Modifying the Mac UID and GID to match AD

To change the existing UID and GID to match the values in Active Directory depends on whether you have a local home directory, a network home directory, or a mobile home directory.

To change the existing UID and GID if you have a local home or network home directory:

  1. Log in to the Mac computer as a local administrator.
  2. Open Applications > Directory Utility > Services. Double-click Active Directory, then click Unbind. Enter your administrator name and password if necessary.
  3. Use the ADJoin tool (either the GUI or the command-line version) to connect to an Active Directory domain.
  4. Open a terminal session and type the following:
    id userName

    Note the primary group. For example:

    id cain
    
    ...
    
    gid=10000(support)
    
    
  5. Type:
    chown -R userName:primaryGroupName /Users/userName

    For example, for a local home directory:

    chown -R cain:support /Users/cain

    For example, for a network home directory:

    chown -R cain:support /SMB/Users/cain

To change the existing UID and GID if you have a mobile home directory:

  1. Be certain the local home directory is synchronized with the network home directory.
  2. Log in to the Mac computer as a local administrator.
  3. Open Applications > Directory Utility > Services. Double-click Active Directory, then click Unbind. Enter your administrator name and password if necessary.
  4. Use the ADJoin tool (either the GUI or the command-line version) to connect to an Active Directory domain.
  5. Open a terminal session and type the following Directory Service command to delete the cached local user:
    dscl . -delete /Users/userName

    For example:

    dscl . -delete /Users/cain
  6. Then type the following commands to remove the home directory so that it syncs again from the network and remove the local copy of mcx so you are prompted to create a mobile account:

    rm -rf /Users/userName

    rm -rf /Library/Managed\ Preferences/userName
  7. On the Windows Active Directory computer, set the User Configuration > Policies > Centrify Settings > Macintosh Settings > Mobility Synchronization Settings group policies.

    Note:   Mobile home directory synchronization is no longer supported since macOS 10.12.