Binding to AD during imaging

Try using a smart group. I have a smart group that finds all computers that aren't bound and bind them on the any trigger.
--
Matt Lee, CCA/ACA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

For some reason I'm not even able to bind once I boot up, open Terminal and use a manual binding trigger. It appears as if the policy works but then when I look in Directory Utility I am not bound nor can I log in to AD user accounts. I am able to bind manually through Directory Utility though.

Jamie Bell
Apple Technology Specialist
The Westminster Schools
Ph: 404-609-6345

I'm still running Casper 8.22. I wonder if the newer versions are better at binding Lion machines to AD?

Jamie Bell
Apple Technology Specialist
The Westminster Schools
Ph: 404-609-6345

10.7.2 + the newest JSS version will most likely fix the issue.
--
Matt Lee, CCA/ACA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

So you aren't using the AD binding capabilities within Casper? Or are you?

Craig E

I am. In the imaging configuration there is a step to use an AD directory binding.

Jamie Bell
Apple Technology Specialist
The Westminster Schools
Ph: 404-609-6345

On systems that have failed have you dug into the Directory Services logs or into the JAMF log to see what it says happens during that step during imaging?

Here's what the jamf.log says:

jamf [1236]: Binding jhstu-0001 to domain.net<http://domain.net>
jamf [1236]: Bound to Active Directory (domain.net<http://domain.net>)
jamf [1303]: Running Script CommonSettings.sh...

According to that it worked. I wonder if I should put a pause at the beginning of the CommonSettings.sh? I can't find the DirectoryServices.log, where is that in Lion?

Jamie Bell
Apple Technology Specialist
The Westminster Schools
Ph: 404-609-6345

just out of curiosity are you using a 10.7.2 lion base image?
AD binding was very broken in previous versions…
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

It is 10.7.2. I had this same issue with 10.6 machines too. I'm going to put a little break at the beginning of the script and see what happens.

Jamie Bell
Apple Technology Specialist
The Westminster Schools
Ph: 404-609-6345

Works fine for me on 10.6 & 10.7.

Does it work when manually bound? Are any settings different?

Regards,

Ben.

I actually didn't dig much into Lion for AD, I waited until 10.7.2 and things worked OK.

It appears the log may have changed and uses the name opendirectoryd.log instead of Directory Services. I'd have to look it up otherwise. What wasn't helpful before was that you didn't always get enough detail in the log until you put it into a higher logging/debug mode.

I wish I had more time to help today...

Craig E

Rather than directory services being under different versions of the app. They are now plugins, so during the transistion I guess they've not tidied up the logs.

Regards,

Ben.

Excellent, I'll upgrade tomorrow. Thanks to you all for all your help!

Jamie Bell
Apple Technology Specialist
The Westminster Schools
Ph: 404-609-6345

I wanted to say thanks to everyone for all their help on this issue. After upgrading the JSS and removing old computer records from AD I'm able to bind during imaging just fine. Thanks again!

Jamie Bell
Apple Technology Specialist
The Westminster Schools
Ph: 404-609-6345

Thats great!
--
Matt Lee, CCA/ACA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group