9 Replies Latest reply on Mar 22, 2016 12:47 PM by patgmac1

    OD Migration to AD using OnDemand

    philcebutv Apprentice

      Hi All,

       

      Can some one share some script on how I can migrate a bunch of iMacs from OD to AD using AM. I can create the script and wrap it up using packages but I am fairly new two bash scripting and AD command line in OS X.

       

      My goal are the following:

       

      1. Make the OD to AD Migration script/package available on the OnDemand software using an admin account

      2. perform the migration on local admin account using OnDemand

       

      The script/package should be doing the below

      1. Bind iMac to AD with option to prompt to create mobile account

      I think this is done through dsconfigad.. I have the below command and I do not know if it activates AD.

       

      dsconfigad -f -a $computerid_final -domain $domain -u $udn -p "$password" -ou "$ou"

      dsconfigad -alldomains enable -localhome enable -protocol smb -mobile enable -mobileconfirm enable -useuncpath enable -shell none nopreferred [/code]

       

       

      2. Unbind existing OD entry

      I have a command the below but its only deleting it under search path but not unbinding it.

      dscl /Search -delete / CSPSearchPath “/Active Directory/All Domains” /LDAPv3/mods1b1a.qatar-med.cornell.edu

      edit: I figure this part out - dsconfigldap -r full_dns_name_of_your_ODserver

       

      3. convert existing OD mobile users home folder to AD

      4.  make the converted user as admin (some history and politics are involved here, reason why users are admin)

      5. add user to existing FV users.

      6. If reboot is needed reboot the machine

      I would think this is [code]shutdown -r [/code]

       

      Someone had informed me as well that I need to restart Directory Services to activate AD settings not sure if killing DirectoryServices will do it as my target clients are 10.7, 10.8, 10.9 and 10.10 and I think DirectoryServices are not there anymore.

       

      Thank You.

      Phil