The directory services command line (dscl) command can be used to create a group. Here we’re going to use dscl to create a group called Local Admins (or ldadmins for short). First up, create the group:
dscl . create /Groups/ladmins
Now give our ladmins group the full name by creating the name key:
dscl . create /Groups/ladmins RealName “Local Admins”
Now to give the group a password:
dscl . create /Groups/ladmins passwd “*”
Now let’s give the group a Group ID:
dscl . create /Groups/ladmins gid 400
That wasn’t so hard, but our group doesn’t have any users.
dscl . create /Groups/ladmins GroupMembership localadmin
Why create a group with just one member though… We can’t use the create verb again, with dscl or we’ll overwrite the existing contents of the GroupMembership field, so we’re going to use append instead:
dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
If you use dscl to read the group:
dscl . read /Groups/ladmins
You’ll notice that because it was created through dscl it has a Generated ID of its own. You can easily nest other groups into this one using their Generated IDs as well:
dscl . create /Groups/ladmins GroupMembers 94B6B550-5369-4028-87A8-0ABAB01AE396
The “.” that we’ve been using has been interchangeable (in this case) with /Local/Default. Now let’s look at making a little shell script to do a few of the steps to use with imaging, touch a file called createladmins.bash and then give it the following contents:
dscl . create /Groups/ladmins
dscl . create /Groups/ladmins RealName “Local Admins”
dscl . create /Groups/ladmins passwd “*”
dscl . create /Groups/ladmins gid 400
dscl . create /Groups/ladmins GroupMembership localadmin
dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
If you then want to hide these admins, check out my cheat sheet here:
https://krypted.com//mac-os-x/hiding-admin-users-in-mac-os-x/
