CalvinBackup/apple_device-management
1
0
Fork 0
mirror of https://github.com/apple/device-management.git synced 2026-05-30 02:59:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1fa842739c8f19db5b62f3ac6aed261cc378e5b8
apple_device-management/mdm/profiles/com.apple.DirectoryService.managed.yaml
T
Cyrus Daboo 39e2a82234 Release_iOS-17-4_macOS-14-4
2024-03-05 17:52:42 -05:00

275 lines
7.8 KiB
YAML
Raw Blame History

title: Directory Service
description: Directory Service
payload:
payloadtype: com.apple.DirectoryService.managed
supportedOS:
iOS:
introduced: n/a
macOS:
introduced: '10.8'
multiple: true
devicechannel: true
userchannel: false
requiresdep: false
userapprovedmdm: false
allowmanualinstall: true
userenrollment:
mode: allowed
tvOS:
introduced: n/a
visionOS:
introduced: n/a
watchOS:
introduced: n/a
content: In macOS 10.9 and later, a configuration profile can be used to configure
macOS to join an Active Directory (AD) domain. Advanced AD options available via
Directory Utility or the dsconfigad command line tool can also be set using a
configuration profile.
payloadkeys:
- key: HostName
title: HostName
type: <string>
presence: required
content: The Active Directory domain to join.
- key: UserName
title: UserName
type: <string>
presence: optional
content: The user name of the account for the domain.
- key: Password
title: Password
type: <string>
presence: optional
content: The password of the account for the domain.
- key: ClientID
title: Client ID
type: <string>
presence: optional
content: The client's identifier.
- key: Description
title: Description
type: <string>
presence: optional
content: The directory service description.
- key: ADOrganizationalUnit
title: ADOrganizationalUnit
type: <string>
presence: optional
content: The organizational unit to add the joining computer object to.
- key: ADMountStyle
title: ADMountStyle
type: <string>
presence: optional
content: 'The network home protocol to use: ''afp'' or ''smb''.'
- key: ADCreateMobileAccountAtLoginFlag
title: ADCreateMobileAccountAtLoginFlag
supportedOS:
macOS:
introduced: '10.9'
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADCreateMobileAccountAtLogin' key.
- key: ADCreateMobileAccountAtLogin
title: ADCreateMobileAccountAtLogin
type: <boolean>
presence: optional
default: false
content: If 'true', the system creates a mobile account at login.
- key: ADWarnUserBeforeCreatingMAFlag
title: ADWarnUserBeforeCreatingMAFlag
supportedOS:
macOS:
introduced: '10.9'
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADWarnUserBeforeCreatingMA' key.
- key: ADWarnUserBeforeCreatingMA
title: ADWarnUserBeforeCreatingMA
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the warning before creating the mobile account.
- key: ADForceHomeLocalFlag
title: ADForceHomeLocalFlag
supportedOS:
macOS:
introduced: '10.9'
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADForceHomeLocal' key.
- key: ADForceHomeLocal
title: ADForceHomeLocal
type: <boolean>
presence: optional
default: false
content: If 'true', the system forces a local home directory.
- key: ADUseWindowsUNCPathFlag
title: ADUseWindowsUNCPathFlag
supportedOS:
macOS:
introduced: '10.9'
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADUseWindowsUNCPath' key.
- key: ADUseWindowsUNCPath
title: ADUseWindowsUNCPath
type: <boolean>
presence: optional
default: false
content: If 'true', the system uses the UNC path from Active Directory to derive
the network home location.
- key: ADAllowMultiDomainAuthFlag
title: ADAllowMultiDomainAuthFlag
supportedOS:
macOS:
introduced: '10.9'
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADAllowMultiDomainAuth' key.
- key: ADAllowMultiDomainAuth
title: ADAllowMultiDomainAuth
type: <boolean>
presence: optional
default: false
content: If 'true', the system allows authentication from any domain in the namespace.
- key: ADDefaultUserShellFlag
title: ADDefaultUserShellFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADDefaultUserShell' key.
- key: ADDefaultUserShell
title: ADDefaultUserShell
type: <string>
presence: optional
content: The default user shell.
- key: ADMapUIDAttributeFlag
title: ADMapUIDAttributeFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADMapUIDAttribute' key.
- key: ADMapUIDAttribute
title: ADMapUIDAttribute
type: <string>
presence: optional
content: The map UID to attribute.
- key: ADMapGIDAttributeFlag
title: ADMapGIDAttributeFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADMapGIDAttribute' key.
- key: ADMapGIDAttribute
title: ADMapGIDAttribute
type: <string>
presence: optional
content: The map GID to attribute.
- key: ADMapGGIDAttributeFlag
title: ADMapGGIDAttributeFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADMapGGIDAttributeFlag' key.
- key: ADMapGGIDAttribute
title: ADMapGGIDAttribute
type: <string>
presence: optional
content: The map group GID to attribute.
- key: ADPreferredDCServerFlag
title: ADPreferredDCServerFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADPreferredDCServer' key.
- key: ADPreferredDCServer
title: ADPreferredDCServer
type: <string>
presence: optional
content: The preferred domain server.
- key: ADDomainAdminGroupListFlag
title: ADDomainAdminGroupListFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADDomainAdminGroupList' key.
- key: ADDomainAdminGroupList
title: ADDomainAdminGroupList
type: <array>
presence: optional
content: The list of Active Directory groups with admin access.
subkeys:
- key: ADDomainAdminGroupListItem
type: <string>
- key: ADNamespaceFlag
title: ADNamespaceFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADNamespace' key.
- key: ADNamespace
title: ADNamespace
type: <string>
presence: optional
content: The primary user account naming convention; either 'forest' or 'domain'.
- key: ADPacketSignFlag
title: ADPacketSignFlag
supportedOS:
macOS:
introduced: '10.8'
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADPacketSign' key.
- key: ADPacketSign
title: ADPacketSign
type: <string>
presence: optional
content: The packet signing policy.
- key: ADPacketEncryptFlag
title: ADPacketEncryptFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADPacketEncrypt' key.
- key: ADPacketEncrypt
title: ADPacketEncrypt
type: <string>
presence: optional
content: The packet encryption policy.
- key: ADRestrictDDNSFlag
title: ADRestrictDDNSFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADRestrictDDNS' key.
- key: ADRestrictDDNS
title: ADRestrictDDNS
supportedOS:
macOS:
introduced: '10.8'
type: <array>
presence: optional
content: An array of strings that represent the interfaces allowed for dynamic DNS
updates, such as en0 and en1.
subkeys:
- key: ADRestrictDDNSItem
type: <string>
- key: ADTrustChangePassIntervalDaysFlag
title: ADTrustChangePassIntervalDaysFlag
type: <boolean>
presence: optional
default: false
content: If 'true', the system enables the 'ADTrustChangePassIntervalDays 'key.
- key: ADTrustChangePassIntervalDays
title: ADTrustChangePassIntervalDays
type: <integer>
presence: optional
content: The number of days before requiring a change of the computer trust account
password. Set to '0' to disable the feature.
Reference in New Issue View Git Blame Copy Permalink