+ Post New Thread
Results 1 to 4 of 4
Mac Thread, Removing Directory Services cofig in Technical; I am looking for the best way to do this - Need to remove a bunch of machines on my ...
  1. #1

    Join Date
    Jul 2009
    Posts
    11
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Removing Directory Services cofig

    I am looking for the best way to do this - Need to remove a bunch of machines on my network from the AD & OD bindings. Is removing the Directory Services "folder" (& the edu.mit.kerberos file) a recommended way to do this, by doing the following:

    cd /Library/Preferences
    rm -R -i DirectoryService
    sudo shutdown -h now

    Any known issues that would come up if I delete this folder?


    Or if not, could someone help me with these commands. I tried the following commands and the removal from AD & OD were successful but I just cant seem to take out the "/Active Directory/All Domains" entry from the Authentication & Contact search path policies with these commands:



    HTML Code:
    #!/bin/sh
    
    # Standard parameters
    domain="myAddomain"                                                     
    udn="administrator"                                                     
    password="password"                                          
    odudn="OD administrator"                                                         
    odpassword="password"                                        
    ou="CN=Computers,DC=myAD,DC=com"           
    odserver="myOD.com"
    
    # Remove from AD
    dsconfigad -f -r -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"
    
    # Remove from OD
    sleep 10
    dsconfigldap -v -r myOD.com
    sleep 20
    
    # Restart DirectoryService
    killall DirectoryService
    
    sudo dscl "/Active Directory/All Domains" -list /Computers > /dev/null
    sleep 10
    sudo dscl /Search -delete / CSPSearchPath /Active Directory/All Domains
    sudo dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/All Domains
    
    sudo dscl /Search -delete / CSPSearchPath /LDAPv3/myOD.com
    sudo dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/myOD.com
    
    
    sudo -r /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
    sudo -r /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
    killall DirectoryService


    Thanks

  2. #2

    Join Date
    Jul 2009
    Posts
    11
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    If any of you wouldn't mind giving some recommendation on this? Thanks again.

  3. #3
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    268
    Thank Post
    10
    Thanked 113 Times in 95 Posts
    Rep Power
    41
    Hi

    No need for the script as the removal of /Library/Preferences/DirectoryService removes everything including the Search Policy listing. I would issue the command this way:

    sudo rm -R -i -v /Library/Preferences/DirectoryService

    This way you should get a y/n prompt. As far as I know there are no repercussions. It's a safer way as rm is a particularly dangerous command to use. For example there is an rm command that can be used that basically deletes the whole OS and BSD before your eyes. After a while the mac gives up the ghost and dies.

    If you're into that sort of thing it can be fun? Clearly I'm not going to give it here.

    Follow the above with:

    sudo reboot now

    On successful log in you should see the edu.mit.Kerberos file has been removed as well. This is true for 10.5 only as unbinding from the DC automatically removes this file. However sometimes it can stick around for no good reason in which case remove it either with a Terminal command or via the Finder. At this point I would also issue:

    sudo rm -R -i -v /Library/Managed\ Preferences

    This should remove the possibility of any 'rogue' MCX affecting the local admin account. If you want to totally 'reset' Network Settings (again useful for completely removing macs from a network environment) issue:

    sudo rm -R -i -v /Library/Preferences/SystemConfiguration

    Again it's advisable to restart after doing any of the above.

    Antonio Rocco (ACSA)

  4. Thanks to AntonioRocco from:

    jasonthat (11th August 2009)

  5. #4

    Join Date
    Jul 2009
    Posts
    11
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks antonio. But since I needed to have it done soon, I went ahead and tried the script again. Silly me, I just had to put quotes around the /Active Directory/All Domains.
    But I will remember to use these commands next time. sounds easier and quick. And totally resetting the network settings on the mac sounds cool to me. Always like to follow the "total reset" methods with most of the tasks I do on the network. Thanks again.

SHARE:
+ Post New Thread

Similar Threads

  1. Removing Classlink
    By brownfc in forum Network and Classroom Management
    Replies: 5
    Last Post: 10th June 2009, 05:57 PM
  2. Replies: 0
    Last Post: 6th April 2009, 10:26 PM
  3. Replies: 8
    Last Post: 23rd April 2008, 10:33 PM
  4. Replies: 7
    Last Post: 31st January 2008, 12:17 PM
  5. Removing a GPO
    By _Bat_ in forum Windows
    Replies: 12
    Last Post: 3rd May 2007, 04:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •