Hello Everyone,
I am wondering about how to tackle the integration with AD for our existing Mac users and wondered how you are all doing it.
We have roughly 600 Macs deployed, roughly 150 are individual Macs. So reloading the image to our labs and create the binding isn't an issue, Casper can handle that. I need to understand how to bind our faculty Macs to it. In addition, I would like to manage the preferences of our Labs and users through OD, which is working really well.
So any feedback is helpful on the individual Mac binding questions. Rather than visiting each one, there must be an easier way to push through remote desktop the scripts needed to do this.
Thanks everyone, this list is awesome and makes me wish I knew more about the scripting and terminal stuff.
Mick
If you are using Casper why not make a smart group that looks for machines that are not bound and automatically binds them? Thats currently what I am doing.
http://casperadmins.com
--
Matt Lee
FNG Sr. IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
matthew.lee at fox.com<mailto:matthew.lee at fox.com>
Need Help? Call the Help Desk at (310) 969-HELP (ext 24357) or online at http://itteam<http://itteam/>
Help Desk Hours: Mon-Fri, 6AM-6PM PST
see dsconfigldap
Do you need to do authenticated binds? If not, you can do this
(as root)
dsconfigldap -fvs -a myserver.com
We bind during imaging and if for some reason one doesn't bind right, we also have a policy to bind anything to AD not bound next time it checks in.
We gladly gave up OD completely in favor of JAMF managed prefs.
Same here. No need for OD. Casper does it all.
--
Matt Lee
FNG Sr. IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
matthew.lee at fox.com<mailto:matthew.lee at fox.com>
Need Help? Call the Help Desk at (310) 969-HELP (ext 24357) or online at http://itteam<http://itteam/>
Help Desk Hours: Mon-Fri, 6AM-6PM PST
I still use OD, I prefer the WGM interface to be honest. Now if Casper
had built in GUI in the web end where I could manually input boolean,
dictionary, string and so forth info into property lists and then it
would generate the plist for me, I would maybe consider switching.
That is also true! The web interface for the JSS is still clunky in my opinion but it really does the job well.
--
Matt Lee
FNG Sr. IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
matthew.lee at fox.com<mailto:matthew.lee at fox.com>
Need Help? Call the Help Desk at (310) 969-HELP (ext 24357) or online at http://itteam<http://itteam/>
Help Desk Hours: Mon-Fri, 6AM-6PM PST
I'm not a fan of the interface either.
On 5/5/11 11:03 AM, "Thomas Larkin" <tlarki at kckps.org> wrote:
The current implementation already allows manual entry and even imports
.plist files. What would be the purpose of generating the .plist after
you've entered all the information into the JSS as opposed to just
applying the setting?
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
I like it because I can edit porperty lists on the fly string by string and it updates the property list instantly, then MCX refresh updates the client. Also, when I import a plist into WGM it has a plist editor-like interface. Where I can expand and contract arrays of data. I just find it easier to work with is all.
So you want to download the plist, edit then resave to jss?
If so, +1
Regards,
Ben.
+1 for improving a WGM-like MCX GUI in Casper, so that I can get rid of OD (only reason to use it now paired with corporate AD).
Cheers
Carlo
Da: Ben Toms <bentoms at btopenworld.com<mailto:bentoms at btopenworld.com>>
Data: Thu, 5 May 2011 12:32:58 -0500
A: Thomas Larkin <tlarki at kckps.org<mailto:tlarki at kckps.org>>
Cc: William Smith <William.Smith at merrillcorp.com<mailto:William.Smith at merrillcorp.com>>, Casper Mailing list <casper at list.jamfsoftware.com<mailto:casper at list.jamfsoftware.com>>
Oggetto: Re: [Casper] script for joining AD and OD
So you want to download the plist, edit then resave to jss?
If so, +1
Regards,
Ben.
On 5 May 2011, at 18:22, "Thomas Larkin" <tlarki at kckps.org<mailto:tlarki at kckps.org>> wrote:
I like it because I can edit porperty lists on the fly string by string and it updates the property list instantly, then MCX refresh updates the client. Also, when I import a plist into WGM it has a plist editor-like interface. Where I can expand and contract arrays of data. I just find it easier to work with is all.
Hi Mick,
DOn't know if this applies, but thought I'd share:
We are crawling forward with AD, after a school year with no directory.
This past fall we abruptly "retired" our 10.4 OD and I unbound everything.
As a result I have staff many saving to local profiles, stranded mobile
accounts, etc and as I bind to AD, I use a script to attach whatever user
they currently have their files in, and it converts that profile to their AD
name, PW and permissions.
My bind policy includes the script, which gets dumped onto the local admin
desktop.
So whoever is binding (myself or bldg tech) runs Self Service to get any
needed updates, then runs SelfService bind policy, logs in as tech, runs the
script, which asks which local profile we're migrating, then what AD user
we're attaching it to.
I have used it in 10.5 and 10.6 and it is perfect:
http://blog.macadmincorner.com/migrate-local-user-to-domain-account/
On Thu, May 5, 2011 at 10:27 AM, Michael D Conners <MConners at matcmadison.edu > wrote:
