Jump to content
  • 0

ipconfig /registerdns for osx?


Cowboy Denny
 Share

Question

3 answers to this question

Recommended Posts

  • 0

In System Preferences -> Network press "Renew DHCP Lease".

or the more "fun" way is via the terminal (cli)

sudo ipconfig set en0 DHCP (case is important---'DHCP' not 'dhcp')

The above command will do a DHCP lease renew, with all the attendant DNS renewing.

OR you can use dscl (Directory Services Command Line interface)

man dscl

The ‘dscl’ Command overview

The dscl command is run from a shell prompt using the Terminal app or an equivalent app. It has two modes – interactive and non-interactive. The dscl command returns the same data shown in the Directory Editor app. 

Note: Most names are case-sensitive when using the dscl command. 

Interactive Mode

Typing ‘dscl’ at a shell prompt and pressing ‘enter’ provides access to the interactive mode. Interactive mode displays a ‘>’ prompt. At that point, dscl is waiting for further commands. To quit interactive mode, type the letter ‘q’ and press ‘enter.’ 

Note that the ‘ls’ and ‘cd’ commands work within interactive mode. This allows for viewing entries at the current location and to traverse the node and path. The prompt will include the current location in the directory path. 

 

Non-Interactive Mode

In non-interactive mode, the entire command is entered on one line, the resulting output is displayed on-screen, followed by the normal shell prompt. 

The general syntax of this command is to specify a node, a command to perform, a path and, optionally, a list of attributes or columns.

Node, command, path, attributes

or

data source and database, command, table and record, attributes

Note: attributes are optional. Not specifying attributes returns all attributes in the specified table. Viewing all attributes of a table may be helpful for determining attribute names and which attributes are most helpful for a given requirement. 

 

Sample non-interactive commands: 

dscl /Local/Default read Computers/localhost IPAddress

dscl  /Active\ Directory/MyDomSrv/mydom.com -read /Computers/mymacpro$ distinguishedName 

Note that the node, command and path must be specified in this order. It does not seem possible to specify the command, node/path or other variations. 

 

Sample Interactive sequence to read localhost data

$ dscl

Entering interactive mode... (type "help" for commands)

> ls

LDAPv3

Local

Contact

Search

 

> cd /Local/Default

/Local/Default > read Computers/localhost

dsAttrTypeNative:KerberosFlags: 110

AppleMetaNodeLocation: /Local/Default

IPAddress: 127.0.0.1

IPv6Address: ::1 fe80::1%lo0

KerberosServices: host afpserver cifs vnc

RecordName: localhost

RecordType: dsRecTypeStandard:Computers

/Local/Default > 

 

Sample Non-interactive command to read localhost data

$ dscl /Local/Default read Computers/localhost

dsAttrTypeNative:KerberosFlags: 110

AppleMetaNodeLocation: /Local/Default

IPAddress: 127.0.0.1

IPv6Address: ::1 fe80::1%lo0

KerberosServices: host afpserver cifs vnc

RecordName: localhost

RecordType: dsRecTypeStandard:Computers

 

Sample Non-interactive command to read a single attribute from the localhost record

$ dscl /Local/Default read Computers/localhost IPAddress

IPAddress: 127.0.0.1

 

The following examples show the interactive and non-interactive commands for gathering the DNSName, RealName, and RecordName from Active Directory for a specific computer.  

Sample Interactive command to read specific active directory computer data

$ dscl

Entering interactive mode... (type "help" for commands)

> cd Active\ Directory/MYDOM0/All\ Domains/Computers

/Active Directory/MYDOM0/All Domains/Computers 

 

> ls

MYDOM$

mymacmini$

mymacpro$

MYNB$

WIN7VM $

 

/Active Directory/MYDOM0/All Domains/Computers > read MYNB$ DNSName RealName RecordName

DNSName: MYNB.mydom.com

RealName: MYNB

RecordName: MYNB$

Note in the interactive sample, above, the database name (Computers) was included in the node portion of the command. The non-interactive mode does not allow for putting the database in the node. The following two non-interactive commands show the incorrect and correct node and path syntax, respectively. (There may be variations to this rule.)

 

Sample Non-interactive command to read active directory computer data

* The node is enclosed in double quotes since it contains spaces. 

$ dscl "/Active Directory/MYDOM0/All Domains/Computers" -read MYNB$ DNSName RealName RecordName

Data source (/Active Directory/MYDOM0/All Domains/Computers) is not valid.

 

$ dscl "/Active Directory/MYDOM0/All Domains" -read Computers/MYNB$ DNSName RealName RecordName

 

DNSName: MYNB.mydom.com

RealName: MYNB

RecordName: MYNB$

 

Hope that helps

Edited by shadowmac
Link to comment
Share on other sites

  • 0

Just a little bit extra that might help...

Before continuing make sure your system time is sync'd/accurate because all this is very sensitive and if time is off you will get errors.

The following command will only allow the address assigned to en0 to be registered via DDNS.

dsconfigad -restrictDDNS en0

Best practice is to have all NICs disabled except en0 when you bind the Mac. Then restrict DDNS updates to only en0, only after this then enabling the subsequent NICs.

 

To View current Active Directory Settings

dsconfigad -show

To Unbind a Computer from an Active Directory Domain

dsconfigad -f -r -u 

Note: <username> needs to be replaced with domain administrator who has binding/unbinding rights.

To Bind a Mac Laptop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -a <computer-name> -u <username> -ou "CN=Computers,DC=network,DC=pcpc,DC=org" -domain <domain> -mobile enable -mobileconfirm enable -localhome enable -useuncpath enable -groups "Domain Admins,Enterprise Admins" -alldomains enable

To Bind a Mac Desktop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -a <computer-name> -u <username> -ou "CN=Computers,DC=network,DC=pcpc,DC=org" -domain <domain> -localhome enable -useuncpath enable -groups "Domain Admins,Enterprise Admins" -alldomains enable

reference: OS X Mavericks Using advanced Active Directory options in a configuration profile

Edited by wildweaselmi
Link to comment
Share on other sites

  • 0

If you have admin access you can set debug on to get more info on what's going on

Enabling logging for the Mac Directory Service

In addition to enabling logging for the agent, you may find it necessary to enable logging for the Open Directory Service.

To create a log file for the Open Directory Service:

1. Log in as or switch to the root or admin user.

2. Run the following command:

sudo odutil set log debug

3. After running this command, you can find the resulting log files at: /var/log/opendirectoryd.log* 

sudo log stream --predicate '(messageType == debug) and (subsystem == "com.apple.opendirectoryd")'

or

sudo log stream --debug --predicate 'subsystem == "com.apple.opendirectoryd"'

 

Just ideas to try

Edited by shadowmac
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...