First off, you can check out a website that lists a lot of these things: http://secrets.blacktree.com/
I, however, just took a brute-force solution:
Copy the Preferences folder
$ cp -r /Library/Preferences before
Launch System Preferences.
Make a change via the GUI.
Probably best to do one change at a time,
e.g. I changed "Display Login Window as:"
from "List of users"
to "Name and password".
Quit System Preferences.
Copy the Preferences folder again:
$ cp -r /Library/Preferences after
See which files changed:
$ diff -ur before after
Binary files before/Preferences/com.apple.loginwindow.plist and after/Preferences/com.apple.loginwindow.plist differ
Compare the two versions.
Since they are binary files, you'll need to convert them to XML for comparison.
I use an alias for this:
$ alias plist='plutil -convert xml1 -o /dev/stdout'
$ diff -u <(plist before/Preferences/com.apple.loginwindow.plist) <(plist after/Preferences/com.apple.loginwindow.plist)
--- /dev/fd/63 2013-01-23 18:20:29.000000000 +0200
+++ /dev/fd/62 2013-01-23 18:20:29.000000000 +0200
@@ -9,7 +9,7 @@
<key>RetriesUntilHint</key>
<integer>3</integer>
<key>SHOWFULLNAME</key>
- <false/>
+ <true/>
<key>lastUser</key>
<string>loggedIn</string>
<key>lastUserName</key>
At this point we have located the setting. Confirm we have it with defaults:
$ defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME
1
$ sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool false
$ defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME
0
Launch System Preferences and confirm it changed.
Best Answer
This usually indicates that the domain record needs cleanup and not that the Mac is broken.
Have you removed the binding, cleared up the machine record (deleting it) and then re-adding the mac?
You could script the removal and binding or script the check in AD, but the language and script for each would be better asked as a follow on question if needed.