It's always been my understanding that that setting is only used during the initial bind.

Is that not true? I've never paid any attention to it.

Thanks guys, so I was able to get that to work in termina, but when i set that as a ```

!/bin/sh do shell script....

```

it barks at me for admin credentials. Any adivce you guys could offer for getting around that would be appreciated. This will need to be pushed out to about 500 macs on our campus.

when i set that as a #!/bin/sh do shell script.... it barks at me for admin credentials.

Yes, some of the commands in dsconfigad require local admin credentials on the Mac to set. The preferred domain controller is one of them. That's why I mentioned looking at the man page for dsconfigad.
Hopefully you have something like a local admin account across your Macs that you know, or, you know what the Casper service account username & password is. You need to provide that information in the script using the -localuser and -localpassword flags.

dsconfigad -localuser admin -localpassword password -preferred domain.myschool.edu

Also, I hope by 'do shell script' you don't mean you're trying to run this in some kind of Applescript. While it might be possible to do that, you'd really want to do this as a pure shell script and omit any Applescript calls unless there is a very good reason otherwise.

One more note. You can build a script that wouldn't hardcode the local admin username and password information into it if you're at all concerned it could be intercepted and read by anyone, by utilizing script parameters. In fact, whenever I have to use names and passwords in a script I always do that.

#!/bin/sh

LocalUser=$4
LocalPass=$5

dsconfigad -localuser "$LocalUser" -localpassword "$LocalPass" -preferred domain.myschool.edu

Then just make sure you set up parameter 4 and 5 when you upload the script in Casper Admin with labels and add the details in with the correct information when adding the script into a policy. It'll be passed down to the script when it runs rather than it being set into the script file itself.

Hope that helps.

For a one liner, I wouldn't even bother with a script. Just create the policy and paste the command into the the Run Command field in the Advanced tab.

dsconfigad -preferred 'domain.school.edu'

I don't find that one needing admin credentials to be specified.

@mm2270 - Is that setting actually used at every login, or only during bind?

Just a question... not having worked with AD myself (We're transitioning from Open LDAP to AD at the moment), couldn't this be updated via user profiles (assuming that you use them)?

@dpertschi, that setting, to my understanding (and I could be wrong) is used all the time, not during the bind procedure. Typically the items that are only used during the bind, such as the OU you are binding the Mac to, are not editable and in some cases not even viewable in the GUI afterwards as it wouldn't make any sense to be able to edit them there if they had no effect, This setting is one of the ones with a checkbox and field to fill in in Directory Utility. Pretty sure it gets used during authentication and lookups, etc.

Also, my experience in playing with this is, it asks for a local admin name and password if you run it without that information in Terminal and would also get stopped in a one liner, so I don't really think it will work without it, but YMMV.

@Chris_Hafner - Honestly I'm not sure since we aren't heavy into Configuration Profiles right now. We're going to need to dive head first in soon, but so far we've been able to skate by without them.

Thank you guys very much for the detailed responses. This has given me several new ideas to chew on today.

Much apprecaited!

Thank you guys very much for the detailed responses. This has given me several new ideas to chew on today.

Much apprecaited!