Big Sur + DEP + Domain Bind - unable to skip account creation.

SteveC
New Contributor III

Jamf 10.25.2. I have a prestage enrollment configured to create a local admin and skip account creation, I am joining the domain by configuration profile during enrollment. With Catalina, this allows me to DEP enroll, bind and drops me at a login screen when I can then login using domain credentials and allow the rest of the configuration scripts to complete setup. In Big Sur this configuration does not skip the account creation step and I am forced to create a local account.

Has anyone got this sort of setup working?

11 REPLIES 11

emilh
New Contributor III

Seeing the same thing, but it also happens with Catalina a lot but not at all times. Can't tell if it started with macOS 10.15.7 or Jamf Pro 10.25.X

SteveC
New Contributor III

@emih I ran a test device on 10.15.7 through and didn't observe this problem, I'll run it through a few more and see if I can replicate on Catalina.

EDIT: I've done a number of runs now, I can only replicate the issue on Big Sur.

adolfsson
New Contributor III

We also have this problem. We want to skip account creation, and this works in Catalina. But now with Big Sur you are forced to create an account.

We run Jamf Pro 10.25.2. Have anyone tried upgrading to 10.26.x and got it working?

adolfsson
New Contributor III

We upgraded to 10.26.1 but still have this problem. Some computers will skip the local account creation and some will not. They all show up in the PreStage scope. We only have this problem with Big Sur.

We bind to AD with a policy script. I doubt bindning has anything to do with this.

Devyn_Lowry
New Contributor II

We use the NoMAD login system here so no AD bind and we are also having this issue but it is intermittent

adolfsson
New Contributor III

I got in touch with Jamf Support and we found a way around this problem. We had to remove all configuration profiles from our PreStage. After that we haven't had this problem.

Not a perfect solution but it should allow you to skip local account creation.

emilh
New Contributor III

@adolfsson just to clarify, does this mean that the PreStage has to remain clear of profiles or was simply removing the profiles and then reapplying them enough?

Did you find out if Jamf has this listed as a Product Issue they are working to resolve or not?

I had a case open with Jamf Support but ended up having to drop it unresolved.

Portuguez
New Contributor II

We are using NoMAD and we are seeing this issue intermittingly on Big Sur computers. Also we no Configuration Profiles baked in to our Prestage. We are running 10.26.1

adolfsson
New Contributor III

@emilh we hade to leave them removed from PreStage. I believe they have a PI on this, but I don't know the number. Apparently not all PI's are listed publicly.

SteveC
New Contributor III

This is working OK for me on Jamf 10.27, binding to domain with config profile and skipping account creation.

bzuckrow
New Contributor III

I too have been able to skip account creation from the pre-stage. I am installing 5-6 config profiles from prestage too.

Jamf 10.27 - cloud hosted - installing BigSur. Tried zero touch imaging on 55 machines and 25 completed by themselves (all 55 skipped account creation) - the others complained about the the installer being from an unknown source so that can be worked out for next time.

We do not try to bind the computers during pre-stage so that may be a significant difference. We use Cisco AMP and if a unnamed or mis-named computer joins AMP it creates duplicate entries so we try to control the naming - binding - AMP install order so we don't have to delete the dupes.