Skip to main content
Question

Adding LDAP group limitation takes computers in scope to 0.


Forum|alt.badge.img+8

I'm attempting to make a policy available to only faculty members at a few of our schools. I've got the policy set up to run once per computer with no trigger, available in Self Service, and targeting to all computers and all users.

Set up like this, the policy is scoped to all 3800 computers in our environment. However, the moment that I limit the policy to one of the faculty LDAP groups, the policy is then scoped to zero computers.

Any thoughts on what's causing this?

7 replies

donmontalvo
Forum|alt.badge.img+36
  • Legendary Contributor
  • 4293 replies
  • October 15, 2016

Are users logging in to Self Service?


Forum|alt.badge.img+8
  • Author
  • Contributor
  • 31 replies
  • October 17, 2016

They are, via Active Directory.


Forum|alt.badge.img+10
  • New Contributor
  • 306 replies
  • October 17, 2016

Because your scoping to an AD User Group, not an AD Computer Group (which btw, JAMF doesn't do in version 9 but did in 8). As users login, you should start seeing the policy have completes show up. Something I hope they fix in version 10.


Forum|alt.badge.img+8
  • Author
  • Contributor
  • 31 replies
  • October 17, 2016

I'm actually not, I'm afraid. There's no trigger set; it's just supposed to sit there for users to run in Self Service as they want. My AD account is in one of the groups that the policy is limited to, but I don't see the policy in SS when I log in.


Forum|alt.badge.img+10
  • New Contributor
  • 306 replies
  • October 17, 2016

Change your target from All Users to Specific Users. This is how mine are set with AD User Groups also in SS. Make sure your logged out of SS and log back in. You might also have to do a jamf recon on your mac to see the changes.


Forum|alt.badge.img+8
  • Author
  • Contributor
  • 31 replies
  • October 17, 2016

I thought the way to scope to AD groups was to use Limitations. Is it not? I don't see AD groups anywhere else in the Scope options.

Sorry, I'm taking the CCT training in a couple of months, but flying by the seat of my pants until then. :)


Forum|alt.badge.img+10
  • New Contributor
  • 306 replies
  • October 17, 2016

You will use Limitations, but if you have it scoped to All Users, it trumps any AD group in Limitation. It's all good. We all keep on learning!


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings