Help

Creating an admin, AD bound, student user on imaging.

kyoung
Contributor

Posted on ‎08-24-2015 05:53 AM

I am looking for a way to create an AD bound, admin, student user upon first boot after TMI. I am hoping to log in to our institutional admin account that is already on all machines and create this student account from there. System Prefs > Users & Groups will give me a way to create an admin account but I have not found a way to specify binding to AD at the same time. Thanks for any advice.

0 Kudos
3 REPLIES 3

mm2270
Legendary Contributor III

Posted on ‎08-24-2015 07:05 AM

Does this student account already exist in AD at the time you're looking to create it on the Mac?

Edit: Meant to say that the first step is to create a binding configuration to AD for these Macs. There's no way to make an actual AD account if the Mac isn't already joined to AD.

0 Kudos

emily
Valued Contributor III
Valued Contributor III

Posted on ‎08-24-2015 07:32 AM

So I think this is all going to depend on doing each step in the right order. The way we handle this is:
- User accounts are created in advance in AD
- Computer is imaged, bound to our AD during imaging
- On first logon once per computer, this script runs to make that first logged-in user an admin of the machine

This works best for 1x1, and even better if you can log in as the user and pre-configure before you hand it off. Or, better yet, if you have imaging so streamlined that you can hand off the machine at the login screen and have the user log in (on the LAN) the first time they use the computer.

0 Kudos

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎08-24-2015 07:53 AM

If these devices are staying connected to the LAN you can just specify a group in AD that is allowed to administer the Macs. It's an option in the directory binding part of the JSS "Allow administration by..."

That way you only need to bind the macs with the same directory binding in the JSS and make sure the user is in the right AD group.

0 Kudos