[benjleroy]

Good to know, I guess I made an assumption that was not bourn out.

Thanks Allister

[benjleroy]

According to the Apple’s Directory Services 10.6 training you remove the following files for the DSAD plugin:

DS plists:
/Library/Preferences/DirectoryService/ActiveDirectory.plist
/Library/Preferences/DirectoryService/ActiveDirectoryDomainCache.plist
/Library/Preferences/DirectoryService/ActiveDirectoryDomainPolicies.plist
/Library/Preferences/DirectoryService/ActiveDirectoryDynamicData.plist

Update your dscl search paths:

dscl /Search -delete / CSPSearchPath /Active\ Directory/All\ Domains
dscl /Search -delete /Search/Contacts CSPSearchPath /Active\ Directory/All\ Domains

Remove your Kerberos Conf:
/Library/Preferences/edu.mit.Kerberos

Remove the DSAD Kerberos Caches (can be multiple files)
/var/db/dslocal/nodes/Default/config/Kerberos:FQDN.DOMAIN.COM

And Lastly the DSAD plugin plist:
/var/db/dslocal/nodes/Default/config/AD\ DS\ Plugin.plist

You may also need to go into your active directory ad delete the computer object if you did not unbind cleanly from the AD. There are still keytabs in /etc/krb5.keytab but they can be safely ignored.

The following script run as root (sudo is fine will reset things)

[code]
#!/bin/sh
rm /Library/Preferences/DirectoryService/ActiveDirectory.plist
rm /Library/Preferences/DirectoryService/ActiveDirectoryDomainCache.plist
rm /Library/Preferences/DirectoryService/ActiveDirectoryDomainPolicies.plist
rm /Library/Preferences/DirectoryService/ActiveDirectoryDynamicData.plist
dscl /Search -delete / CSPSearchPath /Active\ Directory/All\ Domains
dscl /Search -delete /Search/Contacts CSPSearchPath /Active\ Directory/All\ Domains
rm /Library/Preferences/edu.mit.Kerberos*
rm /var/db/dslocal/nodes/Default/config/Kerberos\:*
rm /var/db/dslocal/nodes/Default/config/AD\ DS\ Plugin.plist
killall DirectoryService
[/code]

[Author]

Posts