Posted on 10-07-2021 10:10 AM
We use a Jamf Directory Binding and a policy in Self Service to bind our Macs with the Create Mobile Account checkbox checked.
We're now finding that the policy fails on 11.6 and says the Mac is already bound. However it does bind but without the create mobile account option, so we have to manually set it.
We do create the computer object in AD ahead of time. I'm not aware of any changes in AD nor have we touched the Jamf side of things.
Anyone else seeing the same issue, especially on 11.6?
10-07-2021 06:21 PM - edited 10-07-2021 06:21 PM
Does this still work?
sudo dsconfigad -mobile enable
Have not bound macs to AD for years. I would suggest moving away from doing so if you can. NoMAD or Jamf Connect are your friend when it comes to Kerberos and the macs of the future.
Posted on 10-21-2021 11:26 AM
We are running into the same issue. OS is 11.5.2 though. What is odd is that a device built earlier in the morning did not experience this issue. But the one device that is having the issue continues to experience the issue after full wipe and rebuild.
Also note that the Administrative tab will not add groups that are included in the Directory Binding setup.
Posted on 10-21-2021 11:54 AM
According to the Jamf.log you will see the entry Binding <computername> to <domain>
But then you do not see the entry Bound to Active Directory (<domain>) like you normally would.
Yet the device is bound to the domain yet none of the hidden options in the Bind field are set.
Posted on 10-21-2021 02:25 PM
We discovered that this issue was caused by a timing problem. Our Service Department was logging off/rebooting the device prior to the completion of all our Enrollment Complete policies. Reviewing the Jamf and System log pointed towards this timing issue.