Active Directory-Map UID to attribute-Map UID to attribute

Zeek
Contributor

We normally create an Image and create an standard user for each computer one by one. How do I link each computer to Power School or Active Directory so I don't have to add standard user to each computer?

I know we have those option there but I have no Idea how to use them:

Map UID to attribute

Map UID to attribute

Map group GID to attribute

1 ACCEPTED SOLUTION

maxbehr
Contributor II

If they put in a wrong username and/or password they are not getting in anyway. If you know their username and password, then I would give them the machine with a piece of paper with their credentials. I'd also recommend that the account be set to change said password on first login (one of the checkboxes in AD). As for the VPN. Assuming you are using the Apple VPN application you can make a configuration profile and use the wildcard variable (I believe it's %short_name%). When they connect via VPN the short_name will fill in to be their AD username and they would just have to enter the password.

View solution in original post

3 REPLIES 3

maxbehr
Contributor II

@Zeek My question is why you would need a standard user pre-created? If the machine is bound to AD, why do you not just have the user login the first time to create their local account?

As to the mapping, these would not really help you. This is for if you wanted the UID to map to a different attribute in AD instead of the one that is auto derived from AD. The AD plug-in auto derives one from AD that is guaranteed to always be unique for a user/group in a domain. The mappings would instead of auto deriving one, point to a specific one that you've populated in AD for each user/group.

There are a host of unused attributes in AD that are not generally used, but can be repurposed for this. If memory serves there are some like extensionAttribute1 - 5.

Zeek
Contributor

Because we would have lots of kids putting the wrong name or wrong password. And we have everything pre-set with their name and specific password we give them. We also have to setup VPN with their username.

maxbehr
Contributor II

If they put in a wrong username and/or password they are not getting in anyway. If you know their username and password, then I would give them the machine with a piece of paper with their credentials. I'd also recommend that the account be set to change said password on first login (one of the checkboxes in AD). As for the VPN. Assuming you are using the Apple VPN application you can make a configuration profile and use the wildcard variable (I believe it's %short_name%). When they connect via VPN the short_name will fill in to be their AD username and they would just have to enter the password.

View solution in original post