I joined a Mac machine to our AD so that users can use their AD credentials to use the Mac. One problem is that when users logon using their AD credentials, they cannot access some of the local folders. The folders all have staff group read/write permissions set and they are good for local users. By default, the AD users are not in the staff group, so they cannot access the folders.
To add the AD users to staff group, you can use the dseditgroup command to do so. Open up a Terminal and enter the following command.
dseditgroup -o edit -n /Local/Default -u local_admin_account -p -a 'AD_DOMAIN_NAME\AD_GROUP' -t group staff
Reboot the machine and the AD users in that group should be in staff group now.
This post may contain affiliated links. When you click on the link and purchase a product, we receive a small commision to keep us running. Thanks.