-2

I have searched the stacks fairly thoroughly to find a scripting language-based command that can help me develop a script to be executed on Macs capable of actually generating (NOT SIMPLY BINDING) those Macs as computer objects in Active Directory. I have found several excellent scripts that BIND Macs, but THEY ONLY BIND THE COMPUTER WHEN THE COMPUTER OBJECT HAS BEEN PREVIOUSLY GENERATED IN ACTIVE DIRECTORY. I have a working script that functionally unbinds and then binds a computer to AD, but only when a computer object is already present AND the computerName variable given during the bind runtime matches the name of that computer object already present in AD. All of the scripts that I've seen, and the one that I have been using, use the BASH dsconfigad utility, but this does not actually delete or generate computer objects (at any privilege level).

Digital Impermanence
  • 111
  • 7
  • The standard binding command (`dsconfig -add`) should create a computer object if none exists. You need to troubleshoot why this is not happening, rather than looking for a different command. – Gordon Davisson Oct 21 '14 at 15:21
  • Have you actually been witness to dsconfigad -add generating computer objects? Just looking for Yes or No here. – Digital Impermanence Oct 21 '14 at 15:27
  • Yes, although it's been a while since I've used it... – Gordon Davisson Oct 22 '14 at 03:53
  • I'm unable to respond at length right now, Gordon, as I'm only able to comment from my android phone, but I'm going to respond more to your previous comment tomorrow and hope our dialog regarding this issue continues. – Digital Impermanence Oct 22 '14 at 06:03
  • @Gordon Davisson - I suspected that if it wasn't the dsconfigad utility limiting the functionality I desired, then it was a permissions discrepancy. It was of course the latter... – Digital Impermanence Nov 04 '14 at 15:45

1 Answers1

1

The Directory Services Configuration for Active Directory Utility (DSCONFIGAD), developed and offered by Apple, is fully capable of generating and binding Active Directory computer objects. OS X utility commands such as DSCL, DSCACHE, DSCONFIGAD, DSEDITGROUP, etc., however, must be executed as Root. Initially, I failed to do this, hence my question and confusion above, both of which have been resolved.

Digital Impermanence
  • 111
  • 7