Category Filter

Script to Create New Users on Mac

If a user on Mac has the admin role, they can create a new user easily from System Preferences > Users & Groups. But, when a device admin managing a large number of macOS endpoints desires to create a new account this way, it becomes a tedious process to do it manually on each endpoint. For such scenarios, you can use the script below to create new users in batch on Mac.

Device admins can remotely run scripts on Macs managed with Hexnode using the Execute Custom Script action.

Scripting Language – Bash

File extension – .sh

Disclaimer:


The Sample Scripts provided below are adapted from third-party Open-Source sites.

Create a new user

Note:

In Bash, before inserting space while defining file or folder names, we use a backslash \ to separate the characters. This will prevent the shell interpreter from interpreting the space as a separator and assuming they were two different arguments. Hence, we write New user as New\ user in the above code.

dscl is a command line utility for operating on Directory Service directory nodes. Along with dscl, the create command can be used to create a record in a specified directory.

The . command is an alias for the read command and points to the local directory in the above code.

The passwd command can be used to add a password or replace the old password of a user with a new one.

The append command is used to append or create a property (the user in this case) in a given record (the group membership record in this case).

When you add the Unique ID and Primary Group ID, note the following points –

  • The UniqueID for a user must be unique to the user. 501 is the UniqueID assigned to the first account on the system.
  • You can set PrimaryGroupID to 80 to add to the Admin group directly. Or set the PrimaryGroupID to 20 to add to the Standard user group.

If your system is FileVault encrypted, only FileVault enabled users will show up on the initial login screen after reboot. To add a user to the login screen, the user will have to be manually enabled by the device administrator to unlock the disk from System Preferences > Security & Privacy > FileVault > Enable Users.

You can also run the below script to do the same –

sudo fdesetup add -usertoadd New\ user

Notes:

  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.