借鉴一下别人的脚本: #!/bin/sh # Patrick Gallagher # http://www.macadmincorner.com # Updated 12/11/2009 # These variables need to be configured for your env odAdmin="" #enter your OD admin name between the quotes odPassword="" # Enter your OD admin password between the quotes domain="od.school.edu" # FQDN of your OD domain oldDomain="oldod.school.edu" # If moving from another OD, enter that FQDN here oldODip="111.222.333.444" # Enter the IP of your old OD ADdomain="ad.school.edu" # Enter your AD domain here computerGroup=computers # Add appropriate computer group you want machines to be added to, case sensitive # These variables probably don't need to be changed computerName=`/usr/sbin/scutil --get LocalHostName` nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'` check4OD=`dscl localhost -list /LDAPv3` check4ODacct=`dscl /LDAPv3/${domain} -read Computers/${computerName} RealName | cut -c 11-` check4AD=`dscl localhost -list /Active/ Directory` osversionlong=`sw_vers -productVersion` osvers=${osversionlong:3:1} # Check if on OD already if [ "${check4OD}" == "${domain}" ]; then echo "This machine is joined to ${domain} already." odSearchPath=`defaults read /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" | grep $domain` if [ "${odSearchPath}" = "" ]; then echo "$domain not found in search path. Adding..." dscl /Search -append / CSPSearchPath /LDAPv3/$domain sleep 10 fi else if [ "${check4OD}" == "${oldDomain}" ]; then echo "Removing from ${oldDomain}" dsconfigldap -r "${oldDomain}" dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldDomain}" dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldDomain}" echo "Binding to $domain" dsconfigldap -v -a $domain -n $domain dscl /Search -create / SearchPolicy CSPSearchPath killall DirectoryService else if [ "${check4OD}" == "${oldODip}" ]; then echo "Removing from ${oldODip}" dsconfigldap -r "${oldODip}" dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldODip}" dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldODip}" echo "Binding to $domain" dsconfigldap -v -a $domain -n $domain dscl /Search -create / SearchPolicy CSPSearchPath killall DirectoryService else echo "No previous OD servers found, binding to $domain" dsconfigldap -v -a $domain -n $domain dscl /Search -create / SearchPolicy CSPSearchPath sleep 10 dscl /Search -append / CSPSearchPath /LDAPV3/$domain echo "Killing DirectoryService" killall DirectoryService fi fi fi if [ "${check4ODacct}" == "${computerName}" ]; then echo "This machine has a computer account on ${domain} already." else echo "Adding computer account to ${domain}" dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -create /Computers/${computerName} ENetAddress "$nicAddress" dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /Computers/${computerName} RealName ${computerName} # Add computer to ComputerList dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerLists/${computerGroup} apple-computers ${computerName} # Set the GUID GUID="$(dscl /LDAPv3/${domain} -read /Computers/${computerName} GeneratedUID | awk '{ print $2 }')" # Add to computergroup dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} apple-group-memberguid "${GUID}" dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} memberUid ${computerName} fi sleep 25 # Give DS a chance to catch up # Fix DS search order echo "Checking DS search order..." if [ "${check4AD}" == "${adDomain}" ]; then dsconfigad -alldomains enable dscl /Search -delete / CSPSearchPath "/Active Directory/${adDomain}" dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/${adDomain}" dscl /Search -append / CSPSearchPath "/Active Directory/All Domains" if [ $osvers -eq 4 ]; then echo "OS detected as ${osversionlong}" echo "Setting AD, then OD to search order..." dscl localhost changei /Search CSPSearchPath 2 "/Active Directory/All Domains" dscl localhost changei /Search CSPSearchPath 3 /LDAPv3/$domain dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains" else if [[ ${osvers} -eq 5 || 6 ]]; then echo "OS detected as ${osversionlong}" echo "Setting OD, then AD to search order..." dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains" dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains" fi fi else if [ "${check4AD}" == "All Domains" ]; then dscl /Search -append / CSPSearchPath "/Active Directory/All Domains" sleep 15 if [ $osvers -eq 4 ]; then echo "OS detected as ${osversionlong}" echo "Setting AD, then OD to search order..." dscl localhost changei /Search CSPSearchPath 1 "/Active Directory/All Domains" dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain else if [[ ${osvers} -eq 5 || 6 ]]; then echo "OS detected as ${osversionlong}" echo "Setting OD, then AD to search order..." dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains" dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains" fi fi fi fi echo "Finished. Exiting..." exit 0 From: