- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2020 06:03 AM
Hello Jamf Pro peers!
Fresh off the boat Mac user here. Are there any comparable tools to the Active Directory Users and Computers snap-in from Windows available on macOS Catalina and above?
Thanks in advance!
Solved! Go to Solution.
- Labels:
-
Jamf Pro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2020 07:54 AM
Your best tool is going to be a Windows virtual machine or RDP session.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2020 07:54 AM
Your best tool is going to be a Windows virtual machine or RDP session.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2020 07:54 AM
You'll probably run rapidly into its limits, but start with the Directory Editor tab in Directory Utility, located at /System/Library/CoreServices/Applications/
on Catalina.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2020 10:23 AM
I've used Apache Directory Studio for some basic AD lookups and record purges (requires an installed JDK). Depends on what specific features you need tho.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2020 10:26 AM
I have a crap desktop in an old office that I remote into just for AD. +1 for remote desktop.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2020 02:40 PM
https://support.apple.com/guide/directory-utility/configure-domain-access-diru11f4f748/mac
also, some of these are OD specific, but, here is a list of directory service related binaries to check out:
dscacheutil
dscl
dsconfigad
dsconfigldap
dseditgroup
dsenableroot
dsexport
dsimport
dsmemberutil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-13-2020 09:59 AM
Kind of depends on what you want/need and what your AD Team and CISO are willing to tolerate.
We use tools from ManageEngine for monitoring and troubleshooting user issues, but for actually managing users, we RDP to a CISO approved hosted VM that has AD tools installed, using elevated credentials, limited access, etc. Field support staff are not allowed to use any other system other than that for user management, and even then there are strict controls and monitoring in place.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-13-2020 10:37 AM
Thanks for the feedback guys. I believe I will just RDP into a system that stays online, and connected in the office for administrative AD tasks.
