I've just started playing around with the enableARD.sh script here:
I'm running it for an AD group instead of a specific user though. After running the script, If i check Directory Utility i can see the GeneratedUID of the AD group listed in the value of the NestedGroups attribute. But if i look under System Preferences > Sharing > Remote Management, I don't see it in the allowed access users list.
Is that to be expected? Or is something else needed to get an AD group (as opposed to a remote or local user) to display?
@pete_c, thanks for that post. But it doesn't seem to be working for me. I was able to run the script provided to add an AD User to the _ard group (as well as com.apple.local.ard_interact as described). That user still did not display under "Allow access for" in Remote Management. Do users only display there if they are added through the GUI?
Also, I was still unable to add an AD group using something like:
dseditgroup -n "/Local/Default" -o edit -a "DOMAINADGROUP" -t group_ard