Intro to accounts in macOS Server
User accounts on your server let users gain access to services provided by the server. A user account contains the information needed to prove the user’s identity for services that require authentication. A user account also provides a centralized place to store a user’s contact information and other data.
You can add user accounts in the Users pane of the Server app by:
Importing existing accounts, if your organization has a network account server (also known as a directory server) that your server is connected to
Importing from a file
You can import user accounts individually. You can also automatically import all user accounts that are members of a group.
The Users pane of the Server app lists local user accounts (including user accounts created in System Preferences), network accounts stored in your server’s network account server, and imported user accounts.
Local user accounts
Users with administrator privileges on their Mac computers can create local user accounts using the Users & Groups pane of System Preferences. These local user accounts are stored on the user’s computer. Local user accounts have home folders on the computer and can be used to log in to the computer. Users can’t use their computers’ local user accounts to access the server over the network. Users can use the server’s local user accounts to access the server over the network.
Like users’ Mac computers, your server has local accounts in addition to server accounts. Your server’s local accounts can be used to log in to the server, and a local account with administrator privileges can be used to administer the server. For information about administrator privileges, see About administrator accounts in macOS Server.
Network accounts are stored in your server’s network account server or in a connected network account server. You can use the Server app to enable a network account server on your server. If you don’t enable the network account server, then all accounts you create on the server are stored in the server’s local directory.
There are a few reasons to host network accounts on your server:
Your organization has a network account server, also known as a directory server, and you want people to use their existing network accounts with your server. Your server must be a network account server to import users from an existing network account server.
You plan to have multiple servers and want each user to have one network account that works with all your servers.
You want to use Profile Manager to manage supported Apple devices.
Types of user accounts compared
Your server can have its own network accounts or use accounts from an existing network server. You can also import accounts, which stores a synced copy of the network account from another network server on your network server.
Here’s a comparison of the types of accounts:
Network accounts on your server
Network accounts from an existing network server
Where the account is stored
Local network server
Another network server
Who creates this
You (a server administrator), using System Preferences or the Server app
You (a server administrator), using the Server app
The network account server’s administrator
Membership in network groups
System Preferences support
Allows editing (including changing the password), local group membership
Can change password
Can change password