The dsconfigad -show command in the macOS Terminal is used to display the current settings of the Active Directory (AD) binding of a macOS system.
dsconfigad -show
Active Directory is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. In a network, a directory service like Active Directory provides a way to manage, organize and provide access to resources.
If your macOS system is bound to an Active Directory domain, you can use dsconfigad -show to view information like:
-
The domain to which your macOS system is bound.
The computer ID (essentially the name of your macOS system as known by Active Directory).
How your macOS system handles Active Directory groups and users.
Any advanced options that are set, like packet signing and encryption.
Please note that using the dsconfigad -show command, or any dsconfigad command, typically requires administrator-level access to the macOS system, as these commands can significantly affect how the system works and interacts with other systems.
Force unbind, Provide Credentials Explicitly. If you’re not prompted for credentials or if you suspect credential issues, you can explicitly provide a username and password with the dsconfigad command. Use an account that has permissions to unbind the machine from the domain. Replace adminusername and adminpassword with your actual admin credentials for the Active Directory.
sudo dsconfigad -remove -force -u adminusername -p adminpassword
Review Directory Services Logs
log show --predicate 'process == "opendirectoryd"' --info
Check time server, Active Directory is sensitive to time discrepancies. Ensure that your Mac’s time is synchronized with the AD domain controller. You can check the time on your Mac and compare it with the network time or the time on the domain controller.
systemsetup -getnetworktimeserver
