Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Active Directory client bind via Terminal

O

Omena.com

macrumors newbie
Original poster
Mar 11, 2010
2
0
Hi!

I have a problem concerning about binding a client computer to Active Directory via Terminal. The binding works perfectly when I do it with the GUI, but with Terminal its just fails.

Client OS: 10.6.2
AD server: Windows 2008 R2

It seems that the Active Directory plug-in won't activate.

Terminal commands:
Code: 
sudo defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" Active

dscl localhost -list /
displays
Code: 
BSD
Local

Contact
Search

After I do it with the GUI
Code: 
dscl localhost -list /
displays
Code: 
Active Directory
BSD
Local

Contact
Search

I deleted all the AD plist files from the /Library/Preferences/DirectoryService/
before running the Terminal commands.

Any ideas?
 
calderone

calderone

Cancelled
Aug 28, 2009
3,743
352
Just to be sure, you are not just running this are you?

Code: 
sudo defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" Active

If so, you cannot bind to AD that way. You need to use dsconfigad and then create and append the Search Policy with dscl.
 
O

Omena.com

macrumors newbie
Original poster
Mar 11, 2010
2
0
calderone said:
Just to be sure, you are not just running this are you?

Code: 
sudo defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" Active

If so, you cannot bind to AD that way. You need to use dsconfigad and then create and append the Search Policy with dscl.
Click to expand...

Hi!

Yes, that is just the first step.

then
dsconfigad (binding)
dscl ... (add search paths)
...
 
calderone

calderone

Cancelled
Aug 28, 2009
3,743
352
To my knowledge you do not have to change the directory services plist to bind to AD. Most daemons, like DirectoryService load with the plist on initial startup, so any changes after DirectoryService is loaded would mean that you need to log out or possibly reboot (or restart the service in Terminal, but I wouldn't try that with DirectoryService. So this would be an ineffective method for activating the AD plugin and subsequently binding.

As far as I know, you simply need to bind and set the search paths. If successful, the AD plugin will activate automatically.


You may want to refer to Apple's document on the subject of Macs and AD:
Best Practices: Integrating Mac OS X with Active Directory
 
A

AdamR01

macrumors 6502
Feb 2, 2003
259
9
This is what I do on my lab machines (sensitive info changed of course):

Code: 
sudo defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" Active
sudo dsconfigad -a `hostname | cut -f 1 -d '.'` -u administrator -p adminpasswd -domain yourdomain.com -ou "OU=Macs,DC=yourdomain,DC=com"
sudo dscl /Search -create / SearchPolicy CSPSearchPath
sudo dscl /Search -append / CSPSearchPath "Active Directory/All Domains"
sudo dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
sudo dscl /Search/Contacts -append / CSPSearchPath "Active Directory/All Domains"
sudo killall DirectoryService

This is with Leopard, not Snow Leopard but I do not think much has changed in this department. This should take effect without a reboot because launchd will restart DirectoryService if it sees that it died.

This is the 10.6 version of the article I got my information from: http://www.peachpit.com/articles/article.aspx?p=1431816
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom