Help

AD BIND after enroll ??

Go to solution
tcandela
Valued Contributor II

Posted on ‎02-11-2015 11:06 AM

Just curious, I haven't tried it yet but I have a mac enrolled but NOT AD Bound. I am going to now AD Bind it via 'directory utility'. Afterwords will the JSS recognize it then being AD Bound and update its record from Not AD Bound to AD Bound ?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎02-11-2015 11:26 AM

Yes, once it submits new inventory, it will show the domain its joined to.

But, you should read up on some of the other threads on the topic, if for nothing else, to just understand that the information the jamf binary collects is the same as you would see from running dsconfigad -show. Unfortunately, its not an absolutely accurate picture. A Mac can still show as being joined, but in fact may have lost its trust with your domain for a variety of reasons.
I'll stop there so as not to confuse the issue too much. But I encourage you to do some searches and read more, and look at some of the Extension Attributes posted by folks on how to more accurately get bind information.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
mm2270
Legendary Contributor III

Posted on ‎02-11-2015 11:26 AM

Yes, once it submits new inventory, it will show the domain its joined to.

But, you should read up on some of the other threads on the topic, if for nothing else, to just understand that the information the jamf binary collects is the same as you would see from running dsconfigad -show. Unfortunately, its not an absolutely accurate picture. A Mac can still show as being joined, but in fact may have lost its trust with your domain for a variety of reasons.
I'll stop there so as not to confuse the issue too much. But I encourage you to do some searches and read more, and look at some of the Extension Attributes posted by folks on how to more accurately get bind information.

0 Kudos

Go to solution
mojo21221
Contributor II

Posted on ‎02-11-2015 06:44 PM

I would recommend running a script to make sure the time is set properly before binding... Just saves a few frustrating moments for your helpdesk.

0 Kudos

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎02-11-2015 11:18 PM

Just a thought, you could change the AD Bind to a profile too. With a script as part of the post-enroll policy that sets the time.

0 Kudos