Changing the Active Directory Groups That Can Administer the Computer


Using Directory Access, you can grant administrator privileges to groups of user accounts accessed by the Active Directory plug-in. These Active Directory user accounts can be used to perform administrative tasks such as installing software on the Mac OS X computer that you are configuring.

  1. In Directory Access, click Services.
  2. If the lock icon is locked, click it and type the name and password of an administrator.
  3. Select Active Directory in the list of services, then click Configure.
  4. If the advanced options are hidden, click Show Advanced Options.
  5. Select "Allow administration by" and enter the names of groups.

    Use commas to separate group names. For security, group names must be qualified by the domain name they are from (for example, ADS\Domain Admins,IL2\Domain Admins).