Using common account management commands

Most UNIX-based platforms store account information in the local /etc/passwd file, and use commands such as getent command to query that information. On Mac computers, however, you would typically use the Directory Service application to manage local accounts and retrieve user information. For troubleshooting purposes, therefore, you should be familiar with the commands to use for retrieving information about Active Directory users and groups.

The following table describes several common Directory Service Command Line (dscl) commands that you may find useful.

Use this command To do this

dscl /Search –list /Users

List all of the users in the Directory Service and in Active Directory for the zone.

dscl /CentrifyDC –list /Users

List only the Active Directory users enabled for the zone.

dscl /CentrifyDC –read /Users/username

Display detailed information about the specified Active Directory username.

dscl /Search –list /Groups

List all of the groups in the Directory Service and in Active Directory for the zone.

dscl /CentrifyDC –list /Groups

List only the Active Directory groups enabled for the zone.

dscl /CentrifyDC –read /Groups/groupname

Display detailed information about the specified Active Directory groupname.

To get detailed information for all users or groups recognized on the Mac computer, you can use the following commands:

lookupd –q user –a name
lookupd –q group –a name

To get detailed information for a specific user or group, you can use the following commands:

lookupd –q user –a name username
lookupd –q group –a name groupname

To clear the Directory Service cache, you can use the following command:

lookupd -flushcache

To completely clear the cache of Active Directory login credentials, you should also run the adflush command:

adflush

To retrieve Mac OS version and build information that uname -a does not provide, you can run the following command:

/usr/bin/sw_vers