Binding Casper to AD

Not applicable

Is this possible and if so does it work well?

Thanks
LC

5 REPLIES 5

Bukira
Contributor

Binding in what way?

please expand what it is you hope to acheive

Criss Myers
Senior IT Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development
Software Management Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5050
01772 895050

Bukira
Contributor

You can bind Casper to Ad and OD in order to login to Casper with AD / OD users, think you might also need it for Self Service login

Also you can then fill in the inventory with AD /OD users info and also email them from Casper based on their AD/OD email address

Criss Myers
Senior IT Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development
Software Management Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5050
01772 895050

Bukira
Contributor

AND

You can also limit policies to OD/AD Groups but not nested groups or AD/OD Users

Criss Myers
Senior IT Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development
Software Management Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5050
01772 895050

Not applicable

This is good to know, other then the nested groups. Any other gotchas?

Thanks
LC

Not applicable

I hope I am not hijacking this but while on the subject, I would like to pick your brains... I am working on using Inventory Extension Attributes and populating them with AD data. One issue I have is that machine names are not necessarily the same as the binding account in my env. This creates a problem when I am trying to populate Container information from AD using something like

ComputerName=/usr/sbin/scutil --get ComputerName
attribDN=/usr/bin/dscl "/Active Directory/{my.domain.name}" read /Computers/${ComputerName} dn
...

This only works when binding name matches computer name . I need a way to get the ID used for binding and use that instead of 'ComputerName'.
Right now, I am thinking about using the following to get the name:
`dsconfigad -show |grep "computer Account" |cut -d '=' -f 2 `

Can anyone think of a better way of doing this?

Also, if I know the binding name 'partially', could I search and get the DN?
Say binding ids are always in the format of 'xxxxx123456', can I use what I know ('123456') to search the Distinguished Name (dn) from AD?
attribDN=/usr/bin/dscl "/Active Directory/{my.domain.name}" search /Computers/*123456 dn would not work...

Thanks!