View Other Properties

Contents

View Other Properties

How to List Active Directory Options Across All Macs

Using Kolide, you can easily view and query Mac Active Directory Options across your fleet.

Introduction

Macs that are managed by organizations can be connected to a user directory service called Active Directory (AD). Once a Mac is connected (known as "binding") authorized users listed in the directory can sign in to the Mac with their credentials and access shared resources on protected networks.

You can learn more about Active Directory support on macOS in Apple's Directory Utility User Guide

Macs that are bound to an Active Directory domain will save their configuration locally. An Active Directory Option is a single setting in that greater configuration. Macs that are bound to Active Directory will save many options and Macs that are not bound to Active Directory will not have any.

What Mac Active Directory Option Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to efficiently collect Mac Active Directory Options from Macs in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide meticulously documents every piece of data returned so you can understand the results.

Mac Active Directory Options Schema

Column Type Description
id Primary Key

Unique identifier for the object

device_id Foreign Key

Device associated with the entry

device_name Text

Display name of the device associated with the entry

domain Text

Active Directory trust domain

name Text

Absolute and full Name.app path

option Text

Canonical name of option

value Text

Variable typed option value

collected_at Timestamp

Time the row of data was first collected in the database

updated_at Timestamp

Time the row of data was last changed in the database

What Can You Do With This Information?

Kolide enables you to write your own queries against the data the agent collects. This allows you to build your own reports and API endpoints. For example, you can:

Review the various Active Directory forests to which Macs are bound
Kolide SQL
WITH
ad_forests AS (
SELECT 
  device_id, 
  MAX(CASE WHEN option = 'forest' THEN value END) AS ad_forest 
FROM mac_active_directory_options
GROUP BY device_id
),
ad_forests_count AS (
SELECT
  ad_forest,
  COUNT(ad_forest) AS devices_in_forest
FROM ad_forests
GROUP BY ad_forest
ORDER BY devices_in_forest DESC
),
assemble_data AS (
SELECT adfc.*,
(SELECT COUNT(d.*) FILTER (WHERE d.type = 'Mac') FROM devices d) AS count_macs
FROM
ad_forests_count adfc
)
SELECT ROUND((100.0 * devices_in_forest) / (100.0 * count_macs)*100.0) AS membership_percentage,
ad_forest, devices_in_forest, count_macs
FROM assemble_data;
Example Results
ad_forest total_macs devices_in_forest membership_percentage
acme.headquarters.com 38 8 21.0
poldomain.com 38 1 3.0
lievschreib.com 38 1 3.0
kreuner.clap.com 38 1 3.0
collab.matchbook.com 38 1 3.0

Why Should I Collect Mac Active Directory Options?

Even when organization's do not use Active Directory, collecting this data is still useful. For example if a organization-owned Mac is bound to an Active Directory domain unfamiliar to the organization, this could be an indicator the Mac may have been compromised.

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

When you use Kolide to list Mac Active Directory Option data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed directly by employees.

Share this story:

Related Device Properties:

New
Windows Programs
software
New
Windows Update Settings
updates, operating-system, security
New
Windows Pending Updates
updates, operating-system, security
View full list of Kolide's Device Properties
Book A Demo
Book A Demo