Help

Bind Computer to existing object in AD

alexjdale
Valued Contributor III

Posted on ‎02-27-2015 09:25 AM

It looks like you have to configure an OU to create an AD directory bind in Casper, but I know that with dsconfigad you can simply bind to a pre-existing object in AD without specifying an OU.

We're about to spin off a new company/domain taking thousands of our Macs, and rather than build a binding for each of our ~100 OUs (or script it via dsconfigad, which would expose AD credentials in the JSS in plantext if I have to pass a variable), I'd like to simply rejoin to the computer objects that we're cloning over to the new domain.

Has anyone had experience with this? Am I missing an easier way?

Edit: I also don't see an "unbind" option in Casper and directory bindings fail if the client already believes it is bound, I feel like I am missing something here as well.

0 Kudos
Reply
2 REPLIES 2

RobertHammen
Valued Contributor II

Posted on ‎02-27-2015 12:44 PM

Probably want to use a script to unbind. Maybe a policy to run your unbind script, then re-bind to the new directory binding. Have done something like this for domain moves before, nothing like what you are trying to accomplish, however.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎02-28-2015 03:55 AM

@alexjdale, I'm sure that even though the JSS's Directory Binding has an OU set.. If it finds the existing record it uses that without moving the record to the OU specified.

So you could specify a "temp" OU for Macs to full into if the do not already have an Caomputer Object when found.

Obviously, test.. But am sure that's how it works.

0 Kudos
Reply