Using DSCL to config AD Search Paths

dsconfigad command:

• Bind to AD:

dsconfigad -a clientname -domain domain.name -u adminname -p adpassword -lu localadmin -lp lapasswd

• Add the AD to the search path:

sudo dscl /Search -create / SearchPolicy CSPSearchPath
sudo dscl /Search -append / CSPSearchPath “Active Directory/ All Domains”

• Add the AD to the Contacts search path:

sudo dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
sudo dscl /Search/Contacts -append / CSPSearchPath “Active Directory/All Domains”

• Force DirectoryService to restart and load the new configurations

sudo killall DirectoryService

• To Remove All Domains and set only a one Domain in the Forest for Auth and Contacts

First set all domain authentication off

dsconfigad -alldomains disable

Then remove the all domains from search and contacts and add only the domain you want to use

dscl /Search -delete / CSPSearchPath "/Active Directory/domain/All Domains"
dscl /Search -append / CSPSearchPath "/Active Directory/domain/domain.com"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/domain/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/domain/domain.com"