Skip to content

Instantly share code, notes, and snippets.

@DamianZaremba

DamianZaremba/setup_mac.sh

Last active January 15, 2020 08:19
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save DamianZaremba/5327939 to your computer and use it in GitHub Desktop.
Save DamianZaremba/5327939 to your computer and use it in GitHub Desktop.
Download ZIP
Commands to add an OSX machine to an AD environment so users can authenticate
Raw
setup_mac.sh
# Assumes the following:
# Hostname: TEST1
# Domain: EXAMPLE.COM (you probably don't want to use your public domain for your AD domain... but that's out of scope for this example)
# Admin user: setupuser
# Admin pass: He11oW0rld!
# Machine will go into the default computers ou (root)
# Domain admins will get local admin rights on login
# All users will get mobile accounts (offline login)
# All data will be stored locally (no UNC home dir)
# Default shell will be bash
# No DC preference for queries/logins
# Set the hostname
scutil --set HostName TEST1.EXAMPLE.COM
# Enable NTP and set the server
systemsetup -setusingnetworktime on
systemsetup -setnetworktimeserver EXAMPLE.COM
# Reload the service and force run, just in case
pkill -HUP ntpd
ntpdate EXAMPLE.COM
# Add the mac to the domain
dsconfigad -add "EXAMPLE.COM" -force -computer "TEST1" --domain "DC=EXAMPLE,DC=COM" -username "setupuser" -password "He11oW0rld!"
# Allow logins from any domain in the forest
dsconfigad -alldomains enable
# Now make sure domain admins can login and get admin rights
dsconfigad -groups "Domain admins"
# Enable mobile accounts
dsconfigad -mobile enable
dsconfigad -mobileconfirm disable
# Disable UNC paths
dsconfigad -localhome enable
dsconfigad -useuncpath disable
# Set the shell to something sensible
dsconfigad -shell "/bin/bash"
# Enable encryption
dsconfigad -packetsign require
dsconfigad -packetencrypt require
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment