Add a user to the admin group via command line 3.0
One of the more visited articles on this site is several years old – this one on adding a user to the local admin group.
I thought I should update that information since it is somewhat out of date. Apple’s preferred and recommended way to add a user to the local admin group is to use
dseditgroup, like so:
/usr/sbin/dseditgroup -o edit -a gneagle -t user admin
This -a(dds) “gneagle”, which is an object of -t(ype) “user”, to the group “admin”.
To delete a user from the local admin group:
/usr/sbin/dseditgroup -o edit -d gneagle -t user admin
You can also use
dseditgroup on a network directory service if you have admin credentials for the directory server:
dseditgroup -o edit -n /LDAPv3/ldap.company.com -u dsadminusername -p -a gneagle -t user group_on_network_directory
This will prompt you for the dsadminusername’s password interactively. You can include the dsadminuser’s password like so:
dseditgroup -o edit -n /LDAPv3/ldap.company.com -u dsadminusername -P dsadminuserpassword -a gneagle -t user group_on_network_directory
dseditgroup can do many other things, like create and delete groups, add nested groups to an existing group, and check membership of a given user for a given group.
Explore posts in the same categories: DirectoryService, OS X
man dseditgroup for more info.