How can I tell programmatically if a Mac OS X machine is bound to an Active Directory domain?

Question

This command: dsconfigad -show does what I need but I need admin rights to run it.

The above command outputs some information I'm interested in:

You are bound to Active Directory:
      Active Directory Forest        = xx.xxxxxx.local
      Active Directory Domain        = xx.xxxxxx.local
      Computer Account               = (computer name)

I'd like to be able to get the Active Directory Domain seen above programatically, and preferably without having to have sudo permissions.

Any suggestions? I've browsed the Open Directory docs and it is not entirely obvious to me how to do this. I also tried some code examples just to query the AD for something without success... I'll continue to work on it but I was hoping someone here had some knowledge to share.

Answer 1

Without node authentication you should at least see if AD is bound by looking at the active OD plugins - it should include AD if it is bound. It may or may not show the domain (typically it does for LDAP but I don't have AD to test here so your mileage may vary):

Swift

import Foundation
import OpenDirectory

let mySession = ODSession.default()
do {
    print(try mySession?.nodeNames())
}
catch {
    print("error: \(error)")
}

Objective-C

#include <Foundation/Foundation.h>
#include <OpenDirectory/OpenDirectory.h>

int main(int ac, char **av) {
  NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
  ODSession *mySession = [ODSession defaultSession];
  NSError *err = 0;
  NSArray *nodeNames = [mySession nodeNamesAndReturnError:&err];
  if (err) NSLog(@"error: %@", err);
  if (nodeNames) NSLog(@"nodes: %@", nodeNames);
  [pool release];
  return 0;
}