I am looking for a way to create an AD bound, admin, student user upon first boot after TMI. I am hoping to log in to our institutional admin account that is already on all machines and create this student account from there. System Prefs > Users & Groups will give me a way to create an admin account but I have not found a way to specify binding to AD at the same time. Thanks for any advice.
Question
Creating an admin, AD bound, student user on imaging.
+8
+24Does this student account already exist in AD at the time you're looking to create it on the Mac?
Edit: Meant to say that the first step is to create a binding configuration to AD for these Macs. There's no way to make an actual AD account if the Mac isn't already joined to AD.
+26So I think this is all going to depend on doing each step in the right order. The way we handle this is:
- User accounts are created in advance in AD
- Computer is imaged, bound to our AD during imaging
- On first logon once per computer, this script runs to make that first logged-in user an admin of the machine
This works best for 1x1, and even better if you can log in as the user and pre-configure before you hand it off. Or, better yet, if you have imaging so streamlined that you can hand off the machine at the login screen and have the user log in (on the LAN) the first time they use the computer.
+18If these devices are staying connected to the LAN you can just specify a group in AD that is allowed to administer the Macs. It's an option in the directory binding part of the JSS "Allow administration by..."
That way you only need to bind the macs with the same directory binding in the JSS and make sure the user is in the right AD group.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.