• Make Domain Users Part of Local Admin Group in OS X

    by  • 2013/07/10 • Apple, How-to, OSX • 0 Comments

    I came across this and thought it may be helpful for someone.

    OS X only uses the traditional /etc/passwd and /etc/group files when running in single user mode so they are no help. Instead we need to do everything with dscl.
    If you want to make a domain user part of the local admin group in OS X without needing them to login first you can use the following command.

    sudo /usr/sbin/dseditgroup -o edit -a "DOMAIN\Domain Users" -t group admin

    You can also set individual users as part of the admin group with

    sudo /usr/sbin/dseditgroup -o edit -a "DOMAIN\user" -t user admin

    Two important things to note is you need to use the full path to dseditgroup and the domain needs to be capitalized.

    You can also view what users are part of a group with

    sudo dscl . -read /Groups/admin GroupMembership

    and you can list all group names with

    dscl . -readall /Groups | grep RecordName

    Let me know if this helps you in the comments.


    Avid learner with a passion for technology and people. He is always trying new things or taking something apart to make it better.

    Leave a Reply

    Your email address will not be published. Required fields are marked *