Yesterday, I looked at one of the gems tucked away in the /System/Library/CoreServices/Applications folder, Wireless Diagnostics. This article is about another powerhouse which can also do huge damage to your Mac’s configuration: Directory Utility. But before looking at that, I start with a short word about a related feature, Advanced Options for user accounts. As with the rest of this article, please don’t try little experiments with these features to see what they do, or you could regret it.

Advanced Options for user accounts is a dialog which is deliberately hidden away. To access it, open the Users & Groups pane, click on the padlock icon and authenticate, then Control-click on a user account in the list at the left. You’ll see a menu pop up with the option Advanced Options…. Select that.

At the top of the dialog, read and mark Apple’s words very carefully. Changing these settings is almost certain to break something in that account, and if you’re unlucky, you’ll end up having to erase your startup volumes and install everything from scratch. If you do make any changes here, particularly to the primary admin account, when your Mac next starts up it will have changed, almost certainly for the worse.

Changing the User ID is really bad news, as permissions throughout your storage depend on that, rather than your user name, for recognising you. Change it to 502, for example, and every file and folder of which you are the current owner, as user 501, will belong to someone else who no longer exists.

Changing the Group, Account name, or Full name have similar pervasively dangerous effects.

The one thing in this dialog which you may find useful is the ability to change your Login shell, provided that you know how to use the shell which you select. At worst, you might get out of your depth in Terminal and have to change this back.

Changing the Home directory is another option with serious consequences. Remember that this doesn’t just alter where your documents, music, etc., are kept, but also your Library containing all your app support files and their preferences.

The next item, UUID, can no longer be changed here. Some years ago, rumours spread that the UUID for the primary admin account contains, somehow, personal information about you which Apple uses to track your activity. Those spreading the rumours produced no evidence that this generated UID contains such embedded information, and Apple doesn’t disclose how it is created. As a result of the damage which was caused by these rumours, Apple disabled changing the UUID here.

Having resisted the temptation to change anything, it’s time to switch to Directory Utility, which could once be opened from Users & Groups, but that facility appears to have been removed.

This offers three tabs:

• Services, which lets you select between different directory services,
• Search Policy, which determines search policies, and
• Directory Editor, which lets you view and change settings for individual users, and so on.

To ensure that your access is safe, and can’t change anything by accident, don’t authenticate to this app, but browse different sections in its Directory Editor. For example, view Users using the popup menu at the left, and in the list of users below that, select yourself. Here you’ll see the information in the Advanced Options dialog and more. Here, once you have authenticated, you can do suicidal things such as change your GeneratedUID.

In addition to working with entries in Open Directory, and giving access to other directory services, Directory Utility has one other important function: enabling the root user, and changing its password. That’s now largely of historical interest; in the dim and distant past, it was a well-used and abused feature. If you need to access external directory services by connecting to an Open Directory, Active Directory or LDAP server, Directory Utility’s Help book provides details.