I am looking for the best way to do this – Need to remove a bunch of machines on my network from the AD & OD bindings. Is removing the Directory Services “folder” (& the edu.mit.kerberos file) a recommended way to do this, by doing the following:
cd /Library/Preferences
rm -R -i DirectoryService
sudo shutdown -h now
Any known issues that would come up if I delete this folder?
Or if not, could someone help me with these commands. I tried the following commands and the removal from AD & OD were successful but I just cant seem to remove the “/Active Directory/All Domains” entry from the Authentication & Contact search path policies with these commands:
(The LDAPv3 entry gets deleted but not the AD one, gives me a dscl error)
[code]#!/bin/sh
# Standard parameters
domain=”myAddomain”
udn=”administrator”
password=”password”
odudn=”OD administrator”
odpassword=”password”
ou=”CN=Computers,DC=myAD,DC=com”
odserver=”myOD.com”
# Remove from AD
dsconfigad -f -r -a $computerid -domain $domain -u $udn -p “$password” -ou “$ou”
# Remove from OD
sleep 10
dsconfigldap -v -r myOD.com
sleep 20
# Restart DirectoryService
killall DirectoryService
sudo dscl “/Active Directory/All Domains” -list /Computers > /dev/null
sleep 10
sudo dscl /Search -delete / CSPSearchPath /Active Directory/All Domains
sudo dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/All Domains
sudo dscl /Search -delete / CSPSearchPath /LDAPv3/myOD.com
sudo dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/myOD.com
sudo -r /Library/Preferences/DirectoryService/SearchNodeConfig “Search Node Custom Path Array” -array “/Active Directory/All Domains”
sudo -r /Library/Preferences/DirectoryService/SearchNodeConfig “Search Policy” -int 3
killall DirectoryService[/code]
Thanks
.
.
Comments are closed