Posted on 06-15-2020 09:25 AM
Hi All, I am looking to overcome an issue that I have when using a prestage enrollment or any enrollment for that matter. When completing the OOBE I am asked to create a local administrator account, which tends to be a service account that I have been using. The problem with this is that when the endpoint is enrolling itself during the Prestage or through an old fashioned enrollment the endpoint has named itself in the context of "Service Account's iMac"
This is a problem for both my JAMF inventory names and the AD Bind Name that gets used, because now I have 153 "Service Account's iMacs" in AD and in my JAMF Console.
Ideally the names can be queried from some sort of list that I can associate with the Serial number or the MAC address. Since I work in an open academic setting my endpoints do not belong to any one user but any one that sits down at them.
Posted on 06-16-2020 02:11 PM
I would do some searches here on setting computer names in a DEP type workflow. There are at least a few different threads that discuss methods to do this with scripts and custom policies that kick off at enrollment. Some workflows prompt for a computer name using a GUI or an AppleScript command, and some just use a portion or all of the computer's serial number or some other hardware string as the name silently without user interaction. One of those options (most likely the latter) sounds like what you may be after since you said the computers aren't assigned to any one person. A generic hardware string based computer name should work for you in that case.
The main trick here is to ensure that the computer gets named before it gets joined to your AD, since changing the computer name after binding will have no effect on the computer record that gets created in Active Directory.
There are some other approaches as well to consider, but I would start with something simple like a script added to a policy that gets kicked off right after enrollment that names the device and see if that works for you.
Unfortunately there isn't much you can do about all those "Service Account's iMac"s in AD other than unbinding them, naming them correctly and re-binding them to AD.
Posted on 06-17-2020 10:53 AM
@mm2270 I have seen some of those threads in my research but none have worked for me. I have a policy set to run a naming script at enrollment completion and the script never shows up. In addition to that happening to me, this affects the name when binding to AD but as far as I can tell from the posts I have looked at this does nothing with the name of the record that gets put into JAMF. Any thoughts on this?
Posted on 06-27-2020 01:14 PM
We just force serial number as computer name at DEP Notify. Makes it simple, it is unique and the hostname is now a primary key across data sets
Posted on 06-28-2020 07:12 PM
try giving this script a go https://www.macblog.org/post/automatically-renaming-computers-from-a-google-sheet-with-jamf-pro/
I currently use it and it has been flawless for me as part of my DEPNotify setup
the other issue you mentioned is that some scripts aren't running with the enrollment complete trigger. This is a common issue when multiple policies are run at enrollment complete, to avoid this I have a script run on enrollment complete. That script triggers all the other policy that I want to be run upon enrollment but makes sure that they are run one at a time, so i can be sure that the order is right