The Challenge: As part of our deployment process for Macs in an AD environment, technicians are expected to rename the computer using a combination of Preferences panes as well as command line. The steps involved are considerably more tedious than joining AD on a Windows machine.
Mac Management with Active Directory Falls Short IT organizations have traditionally leveraged AD as their identity provider as well as their choice for managing Windows devices. AD offers a number of user and device management capabilities as an identity provider for Windows users and systems. If the 'Active Directory' checkbox is presently checked and the configure screen presents the 'unbind' option, then everything should be working fine By default the Mac uses a friendly screen that displays a list of local users to login with. This is fine in a smaller environment however it doesn't work well in.
The Solution: An AppleScript application that accomplishes all of the following:
- Set Computer Name (normally done in Sharing prefs)
- Set Local Host Name (normally done in Sharing prefs)
- Set NetBIOS name (normally done in Network prefs)
- Verify FQHN
- Set system HostName (normally done via Terminal with scutil)
- Bind to AD (normally done through Directory Utility)
Below is the script! OR, click here for pastebin!
The Script (save this as an Application in OS X, then you can double click it to start):
–get a domain admin user name and password which will be used to bind
setuser_name_dialogtodisplay dialog “Enter a domain admin account name: ” default answer “” buttons {“Next”} default button “Next”
setuser_nametotext returnedofuser_name_dialog
setuser_password_dialogtodisplay dialog “Enter the domain admin password. ” & return & return & “WARNING: If you are running Panther (MacOS 10.3), your input will be displayed in this box as clear text.” default answer “” buttons {“Next”} default button “Next” withhidden answer
setuser_passwordtotext returnedofuser_password_dialog
–Set the computer name is proper before we bind
setcomputerNametotext returnedof (display dialog “Set the computer name (ex: JDoe12345m)” default answer “”)
–Set the computer name and local hostname on the computer incase it was just renamed in the previous step
do shell script “scutil –set ComputerName” & space & computerNamewithadministrator privileges
do shell script “scutil –set LocalHostName” & space & computerNamewithadministrator privileges
–We also want to verify the FQHN is proper before we bind
setcomputerFQHNtocomputerName & “.hq.hview.com”
–Set the computer name on the computer incase it was just renamed in the previous step
do shell script “scutil –set HostName” & space & computerFQHNwithadministrator privileges
–Start binding
— Change AD.DOMAIN.COM to your AD domain
— Also change DC=ad,DC=domain,DC=com
do shell script “dsconfigad -f -a ” & computerName & space & “-domain HQ.Hview.com -u ” & user_name & ” -p ” & user_password & ” -ou ”CN=Computers,DC=HQ,DC=Hview,DC=com”” withadministrator privileges
–Replace values below with items specific to your domain
do shell script “dsconfigad -alldomains enable -localhome enable -protocol smb -mobile enable -mobileconfirm disable -useuncpath enable” withadministrator privileges
do shell script “defaults write /Library/Preferences/DirectoryService/DirectoryService ‘Active Directory’ Active” withadministrator privileges
do shell script “plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist” withadministrator privileges
delay 10
–Kickstart DirectoryService
tellapplication “Terminal” toactivate
tellapplication “Terminal” toquit
do shell script “dscl /Search -create / SearchPolicy CSPSearchPath” withadministrator privileges
delay 5
tellapplication “Directory Utility” toactivate
display dialog (do shell script “dsconfigad -show” withadministrator privileges)
Advertisements