Big Sur intermittent AD bind issues?

dstranathan
Valued Contributor II

I am seeing intermittent AD bind issues that I am trying to resolve.

On occasion, the target Mac running macOS11.1 will lose its ability to search LDAP users/groups in AD. Then eventually it starts working again.

AD binds OK but 'flickers' - it will lose its ability to do LDAP searches from time to time (can’t query AD users/groups). Acts like it's not bound (or corrupted) and then it starts working again.

I'm on Jamf 10.26.0. I have a few custom Jamf EAs that report AD status and Jamf reports that the Big Sur Macs are configured correctly. However, from time to time, one of my EAs that reports the Macs computer object OU location will go blank, but after another recon it might report the OU again correctly later. Totally flakey.

My AD DCs (Win 2012R2) think the Big Sur Macs are bound correctly. Cert servers are happy, etc.

This issue is breaking my 802.1x for obvious reasons (see other discussions on this topic).

Binding and re-binding manually doesn't resolve the issue.

My test Macs that were UPGRADED in-place from Catalina 10.15.7 to Big Sur 11.1 are working fine. It's only Big Sur Macs that were 'imaged' (enrolled) clean into Jamf that appear to be affected.

Mojave and Catalina Macs are fine.

1 REPLY 1

MTFIDjamf
Contributor II

I am seeing AD bind issues as well. We use the built-in Jamf Pro bind to join machines to AD through a Self Service policy.
With 11.0, no issue.
With 11.o already bound and then upgraded to 11.1, no issue.
Fresh 11.1 machine the bind fails each and every time.
I have opened a case with Jamf and was sent the link below as to the possible reason. I have sent this over to our AD teams, waiting on any sort of response.
MSFT Link