AD Binding / Password Trust Interval

New Contributor II


I work at a University and am just beginning to use Jamf. Big learning curve but so far it's been fun! I took the 200 level course over the summer and am looking forward to taking more in the future :)

I'm looking to bind our computers to AD although we use Deep Freeze on our lab computers and our password trust interval needs to be much longer than the standard 14 days. I've created a policy to bind the computers and everything with that is working ok, although there is no option to change the password trust interval. So, looking around Jamf I see that there is also a config profile for Directory that does have that option.

Will just a config profile also bind the computers to AD? I'm a little confused as to why there would be a policy as well as a config profile for this. Or do I need the policy in addition to the config profile to do this?



Valued Contributor II

A third option (and my preferred one) is using dsconfigad in a script. Look into dsconfigad -passinterval to set the password change interval.

New Contributor III
New Contributor III

@demuthp There are several things you can do via both a policy and a configuration profile. FileVault is one, Binding to AD is another. Either method works fine, but you certainly don't need to do both of them (and shouldn't!)

A couple things to keep in mind that's different than when you're binding manually through System Preferences: - Make sure you rename your computer before binding! There is a 15 character limit to AD, and the default computer name is "Firstname's MacBook Pro" which is typically over the 15.
- The note above is the reason I typically use a policy to bind. It allows me to have a script that renames the computer for me, or - The "Computer OU" is asking for the distinguished name of the location you want to put your Macs (essentially what folder you want them in AD). For instance, it should look something like this: "OU=Macs,CN=Computers,DC=rocketman,DC=tech"

Looking for a Jamf Managed Service Provider? Look no further than Rocketman