Domain change

oddity-mdm
New Contributor III

Hi,

I'am searching for a way to change the domain for our devices. The following steps should be applied:
- change the device name
- leave the current domain
- join new domain
- activate mobile account

I did not find a way via configuration profiles. Probably via script? Did anyone of you already a domain change?

Best regards
Maurice Fiedler

1 REPLY 1

ShaunRMiller83
Contributor III

I have a script that will do what you're asking.

It will:

-- Rename the system in the format of (userinitals)-(last8ofthesystemSN)-(modelcode)
-- Unbind from the "old domain" and bind to the new domain -- Not touch any systems bound to the new domain
-- Bind any system not bound to a domain to your new domain
-- I also have the flags set to enable mobile users but not prompt the user.

#!/bin/sh

function MacRenamer()
{
    # Variables
    jssURL="https://jamf.domain.com:8443/"
    apiUser="apisuer"
    apiPass="apipassword"

    SERIAL=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}')
    LAST8SN=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}'| tail -c 9)

    USERNAME=$(/usr/bin/curl -H "Accept: text /xml" -sfku "${apiUser}:${apiPass}" "${jssURL}JSSResource/computers/serialnumber/${SERIAL}/subset/location" | xmllint --format - 2>/dev/null | awk -F'>|<' '/<username>/{print $3}')
    first2user=$(echo ${USERNAME:0:2})

    MODEL=$(system_profiler SPHardwareDataType | grep "Model Name")

    # Logging
    exec 3>&1 4>&2
    trap 'exec 2>&4 1>&3' 0 1 2 3
    exec 1>>/private/var/log/SystemRenamer-"$(date "+%Y%m%d-%H%M%S")".log 2>&1

    # Echo the current name settings to the log file.
    echo "-"
    echo "Current ComputerName is: $(scutil --get ComputerName)"
    echo "Current HostName is: $(scutil --get HostName)"
    echo "Current LocalHostName is: $(scutil --get LocalHostName)"
    echo "Current NetBIOSName is: $(defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName)"
    echo "-"

    if [[ -z "$USERNAME" ]]
      then  
        echo "Setting computer name to $SERIAL"
        /usr/sbin/scutil --set ComputerName "$SERIAL"
        /usr/sbin/scutil --set LocalHostName "$SERIAL"
        /usr/sbin/scutil --set HostName "$SERIAL"
        /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist NetBIOSName "$SERIAL"
    else
        if echo "$MODEL" | grep -q "MacBook Air"
        then
            PREFIX="MBA"
        elif echo "$MODEL" | grep -q "MacBook Pro"
        then
            PREFIX="MBP"
        elif echo "$MODEL" | grep -q "Mac Mini"
        then
            PREFIX="MM"
        elif echo "$MODEL" | grep -q "iMac"
        then
            PREFIX="IM"
        elif echo "$MODEL" | grep -q "Mac Pro"
        then
            PREFIX="MP"
        else
            echo "No model identifier found."
            PREFIX=""
        fi

        COMPUTERNAME="${first2user}-${LAST8SN}-${PREFIX}"
        SHORTCOMPUTERNAME=$(echo ${COMPUTERNAME:0:15})
        /usr/sbin/scutil --set ComputerName "$SHORTCOMPUTERNAME"
        /usr/sbin/scutil --set LocalHostName "$SHORTCOMPUTERNAME"
        /usr/sbin/scutil --set HostName "$SHORTCOMPUTERNAME"
        /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist NetBIOSName "$SHORTCOMPUTERNAME"
        killall -HUP mDNSResponder
    fi

    # Echo the new name settings to the log file.
    echo "-"
    echo "New ComputerName is: $(scutil --get ComputerName)"
    echo "New HostName is: $(scutil --get HostName)"
    echo "New LocalHostName is: $(scutil --get LocalHostName)"
    echo "New NetBIOSName is: $(defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName)"
    echo "-"

}

##Main Script

#Checks the current bound domain (if any)
currentAD=$(dsconfigad -show | grep -i "active directory domain" | awk '{ print $5 }')
echo "Current Domain is: $currentAD" 

if [[ "$currentAD" == "olddomain" ]]; then
        echo "Machine is bound to old domain and will be bound to new Domain"
        MacRenamer
        jamf recon
        dsconfigad -remove olddomain -user 'olddomainuser' -password 'olddomainpassword' -force
        /usr/bin/killall DirectoryService
        sleep 5
        dsconfigad -add newdomain -user 'newdomainuser' -password 'newdomainpassword' -mobile enable -mobileconfirm disable -useuncpath disable -alldomains disable -ou newdomainou -force        
elif [ "$currentAD" == "newdomain" ]; then
        echo "Machine is bound to newdomain and system will just be renamed"
        MacRenamer
        jamfrecon
else
        echo "Not currently bound to any domain but will bind to the new domain and rename system"
        MacRenamer
        jamf recon
        dsconfigad -add newdomain -user 'newdomainuser' -password 'newdomainpassword' -mobile enable -mobileconfirm disable -useuncpath disable -alldomains disable -ou newdomainou -force 
fi