Skip to main content

Hey all,



I'm trying to verify if a Mac to be reimaged is already in active directory. We autogenerate a new name for the mac each time it is reimaged, and I don't want it binding to the AD with an old name, so I wanted to check the name against AD before imaging using dscl.



ComputerName=`diskutil list | grep disk0 | grep "2:" | awk '{print $3}'`

## Find if the computer is already in Active Directory. If it is, exit. We need to remove it from AD

IsInAD=$(dscl /Active Directory/All Domains/ -read /Computers/$ComputerName$ | grep UniqueID)


It works great from a mac that is bound to the same directory. I was wondering if there is a way to do this from a Mac that IS NOT bound to the same directory (or any directory, actually). Does anyone have any experience with this?



Andrew

You'd have to allow anonymous queries of your AD, which you probably don't want to do.



Alternatively, you could setup a specific account that has LDAP query rights to your AD, then use that account to perform the query from your OS X system.



Check out ldapsearch with a query something like:



ldapsearch -h your.forest.dom -x -D "ldapqueryuser@your.forest.dom" -w password -b "cn=computers,dc=your,dc=forest,dc=dom" "Hostname=someclient.forest.dom"

Thanks Rob! This is working perfectly now!

Terms & ConditionsCookie settings