dscacheutil

gather information, statistics and initiate queries to the Directory Service cache.

dscacheutil -h
          -q category [-a key value]
          -cachedump [-buckets] [-entries [category]]
          -configuration -flushcache -statistics

Does operations against the Directory Service cache including gathering statistics, initiating lookups, inspection, cache flush, etc

-q category
[-a [key value ]
query. -a key value for a specific entry
Default: all results within that category will be returned.
-configuration outputs current configuration , such as the search policy from Directory Service and cache parameters.
 > sudo dscacheutil -configuration
   DirectoryService Cache search policy:
    /Local/Default

Unable to get details from the cache node
Unable to get cache configuration information
-flushcache Should only be used in extreme cases.
-statistics outputs statistics from the cache including an overview and detailed call statistics.
Cache hits and cache misses may not always be equal to external calls.
For example getaddrinfo is a combination of gethostbyname with other calls internally to the cache to maximize cache hit rate.
Unable to get details from the cache node (even via sudo)
echo $?
0
-cachedump
          [-buckets ]
          [-entries [category] ]
Dumps an overview of the cache by default.
category to only see
include hash bucket usage of the current cache.
dump detailed information about cache entries.
Dumping 'host' entries can only be done by admin
Unable to get details from the cache node (even via sudo)
-h help

categories and associated keys:

group name or gid
host name or ip_address (used for both IPv6 and IPv4)
mount name
protocol name or number
rpc name or number
service name or port
user name or uid

Examples

Lookup a user:
   % dscacheutil -q user -a name jdoe
                    name: jdoe
                    password: ********
                    uid: 501
                    gid: 501
                    dir: /Users/jdoe
                    shell: /bin/csh
                    gecos: John Doe
see /etc/passwd

or

Seems to contain 2 entries for all "original" users although only one is displayed by
dscacheutil -q user -a name uname

 dscacheutil -q user |grep  -n ' root'
633:name: root
817:name: root 

 dscacheutil -q user |grep -n ' Guest'
345:name: Guest

Lookup all users: (reformatted)
       % dscacheutil -q user
name: _amavisd password: * uid: 83 gid: 83 dir: /var/virusmails shell: /usr/bin/false gecos: AMaViS Daemon 
name: _appleevents password: * uid: 55 gid: 55 dir: /var/empty shell: /usr/bin/false gecos: AppleEvents Daemon 
name: _applepay password: * uid: 260 gid: 260 dir: /var/db/applepay shell: /usr/bin/false gecos: applepay Account 
name: _appowner password: * uid: 87 gid: 87 dir: /var/empty shell: /usr/bin/false gecos: Application Owner 
name: _appserver password: * uid: 79 gid: 79 dir: /var/empty shell: /usr/bin/false gecos: Application Server 
name: _ard password: * uid: 67 gid: 67 dir: /var/empty shell: /usr/bin/false gecos: Apple Remote Desktop 
name: _assetcache password: * uid: 235 gid: 235 dir: /var/empty shell: /usr/bin/false gecos: Asset Cache Service 
…
name: _applepay password: * uid: 260 gid: 260 dir: /var/db/applepay shell: /usr/bin/false gecos: applepay Account 
name: _hidd password: * uid: 261 gid: 261 dir: /var/empty shell: /usr/bin/false gecos: HID Service User 
Dump cache overview:
           % dscacheutil -cachedump
Dump cache details with user entries:
               % dscacheutil -cachedump -entries user

dsmemberutil

various operations for the membership APIs, including state dump, check memberships, UUIDs, etc.

dsmemberutil [-v] [-h] command [options]

implements the membership API calls in a command line utility.

     -h      help
     -v      verbose 

     getuuid -ugUGsS value Takes any of the options and returns the associated UUID.  
     getid   -UGsSX value Takes any of the options and returns the associated UID or GID depending on option provided.  
     getsid  -ugUGX value Takes any of the options and returns the associated SID.  
     checkmembership -uUxs param -gGXS param Returns if a user or group with the associated option is a member of the group.  
     flushcache  

     In some cases -xX and -sS can be used synonymously due to nature of the value.

Using user 
     -u uid           
     -U name          
     -s sid           
     -x uuid          

Using group 
     -g gid           
     -G name          
     -S sid           

EXAMPLES
     Get a user's uuid:
                    % dsmemberutil getuuid -u 501
                    EEA4F2F6-B268-49E7-9C6F-E3C4A37DA4FD

     Get a group's uuid
                    % dsmemberutil getuuid -g 0
                    ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000

     Get a user's or group's id from a uuid
                    % dsmemberutil getid -X ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C
                    gid: 12

     Check a user's membership in a group (using UID and GID)
                    % dsmemberutil checkmembership -u 501 -g 0
                    user is not a member of the group

     Check a user's membership in a group (using names)
                    % dsmemberutil checkmembership -U root -G wheel
                    user is a member of the group


. See odutil(1) for show cache and statistics operations.
SEE ALSO odutil(1), dseditgroup(1), dscacheutil(1)

Errors

Unable to get details from the cache node

See

DirectoryService(8), dsmemberutil