If a user on Mac has the admin role, they can create a new user easily from System Preferences > Users & Groups. But, when a device admin managing a large number of macOS endpoints desires to create a new account this way, it becomes a tedious process to do it manually on each endpoint. For such scenarios, you can use the script below to create new users in batch on Mac.
Device admins can remotely run scripts on Macs managed with Hexnode using the Execute Custom Script action.
Scripting Language – Bash
File extension – .sh
The Sample Scripts provided below are adapted from third-party Open-Source sites.
Create a new user
Script to create a new user
# Create a new user with the username New user
sudo dscl . -create /Users/New\ user
# Add the display name of the User as John Doe
sudo dscl . -create /Users/New\ user RealName “John Doe”
# Replace password_here with your desired password to set the password for this user
sudo dscl . -passwd /Users/New\ user password_here
# (Optional)Add a password hint
sudo dscl . -create /Users/New\ user hint “Password Hint”
# (Optional)Add a profile picture
sudo dscl . -create /Users/New\ user picture “/path to picture.png”
# Set the Unique ID for New user. Replace with a number that is not already taken.
sudo dscl . -create /Users/New\ user UniqueID # Set the group ID for the user
sudo dscl . -create /Users/New\ user PrimaryGroupID 20
# Set the shell interpreter to Bash for New\ user
sudo dscl . -create /Users/New\ user UserShell /bin/bash
# Create a Home folder for the user
sudo dscl . -create /Users/New\ user NFSHomeDirectory /Local/Users/New\ user
# Append the User with admin privilege. If this line is not included the user will be set as standard user.
sudo dscl . -append /Groups/admin GroupMembership New\ user
Note:In Bash, before inserting space while defining file or folder names, we use a backslash \ to separate the characters. This will prevent the shell interpreter from interpreting the space as a separator and assuming they were two different arguments. Hence, we write New user as New\ user in the above code.
dscl is a command line utility for operating on Directory Service directory nodes. Along with dscl, the create command can be used to create a record in a specified directory.
The . command is an alias for the read command and points to the local directory in the above code.
The passwd command can be used to add a password or replace the old password of a user with a new one.
The append command is used to append or create a property (the user in this case) in a given record (the group membership record in this case).
When you add the Unique ID and Primary Group ID, note the following points –
* The UniqueID for a user must be unique to the user. 501 is the UniqueID assigned to the first account on the system.
* You can set PrimaryGroupID to 80 to add to the Admin group directly. Or set the PrimaryGroupID to 20 to add to the Standard user group.
If your system is FileVault encrypted, only FileVault enabled users will show up on the initial login screen after reboot. To add a user to the login screen, the user will have to be manually enabled by the device administrator to unlock the disk from System Preferences > Security & Privacy > FileVault > Enable Users.
You can also run the below script to do the same –
sudo fdesetup add -usertoadd New\ user
Notes: * It is recommended to manually validate the script execution on a system before executing the action in bulk.
* Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.