Information about cached domain credentials in macOS


When you have a laptop computer, you want to be able to use the same sign-in credentials when you are in the office as when you are on the road. With a Windows-based laptop, this is accomplished by cached credentials. The cached credentials on a Windows computer are automatically created the first time you sign in. A network administrator can disable this, but it is enabled by default.

On a Mac that signs in using eRaider credentials, you can get similar functionality by enabling the option "Create mobile account at login" in the Directory Utility that you use to configure Active Directory (AD) connectivity for the Mac. This setting is recommended for computers that you join to the domain, but it may not be enabled by default. When this option is enabled, a local mobile account is created the first time the user signs in by using their eRaider username and password.

NOTE: You must be connected to the TTUnet network when signing in for the first time.

The "Create mobile account at login" option may be overlooked, and a user may have already signed in. In such a case, you can still create the mobile account by using createmobileaccount. It is located in /System/Library/CoreServices/ Instructions are located below.

The following command requires root privileges. Substitute jdoe with the eRaider username of the account to create on the Mac.

sudo ./createmobileaccount -n jdoe

If you are signed in as the root user, you can use the following command:

./createmobileaccount -n jdoe

By not specifying a password in the command, the account's cached password will be created when the user first signs in.

For more information about the createmobileaccount command, use the following command:

sudo ./createmobileaccount

If you are signed in as the root user, you can use the following command: