How to do a full Time Machine system restore without being booted from an install DVD

Recently, I found that I needed to do a full system restore on a late-model MacBook Pro, but didn’t have a 10.5 install DVD available that would boot the laptop. I did have a FireWire utility drive that’s updated to 10.5.6, which would boot the laptop, but there is no obvious way to run the “Restore System from Backup” utility without being booted from an install DVD.

Thanks to “seibert” on the PGP forums, it looks like there is a way to run a system restore without needing to be booted from the 10.5 install DVD (though you’ll still need to have one available.) Here’s the procedure:

1. Boot your Mac with a drive that has 10.5.x installed. This volume cannot be the target volume when you restore from Time Machine later.

2. Attach your Time Machine drive or volume.

3. Insert the 10.5 install DVD.

4. Open the Terminal and run the following command:

sudo “/Volumes/Mac OS X Install Disc 1/System/Installation/CDIS/Mac OS X Installer.app/Contents/MacOS/Mac OS X Installer” “/Volumes/Mac OS X Install Disc 1/System/Installation/Packages/OSInstall.mpkg”

You may need to replace “Mac OS X Install Disc 1” with whatever the name of your Leopard installer DVD is. Mine came with my MacBook, so it has this name because there are two disks. sudo is required because the Installer needs root permissions to be be able to set permissions on the target volume when you perform the restoration.

5. The installer will show the usual Leopard installation screen, which you can ignore. Go to the Utilities menu and select “Restore System from Backup”. Follow instructions as you usually would for a Time Machine restore.

“Seibert”‘s procedure was designed for use with a PGP encrypted drive, but this should work with both encrypted and unencrypted Macs.

Binding to Active Directory fails with an authentication error

I had a problem today with unbinding and rebinding my MacBook Pro from work’s AD domain (this process was started by my AD account lookups failing, which made me think that my Mac wasn’t talking to AD as well as it thought it was.) When I tried to unbind, I got an error stating “Invalid user name and password combination”. Thinking that my DirectoryService preferences were hosed, I tossed my /Library/Preferences/DirectoryService folder which should have cleared out my AD settings, then restarted. After the restart, I was able to connect back to my OD server without a problem, but then ran into the same “Invalid user name and password combination” error when I tried to bind to AD again.

After googling to see if anyone else had the same problem, I ran across this Apple Support discussion thread, where PetarM suggested the following:
I was having trouble logging in with my AD account to some iMacs added to our AD. In fact, not a single AD account was able to login. Directory Utility claimed it can’t see the domain controller (which it could, since it was online, in the same subnet as other identical computers, it could ping the domain and packets were sent back and forth between it and the domain, without loss). Unbinding it didn’t work, but it offered to force the ubind, which I did. Then I was unable to bind it back (updated to 10.5.6 rebooted, still not binding). The error I kept getting was invalid username and password (after entering the domain username and password that we use for binding). Using the same username and password worked on other computers (either brand new, or existing computers that I unbound, then bound back with no issues — again same subnet, same image). I deleted the computer accounts from the domain, but the problem persisted. Finally, I used fseventer to see what’s being access during the bind process. The system threw the error message not after communicating with the domain, but after checking the plists in /Library/Preferences/DirectoryService and /var/db/dslocal/nodes/Default/config — so I deleted these two folders and was able to bind back with no issues! WARNING: This deletes a lot of directory service settings, so use it at your own risk! Here are the commands I used:
sudo rm -rdfv /Library/Preferences/DirectoryService

sudo rm -rdfv /var/db/dslocal/nodes/Default/config

sudo sudo killall -USR1 DirectoryService

I tried those commands on my own laptop, and behold! It wiped my DirectoryService settings (as noted above), but I could now rebind to AD!

So, for those who need it, here’s another thing to try on 10.5.x when you can’t bind to AD:

1. Log in with your admin account and open Terminal.

2. Run the following commands

sudo rm -rdfv /Library/Preferences/DirectoryService

sudo rm -rdfv /var/db/dslocal/nodes/Default/config

sudo killall -USR1 DirectoryService

3. Try to rebind again.