Create a Policy Scoped to Users AD group??

To limit a policy to an AD group you have to set it to login or logout like you mentioned and then you'll find LDAP group options under Limitations of the policy scoping. You can't create a smart group based on AD groups without creating your own extension attribute to collect it locally on the machine.

@kerouak If your JSS is tied to an LDAP/AD server and can do queries successfully against it, this is possible. The only triggers that allow you to use LDAP users or groups as scope (actually under Limitations) are "login", "logout" and "Self Service" to my knowledge. If at least one of those triggers are set, when you go into the scope section, click on Limitations and you should see LDAP/Local Users and LDAP Groups as tab selections. Search for and add the Users and/or groups you want.
You still need to set an actual computer scope under Targets however. Generally speaking, you can set the Scope to All Computers and then set the LDAP limitations appropriately. You could of course also use a Smart Group as the general target scope as you mentioned. This will make sure the policy will only run on the Macs that fall under the limitations and are part of the scope.

The policy should be limited to 1 AD group is what I'm after, sorry for vagueness..

You know something.. I realised as soon as this was posted ... I knew it was under ;limitations;' however, I didn't set it for login..
Thanks gents!!!

OH Dear...
I've set everything, Scoped to 'All computers, Limitations: LDAP User Group

When I view the logs, It only shows 47 Entries, there should be 1000, Also, The logs are listing individual Computer Names, Rather than usernames...
Am I missing something??
Granted, I had a few beers last nite..

Anyone?

I'm after only running a specific script for Users who reside within a specific AD Group???
Not, A limited number of Enrolled devices?/

ta

HI,

The scoping is correct (all computers, limited to LDAP group). When Casper triggers the policy, it checks the computer is in scope, then checks the user is a member of the LDAP group.

If its not working as expected, I'd look at the LDAP group membership area first. On your LDAP settings, test the group your trying to limit and check a bunch of users that should / shouldn't be in the group.

The computer scoping of a policy is fairly solid in Casper but I have had issues with LDAP scope, search base etc in group membership lookups before.