Directory Service MDM payload settings for Apple devices
You can configure Directory Service settings for users of a Mac enrolled in a mobile device management (MDM) solution. Use the Directory Service payload to add directory servers to a user’s Mac.
The directory server must be available to the Mac when the profile is installed, or installation fails. To add LDAP servers for iPhone and iPad devices, use the LDAP payload.
The Directory Service payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.DirectoryService.managed
Supported operating systems and channels: macOS device.
Supported enrollment methods: User Enrollment, Device Enrollment, Automated Device Enrollment.
Duplicates allowed: True—more than one Directory Service payload can be delivered to a device.
You can use the settings in the table below with the Directory Service payload.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Directory type | You can choose from LDAP or Active Directory. | Yes | |||||||||
Hostname | The IP address or fully qualified domain name (FQDN) of the server. | Yes | |||||||||
User name and password | The user name and password are optional for LDAP connections and required for Active Directory connections. | Varies | |||||||||
Client ID | The directory server client ID. | No | |||||||||
For information about using an Active Directory payload, see the Directory Utility User Guide. To add advanced Active Directory options, see Active Directory payload options.
Note: Each MDM vendor implements these settings differently. To learn how various Directory Service settings are applied to your devices, consult your MDM vendor’s documentation.