Using common account management commands
Most UNIX-based platforms store account information in the local /etc/passwd
file, and use commands such as getent
command to query that information. On Mac computers, however, you would typically use the Directory Service application to manage local accounts and retrieve user information. For troubleshooting purposes, therefore, you should be familiar with the commands to use for retrieving information about Active Directory users and groups.
The following table describes several common Directory Service Command Line (dscl
) commands that you may find useful.
Use this command | To do this |
dscl /Search –list /Users |
List all of the users in the Directory Service and in Active Directory for the zone. |
dscl /CentrifyDC –list /Users |
List only the Active Directory users enabled for the zone. |
dscl /CentrifyDC –read /Users/username |
Display detailed information about the specified Active Directory username. |
dscl /Search –list /Groups |
List all of the groups in the Directory Service and in Active Directory for the zone. |
dscl /CentrifyDC –list /Groups |
List only the Active Directory groups enabled for the zone. |
dscl /CentrifyDC –read /Groups/groupname |
Display detailed information about the specified Active Directory groupname. |
To get detailed information for all users or groups recognized on the Mac computer, you can use the following commands:
lookupd –q user –a name
lookupd –q group –a name
To get detailed information for a specific user or group, you can use the following commands:
lookupd –q user –a name username
lookupd –q group –a name groupname
To clear the Directory Service cache, you can use the following command:
lookupd -flushcache
To completely clear the cache of Active Directory login credentials, you should also run the adflush
command:
adflush
To retrieve Mac OS version and build information that uname -a
does not provide, you can run the following command:
/usr/bin/sw_vers