AD binding issue on 11.6

mthoma
New Contributor III

We use a Jamf Directory Binding and a policy in Self Service to bind our Macs with the Create Mobile Account checkbox checked.

We're now finding that the policy fails on 11.6 and says the Mac is already bound. However it does bind but without the create mobile account option, so we have to manually set it.

We do create the computer object in AD ahead of time. I'm not aware of any changes in AD nor have we touched the Jamf side of things.

Anyone else seeing the same issue, especially on 11.6?

4 REPLIES 4

ashley_stonham
New Contributor II

Does this still work? 

sudo dsconfigad -mobile enable



Have not bound macs to AD for years. I would suggest moving away from doing so if you can. NoMAD or Jamf Connect are your friend when it comes to Kerberos and the macs of the future.

 



Allamer11
New Contributor

We are running into the same issue. OS is 11.5.2 though. What is odd is that a device built earlier in the morning did not experience this issue. But the one device that is having the issue continues to experience the issue after full wipe and rebuild. 

Also note that the Administrative tab will not add groups that are included in the Directory Binding setup.

Allamer11
New Contributor

According to the Jamf.log you will see the entry Binding <computername> to <domain>

But then you do not see the entry Bound to Active Directory (<domain>) like you normally would.

Yet the device is bound to the domain yet none of the hidden options in the Bind field are set.

Allamer11
New Contributor

We discovered that this issue was caused by a timing problem. Our Service Department was logging off/rebooting the device prior to the completion of all our Enrollment Complete policies. Reviewing the Jamf and System log pointed towards this timing issue.