There are a number of ways to create groups in OS X Mavericks Server (Server 3). The first is using the Server app, the second is using Workgroup Manager (which could be running on an older operating system and connecting to the Mavericks Server in question), the third is using the Users & Groups System Preference pane and the fourth is using the command line. In this article we will look at creating groups in the Server app. Once a server has been an Open Directory Master all user and group accounts created will be in the Local Network Group when created in Server app. Before that, all user and…
-
-
Making Every User an Admin
If you deploy a large number of computers to users who are somewhat likely to play practical jokes on each other then you will run into some interesting issues. If you are deploying one computer to every user and you want each user to be an administrator of their computer then you might be tempted to allow all users to be administrators of all computers. If you do then prepare for an infinite number of sometimes amusing practical jokes. But really, being proactive about this brings up an interesting point: how do you deploy a computer and make only the user who you want to be an administrator an administrator.…
-
More Group Management with dseditgroup
Now that we’ve covered using dscl to create a group, let’s look at using dseditgroup to do the same thing. In the previous example we created a group called Local Admins or ladmins for short. First let’s read that group’s information. To do so, run dseditgroup followed by the operation, which can be read, create, delete, edit or checkmember as the operations (verbs). The -o is optional, so : dseditgroup -o read ladmins Or the following has the same output: dseditgroup read ladmins In the case of a namespace collision between two ladmins in two directory services then the one listed highest in the Search Policy would be displayed. The…
-
Create Groups Using dscl
The directory services command line (dscl) command can be used to create a group. Here we’re going to use dscl to create a group called Local Admins (or ldadmins for short). First up, create the group: dscl . create /Groups/ladmins Now give our ladmins group the full name by creating the name key: dscl . create /Groups/ladmins RealName “Local Admins” Now to give the group a password: dscl . create /Groups/ladmins passwd “*” Now let’s give the group a Group ID: dscl . create /Groups/ladmins gid 400 That wasn’t so hard, but our group doesn’t have any users. dscl . create /Groups/ladmins GroupMembership localadmin Why create a group with just…
-
Snow Leopard Eats dirt (7 ate 9)
Once upon a time there was a very nice little application called dirt. Snow Leopard ate him. Or maybe more to the point it was dscl who ate him… Either way he’s gone. Now, use the -authonly option in dscl if you’d like to test password validity. Goodbye dirt, we will remember ya’ fondly!
-
Mac OS X: Managed Preferences without Open Directory
Yes, you can apply an MCX against a local account easily using the -mcximport and -mcxexport dscl extensions. Simply setup the MCX like you want it for a managed account using Workgroup Manager and then from the interactive dscl environment do a -mcxexport <Path to account> -o <filename> and then copy the file to a target system. Then, on the target system, do a -mcximport <path to account> -o <path to same filename>. Then test! Happy policy making!
-
Mac OS X: Use dscl to find the GUID for a user
To find the GUID for the cedge user, use the following command: dscl . -read /Users/cedge GeneratedUID
-
Mac OS X Server: List Local Users
List those local users on the computer using this command: dscl localhost list /Local/Default
-
Mac OS X Server: Finding Users with a Primary Group ID
dscl localhost search /Search/Groups PrimaryGroupID <GroupNumber>
-
Mac OS X: Changing Passwords from the Command Line
passwd can change passwords. dscl can also change a password for an account (in this case the cedge account) using the passwd extension: dscl . -passwd /Users/cedge