Active Directory¶
Template
Join an active directory domain.
Advanced AD options available via Directory Utility or the dsconfigad command line tool can also be set using a configuration profile.
- ClientID does not appear in the official documentation.
Contents
- Active Directory
- Summary
- Keys
- HostName
- UserName
- Password
- ClientID
- ADOrganizationalUnit
- ADCreateMobileAccountAtLoginFlag
- ADCreateMobileAccountAtLogin
- ADWarnUserBeforeCreatingMAFlag
- ADWarnUserBeforeCreatingMA
- ADForceHomeLocalFlag
- ADForceHomeLocal
- ADUseWindowsUNCPathFlag
- ADUseWindowsUNCPath
- ADMountStyle
- ADDefaultUserShellFlag
- ADDefaultUserShell
- ADMapUIDAttributeFlag
- ADMapUIDAttribute
- ADMapGIDAttributeFlag
- ADMapGIDAttribute
- ADMapGGIDAttributeFlag
- ADMapGGIDAttribute
- ADPreferredDCServerFlag
- ADPreferredDCServer
- ADDomainAdminGroupListFlag
- ADDomainAdminGroupList
- ADAllowMultiDomainAuthFlag
- ADAllowMultiDomainAuth
- ADNamespaceFlag
- ADNamespace
- ADPacketSignFlag
- ADPacketSign
- ADPacketEncryptFlag
- ADPacketEncrypt
- ADRestrictDDNSFlag
- ADRestrictDDNS
- ADTrustChangePassIntervalDaysFlag
- ADTrustChangePassIntervalDays
- Links
Summary¶
PayloadType: | com.apple.DirectoryService.managed |
---|---|
Supervised Only: | |
N/A | |
macOS: | 10.9 |
macOS Deprecated: | |
N/A | |
iOS: | N/A |
iOS Deprecated: | N/A |
Highlander: | N/A |
Keys¶
HostName¶
Active Directory Domain
The Active Directory domain to join.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
Note
Apple documentation says the domain name, Profile Manager refers to a domain controller hostname.
UserName¶
User name
User name of the account used to join the domain.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
Password¶
Password
Password of the account used to join the domain.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
ClientID¶
Client ID
The directory server client ID.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
ADOrganizationalUnit¶
Organizational Unit
The organizational unit (OU) where the joining computer object is added.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
ADCreateMobileAccountAtLoginFlag¶
Enable ADCreateMobileAccountAtLogin Flag
Enable ADCreateMobileAccountAtLogin Flag
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADCreateMobileAccountAtLogin¶
Create mobile account at login
Create mobile account at login.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADWarnUserBeforeCreatingMAFlag¶
Enable ADWarnUserBeforeCreatingMA Flag
Enable ADWarnUserBeforeCreatingMA Flag
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADWarnUserBeforeCreatingMA¶
Require confirmation before creating mobile account
Require confirmation before creating mobile account
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADForceHomeLocalFlag¶
Enable ADForceHomeLocal Flag
Enable ADForceHomeLocal Flag
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADForceHomeLocal¶
Force local home directory on startup disk
Force local home directory on startup disk
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADUseWindowsUNCPathFlag¶
Enable ADUseWindowsUNCPath Flag
Enable ADUseWindowsUNCPath Flag
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADUseWindowsUNCPath¶
Use UNC path for network home location
Use UNC path from Active Directory to derive network home location
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADMountStyle¶
Mount Style
Network protocol to be used to mount home directory.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | smb | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- afp
- smb
ADDefaultUserShellFlag¶
Enable ADDefaultUserShell Key
Enable ADDefaultUserShell Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADDefaultUserShell¶
Default user shell
Default user shell
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | /bin/bash | N/A | N/A | N/A | N/A | N/A |
ADMapUIDAttributeFlag¶
Enable ADMapUIDAttribute Key
Enable ADMapUIDAttribute Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADMapUIDAttribute¶
Map UID to attribute
Map UID to attribute
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
ADMapGIDAttributeFlag¶
Enable ADMapGIDAttribute Key
Enable ADMapGIDAttribute Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADMapGIDAttribute¶
Map user GID to attribute
Map user GID to attribute
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
ADMapGGIDAttributeFlag¶
Enable ADMapGGIDAttribute Key
Enable ADMapGGIDAttribute Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADMapGGIDAttribute¶
Map group GID to attribute
Map group GID to attribute
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
ADPreferredDCServerFlag¶
Enable ADPreferredDCServer Key
Enable ADPreferredDCServer Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADPreferredDCServer¶
Preferred domain server
Preferred domain server
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
ADDomainAdminGroupListFlag¶
Enable ADDomainAdminGroupList Key
Enable ADDomainAdminGroupList Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADDomainAdminGroupList¶
Allow administration by specified Active Directory groups.
Allow administration by specified Active Directory groups.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
array | N/A | N/A | N/A | N/A | N/A | N/A |
ADAllowMultiDomainAuthFlag¶
Enable ADAllowMultiDomainAuth Key
Enable ADAllowMultiDomainAuth Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADAllowMultiDomainAuth¶
Allow authentication from any domain in the forest
Allow authentication from any domain in the forest
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADNamespaceFlag¶
Enable ADNamespace Key
Enable ADNamespace Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADNamespace¶
Set primary user account naming convention: “forest” or “domain”
Set primary user account naming convention: “forest” or “domain”
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | domain | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- domain
- forest
ADPacketSignFlag¶
Enable ADPacketSign Key
Enable ADPacketSign Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADPacketSign¶
Packet signing
Packet signing
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | allow | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- allow
- disable
- require
ADPacketEncryptFlag¶
Enable ADPacketEncrypt Key
Enable ADPacketEncrypt Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADPacketEncrypt¶
Packet encryption
Packet encryption
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | allow | N/A | N/A | N/A | N/A | N/A |
Valid Choices¶
- allow
- disable
- require
- ssl
ADRestrictDDNSFlag¶
Enable ADRestrictDDNS Key
Enable ADRestrictDDNS Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | False | N/A | N/A | N/A | N/A | N/A |
ADRestrictDDNS¶
Restrict DDNS on interfaces
Restrict Dynamic DNS updates to the specified interfaces (e.g. en0, en1, etc).
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
array | N/A | N/A | N/A | N/A | N/A | N/A |
ADTrustChangePassIntervalDaysFlag¶
Enable ADTrustChangePassIntervalDays Key
Enable ADTrustChangePassIntervalDays Key
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
boolean | True | N/A | N/A | N/A | N/A | N/A |
ADTrustChangePassIntervalDays¶
Password trust interval
How often to change computer trust account password in days
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
integer | 14 | N/A | N/A | N/A | N/A | N/A |