Make Domain Users Part of Local Admin Group in OS X
Posted on July 10, 2013 • 1 minutes • 175 words
I came across this and thought it may be helpful for someone.
OS X only uses the traditional /etc/passwd and /etc/group files when running in single user mode so they are no help. Instead we need to do everything with dscl .If you want to make a domain user part of the local admin group in OS X without needing them to login first you can use the following command.
sudo /usr/sbin/dseditgroup -o edit -a “DOMAIN\Domain Users” -t group admin
You can also set individual users as part of the admin group with
sudo /usr/sbin/dseditgroup -o edit -a “DOMAIN\user” -t user admin
Two important things to note is you need to use the full path to dseditgroup and the domain needs to be capitalized.
You can also view what users are part of a group with
sudo dscl . -read /Groups/admin GroupMembership
and you can list all group names with
dscl . -readall /Groups | grep RecordName
Let me know if this helps you in the comments.
Originally published at 1n73r.net on July 10, 2013.