Specifications
114 Chapter 8 Managing User and Group Accounts
6 Quit dscl by entering:
> quit
To find the GUID of the administrator user admin on the local host:
$ dscl localhost
> cd /LDAPv3/127.0.0.1/Users
> read admin GeneratedUID
Removing a User from a Group
You can remove users from a group by using the dscl tool.
To remove a user from a group:
1 Start the dscl tool in interactive mode, specifying the computer you are using as the
source of directory service data:
$ dscl localhost
>
2 Change the current folder to /LDAPv3/ipaddress/Groups by entering the path at the
prompt:
> cd /LDAPv3/
ipaddress
/Groups
Replace
ipaddress
with the IP address of your directory server.
3 Authenticate as an administrator by entering the following command, replacing
adminusername with your administrator user name, and entering your administrator
password when prompted:
> auth
adminusername
4 View the current members of the group by entering the following (replacing
officegroup with the group account’s short name):
> read
officegroup
dscl displays the settings for the group account, similar to the following output, where
the group named officegroup has users mchen, ajohnson, and bmiller as members:
dsAttrTypeNative:apple-generateduid:4B3A5678-E9C1-2EC3-4567-891D234E5678
dsAttrTypeNative:cn: officegroup
dsAttrTypeNative:gidNumber: 600
dsAttrTypeNative:MemberUid: mchen ajohnson bmiller
dsAttrTypeNative:objectClass: posixGroup apple-group extensibleObject top
AppleMetaNodeLocation: /LDAPv3/ipaddress
GeneratedUID:4B3A5678-E9C1-2EC3-4567-891D234E5678
GroupMembers:2B3A4567-E8C9-9EC2-3456-789D123E4567 1B2A3456-E7C8-9EC1-2345-
678D912E3456 8B9A1234-E5C6-7EC8-9123-456D78E9123
GroupMembership: mchen ajohnson bmiller
Member: mchen ajohnson bmiller
PasswordPlus:********
PrimaryGroupID: 600
RecordName: officegroup
RecordType: dsRecTypeStandard:Groups