Most of our Macs are bound to AD now. One common task I have to do is to enable an AD user to manage the computer. You can do it through the GUI, but the user has to log on first and create an mobile account on the computer. I found that you can do it through a command line, so the user will not have to log on to the machine first. This command is dseditgroup and here is an example.
If you’re thinking about purchasing a new GPU, we’d greatly appreciate it if you used our Amazon Associate links. The price you pay will be exactly the same, but Amazon provides us with a small commission for each purchase. It’s a simple way to support our site and helps us keep creating useful content for you. Recommended GPUs: RTX 5090, RTX 5080, and RTX 5070. #ad
dseditgroup -o edit -n /Local/Default -u your_admin_account -p -a user_ad_account -t user admin
When you enter the command, it asks for the password of your admin account. Enter your password and press enter. The next time the user logs on, your user’s AD account will be the administrator. 
Leave a Reply