Help

AD Bind ComputerName and payload

Jens_Mansson
New Contributor

Posted on ‎03-05-2016 02:44 AM

Im very new in the mac and jamfworld so please correct me if im totalty off here. Im just trying to find the best solution!

Im enrolling clients for a customer that requires rename prior to AD Bind and i solved that by having only two policys triggered after Enrollment, create a special local account and rename computer using script below and then a restart is invoked and at next login the AD Bind will trigger, also based on Smart Group(not bound). This is is the only way i managed to secure that the computer name was correct prior to bind. This is important to us since the SCEP payload that is pushed from CA to clients, triggers at bind, must have correct id when assigning certificates used for corporate access (vpn etc).

#!/bin/sh

## SET COMPUTERNAME

NUMBER=`ioreg -l | awk '/IOPlatformSerialNumber/ { print $4;}' | cut -c 2-13`

## USE SERIALNUMBER FOR COMPUTERNAME
AD_COMPUTERNAME=$NUMBER

## SET NAME IN NETWORK PREFS
sudo scutil --set ComputerName $AD_COMPUTERNAME
sudo scutil --set LocalHostName $AD_COMPUTERNAME
sudo scutil --set HostName $AD_COMPUTERNAME
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string "$AD_COMPUTERNAME"

exit 0
0 Kudos
3 REPLIES 3

mikeh
Contributor II

Posted on ‎03-05-2016 04:19 PM

There's a minor issue with the cut statement, which assumes an 11-digit serial number. Macs can have 11- or 12-digit serial numbers. Change it to cut -d" -f2 .You only really need to make this adjustment if you want to be absolutely accurate about the serial number.

0 Kudos

jason_bracy
Contributor III

Posted on ‎03-06-2016 07:24 PM

Here is the script that I've been using for a few years. Never had a problem. I set the NTP server to our internal AD time server so that any time offset is corrected before binding. I also add a "-M" after the serial number so Macs are easy to recognize on the domain.

I've never had an issue with the NETBIOS name being different than the computer name so I don't mess with that (NETBIOS is disabled on our network anyway, so it's not an issue)

#!/bin/bash
systemsetup -setnetworktimeserver ntp.company.com
serial=`ioreg -l | grep IOPlatformSerialNumber | awk '{print $4}' | 
cut -d " -f 2` 
computername="$serial-M"
scutil --set LocalHostName "$computername"
scutil --set ComputerName "$computername"
scutil --set HostName "$computername"
0 Kudos

Jens_Mansson
New Contributor

Posted on ‎03-07-2016 12:55 PM

Thanks a lot for the help, much appreciated! Lesson learned.

0 Kudos