ARD AD based authentication

gistfile1.txt

#!/bin/bash
#This script adds local groups to allow for the ard_* group directory based groups to access the computer via ARD

# List of groups to create and edit
groupArray=(ard_interact ard_manage ard_admin)

# List of AD group UUIDs. Get the UUID from the group info in AD.
my_ARD_interact_UUID=AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
my_ARD_manage_UUID=AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
my_ARD_admin_UUID=AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE

# Enable DirectoryService auth for Apple Remote Desktop
echo "Enabling DirectoryService authentication for Apple Remote Desktop"
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setdirlogins -dirlogins yes

####Create Groups
for group in "${groupArray[@]}"
do
    dseditgroup -n /Local/Default com.apple.local.$group
    if [ $? != 0 ]
    then
        echo "com.apple.local.$group group does not exist.  Creating"
        dseditgroup -n /Local/Default -o create com.apple.local.$group
    else
        echo "com.apple.local.$group group already exists"
    fi
done

dscl localhost -create /Local/Default/Groups/com.apple.local.ard_interact NestedGroups $my_ARD_interact_UUID
dscl localhost -create /Local/Default/Groups/com.apple.local.ard_manage NestedGroups $my_ARD_manage_UUID
dscl localhost -create /Local/Default/Groups/com.apple.local.ard_admin NestedGroups $my_ARD_admin_UUID