Join Domain Script setup
I apologize for posting this twice - first on the scripting forum and then here. I meant for it to be only here. But I have been searching all morning for an appropriate script to do what I want and got mixed up as to which forum I was actually in.[8|]
Usually I have joined our computers to the domain as one of the last post-installation tasks of a scripted install using the 2000. But, I had 30+ iMacs running VMWare Fusion and I wanted to be very specific in the naming of the computers so I left off the Join Domain post-install task. So now I have the VM's all named appropriately and all my software installed. The last step left is joining them to the domain.
I am very new to Kboxes in general and scripting specifically. I think I have the correct file uploaded to the Kbox 1000 but I am unsure of the actual type of script to use - Online KScript or Online Shell Script.
I dissected the script I use on the 2000 to join the domain. The script consists of :
join_domain.vbs <my domain> <admin user> <admin password> <primary dns IP (optional)>
I uploaded join_domain.vbs as a dependency and I am trying to set up the Tasks appropriately. The admin user is a domain user with rights to join objects to AD.
1. Will this script work as is or do I need something fancier? Do I need to specify a local user?
2. What type of script will this qualify as?
I just tried it as an Online Shell Script and get an Error 193. So either there are some other lines necessary or it cannot run as an Online Shell Script.
TIA
Dana
Usually I have joined our computers to the domain as one of the last post-installation tasks of a scripted install using the 2000. But, I had 30+ iMacs running VMWare Fusion and I wanted to be very specific in the naming of the computers so I left off the Join Domain post-install task. So now I have the VM's all named appropriately and all my software installed. The last step left is joining them to the domain.
I am very new to Kboxes in general and scripting specifically. I think I have the correct file uploaded to the Kbox 1000 but I am unsure of the actual type of script to use - Online KScript or Online Shell Script.
I dissected the script I use on the 2000 to join the domain. The script consists of :
join_domain.vbs <my domain> <admin user> <admin password> <primary dns IP (optional)>
I uploaded join_domain.vbs as a dependency and I am trying to set up the Tasks appropriately. The admin user is a domain user with rights to join objects to AD.
1. Will this script work as is or do I need something fancier? Do I need to specify a local user?
2. What type of script will this qualify as?
I just tried it as an Online Shell Script and get an Error 193. So either there are some other lines necessary or it cannot run as an Online Shell Script.
TIA
Dana
0 Comments
[ + ] Show comments
Answers (4)
Please log in to answer
Posted by:
lindsamw
14 years ago
join_domain.vbs is for a windows box, aren't these macs? Or were you just mentioning the macs as the reason your naming convention was complicated? If so, I have an example post installation task in my ikbox (not kbox) that joins macs to the domain, can copy it here if you wish.
Posted by:
chrisgrim
14 years ago
Linda,
I would like to see your script for joining Macs to the domain, if you don't mind.
Thanks,
Chris...
I would like to see your script for joining Macs to the domain, if you don't mind.
Thanks,
Chris...
Posted by:
dmillaway
14 years ago
Yes, these are virtual xp boxes running xpsp3. We are not currently using our Kboxes to manage our macs but may do so in the future so I, too, would like you to post that script. Do you join them to AD or to OD?
Posted by:
lindsamw
14 years ago
The script is just one of the default ikbox ones. I don't have any macs in my environment, so I have never actually tested it. Its called Example: Join Active Directory Domain (10.5).
As far as your original question, seeings how these aren't macs; I also have very complex naming requirements. I still do my joinad from the ikbox though. My VERY last task of every scripted install renames the PC according to our rules, at the end of the rename, it sets a runonce to join the AD, the runonce uses a 'strap' to fire off the joinad. That way windows continues loading. If you don't use some kind of strap, the pc hangs up at the runonce, and usually not enough windows services are 'ready' to join the domain. I probably overly complicated the whole process, but it works for me, and it works well :)
Copied and pasted the MAC JOINAD out of my ikbox below.
Thanks!
Mike
SHELL SCRIPT:
#!/bin/bash
### You must edit these for your specific environment
# 1) fully qualified DNS name of Active Directory Domain.
domain="test.example.com"
# 2) username of a privileged network user.
udn=""
# 3) password of a privileged network user.
password=""
# 4) Distinguished name of container for the computer
ou="ou=Computers,ou=lab,DC=test,DC=example,DC=com"
# 5) 'enable' or 'disable' automatic multi-domain authentication
alldomains="enable"
### End of configuration
# Get the local computer's name.
computerid=`/usr/sbin/scutil --get LocalHostName`
# Activate the AD plugin, just to be sure
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u "$udn" -p "$password" -ou "$ou"
dsconfigad -alldomains $alldomains
# Add the AD node to the search path
if [ "$alldomains" = "enable" ]; then
csp="/Active Directory/All Domains"
else
csp="/Active Directory/$domain"
fi
dscl /Search -append / CSPSearchPath "$csp"
dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search/Contacts -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath
# Restart Directory Service
killall DirectoryService
sleep 2
exit 0
NOTES:
Be sure and edit the standard parameters area of the script to match your AD domain requirements.
As far as your original question, seeings how these aren't macs; I also have very complex naming requirements. I still do my joinad from the ikbox though. My VERY last task of every scripted install renames the PC according to our rules, at the end of the rename, it sets a runonce to join the AD, the runonce uses a 'strap' to fire off the joinad. That way windows continues loading. If you don't use some kind of strap, the pc hangs up at the runonce, and usually not enough windows services are 'ready' to join the domain. I probably overly complicated the whole process, but it works for me, and it works well :)
Copied and pasted the MAC JOINAD out of my ikbox below.
Thanks!
Mike
SHELL SCRIPT:
#!/bin/bash
### You must edit these for your specific environment
# 1) fully qualified DNS name of Active Directory Domain.
domain="test.example.com"
# 2) username of a privileged network user.
udn=""
# 3) password of a privileged network user.
password=""
# 4) Distinguished name of container for the computer
ou="ou=Computers,ou=lab,DC=test,DC=example,DC=com"
# 5) 'enable' or 'disable' automatic multi-domain authentication
alldomains="enable"
### End of configuration
# Get the local computer's name.
computerid=`/usr/sbin/scutil --get LocalHostName`
# Activate the AD plugin, just to be sure
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u "$udn" -p "$password" -ou "$ou"
dsconfigad -alldomains $alldomains
# Add the AD node to the search path
if [ "$alldomains" = "enable" ]; then
csp="/Active Directory/All Domains"
else
csp="/Active Directory/$domain"
fi
dscl /Search -append / CSPSearchPath "$csp"
dscl /Search -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search/Contacts -create / SearchPolicy dsAttrTypeStandard:CSPSearchPath
# Restart Directory Service
killall DirectoryService
sleep 2
exit 0
NOTES:
Be sure and edit the standard parameters area of the script to match your AD domain requirements.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.