Mac AD Binding Script

Binding.sh

#!/bin/bash
# www.justanothermacadmin.com
# This script will automate the binding attempts to AD.
# Please feel free to edit as needed.

# Script Variables

AD_DOMAIN="" #Enter AD Domain
COMPUTER_ID=`/usr/sbin/scutil --get LocalHostName`
COMPUTER_OU="CN=Computers,DC=,DC=,DC=" #Enter Computer OU information
MOBILE="enable"
MOBILE_CONFIRM="disable"   ###Modify these to fit the needs of your organization
UID_MAPPING=""
UNC_PATH="disable"
ADMIN_GROUPS="" #Enter Admin Groups

# User prompt to enter user name, and password

read -p 'Username: ' AD_USER
read -sp 'Password: ' AD_PW

echo 

#The Binding Attempt

ATTEMPTS=0
MAX_ATTEMPTS=100
SUCCESS=
while [ -z "${SUCCESS}" ]; do
   if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ]; then
     	echo "Binding computer to domain ${AD_DOMAIN}..." 2>&1 
		dsconfigad -add "${AD_DOMAIN}" -computer "${COMPUTER_ID}" -ou "${COMPUTERS_OU}" -username "${AD_USER}" -password "${AD_PW}" -force 2>&1
     	IS_BOUND=`dsconfigad -show | grep "Active Directory Domain"`
     	if [ -n "${IS_BOUND}" ]; then
      		SUCCESS="YES"
     	else
       		echo "An error occured while trying to bind this computer to AD, new attempt in 5 seconds..." 2>&1
       		sleep 5
      		ATTEMPTS=`expr ${ATTEMPTS} + 1`
     	fi
    else
     	echo "AD binding failed (${MAX_ATTEMPTS} attempts), will retry at next boot!" 2>&1
    	SUCCESS="NO"
   fi
done
if [ "${SUCCESS}" = "YES" ]; then
	#
	# Update AD plugin options
 	echo "Configuring selected AD options..."
 	dsconfigad -mobile ${MOBILE}
 	sleep 2
 	dsconfigad -mobileconfirm ${MOBILE_CONFIRM}
 	sleep 2
 	dsconfigad -useuncpath ${UNC_PATH}
 	sleep 2
 	dsconfigad -uid ${UID_MAPPING}
 	sleep 2
 	dsconfigad -groups ${ADMIN_GROUPS}
 	sleep 2
fi
echo "AD Binding complete"
echo "It took ${ATTEMPTS} attempts to bind this computer"