Mac OS X: Bash scripts series-8

Mac OS X: Bash scripts series-8


A script instance of AD binding

Active Directory has become a standard in enterprise management. Open Directory, Active Directory, or eDirectory are implemented based on the directory principle and have their own implementations and extensions, each has its own advantages. Based on the popularity of PC and ad services in enterprises in reality, Mac or other systems are incorporated into ad management in enterprises, that is, AD integration can be said to be widely used in enterprises. In practice, we need to consider the compatibility of the system version number, the configuration of your own enterprise ad, and the management features. Of course, do not forget to add your computer to ad first, set the corresponding GPO and Management Group required by the management environment.

 

The following script is an example of how to incorporate the MAC system into the ad management environment in an enterprise environment.
I would like to share with you:

# Renewal #-------------------------------------------------------------------------------------- # Check for valid Corp network IP address Corpip = "" Check = 20 Limit = check X = 0 While ["$ corpip" = ""] Do Echo "Checking valid IP detected... $ check times ." Corpip = $ (ifconfig | grep "Inet 10 .") X = $ (x + 1 )) If [$ X-ge $ limit]; then Corpip = "no_validip" Break Fi Check = $(check-1 )) Sleep 2 Done Echo "detected IP: $ corpip" If ["$ corpip" = "no_validip"]; then Echo "binding failed! Valid Corp network not detected! " Osascript-e 'set volume 4' Say "binding failed! Valid Corp IP address not detected! " Exit 1 Fi # Renewal #-------------------------------------------------------------------------------------- # Host-specific parameters # Renewal #-------------------------------------------------------------------------------------- Computerid = '/usr/sbin/scutil -- get localhostname' # Renewal #-------------------------------------------------------------------------------------- # Standard parameters used to bind workstation to AD # Renewal #-------------------------------------------------------------------------------------- Domain = "corp.com" UDN = "macadiadmin" Password = "mac1nt0sh" Ou = "cn = computers, Dc = Corp, Dc = com" # Renewal #-------------------------------------------------------------------------------------- # Advanced options for AD plugin # Renewal #-------------------------------------------------------------------------------------- Alldomains = "enable" Localhome = "Disable" Protocol = "AFP" Mobile = "Disable" Mobileconfirm = "Disable" Useuncpath = "enable" User_shell = "/bin/bash" Preferred = "-nopreferred" Admingroups = "corp/wsadmins" Searchpathldap = 'cat /Library/preferences/directoryservice/searchnodeconfig. plist | grep Ldapv3 | sed-E's! String> !! G'-E's! <//!! G' | tr-D'/t'' # Renewal #-------------------------------------------------------------------------------------- # Synchronize time with Corp Network Time Server # Renewal #-------------------------------------------------------------------------------------- Echo "setting the network time server to 10.0.1.1... please wait" "$1/contents/resources/systemsetup-tiger"-setusingnetworktime off> &/dev/null "$1/contents/resources/systemsetup-tiger"-setnetworktimeserver 10.0.1.1> &/dev/null "$1/contents/resources/systemsetup-tiger"-setusingnetworktime on> &/dev/null Echo "Restarting Network Time Service... please wait" Systemstarter-D restart "Network Time"> & amp;/dev/null # Renewal #-------------------------------------------------------------------------------------- # Attempt to force unbind the workstation # Renewal #-------------------------------------------------------------------------------------- Echo "attempting a force unbind in case system is already bound to ad... please wait ." Dsconfigad-r-f-u baduser-P badpass> &/dev/null # Renewal #-------------------------------------------------------------------------------------- # Disable unused protocols # Renewal #-------------------------------------------------------------------------------------- Echo "Disable all unused protocols (appletalk, BSD, SMB, SLP)... please wait ." Defaults write/library/preferences/directoryservice appletalk-string inactive Defaults write/library/preferences/directoryservice BSD-string inactive Defaults write/library/preferences/directoryservice SMB-string inactive Defaults write/library/preferences/directoryservice SLP-string inactive Plutil-convert xml1/library/preferences/directoryservice. plist # Renewal #-------------------------------------------------------------------------------------- # Activate the ad plugin # Renewal #-------------------------------------------------------------------------------------- Echo "activating ad plugin... please wait ." Defaults write/library/preferences/directoryservice "Active Directory" "active" Plutil-convert xml1/library/preferences/directoryservice. plist # Renewal #-------------------------------------------------------------------------------------- # Bind to AD # Renewal #-------------------------------------------------------------------------------------- Echo "binding system to ad as '$ computerid'... please wait ." Bind_result = 'dsconfigad-f-a $ computerid-domain $ domain-U $ UDN-P "$ password"-ou "$ ou "' If ["$ bind_result "! = "Computer was successfully added to Active Directory."]; then Echo "binding failed! Check the computer name and ensure it has an account in Active Directory" Osascript-e 'set volume 4' Osascript-e 'Say "I am sorry but Active Directory binding failed! Please check the computer name and ensure this system has an account in Active Directory. "using" Vicki "' Exit 1 Else Echo "$ bind_result" Fi   # Write value so workstation can be easily identified being bound to AD Defaults write/library/preferences/COM. Apple. remotedesktop "text4" 'bound to ad-osxserver-V2.0' # Renewal #-------------------------------------------------------------------------------------- # Configure advanced ad plugin options # Renewal #-------------------------------------------------------------------------------------- Echo "processing ing advanced ad plugins... please wait ." If ["$ admingroups" = ""]; then Dsconfigad-nogroups Else Dsconfigad-groups "$ admingroups" Fi Dsconfigad-alldomains $ alldomains-localhome $ localhome-Protocol $ protocol/ -Mobile $ mobile-mobileconfirm $ mobileconfirm-useuncpath $ useuncpath/ -Shell $ user_shell $ preferred # Renewal #-------------------------------------------------------------------------------------- # Add the ad node to the search path # Delay a bit to give the directory service a chance to catch its breath # Renewal #-------------------------------------------------------------------------------------- Echo "Adding ad to search path... please wait ." If ["$ searchpathldap" = ""] | ['echo $ searchpathldap | grep 127.0.0.1 '] | ['echo $ searchpathldap | grep localhost']; then Echo "no existing LDAP path... only writing ad. Please wait ." Defaults write /Library/preferences/directoryservice/searchnodeconfig "Search Node Custom path array "-array"/Active Directory/all domains" Defaults write/library/preferences/directoryservice/searchnodeconfig "search policy"-INT 3 Plutil-convert xml1/library/preferences/directoryservice/searchnodeconfig. plist Else Echo "LDAP path is/$ searchpathldap... writing ad as first search and LDAP second. Please wait ." Defaults write /Library/preferences/directoryservice/searchnodeconfig "Search Node Custom path array "-array"/Active Directory/all domains" "/$ Searchpathldap" Defaults write/library/preferences/directoryservice/searchnodeconfig "search policy"-INT 3 Plutil-convert xml1/library/preferences/directoryservice/searchnodeconfig. plist Fi # Renewal #-------------------------------------------------------------------------------------- # Restart directoryservice (necessary to reload ad plugin activation settings) # Renewal #-------------------------------------------------------------------------------------- Echo "Restarting directoryservice... please wait ." Sleep 2 Killall directoryservice> &/dev/null Sleep 8 # Renewal #-------------------------------------------------------------------------------------- # Disable autologin-if it's Enabled # Renewal #-------------------------------------------------------------------------------------- Echo "disabling autologin if enabled... please wait ." Defaults delete/library/preferences/COM. Apple. loginwindow autologinuser> &/dev/null SRM/etc/kcpassword> &/dev/null # Renewal #-------------------------------------------------------------------------------------- # Complete # Renewal #-------------------------------------------------------------------------------------- Echo "done. Ad bind successful ." Exit 0