Re-Enable a Disabled Mac User Account 

When you remove access to a Mac from a user in JumpCloud, the user account is disabled, not deleted.

The user’s files and data are preserved, but disabled users will not appear on:

• The macOS login screen

• System Settings → Users & Groups

This guide explains how to verify whether a Mac user is disabled and how to re-enable them.

1. Verifying User Status

List all non-system users

dscl . -list /Users | grep -Ev "^_|com\..*|root|nobody|daemon|\/"

Switch to root

sudo -i

Check whether a specific user is disabled

Replace USERNAME with the actual username:

dscl . -read /Users/USERNAME AuthenticationAuthority | grep DisabledUser

• If this returns nothing, the user is not disabled.

• If output contains DisabledUser, that account is disabled.

2. Re-Enabling Disabled Users

Replace USERNAME with the real macOS username.

If running as root from the JumpCloud Command Runner

dscl . -read /Users/USERNAME AuthenticationAuthority | sed 's/AuthenticationAuthority: //;s/DisabledUser//g;s/[; ]*$//' | xargs dscl . -create /Users/USERNAME AuthenticationAuthority

If running the command locally on the device

sudo dscl . -read /Users/USERNAME AuthenticationAuthority | sed 's/AuthenticationAuthority: //;s/DisabledUser//g;s/[; ]*$//' | xargs sudo dscl . -create /Users/USERNAME AuthenticationAuthority

3. Fix the User’s Shell

When a macOS account is disabled, macOS sets the user’s shell to /bin/disable.
Re-enable a normal shell (bash in this example):

chsh -s /bin/bash USERNAME

Note:
You can choose any valid shell (zsh, bash, sh, etc.) as long as it is not /usr/bin/false or /bin/disable.

After running the command:

• The user will reappear in Users & Groups

• The user will show on the login screen

• You may need to close and reopen System Settings for the change to appear

4. Password Behavior

• The user’s password remains the same as it was before the account was disabled.

• To reset the password, use System Settings → Users & Groups while logged in as a local admin.