Active directory account doesn't have full access

Still having this issue.

Additonal notes:

I noticed that sometimes when I try to copy an application to the Applications folder I must use my local user account (dustinschreiber) to be allowed to do it. Sometimes I am able to use my domain account (haven't pinpointed exactly what conditions make my domain account work)

Is anyone else having similar problems or know why my system is doing this?

Hi,

I ran this command as my domain account and here are the results:

Last login: Sat Jul 6 11:25:24 on ttys000

app1egenius-mbp:~ dustin$ dscl . read /Groups/admin

AppleMetaNodeLocation: /Local/Default

GeneratedUID: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050

GroupMembers: FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000 0D4EB3FE-E490-4173-94A8-D8860C898F5F

GroupMembership: root dustinschreiber

NestedGroups: 2E1E9ABB-4A70-426F-BC39-B67DF3224057 C19A5597-CF63-4B09-85DC-C6FDE5589E87

Password: *

PrimaryGroupID: 80

RealName: Administrators

RecordName: admin BUILTIN\Administrators

RecordType: dsRecTypeStandard:Groups

SMBSID: S-1-5-32-544

app1egenius-mbp:~ dustin$

I've never ran these commands (first time woring with OS X and Active Directory)

How would I use dseditgroup?

Thanks again 🙂

Sorry I'm just getting to this now. Work has been busy. I tried the command and it said Username and password must be provided?

I tried this:

dustin$ dseditgroup -o edit -u dustin -p [REDACTED] -a dustin -t user admin

Please enter user password:

Group not found.

dustin$ dseditgroup -o edit -n /Local/Default -u dustin -p [REDACTED] -a dustin -t user admin

Please enter user password:

Group not found.

Same error.

Do I need to do it like this?

dustin$ dseditgroup -o edit -n /Local/Default -u dustin -p [REDACTED] -a dustin -t user -L admin

dustin$ dseditgroup

...

Usage: dseditgroup [-pqv] -o edit [-n nodename] [-u username] [-P password]

[-r realname] [-c comment] [-s ttl] [-k keyword] [-i gid]

[-g uuid] [-S sid] [-a addmember] [-d deletemember]

[-t membertype] [-T grouptype] [-L] groupname

I don't have an open directory server. (Well from my understanding theres the local Open Directory server) I have Active Directory and my Active Directory administrator user is "dustin" which is the user on my macbook that should be an administrator as well. My mac's non network admin user is "dustinschreiber". I want my network user "dustin" to be have the same rights on my macbook as the macs local admin.

dseditgroup -n /Local/Default -u dustinschreiber -o edit -a dustin -t user admin

Please enter user password:

app1egenius-mbp:~ dustin$

I did the above and I think it worked just not sure.

dustin$ dscl . read /Groups/admin GroupMembership

GroupMembership: root dustinschreiber dustin

Looks right, will try logging out and back in and try to install something and see what happens.

And my bad. I'm visually impaired and was properly tired when I posted 😝

Thanks for your help though. I think the command you gave me (dseditgroup -n /Local/Default -u diradmin -o edit -a somebody -t user admin) did work though.