In an attempt to be helpful, here is what I did with this information:
I created an extension attribute -
#!/usr/bin/env zsh
RESULT=""
authSearchPolicy=$(dscl /Search -read / SearchPolicy | awk '{print $NF}' | awk -F':' '{print $NF}')
if [ "$authSearchPolicy" = "LSPSearchPath" ]; then
RESULT="local"
fi
if [ "$authSearchPolicy" = "NSPSearchPath" ]; then
RESULT="auto"
fi
if [ "$authSearchPolicy" = "CSPSearchPath" ]; then
RESULT="custom"
fi
echo "<result>$RESULT</result>"
And I used this bit of shell script to change the Directory Services configuration in the ways I wanted.
#!/usr/bin/env zsh
# Change it from Custom to Local
searchPathCheck=$(dscl /Search -read / SearchPolicy | grep "CSPSearchPath")
if [ "$searchPathCheck" != "" ]; then
dscl /Search -change / SearchPolicy "dsAttrTypeStandard:CSPSearchPath" "dsAttrTypeStandard:LSPSearchPath"
echo "Switched from the Custom Search Path to Local Search Path in Directory Services Authentication."
searchPathCheck=""
fi
And here are some notes I captured during testing.
# Key = SearchPolicy
# Value options:
# dsAttrTypeStandard:CSPSearchPath = custom search Path
# dsAttrTypeStandard:LSPSearchPath = local search path
# dsAttrTypeStandard:NSPSearchPath = automatic search path
# delete AD from the custom search path
# dscl /Search -delete / CSPSearchPath "/Active Directory/YOURDOMAIN/All Domains"
