The payload that configures an Active Directory (AD) domain.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
HostName HostName The Active Directory domain to join. | string | required | — | ✓Yes | macOS (10.8+) |
UserName UserName The user name of the account for the domain. | string | optional | — | ✓Yes | macOS (10.8+) |
Password Password The password of the account for the domain. | string | optional | — | ✓Yes | macOS (10.8+) |
Client ID ClientID The client's identifier. | string | optional | — | ✓Yes | macOS (10.8+) |
Description Description The directory service description. | string | optional | — | ✓Yes | macOS (10.8+) |
ADOrganizationalUnit ADOrganizationalUnit The organizational unit to add the joining computer object to. | string | optional | — | ✓Yes | macOS (10.8+) |
ADMountStyle ADMountStyle The network home protocol to use: `afp` or `smb`. | string | optional | — | ✓Yes | macOS (10.8+) |
ADCreateMobileAccountAtLoginFlag ADCreateMobileAccountAtLoginFlag If `true`, the system enables the `ADCreateMobileAccountAtLogin` key. | boolean | optional | false | ✓Yes | macOS (10.9+) |
ADCreateMobileAccountAtLogin ADCreateMobileAccountAtLogin If `true`, the system creates a mobile account at login. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADWarnUserBeforeCreatingMAFlag ADWarnUserBeforeCreatingMAFlag If `true`, the system enables the `ADWarnUserBeforeCreatingMA` key. | boolean | optional | false | ✓Yes | macOS (10.9+) |
ADWarnUserBeforeCreatingMA ADWarnUserBeforeCreatingMA If `true`, the system enables the warning before creating the mobile account. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADForceHomeLocalFlag ADForceHomeLocalFlag If `true`, the system enables the `ADForceHomeLocal` key. | boolean | optional | false | ✓Yes | macOS (10.9+) |
ADForceHomeLocal ADForceHomeLocal If `true`, the system forces a local home directory. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADUseWindowsUNCPathFlag ADUseWindowsUNCPathFlag If `true`, the system enables the `ADUseWindowsUNCPath` key. | boolean | optional | false | ✓Yes | macOS (10.9+) |
ADUseWindowsUNCPath ADUseWindowsUNCPath If `true`, the system uses the UNC path from Active Directory to derive the network home location. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADAllowMultiDomainAuthFlag ADAllowMultiDomainAuthFlag If `true`, the system enables the `ADAllowMultiDomainAuth` key. | boolean | optional | false | ✓Yes | macOS (10.9+) |
ADAllowMultiDomainAuth ADAllowMultiDomainAuth If `true`, the system allows authentication from any domain in the namespace. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADDefaultUserShellFlag ADDefaultUserShellFlag If `true`, the system enables the `ADDefaultUserShell` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADDefaultUserShell ADDefaultUserShell The default user shell. | string | optional | — | ✓Yes | macOS (10.8+) |
ADMapUIDAttributeFlag ADMapUIDAttributeFlag If `true`, the system enables the `ADMapUIDAttribute` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADMapUIDAttribute ADMapUIDAttribute The map UID to attribute. | string | optional | — | ✓Yes | macOS (10.8+) |
ADMapGIDAttributeFlag ADMapGIDAttributeFlag If `true`, the system enables the `ADMapGIDAttribute` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADMapGIDAttribute ADMapGIDAttribute The map GID to attribute. | string | optional | — | ✓Yes | macOS (10.8+) |
ADMapGGIDAttributeFlag ADMapGGIDAttributeFlag If `true`, the system enables the `ADMapGGIDAttributeFlag` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADMapGGIDAttribute ADMapGGIDAttribute The map group GID to attribute. | string | optional | — | ✓Yes | macOS (10.8+) |
ADPreferredDCServerFlag ADPreferredDCServerFlag If `true`, the system enables the `ADPreferredDCServer` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADPreferredDCServer ADPreferredDCServer The preferred domain server. | string | optional | — | ✓Yes | macOS (10.8+) |
ADDomainAdminGroupListFlag ADDomainAdminGroupListFlag If `true`, the system enables the `ADDomainAdminGroupList` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADDomainAdminGroupList ADDomainAdminGroupList The list of Active Directory groups with admin access. 1 subkey | array | optional | — | ✓Yes | macOS (10.8+) |
└─ ADDomainAdminGroupListItem ADDomainAdminGroupListItem | string | — | ✓Yes | macOS (10.8+) | |
ADNamespaceFlag ADNamespaceFlag If `true`, the system enables the `ADNamespace` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADNamespace ADNamespace The primary user account naming convention; either `forest` or `domain`. | string | optional | — | ✓Yes | macOS (10.8+) |
ADPacketSignFlag ADPacketSignFlag If `true`, the system enables the `ADPacketSign` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADPacketSign ADPacketSign The packet signing policy. | string | optional | — | ✓Yes | macOS (10.8+) |
ADPacketEncryptFlag ADPacketEncryptFlag If `true`, the system enables the `ADPacketEncrypt` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADPacketEncrypt ADPacketEncrypt The packet encryption policy. | string | optional | — | ✓Yes | macOS (10.8+) |
ADRestrictDDNSFlag ADRestrictDDNSFlag If `true`, the system enables the `ADRestrictDDNS` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADRestrictDDNS ADRestrictDDNS An array of strings that represent the interfaces allowed for dynamic DNS updates, such as en0 and en1. 1 subkey | array | optional | — | ✓Yes | macOS (10.8+) |
└─ ADRestrictDDNSItem ADRestrictDDNSItem | string | — | ✓Yes | macOS (10.8+) | |
ADTrustChangePassIntervalDaysFlag ADTrustChangePassIntervalDaysFlag If `true`, the system enables the `ADTrustChangePassIntervalDays` key. | boolean | optional | false | ✓Yes | macOS (10.8+) |
ADTrustChangePassIntervalDays ADTrustChangePassIntervalDays The number of days before requiring a change of the computer trust account password. Set to `0` to disable the feature. | integer | optional | — | ✓Yes | macOS (10.8+) |
