Skip to main content
Question

How to offline add a domain user to a mac

  • March 26, 2020
  • 53 replies
  • 509 views
Show first post

53 replies

Jason33
Forum|alt.badge.img+13
  • Jason33
  • Honored Contributor
  • February 9, 2022

Wow, this thread helped me out in a MAJOR way.  Kudo's to everyone involved

S
Forum|alt.badge.img
  • SwissArmyKit
  • New Contributor
  • July 25, 2022

Hello, Hope I might get an answer to this older thread. I've followed the steps above and found success a few months ago, however - I now am running into an issue I can't seem to get around. I'm getting an error when trying to create the mobile account. I'll share the steps I am doing to make this possible. 

 

1. Setup & Connect to VPN

2. Set DNS to company IP and domain

3. Bind to the company domain through Users & Groups

4. Open Terminal and run the below script and get the following error. 

For the admin username/password and the 'user to add' username/password, I enter those each in their own quotes due to special characters. Yes, I do not include the '$' in the command either. 

sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -a "$adminUser" -U "$adminPass" -n "$userToAdd" -p "$userPass"

I then get prompted with the below and enter a quotation mark

dquote> "

I then get prompted for the admin password, and enter that.. Afterwards, I get the below message. 

*** error: "-n username" is a required argument

usage: createmobileaccount -n username [-h homepath] [-P | [-p password]] [[[-a username] [-U password]] | [-D]] [-v] [-V]
-n username : user record name.
-h homepath : user home path; Default is "/Users/<username>".
-p password : user password.
-P : prompt for user password.
-a username : opt SecureToken enabled admin user name.
-U password : opt SecureToken enabled admin user password.
-D : don't prompt for SecureToken enabled admin information.
-v : verbose output.
-V : version.

Examples:
createmobileaccount -n jsmith
createmobileaccount -v -P -n jsmith
createmobileaccount -vxn jsmith -h /Volumes/HD3/jhome

Notes:
- createmobileaccount must run as root.
- If you do not specify a password, the account's cached password will be created during the account's first log in.
- On encyrpted APFS volumes, an existing admin SecureToken user name and password is required in order for this account to be used at the EFI login window.
- External accounts are no longer supported as of 10.15.
- The old FileVault encrypted home directory mechanism (using -e) no longer works in 10.13 or later (but was only removed here in 10.15).

 

I've also tried the command without specifing the userpass (-p) and also tried putting the 'user to add' credentials in front of the admin credentials. 

Any advise would be greatly appreciated. 

    sankardayalsarm
    Forum|alt.badge.img+1

    Hello, Hope I might get an answer to this older thread. I've followed the steps above and found success a few months ago, however - I now am running into an issue I can't seem to get around. I'm getting an error when trying to create the mobile account. I'll share the steps I am doing to make this possible. 

     

    1. Setup & Connect to VPN

    2. Set DNS to company IP and domain

    3. Bind to the company domain through Users & Groups

    4. Open Terminal and run the below script and get the following error. 

    For the admin username/password and the 'user to add' username/password, I enter those each in their own quotes due to special characters. Yes, I do not include the '$' in the command either. 

    sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -a "$adminUser" -U "$adminPass" -n "$userToAdd" -p "$userPass"

    I then get prompted with the below and enter a quotation mark

    dquote> "

    I then get prompted for the admin password, and enter that.. Afterwards, I get the below message. 

    *** error: "-n username" is a required argument

    usage: createmobileaccount -n username [-h homepath] [-P | [-p password]] [[[-a username] [-U password]] | [-D]] [-v] [-V]
    -n username : user record name.
    -h homepath : user home path; Default is "/Users/<username>".
    -p password : user password.
    -P : prompt for user password.
    -a username : opt SecureToken enabled admin user name.
    -U password : opt SecureToken enabled admin user password.
    -D : don't prompt for SecureToken enabled admin information.
    -v : verbose output.
    -V : version.

    Examples:
    createmobileaccount -n jsmith
    createmobileaccount -v -P -n jsmith
    createmobileaccount -vxn jsmith -h /Volumes/HD3/jhome

    Notes:
    - createmobileaccount must run as root.
    - If you do not specify a password, the account's cached password will be created during the account's first log in.
    - On encyrpted APFS volumes, an existing admin SecureToken user name and password is required in order for this account to be used at the EFI login window.
    - External accounts are no longer supported as of 10.15.
    - The old FileVault encrypted home directory mechanism (using -e) no longer works in 10.13 or later (but was only removed here in 10.15).

     

    I've also tried the command without specifing the userpass (-p) and also tried putting the 'user to add' credentials in front of the admin credentials. 

    Any advise would be greatly appreciated. 


    Also, update your DNS information to communicate with the respective DC.

    System Preferences >> Network >> Select the network connection ex: Wi-Fi >> Advance >> DNS >> Under Search Domain add your DNS entries.  This should work for you

    Terms & ConditionsCookie settingsAccessibility statement