---
title: DirectoryService
framework: devicemanagement
role: symbol
role_heading: Device Management Profile
path: devicemanagement/directoryservice
---

# DirectoryService

The payload that configures an Active Directory (AD) domain.

## Declaration

```data
object DirectoryService
```

## Properties

ADAllowMultiDomainAuth: If true, the system allows authentication from any domain in the namespace. ADAllowMultiDomainAuthFlag: If true, the system enables the ADAllowMultiDomainAuth key. Available: macOS 10.9+ ADCreateMobileAccountAtLogin: If true, the system creates a mobile account at login. ADCreateMobileAccountAtLoginFlag: If true, the system enables the ADCreateMobileAccountAtLogin key. Available: macOS 10.9+ ADDefaultUserShell: The default user shell. ADDefaultUserShellFlag: If true, the system enables the ADDefaultUserShell key. ADDomainAdminGroupList: The list of Active Directory groups with admin access. ADDomainAdminGroupListFlag: If true, the system enables the ADDomainAdminGroupList key. ADForceHomeLocal: If true, the system forces a local home directory. ADForceHomeLocalFlag: If true, the system enables the ADForceHomeLocal key. Available: macOS 10.9+ ADMapGGIDAttribute: The map group GID to attribute. ADMapGGIDAttributeFlag: If true, the system enables the ADMapGGIDAttributeFlag key. ADMapGIDAttribute: The map GID to attribute. ADMapGIDAttributeFlag: If true, the system enables the ADMapGIDAttribute key. ADMapUIDAttribute: The map UID to attribute. ADMapUIDAttributeFlag: If true, the system enables the ADMapUIDAttribute key. ADMountStyle: The network home protocol to use: afp or smb. ADNamespace: The primary user account naming convention; either forest or domain. ADNamespaceFlag: If true, the system enables the ADNamespace key. ADOrganizationalUnit: The organizational unit to add the joining computer object to. ADPacketEncrypt: The packet encryption policy. ADPacketEncryptFlag: If true, the system enables the ADPacketEncrypt key. ADPacketSign: The packet signing policy. ADPacketSignFlag: If true, the system enables the ADPacketSign key. ADPreferredDCServer: The preferred domain server. ADPreferredDCServerFlag: If true, the system enables the ADPreferredDCServer key. ADRestrictDDNS: An array of strings that represent the interfaces allowed for dynamic DNS updates, such as en0 and en1. ADRestrictDDNSFlag: If true, the system enables the ADRestrictDDNS key. ADTrustChangePassIntervalDays: The number of days before requiring a change of the computer trust account password. Set to 0 to disable the feature. ADTrustChangePassIntervalDaysFlag: If true, the system enables the ADTrustChangePassIntervalDays key. ADUseWindowsUNCPath: If true, the system uses the UNC path from Active Directory to derive the network home location. ADUseWindowsUNCPathFlag: If true, the system enables the ADUseWindowsUNCPath key. Available: macOS 10.9+ ADWarnUserBeforeCreatingMA: If true, the system enables the warning before creating the mobile account. ADWarnUserBeforeCreatingMAFlag: If true, the system enables the ADWarnUserBeforeCreatingMA key. Available: macOS 10.9+ ClientID: The client’s identifier. Description: The directory service description. HostName: The Active Directory domain to join. Password: The password of the account for the domain. UserName: The user name of the account for the domain.

## Discussion

Discussion Specify com.apple.DirectoryService.managed as the payload type. Profile availability  |   |   |   |   |   |   |   |  Profile example <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>PayloadContent</key>     <array>         <dict>             <key>HostName</key>             <string>host.example.com</string>             <key>Password</key>             <string>Password123</string>             <key>UserName</key>             <string>bind</string>             <key>PayloadIdentifier</key>             <string>com.example.mydspayload</string>             <key>PayloadType</key>             <string>com.apple.DirectoryService.managed</string>             <key>PayloadUUID</key>             <string>bb657e20-60b9-4c47-8730-51803ddf69e7</string>             <key>PayloadVersion</key>             <integer>1</integer>         </dict>     </array>     <key>PayloadDisplayName</key>     <string>Active Directory</string>     <key>PayloadIdentifier</key>     <string>com.example.myprofile</string>     <key>PayloadType</key>     <string>Configuration</string>     <key>PayloadUUID</key>     <string>079b6bc3-4356-4d80-89b4-a4b8a82eb739</string>     <key>PayloadVersion</key>     <integer>1</integer> </dict> </plist>

## See Also

### Authentication

- [ExtensibleSingleSignOn](devicemanagement/extensiblesinglesignon.md)
- [ExtensibleSingleSignOnKerberos](devicemanagement/extensiblesinglesignonkerberos.md)
- [Identification](devicemanagement/identification.md)
- [IdentityPreference](devicemanagement/identitypreference.md)
- [SingleSignOn](devicemanagement/singlesignon.md)