Jamf Nation Community

trueexmatt · ‎03-29-2019

Hi All,

I did some searching and didn't find anything that exactly fit my question so I figured I would ask here. I am trying to figure out if jamf cloud and the directory binding configs will work with on prem AD such that, a mac gets delivered to one of our offices with the network configs already present. Once it reaches the internal network and authenticates, will the user details present allow the bind to happen? I would think so but just wanted a sanity check.

Thanks

mm2270 · ‎03-29-2019

Since the action of AD binding would happen locally on the device itself, and only pull down settings that need to be applied during bind from your Jamf Pro server, then yes, this should work, with the caveat that the Macs must be on an internal network in range of your DCs to bind of course.
Plus, be sure the systems are checking in with a timeserver, either an open one like time.apple.com or pointed to an internal one, so there is no time drift that would cause binds to fail.

That being said, I wasn't exactly sure what you meant by "will the user details present allow the bind to happen?" Which user details do you mean exactly?

trueexmatt · ‎04-08-2019

The user being the bind user and its password. Ill test this out and report back.

nicholasmcdonal · ‎04-08-2019

Hi @trueexmatt ,

Binding will work with Jamf Cloud, either via a Policy or Config Profile, the bind details get sent to the Mac and the Mac actually binds to AD locally. Meaning the Mac will reach out to a Domain Controller in your local network to bind, using the details it received in the config profile or Policy.

The only caveat I could see here is ensuring that the macOS device can reach a DC on your network during setup, this of course is dependent on how your network is configured etc..

If you are looking to get away from binding I would recommend taking a look at Jamf Connect.

Hope that helps! - Nick

Hugonaut · ‎04-08-2019

the following kbs can shed some light on what you're doing, might need to config a server dmz side to handle the traffic from outside connections

https://www.jamf.com/jamf-nation/articles/409/permitting-inbound-outbound-traffic-with-jamf-cloud

https://docs.jamf.com/infrastructure-manager/1.3.2/Jamf_Infrastructure_Manager_Overview.html

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

slatert · ‎04-10-2019

Yes Jamfcloud works with on prem AD binding, here is one method:
1) Probably want to setup a service account in AD with bind access. eg. svc-bindjamf (password never expires)
2) In Jamf Pro "Computer Management" settings configure "Directory Bindings", General tab Priority= 1, Active Directory Domain= domain name (eg. domain.org), Network Administrator Account= enter the AD service account username & password , Computer OU= hmmm start with most specific first like this example OU=Laptops,OU=Workstations,OU=Computer Accounts,DC=domain.org
For the most part, no spaces for Computer OU
3) User Experience tab, check Create a mobile account at login
4) Mappings tab, no settings necessary
5) Administrative tab, check Allow authentication from any domain in the forms
6) Jamf Pro Policies= Create a policy with recurring check in, once per computer and add the Directory Bindings payload utilizing the payload that you previously configured in steps 1 - 5

Hope it helps

Jamf Nation Community

Binding to on prem ad with JAMF cloud