Map the group ID, Primary GID, and UID to an Active Directory attribute in Directory Utility on Mac
On a computer that’s configured to use Directory Utility’s Active Directory connector, you can specify an Active Directory attribute to map to the group ID (GID), primary group ID (GID), and unique user ID (UID) attribute in macOS.
Usually, the Active Directory schema must be extended to include an attribute that’s suitable for mapping to the GID, primary GID, and UID:
If the Active Directory administrator extends the Active Directory schema by installing Microsoft’s Services for UNIX, you can map the following:
GID to the msSFU-30-Gid-Number attribute
Primary GID to the msSFU-30-Gid-Number attribute
UID to the msSFU-30-Uid-Number attribute
If the Active Directory administrator manually extends the Active Directory schema to include RFC 2307 attributes, you can map the following:
GID to the gidNumber attribute
Primary GID to the gidNumber attribute
UID to the uidNumber attribute
If the Active Directory administrator manually extends the Active Directory schema to include the macOS gidNumber, PrimaryGroupID, and UniqueID attributes, you can map the following:
GID to the gidNumber attribute
Primary GID to the PrimaryGroupID attribute
UID to the UniqueID attribute
If mapping of the GID, primary GID, and UID is disabled, the Active Directory connector generates a GID, primary GID, and UID based on Active Directory’s standard GUID attribute.
Important: With the advanced options of the Active Directory connector, you can map the macOS unique user ID (UID), primary group ID (GID), and group GID attributes to the correct attributes in the Active Directory schema. However, if you change these settings later, users might lose access to previously created files.
In the Directory Utility app
on your Mac, click Services.Click the lock icon.
Enter an administrator’s user name and password, then click Modify Configuration (or use Touch ID).
Select Active Directory, then click the “Edit settings for the selected service” button
.If the advanced options are hidden, click the disclosure triangle next to Show Options.
Click Mappings.
To map an Active Directory attribute to the GID in group accounts, select “Map group GID to attribute,” then enter the name of the Active Directory attribute.
To map an Active Directory attribute to the primary group ID in user accounts, select “Map user GID to attribute,” then enter the name of the Active Directory attribute.
To map an Active Directory attribute to the UID, select “Map UID to attribute,” then enter the name of the Active Directory attribute.
Click OK.