Jamf Nation Community

joshuasee,

I tried your suggestion, and still get the illegal group error.

Do you know how I would get the numeric group ID?

@NiclausDutter in terminal, you can type "id" literally just "id" & it will present you with the information you are seeking. May be another way but off the cuff that's my go to without researching.

here is the man page.

ID(1)                     BSD General Commands Manual                    ID(1)

NAME
     id -- return user identity

SYNOPSIS
     id [user]
     id -A
     id -F [user]
     id -G [-n] [user]
     id -M
     id -P [user]
     id -g [-nr] [user]
     id -p [user]
     id -u [-nr] [user]

DESCRIPTION
     The id utility displays the user and group names and numeric IDs, of the
     calling process, to the standard output.  If the real and effective IDs
     are different, both are displayed, otherwise only the real ID is dis-
     played.

If a user (login name or user ID) is specified, the user and group IDs of
     that user are displayed.  In this case, the real and effective IDs are
     assumed to be the same.

     The options are as follows:

     -A      Display the process audit user ID and other process audit proper-
             ties, which requires privilege.

     -F      Display the full name of the user.

     -G      Display the different group IDs (effective, real and supplemen-
             tary) as white-space separated numbers, in no particular order.

     -M      Display the MAC label of the current process.

     -P      Display the id as a password file entry.

     -a      Ignored for compatibility with other id implementations.

     -g      Display the effective group ID as a number.

     -n      Display the name of the user or group ID for the -G, -g and -u
             options instead of the number.  If any of the ID numbers cannot
             be mapped into names, the number will be displayed as usual.

     -p      Make the output human-readable.  If the user name returned by
             getlogin(2) is different from the login name referenced by the
             user ID, the name returned by getlogin(2) is displayed, preceded
             by the keyword ``login''.  The user ID as a name is displayed,
             preceded by the keyword ``uid''.  If the effective user ID is
             different from the real user ID, the real user ID is displayed as
             a name, preceded by the keyword ``euid''.  If the effective group
             ID is different from the real group ID, the real group ID is dis-
             played as a name, preceded by the keyword ``rgid''.  The list of
             groups to which the user belongs is then displayed as names, pre-
             ceded by the keyword ``groups''.  Each display is on a separate
             line.

     -r      Display the real ID for the -g and -u options instead of the
             effective ID.

     -u      Display the effective user ID as a number.

EXIT STATUS
     The id utility exits 0 on success, and >0 if an error occurs.

SEE ALSO
     who(1)

STANDARDS
     The id function is expected to conform to IEEE Std 1003.2 (``POSIX.2'').

HISTORY
     The historic groups(1) command is equivalent to ``id -Gn [user]''.

     The historic whoami(1) command is equivalent to ``id -un''.

     The id command appeared in 4.4BSD.

BSD                           September 26, 2006                           BSD

@Hugonaut I was able to get the group id and tried the command again, like so:

sudo Chown -R  TestUser123:124356870 /Users/TestUser123

Still getting illegal group name.

@NiclausDutter have you tried using the AD users ID instead of the name?

sudo Chown -R  987654321:124356870 /Users/TestUser123

@NiclausDutter I would double check the AD binding. The machine may also simply require a reboot after being bound to AD.