Binding to Active Directory during imaging clears the Computer Name field

dexterrivera
New Contributor III

This is what I am experiencing right now.
I created a configuration in Casper Admin to image a machine using 10.8.2 and set it so that configuration also enrolls the machine as they are imaged under the Management tab of Casper Admin via browser, as well as to bind it to our Active Directory domain.
Image process completes, I boot up the machine and after a couple of minutes it is up and has checked into Casper and now shows up in Inventory with the Computer Name I gave it while in Casper Imaging, let's say Mac01. The built-in Bind by default is set to run as a FirstRun script which it does and works but requires a restart to allow AD users to login. I restart, login with an AD account. After its inventory interval Inventory now shows that machine as having the Computer Name of localhost instead of Mac01. I go to Sharing in System Preferences and the Computer Name field is now blank and no policies seem to hit that machine/user.
What I have done to get around this is re-create my configuration but this time without setting it to enroll during imaging. I image the machine, power it up give it a minute, then restart it to allow the bind to take effect, then I can either manually enroll by running the .pkg or push it to the machine remotely.
I want to be able to both enroll and bind to AD without any issues during the imaging process because I eliminate the possibility of our technicians forgetting to enroll a machine. Has anyone else run into this? Thanks.

1 ACCEPTED SOLUTION

kbailey
New Contributor II

I've seen this too but we don't do an AD bind. I found this solution by Casper Sally https://jamfnation.jamfsoftware.com/discussion.html?id=4521 and followed cbrewer's script and set it to After. I don't know if it would help yourselves or whether you are running into a different issue. 8.64 is supposed to fix the naming issue. Hope that helps.

View solution in original post

9 REPLIES 9

Sonic84
Contributor III

I've seen this on a few systems. The computer name ends up becoming ".localhost" in the casper inventory report. The symptoms "disappeared" before I could dig into it. No changed have been made to the JSS version level or AD binding script in months, so what caused it and what cured it on my end is a mystery. I wish I could be more helpful than a "I've seen that too" post, sorry!

kbailey
New Contributor II

I've seen this too but we don't do an AD bind. I found this solution by Casper Sally https://jamfnation.jamfsoftware.com/discussion.html?id=4521 and followed cbrewer's script and set it to After. I don't know if it would help yourselves or whether you are running into a different issue. 8.64 is supposed to fix the naming issue. Hope that helps.

hkim
Contributor II

That's correct, 8.64 is supposed to fix this issue, we are running the "fix" on 8.63 and below as part of our imaging routine.

dexterrivera
New Contributor III

Thanks for the responses guys. I am new to Casper and would like to try the script mentioned. What type of script is used? Thanks.

dexterrivera
New Contributor III

Thanks KBailey! I created a terminal script out that and set it to After and now the machine images, joins the domain, and the computer name is not wiped causing localhost to show in JSS. Awesome! Thanks guys.

ethomas74
New Contributor II

dexterrivera what did your script look like? I would like to also write a script that will have a machine join our domain after it has been reimaged.

Hörr
New Contributor

Here is a bash script that I wrote for post-deployment AD binding / re-binding...

You can run it manually or as part of a post-install process.

Note 1 - I use the extension ".command" so my technicians can double-click on it and just have it launch from the GUI.

Note 2 - Make sure you have proper chmod settings to allow execution (i.e. 755, etc.).

Note 3 - I had to "sanitize" this script for public consumption. Please make the appropriate changes to meet your needs where necessary.

#!/bin/sh

# bind_to_active_directory.command shell script
# Written by Caine Hörr, July 10, 2013
# Updated by Caine Hörr, June 23, 2014


######################################################################
# BEGIN MAIN SCRIPT
######################################################################

# CLEAR SCREEN
clear

# MAIN SCRIPT OPENING STATEMENT / SPLASH PAGE
echo "######################################################################"
echo "# ACTIVE DIRECTORY COMPUTER NAME BIND AND REBIND SCRIPT"
echo "######################################################################"
echo

echo
echo "This script will un-bind this system's current computer name from"
echo "Active Directory and allow you to re-bind it back to Active Directory"
echo "with a new hostname."
echo

echo
echo "CURRENT ACTIVE DIRECTORY COMPUTER NAME: "
echo "----------------------------------------------------------------------"
dsconfigad -show | grep -i "Computer Account"
echo

# PROMPT TO CONTINUE OR EXIT SCRIPT
echo 
echo "DO YOU WISH TO CONTINUE?"
echo "----------------------------------------------------------------------"
select yn in "Yes" "No"; do
    case $yn in
        Yes) echo "# Change Computer Name and Hostname"; break;;
        No) echo "# Quit"; exit;;
    esac
done
echo

echo
echo "UNBINDING SYSTEM FROM ACTIVE DIRECTORY"
echo "----------------------------------------------------------------------"
read -p "Enter your Technician Admin (i.e. first.last.adm) Username: " ADAdminUser
echo
echo
echo "Enter password for $(echo $USER): "
sudo dsconfigad -remove -username $ADAdminUser
echo

echo
echo "BINDING SYSTEM TO ACTIVE DIRECTORY WITH NEW COMPUTER NAME"
echo "----------------------------------------------------------------------"
read -p "Enter new Computer Name to assign to system: " ComputerName
echo
echo "Be patient. This can take some time..."
echo
sudo dsconfigad -add CHANGE_TO_YOUR_DOMAIN_NAME.com -username $ADAdminUser -computer $ComputerName -mobile enable -mobileconfirm disenable -shell /bin/bash -ou "ou=mac,ou=workstations,ou=computers,ou=CHANGE_TO_YOUR_OU,dc=CHANGE_TO_YOUR_DC,dc=com" -group "domain admins,enterprise admins,IT-HelpDesk"
echo

echo
echo "CONFIRMING SYSTEM IS BOUND TO ACTIVE DIRECTORY WITH UPDATED INFO"
echo "----------------------------------------------------------------------"
dsconfigad -show | grep -i "Computer Account"
echo

echo
echo "SETTING SYSTEM NAME VALUES"
echo "----------------------------------------------------------------------"
echo "Setting computer hostname value to $ComputerName"
sudo scutil --set HostName $ComputerName
echo "Setting computer local name value to $ComputerName"
sudo scutil --set ComputerName $ComputerName
echo "Setting computer local (Bonjour) name value to $ComputerName"
sudo scutil --set LocalHostName $ComputerName
echo

echo
echo "VALIDATING SYSTEM NAME VALUES"
echo "----------------------------------------------------------------------"
echo "Validating computer hostname value..."
scutil --get HostName
echo "Validating computer local name value..."
scutil --get ComputerName
echo "Validating computer local (Bonjour) name value..."
scutil --get LocalHostName
echo

echo
echo "UPDATING THE JSS"
echo "----------------------------------------------------------------------"
echo
sudo jamf recon
echo

echo
echo "PROCESS COMPLETE. EXITING SCRIPT."
echo "----------------------------------------------------------------------"
echo

exit 0

Hörr
New Contributor

Note to my last post - if you run my script as a post-install process, you will need to comment out the section for prompts. You will need to find another way to automatically set the value of $ComputerName based on whatever criteria your organizations requires.

sunil_reddy
New Contributor II

@Hörr : Does your script delete itself post execution? we would require this to be a one time process post imaging since we would not like unbind and bind every time a Mac boots. Is there a way where we can extract computer names from AD and name them before binding?