Question

AD Bind ComputerName and payload

9 years ago
March 5, 2016
3 replies
0 views

Jens_Mansson
Contributor
26 replies

Im very new in the mac and jamfworld so please correct me if im totalty off here. Im just trying to find the best solution!

Im enrolling clients for a customer that requires rename prior to AD Bind and i solved that by having only two policys triggered after Enrollment, create a special local account and rename computer using script below and then a restart is invoked and at next login the AD Bind will trigger, also based on Smart Group(not bound). This is is the only way i managed to secure that the computer name was correct prior to bind. This is important to us since the SCEP payload that is pushed from CA to clients, triggers at bind, must have correct id when assigning certificates used for corporate access (vpn etc).

#!/bin/sh

## SET COMPUTERNAME

NUMBER=`ioreg -l | awk '/IOPlatformSerialNumber/ { print $4;}' | cut -c 2-13`

## USE SERIALNUMBER FOR COMPUTERNAME
AD_COMPUTERNAME=$NUMBER

## SET NAME IN NETWORK PREFS
sudo scutil --set ComputerName $AD_COMPUTERNAME
sudo scutil --set LocalHostName $AD_COMPUTERNAME
sudo scutil --set HostName $AD_COMPUTERNAME
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string "$AD_COMPUTERNAME"

exit 0

+11

mikeh
Contributor
82 replies
9 years ago
March 6, 2016

There's a minor issue with the cut statement, which assumes an 11-digit serial number. Macs can have 11- or 12-digit serial numbers. Change it to cut -d" -f2 .You only really need to make this adjustment if you want to be absolutely accurate about the serial number.

jason_bracy
Valued Contributor
126 replies
9 years ago
March 7, 2016

Here is the script that I've been using for a few years. Never had a problem. I set the NTP server to our internal AD time server so that any time offset is corrected before binding. I also add a "-M" after the serial number so Macs are easy to recognize on the domain.

I've never had an issue with the NETBIOS name being different than the computer name so I don't mess with that (NETBIOS is disabled on our network anyway, so it's not an issue)

#!/bin/bash
systemsetup -setnetworktimeserver ntp.company.com
serial=`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | 
cut -d " -f 2` 
computername="$serial-M"
scutil --set LocalHostName "$computername"
scutil --set ComputerName "$computername"
scutil --set HostName "$computername"

Jens_Mansson
Author
Contributor
26 replies
9 years ago
March 7, 2016

Thanks a lot for the help, much appreciated! Lesson learned.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

Jamf Connect User strange persistent login sessionicon

Auto-Configuring MS Outlook 2011 + Exchange for Macicon

Jamf Connect Login Screen Timeout?icon

Yubikey certification locationicon

Jamf Connect user gets 2-step authentication every loginicon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings