Skip to main content

I have been trying to scope a policy to an Azure directory group however im not having any luck.


In the settings JAMF thinks the user is a member of the directory group so that part all seems ok.


In the policy i scoped it to all managed devices with a limitation of the directory group but it doesnt seems to run at all.


I have tried both a Self-Service policy and a policy that runs on check-in but neither seems to work.


When i remove the group limitation the policy works fine.


Is there anything else i need to do to get the group limitation working?

@nexus0000 That is the way it should work (at least with a on-prem AD LDAP connection). You might want to open a support case with jamf and see if you're experiencing "PI103644 - PI-009562 Using the 'memberOf' attribute with Azure LDAP integrations returns no results." 

If you have Jamf Connect, it polls AD for the users group membership and stores it in a plist. You can read that plistwith an Extension Attribute, and make Smart Groups based on group membership and target things to those Smart Groups. There are other ways to do this, but this is the easiest I found. I have never cared for how Jamf handles exclusions and usually just avoid this feature when possible.


 


#!/bin/zsh

#*=============================================================================
#* Script Name: User_AD_Grouping_JAMF_Connect
#* Created:
#* Author:
#*=============================================================================

ActiveUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }' | tr "[a-z]" "[A-Z]"`

if [ -f "/Users/$ActiveUser/Library/Preferences/com.jamf.connect.state.plist" ]; then
AD_Groups=$( /usr/bin/defaults read "/Users/$ActiveUser/Library/Preferences/com.jamf.connect.state.plist" UserGroups )
echo "<result>$AD_Groups</result>"
else
echo "<result>Has not signed in to JAMF Connect</result>"
fi

 

The limitation to directory groups in policies works in connection with Self Service and the login there.

Terms & ConditionsCookie settings