" class="nav-category">Demo Walkthroughs
  • Leadership
  • This widget could not be displayed.
  • IT Topics
  • This widget could not be displayed.
  • This widget could not be displayed.
  • ">Repo
    This widget could not be displayed.
  • This widget could not be displayed.
  • ">MSPs
    This widget could not be displayed.
  • Community News
  • cancel
    Showing results for 
    Search instead for 
    Did you mean: 
    Disclaimer
    JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

    Remove AD bind on MacOS via JumpCloud cmd

    shawnsong
    Rising Star III
    Rising Star III

    Although this scenario is not so common, but we have a KB for that - prior deploying JumpCloud agent to the device. 

    I recently came across a similar case - Mac bind with AD, with JC agent installed. So, I forked the dis-bind script mentioned in the KB to make it work in JC cmd:

    Note - Only the “mobile accounts” can be converted to local accounts. And the script introduced by the KB below works halfway - only disjoining AD. Despite the conversation failure from the script, the “mobile” account will be retained as a local account once disjoined AD, data remains too.

    Make sure this checkbox is ticked in "directory utility":

     

    shawnsong_1-1667456735970.png

    You can simply create a cmd in Jumpcloud and paste below lines in.

     

    RemoveAD(){
    
        # This function force-unbinds the Mac from the existing Active Directory domain
        # and updates the search path settings to remove references to Active Directory 
    
        searchPath=`/usr/bin/dscl /Search -read . CSPSearchPath | grep Active\ Directory | sed 's/^ //'`
    
        # Force unbind from Active Directory
    
        /usr/sbin/dsconfigad -remove -force -u none -p none
        
        # Deletes the Active Directory domain from the custom /Search
        # and /Search/Contacts paths
        
        /usr/bin/dscl /Search/Contacts -delete . CSPSearchPath "$searchPath"
        /usr/bin/dscl /Search -delete . CSPSearchPath "$searchPath"
        
        # Changes the /Search and /Search/Contacts path type from Custom to Automatic
        
        /usr/bin/dscl /Search -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
        /usr/bin/dscl /Search/Contacts -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
    }
    
    check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`
    # Check for AD binding and offer to unbind if found. 
    if [[ "${check4AD}" = "Active Directory" ]]; then
    	
        RemoveAD; /bin/echo "AD binding has been removed."; break
    fi

     

    Expect an output like this:

    shawnsong_2-1667456817229.png

    😉

    0 REPLIES 0