use dscl to find out what domain controller a mac is authenticated against
My company has more than several hundred macs integrated into the larger Active Directory through Apple’s built-in AD plugin. There are also several dozen domain controllers running different version Windows operating systems – 2003, 2008 SP2, 2008 R2 SP1, etc. Like many setups ours does not specify a domain controller for a mac to authenticate against. Thus, it’s become increasingly important for me to determine what DC exactly a mac is authenticated against since it can be one of about 50 globally (yes, OS X is supposed to choose a close DC to authenticate against, but I’ve recently discovered that this is not always the case in our current environment). In trolling the internet for an answer to this question, I came across an extremely helpful post here: http://blog.macadmincorner.com/leopard-ad-integration-headaches/
In short, the command to run is the following, but read through the linked article for the whole story:
dscl . -read /Config/Kerberos:<YOUR.KERBEROS.REALM>
This will spit out what DC the mac is actually authenticated against by reading through the kerberos config file for <YOUR.KERBEROS.REALM>. In my case the results were eye-opening, prompting severals emails to our server team 😉
This search has been painstaking for some reason, so I thought I’d repost the solution in another forum to increase visibility for anyone in a similar situation.
About this entry
You’re currently reading “use dscl to find out what domain controller a mac is authenticated against,” an entry on acdesigntech
- Published:
- November 18, 2011 / 4:16 pm
- Category:
- Active Directory, Bash Scripting, OS X
- Tags:
- active directory, AD, authenticated, dscl, mac
4 Comments
Jump to comment form | comment rss [?] | trackback uri [?]