Posted on 08-10-2015 11:14 AM
If I type "echo $HostName" in terminal the system will return the actual host name of the computer because that value is an environmental variable that can be read with this method. "LocalHostName" doesn't seem to be an environmental variable that can be extracted in this manner. Anybody know how I might be able to get a hold of LocalHostName for use in a script?
When I use Casper Imaging to set the name of a computer it seem that Casper Imaging sets the "LocalHostName" (link local address) to what I have specified but not "HostName" or "ComputerName". I would like to find a way to set ComputerName with the same value I have in LocalHostName but I am having trouble. I have a script in mind that would extract LocalHostName from the system and copy that into ComputerName but I can't find a way to get LocalHostName into the script. I am probably going about this the wrong way so if there is a better method to get ComputerName and LocalHostName to match at the time of imaging I would love to hear about it. Thanks.
Posted on 08-10-2015 11:15 AM
scutil --get LocalHostName
Posted on 08-10-2015 11:18 AM
Thanks much. I will give that a try.
Seem to work fine. Thank you thank you thank you.
Posted on 08-11-2015 05:02 AM
No good deed goes unpunished. Since I got such a quick response from my first question here is another. What is the difference between "scutil" and "dscl"? Where would I use one and where would I use the other? Since the last time Apple updated dscl was 2003 it seems like it might be deprecated.
Posted on 08-11-2015 05:18 AM
dscl is typically used for reading user/group membership. You can query which users are admins, or read information from an AD server.
scutil has functions to query/set hostname, computername, dns, proxy, etc information.
Posted on 08-11-2015 06:04 AM
AD and any LDAP setup as well?
Posted on 08-11-2015 06:31 AM
@kyoung if you are bound to either the AD or other LDAP then yes.
If you need to query a random LDAP/AD you are not bound to then you use something like ldapsearch.
Posted on 08-11-2015 06:57 AM
Thank you very much. Have a great day.
Posted on 08-11-2015 09:39 AM
OK. Next question. I tried using "dscl /AD/odyssey.packer.edu -list" to access our AD server but this is what I got back: "Data source (/AD/odyssey.packer.edu) is not valid"
Any idea what I have done wrong?
Posted on 08-11-2015 09:47 AM
That's typically not how you would access your AD environment with dscl. It needs to be the full path to AD and using the All Domains line, something like:
dscl "/Active Directory/DOMAIN/All Domains" read /Computers
(or whatever you want to access)
Posted on 08-11-2015 09:52 AM
OK. Let's try that. Do I need the quotes?
No joy. All I get so far is:
Joe:~ jostobs$ dscl /Active Directory/Odyssey.packer.edu/All Domains -read /Computers
Data source (/Active Directory/Odyssey.packer.edu/All) is not valid.
Joe:~ jostobs$ dscl /Active Directory/Odyssey.packer.edu/
Data source (/Active Directory/Odyssey.packer.edu/) is not valid.
Joe:~ jostobs$ dscl /Active Directory/Odyssey.packer.edu
Data source (/Active Directory/Odyssey.packer.edu) is not valid.
Joe:~ jostobs$ dscl /Active Directory/odyssey.packer.edu
Data source (/Active Directory/odyssey.packer.edu) is not valid.
Posted on 08-11-2015 09:55 AM
You don't need the quotes, but without them you have to escape any spaces, like
dscl /Active Directory/DOMAIN/All Domains read /Computers
Note the backslashes in front of each space. So either way works.
Posted on 08-11-2015 10:00 AM
Still no joy:
Joe:~ jostobs$ dscl "/Active Directory/Odyssey.packer.edu"
Data source (/Active Directory/Odyssey.packer.edu) is not valid.
Joe:~ jostobs$ dscl /Active Directory/Odyssey.packer.edu/All Domains -read /Computers
Data source (/Active Directory/Odyssey.packer.edu/All Domains) is not valid.
Joe:~ jostobs$
Posted on 08-11-2015 11:58 AM
@kyoung The problem is likely the "Odyssey.packer.edu" in your command. Its usually only the domain name and not a full string like that.
So, on an AD joined Mac, go into Keychain Access and click on the System.keychain. Look for an entry that starts with "/Active Directory/" It will be listed as kind "application password". The string after that, for example, maybe just "Odyssey" or whatever, is generally what you want to try using in the dscl command, not the entire Odyssey.packer.edu.
Posted on 08-11-2015 12:35 PM
No joy.
Joe:~ jostobs$ dscacheutil -cachedump
Unable to get details from the cache node
Joe:~ jostobs$ dscacheutil -configuration
DirectoryService Cache search policy:
/Local/Default
/Active Directory/PACKEREDU/All Domains
Unable to get details from the cache node
Unable to get cache configuration information
Joe:~ jostobs$ dscl /Active Directory/PACKEPEDU/All Domains
Data source (/Active Directory/PACKEPEDU/All Domains) is not valid.
Joe:~ jostobs$ dscl /Active Directory/Odyssey/All Domains
Data source (/Active Directory/Odyssey/All Domains) is not valid.
Posted on 08-11-2015 01:00 PM
@kyoung, let's step back a second. What exactly is it that you want to accomplish with DSCL? I've been reading this thread and I don't have a clear understanding of what you want to get out of DSCL from your AD server, and for what purpose.
On a side note, you've got mixed threads now. I encourage you to start a new thread for new questions that are not related to the topic of the original post.
Posted on 08-11-2015 05:17 PM
You can confirm the path by using 'dscl' in interactive mode. For example:
# dscl
Entering interactive mode... (type "help" for commands)
> ls
Active Directory
Local
Contact
Search
> cd Active Directory/
/Active Directory > ls
UK
/Active Directory > cd UK/
/Active Directory/UK > ls
All Domains
/Active Directory/UK > cd All Domains/
/Active Directory/UK/All Domains >
As @mm2270 suggested, you can find this out from Keychain Access. You can do something similar from terminal if you are only bound to one domain. Try this:
#!/bin/bash
computer_account=`dsconfigad -show | awk '/Computer Account/ {print $NF}'`
domain_path=`security find-generic-password -a "$computer_account" | awk -F "=" '/svce/ {print $NF}'`
echo "Bound computer account: $computer_account"
echo "Doamin path: $domain_path"
exit 0
If none of this is working, then are you bound?
Additionally, 'read' is not a valid command to run against /Computers, however 'readall' or 'list' are. 'read' is for reading single values, e.g. a single computer or user.
E.g.(quoted domain)
# dscl "/Active Directory/UK/All Domains" -list /Computers
E.g.(domain path spaces escaped)
# dscl /Active Directory/UK/All Domains -readall /Computers