While I am getting up to speed on bash scripting I am in a bit of a bind (pun intended). I have about 300 machines deployed in labs. I have learned (long story, not relevant) that I need to change my Search policy in Directory Utility from /Active Directory/COLLEGES/All Domains to a specific (explicit) domain in this case it would show up like this in the Directory as /Active Directory/COLLEGES/colleges.ad.unm.edu And, if possible change the Contacts attribute to the same explicit domain as well. I have googled and found this: http://krypted.com/mac-os-x/mac-os-x-changing-to-a-custom-search-path-with-dscl/ but I am not sure this is what I actually need and if it is, I cannot seem to get the syntax right. This objective here is to be able to push this as a policy in Casper in the form of a bash script. I must also admit that this go WAY deeper into the weeds in AD than I usually get. Ideas? I really do not want to go out and touch 300 Macs....
#!/bin/sh dscl /Search -delete / CSPSearchPath "/Active Directory/COLLEGES/All Domains" dscl /Search -append / CSPSearchPath "/Active Directory/COLLEGES/colleges.ad.unm.edu" dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/COLLEGES/All Domains" dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/COLLEGES/colleges.ad.unm.edu"
Seems to work provided the student Lab techs have unchecked the "Allow authentication from any domain in the correct" box. They are supposed to, but the script errors out if it is not enabled. I have a Dashboard item to track ones that failed. When I get the time, I will figure out the switch to disable that authentication parameter.
JAMF NATION forums rock!
Consider this solved.