One Script to Rule Them All

If you clone the computers on your network, chances are additional settings are necessary unless you have a genius script. If you are integrating Apple computers on a Windows network, then this is the script to use.

Any script named rc.local when placed in the following location runs when that same computer is restarted:

/private/etc/

The /private folder is an invisible folder, hidden from the general Finder. You can reach this folder by selecting the "Go" menu, then the "Go to folder..." option. Type in the pathway shown above.

This script behaves as follows:

• It will give the computer a unique name using the last six digits of the MAC address + a three letter symbol (where xxx can be anything you like).
• It will bind the computer to Active Directory to a domain called "yourdomain.com".
• It will bind the computer to Open Directory to a server called "od.yourdomain.com".
• The local admin username of the computer is "admin".
• The local admin password of the computer is "password".
• The domain admin username is "sysadmin".
• The domain admin password is "syspassword".
• The Active Directory group called "your staff" will be granted administrative privileges.
• All users of the computer will use mobile accounts.

Note: you will need to hunt through the script to make the appropriate changes to match your domain, servers, usernames, passwords, and groups. This script will fail if you use passwords with special characters that the script relies on (like $ or #), or if the computer clock is not in sync with your domain controller. A network connection is necessary (for instance, we clone over an isolated wired network but the script does its magic through a wireless connection where DHCP is present).

#!/bin/sh

#Give the network time to come online
logger "Sleeping 30 seconds"
sleep 30

#Set Bonjour and Computer Names
logger "Setting Bonjour and Computer Names"
computerid=`/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }' | cut -c 7-19` # last 6 digits MAC Address
computerid2="xxx""$computerid"
logger "Computer name is $computerid2"
scutil --set LocalHostName "$computerid2"
scutil --set ComputerName "$computerid2"
sleep 3

#Remove Existing Directory Services Config
logger "Removing existing DS Config"
rm -R /Library/Preferences/DirectoryService/ActiveDirectory*
rm -R /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig*
rm -R /Library/Preferences/DirectoryService/SearchNode*
rm -R /Library/Preferences/DirectoryService/ContactsNode*
rm -R /Library/Preferences/edu.mit.Kerberos

#Kill Directory Services and respawn to return to DS Defaults
logger "Respawning DS"
killall -9 DirectoryService
dscl /Search -read / >> /dev/null
ls -al / >> /dev/null
sleep 3

#Fix SearchNode plist
logger "Disabling LDAP via DHCP"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "DHCP LDAP" -dict "/Sets/0" -bool FALSE
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
killall -9 DirectoryService
dscl /Search -read / >> /dev/null
ls -al / >> /dev/null
sleep 3

#Configure LDAPv3 Plugin -- fix with site-specific data
logger "Configuring LDAPv3 Plugin"
dsconfigldap -v -l admin -q password -a od.yourdomain.com
sleep 3

#Bind to AD Domain -- fix with site-specific data
logger "Configuring AD Plugin"
dsconfigad -f -a `scutil --get LocalHostName` -u sysadmin -p syspassword -lu admin -lp password -domain "yourdomain.com"
dsconfigad -lu admin -lp password -protocol smb -mobile disable -mobileconfirm disable -localhome disable -useuncpath disable -nopreferred -groups "domain admins,enterprise admins,your staff" -alldomains enable
sleep 3

#Fix Search Path and Contacts Path -- fix with site-specific data
logger "Configuring Search and Contacts Nodes"
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search -create / CSPSearchPath /NetInfo/DefaultLocalNode "/LDAPv3/od.yourdomain.com" "/Active Directory/All Domains"
dscl localhost -create /Contact SearchPolicy CSPSearchPath
dscl localhost -append /Contact CSPSearchPath "/Active Directory/All Domains"
sleep 3

#Refresh the MCX Cache
logger "Refeshing the MCX Cache"
/System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher -f
/System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher
#Comment out if you do not want script to self delete
srm -Rf /etc/rc.local

#Exit
exit 0

Note: keep in mind that this script deletes itself after it is run.

You can include this script as part of your image (sets everything right first boot), or push it out using Apple Remote Desktop at a later time. We've even made a custom installer that injects this script into the appropriate spot and forces a restart.