- Jamf Nation Community
- Products
- Jamf Pro
- Re: Script to change AD Seach policy on a AD bound...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Script to change AD Seach policy on a AD bound machine
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-16-2015 03:27 PM
Hi All,
While I am getting up to speed on bash scripting I am in a bit of a bind (pun intended). I have about 300 machines deployed in labs. I have learned (long story, not relevant) that I need to change my Search policy in Directory Utility from /Active Directory/COLLEGES/All Domains to a specific (explicit) domain in this case it would show up like this in the Directory as /Active Directory/COLLEGES/colleges.ad.unm.edu And, if possible change the Contacts attribute to the same explicit domain as well. I have googled and found this: http://krypted.com/mac-os-x/mac-os-x-changing-to-a-custom-search-path-with-dscl/ but I am not sure this is what I actually need and if it is, I cannot seem to get the syntax right. This objective here is to be able to push this as a policy in Casper in the form of a bash script. I must also admit that this go WAY deeper into the weeds in AD than I usually get. Ideas? I really do not want to go out and touch 300 Macs....
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-16-2015 05:24 PM
#!/bin/sh
dscl /Search -delete / CSPSearchPath "/Active Directory/COLLEGES/All Domains"
dscl /Search -append / CSPSearchPath "/Active Directory/COLLEGES/colleges.ad.unm.edu"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/COLLEGES/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/COLLEGES/colleges.ad.unm.edu"
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-17-2015 09:25 AM
Thanks hkabik
Testing now. Will let you know. That appears way more simple that I was thinking it was going to be.
/randy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-17-2015 09:42 AM
Seems to work provided the student Lab techs have unchecked the "Allow authentication from any domain in the correct" box. They are supposed to, but the script errors out if it is not enabled. I have a Dashboard item to track ones that failed. When I get the time, I will figure out the switch to disable that authentication parameter.
JAMF NATION forums rock!
Consider this solved.
/randy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-17-2015 10:32 AM
The switch you are looking for:
dsconfigad -alldomains disable
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-17-2015 03:44 PM
@hkabik Sweet! I slipped that into my script.
Thanks for the help! If you are going to JNUC2015, I will buy you a beverage of your choice!
/randy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-30-2018 11:29 AM
I am attempting to use this same script for our school, but I am running into permission errors. Were you able to get it to successfully run in Jamf?
