借鉴一下别人的脚本:
#!/bin/sh
# Patrick Gallagher
# http://www.macadmincorner.com
# Updated 12/11/2009
# These variables need to be configured for your env
odAdmin="" #enter your OD admin name between the quotes
odPassword="" # Enter your OD admin password between the quotes
domain="od.school.edu" # FQDN of your OD domain
oldDomain="oldod.school.edu" # If moving from another OD, enter that FQDN here
oldODip="111.222.333.444" # Enter the IP of your old OD
ADdomain="ad.school.edu" # Enter your AD domain here
computerGroup=computers # Add appropriate computer group you want machines to be added to, case sensitive
# These variables probably don't need to be changed
computerName=`/usr/sbin/scutil --get LocalHostName`
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
check4OD=`dscl localhost -list /LDAPv3`
check4ODacct=`dscl /LDAPv3/${domain} -read Computers/${computerName} RealName | cut -c 11-`
check4AD=`dscl localhost -list /Active/ Directory`
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
# Check if on OD already
if [ "${check4OD}" == "${domain}" ]; then
echo "This machine is joined to ${domain} already."
odSearchPath=`defaults read /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" | grep $domain`
if [ "${odSearchPath}" = "" ]; then
echo "$domain not found in search path. Adding..."
dscl /Search -append / CSPSearchPath /LDAPv3/$domain
sleep 10
fi
else if [ "${check4OD}" == "${oldDomain}" ]; then
echo "Removing from ${oldDomain}"
dsconfigldap -r "${oldDomain}"
dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldDomain}"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldDomain}"
echo "Binding to $domain"
dsconfigldap -v -a $domain -n $domain
dscl /Search -create / SearchPolicy CSPSearchPath
killall DirectoryService
else if [ "${check4OD}" == "${oldODip}" ]; then
echo "Removing from ${oldODip}"
dsconfigldap -r "${oldODip}"
dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldODip}"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldODip}"
echo "Binding to $domain"
dsconfigldap -v -a $domain -n $domain
dscl /Search -create / SearchPolicy CSPSearchPath
killall DirectoryService
else
echo "No previous OD servers found, binding to $domain"
dsconfigldap -v -a $domain -n $domain
dscl /Search -create / SearchPolicy CSPSearchPath
sleep 10
dscl /Search -append / CSPSearchPath /LDAPV3/$domain
echo "Killing DirectoryService"
killall DirectoryService
fi
fi
fi
if [ "${check4ODacct}" == "${computerName}" ]; then
echo "This machine has a computer account on ${domain} already."
else
echo "Adding computer account to ${domain}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -create /Computers/${computerName} ENetAddress "$nicAddress"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /Computers/${computerName} RealName ${computerName}
# Add computer to ComputerList
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerLists/${computerGroup} apple-computers ${computerName}
# Set the GUID
GUID="$(dscl /LDAPv3/${domain} -read /Computers/${computerName} GeneratedUID | awk '{ print $2 }')"
# Add to computergroup
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} apple-group-memberguid "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} memberUid ${computerName}
fi
sleep 25 # Give DS a chance to catch up
# Fix DS search order
echo "Checking DS search order..."
if [ "${check4AD}" == "${adDomain}" ]; then
dsconfigad -alldomains enable
dscl /Search -delete / CSPSearchPath "/Active Directory/${adDomain}"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/${adDomain}"
dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
if [ $osvers -eq 4 ]; then
echo "OS detected as ${osversionlong}"
echo "Setting AD, then OD to search order..."
dscl localhost changei /Search CSPSearchPath 2 "/Active Directory/All Domains"
dscl localhost changei /Search CSPSearchPath 3 /LDAPv3/$domain
dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
else if [[ ${osvers} -eq 5 || 6 ]]; then
echo "OS detected as ${osversionlong}"
echo "Setting OD, then AD to search order..."
dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains"
dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain
dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
fi
fi
else if [ "${check4AD}" == "All Domains" ]; then
dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
sleep 15
if [ $osvers -eq 4 ]; then
echo "OS detected as ${osversionlong}"
echo "Setting AD, then OD to search order..."
dscl localhost changei /Search CSPSearchPath 1 "/Active Directory/All Domains"
dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain
else if [[ ${osvers} -eq 5 || 6 ]]; then
echo "OS detected as ${osversionlong}"
echo "Setting OD, then AD to search order..."
dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain
dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
fi
fi
fi
fi
echo "Finished. Exiting..."
exit 0
原文链接: http://blog.csdn.net/afatgoat/article/details/5975896