Tools: CLAS - Bind MAC to Domain (Requires Credentials)
Log In or Register to download the BES file, and more.

0 Votes

Description

This tool will bind MAC computers to the UNCCHARLOTTE-NT domain.

Tested on: OS 10.7.x


Property Details

ID1379
TitleTools: CLAS - Bind MAC to Domain (Requires Credentials)
DomainBESC
CategoryMac Tools
SourceInternal
Source Release Date1/11/2013 12:00:00 AM
KeywordsAD, Bind, Active Directory, MAC
Is TaskTrue
Added by on 1/15/2013 11:59:53 AM
Last Modified by on 1/15/2013 11:59:53 AM
Counters 6973 Views / 22 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet and 1 analsis   * Results in a true/false
Show indented relevance
(name of operating system = "Mac OS X")
Used in 1 fixlet   * Results in a true/false
Show indented relevance
(system version >= "10.6" AND system version < "10.7") OR (system version >= "10.7" AND system version < "10.8")
Used in 1 fixlet   * Results in a true/false
Show indented relevance
(version of client >= "6.0.0.0") AND (exists true whose (if true then (exists (if exists value of settings "_BESClient_ActiveDirectoryPathOverride" of client then value of setting "_BESClient_ActiveDirectoryPathOverride" of client else if exists true whose (if true then exists distinguished name of local computer of active directory else false) then distinguished name of local computer of active directory else "<none>") whose (it as string as lowercase contains "none" as lowercase)) else false))

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
action parameter query "Username" with description "Please enter your network username:" with default ""
action parameter query "Password" with description "Please enter your network password:" with default ""
Delete __createfile
Delete JoinDomain.sh
createfile until endscript
    #!/bin/sh
    computerid=`/usr/sbin/scutil --get LocalHostName`
    # Standard parameters
    domain="its.uncc.edu"            # fully qualified DNS name of Active Directory Domain
    udn="{parameter "Username" of action}"            # username of a privileged network user
    password="{parameter "Password" of action}"                    # password of a privileged network user
    ou="CN=Computers,DC=its,DC=uncc,DC=edu"        # Distinguished name of container for the computer
    # Advanced options
    alldomains="enable"            # 'enable' or 'disable' automatic multi-domain authentication
    localhome="enable"            # 'enable' or 'disable' force home directory to local drive
    protocol="smb"                # 'afp' or 'smb' change how home is mounted from server
    mobile="enable"            # 'enable' or 'disable' mobile account support for offline logon
    mobileconfirm="disable"        # 'enable' or 'disable' warn the user that a mobile acct will be created
    useuncpath="disable"            # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
    user_shell="/bin/bash"        # e.g., /bin/bash or "none"
    preferred="-nopreferred"    # Use the specified server for all Directory lookups and authentication
                            # (e.g. "-nopreferred" or "-preferred ad.server.edu")
    admingroups="UNCCHARLOTTE-NT\Domain Admins"    # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\mac admins")
    # Login hook setting -- specify the path to a login hook that you want to run instead of this script
    ### End of configuration
    # Activate the AD plugin
    defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
    plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
    sleep 5
    # Bind to AD
    dsconfigad -f -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"
    # Configure advanced AD plugin options
    if [ "$admingroups" = "" ]; then
        dsconfigad -nogroups
    else
        dsconfigad -groups "$admingroups"
    fi
    dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \
        -mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \
        -shell $user_shell $preferred
    # Restart DirectoryService (necessary to reload AD plugin activation settings)
    killall DirectoryService
    # Add the AD node to the search path
    if [ "$alldomains" = "enable" ]; then
        csp="/Active Directory/All Domains"
    else
        csp="/Active Directory/$domain"
    fi
    #dscl /Search -create / SearchPolicy CSPSearchPath
    #dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
    #dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
    #dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
    # This works if the above code does not
    defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
    defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
    defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
    defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Policy" -int 3
    plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
endscript
delete JoinDomain.sh
move __createfile JoinDomain.sh
wait sh JoinDomain.sh
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!