Most of our Macs are bound to AD now. One common task I have to do is to enable an AD user to manage the computer. You can do it through the GUI, but the user has to log on first and create an mobile account on the computer. I found that you can do it through a command line, so the user will not have to log on to the machine first. This command is dseditgroup and here is an example.
dseditgroup -o edit -n /Local/Default -u your_admin_account -p -a user_ad_account -t user admin
When you enter the command, it asks for the password of your admin account. Enter your password and press enter. The next time the user logs on, your user’s AD account will be the administrator. 
This post may contain affiliated links. When you click on the link and purchase a product, we receive a small commision to keep us running. Thanks.
Leave a Reply