreferredDCServer Key
Enable ADPreferredDCServer Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADPreferredDCServer¶
Preferred domain server
Preferred domain server
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
ADDomainAdminGroupListFlag¶
Enable ADDomainAdminGroupList Key
Enable ADDomainAdminGroupList Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADDomainAdminGroupList¶
Allow administration by specified Active Directory groups.
Allow administration by specified Active Directory groups.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
ADAllowMultiDomainAuthFlag¶
Enable ADAllowMultiDomainAuth Key
Enable ADAllowMultiDomainAuth Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADAllowMultiDomainAuth¶
Allow authentication from any domain in the forest
Allow authentication from any domain in the forest
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADNamespaceFlag¶
Enable ADNamespace Key
Enable ADNamespace Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADNamespace¶
Set primary user account naming convention: “forest” or “domain”
Set primary user account naming convention: “forest” or “domain”
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | domain | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- domain
- forest
ADPacketSignFlag¶
Enable ADPacketSign Key
Enable ADPacketSign Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADPacketSign¶
Packet signing
Packet signing
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | allow | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- allow
- disable
- require
ADPacketEncryptFlag¶
Enable ADPacketEncrypt Key
Enable ADPacketEncrypt Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADPacketEncrypt¶
Packet encryption
Packet encryption
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | allow | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- allow
- disable
- require
- ssl
ADRestrictDDNSFlag¶
Enable ADRestrictDDNS Key
Enable ADRestrictDDNS Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | False | N/A | N/A | N/A | N/A | N/A |
ADRestrictDDNS¶
Restrict DDNS on interfaces
Restrict Dynamic DNS updates to the specified interfaces (e.g. en0, en1, etc).
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
ADTrustChangePassIntervalDaysFlag¶
Enable ADTrustChangePassIntervalDays Key
Enable ADTrustChangePassIntervalDays Key
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| boolean | True | N/A | N/A | N/A | N/A | N/A |
ADTrustChangePassIntervalDays¶
Password trust interval
How often to change computer trust account password in days
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| integer | 14 | N/A | N/A | N/A | N/A | N/A |