Bind to Active Directory Applescript
There are several methods out there to automate binding to Active Directory including over Apple Remote Desktop, after a machine has been imaged using a login hook and a number of other methods.
We are just starting to move our Macs to AD. Most of the machines are already imaged and will need to be put on the domain one by one by various members of my team. ARD is not always an option (not everyone on my team uses it). So login hooks and ARD are not always the best option for us.
So I created an applescript that would could bind a machine to AD with consistent settings and less room for error. This script will prompt you for a domain admin user name and password so it doesn’t have to be stored in the script. It will need to be modified for your environment.
You can download it from here.
Please let me know how it works for you.
(* Bind to AD Copyright © 2007 Patrick Gallagher http://blog.macadmincorner.com Free to distribute. No warranty expressed or implied. This script will bind the Mac it is running on to Active Directory. Read comments below and edit for your enviornment. *) --get a domain admin user name and password which will be used to bind set user_name_dialog to display dialog "Enter a domain admin account name: " default answer "" buttons {"Next"} default button "Next" set user_name to text returned of user_name_dialog set user_password_dialog to display dialog "Enter the domain admin password. " & return & return & "WARNING: If you are running Panther (MacOS 10.3), your input will be displayed in this box as clear text." default answer "" buttons {"Next"} default button "Next" with hidden answer set user_password to text returned of user_password_dialog --We want to verify the computer name is proper before we bind set currentName to (do shell script "scutil --get ComputerName") set computerName to text returned of (display dialog "Verify the computer name is correct" default answer currentName) --Set the computer name on the computer incase it was just renamed in the previous step do shell script "/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/systemsetup setcomputername " & computerName & space & "setlocalsubnetname " & computerName with administrator privileges --Start binding -- Change AD.DOMAIN.COM to your AD domain -- Also change DC=ad,DC=domain,DC=com do shell script "dsconfigad -f -a " & computerName & space & "-domain AD.DOMAIN.COM -u " & user_name & " -p " & user_password & " -ou \"CN=Computers,DC=ad,DC=domain,DC=com\"" with administrator privileges --Change MYDOMAIN\\deptAdmins to your domain\youradminGroup --The -alldomains enable is optional. If you remove, you will also need to modify anything that mentions "All Domains" below and replace with your domain do shell script "dsconfigad -alldomains enable -localhome enable -protocol smb -mobile enable -mobileconfirm disable -useuncpath enable -groups \"MYDOMAIN\\deptAdmins\"" with administrator privileges do shell script "defaults write /Library/Preferences/DirectoryService/DirectoryService 'Active Directory' Active" with administrator privileges do shell script "plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist" with administrator privileges do shell script "killall DirectoryService" with administrator privileges delay 20 --I do this to help get DirectoryService running again in time to do the next steps (weird I know) tell application "Terminal" to activate tell application "Terminal" to quit do shell script "dscl /Search -create / SearchPolicy CSPSearchPath" with administrator privileges delay 5 do shell script "dscl /Search -append / CSPSearchPath \"/Active Directory/All Domains\"" with administrator privileges do shell script "dscl /Search/Contacts -create / SearchPolicy CSPSearchPath" with administrator privileges do shell script "dscl /Search/Contacts -append / CSPSearchPath \"/Active Directory/All Domains\"" with administrator privileges do shell script "killall DirectoryService" with administrator privileges delay 20 tell application "Directory Utility" to activate display dialog (do shell script "dsconfigad -show" with administrator privileges)
No related posts.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Great script! I’ve modified for my own use and have been using it to join 50+ Macs to our domain.
Hello,
This is a great script however I’m having trouble getting it to work. I keep getting errors regarding my Directory service node. I have checked and double checked that the node address is correct. If you could get in touch with me by way of email i would be forever grateful.
Thanks
adam [dot] moss [at] penton [dot] com
this may sound a little sily but how am I supposed to edit a .app?
Open it with Script Editor.
Applescipt AD bind:
getting error: ON
using ARD V3
SCRIPT SENT:
–Set the computer name on the computer incase it was just renamed in the previous step
do shell script “/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/systemsetup setcomputername ” & computerName & space & “setlocalsubnetname ” & computerName with administrator privileges
ERROR:
/bin/sh: /system/library/coreservices/remotemanagement/ardagent.app.contents/support/systesetup: No such file or directory
This applescript is not intended to be used with ARD. Use this one instead for ARD: http://blog.macadmincorner.com/bind-to-ad-using-apple-remote-desktop/
I’m not using it on ARD. Because it was trying to dump this file into Content which ARDAgent.
I mentioned ARD version. Just running a regulary apple script
Ok.
I bet the problem is that this script is a bit out dated. Apple moved systemsetup with the ARD 3.1 update to /usr/sbin/systemsetup. Change any references to systemsetup with the new path and it should work again.
Where can i download the script the link seems to be broken.
@Mike
Fixed. Sorry ’bout that. Not sure where it went.
Interesting Note, in 10.4 and earlier (as long as the right ARD client version is installed) systemsetup still resides in /System/Library/CoreServices/RemoteManagement/ARDAgent.app/contents/Support/
10.5 and later systemsetup resides in /usr/sbin