Last active
January 15, 2020 08:19
-
-
Save DamianZaremba/5327939 to your computer and use it in GitHub Desktop.
Commands to add an OSX machine to an AD environment so users can authenticate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Assumes the following: | |
# Hostname: TEST1 | |
# Domain: EXAMPLE.COM (you probably don't want to use your public domain for your AD domain... but that's out of scope for this example) | |
# Admin user: setupuser | |
# Admin pass: He11oW0rld! | |
# Machine will go into the default computers ou (root) | |
# Domain admins will get local admin rights on login | |
# All users will get mobile accounts (offline login) | |
# All data will be stored locally (no UNC home dir) | |
# Default shell will be bash | |
# No DC preference for queries/logins | |
# Set the hostname | |
scutil --set HostName TEST1.EXAMPLE.COM | |
# Enable NTP and set the server | |
systemsetup -setusingnetworktime on | |
systemsetup -setnetworktimeserver EXAMPLE.COM | |
# Reload the service and force run, just in case | |
pkill -HUP ntpd | |
ntpdate EXAMPLE.COM | |
# Add the mac to the domain | |
dsconfigad -add "EXAMPLE.COM" -force -computer "TEST1" --domain "DC=EXAMPLE,DC=COM" -username "setupuser" -password "He11oW0rld!" | |
# Allow logins from any domain in the forest | |
dsconfigad -alldomains enable | |
# Now make sure domain admins can login and get admin rights | |
dsconfigad -groups "Domain admins" | |
# Enable mobile accounts | |
dsconfigad -mobile enable | |
dsconfigad -mobileconfirm disable | |
# Disable UNC paths | |
dsconfigad -localhome enable | |
dsconfigad -useuncpath disable | |
# Set the shell to something sensible | |
dsconfigad -shell "/bin/bash" | |
# Enable encryption | |
dsconfigad -packetsign require | |
dsconfigad -packetencrypt require |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment