Enterprise Connect with no Binding

rkelegha
New Contributor III

Hi All,

Looking for advice,

Currently, all our Mac are bound to AD and they are using EC to manage the password change. I have tasked with getting all our Mac's off the domain and then just having EC.
When testing - I unbind my machine from the domain and then test EC ( Change Password) it fails.
Do I need to have a Config Profile setup to handle the connection? or although im unbinding machines from the domain should I even use EC? and just config a Password Policy?

6 REPLIES 6

andrew_nicholas
Valued Contributor

Are those accounts being converted from Mobile to Local accounts in the process?

rkelegha
New Contributor III

@andrew.nicholas - yes they will be moved from Mobile to Local accounts.

TJ_Edgerly
New Contributor III

When the computers are bound, are you sure EC is working properly? Have you testing changing the password with EC before unbinding?

How are you configuring your EC? Are you creating a config profile from the .Plist and pushing via JSS?

rkelegha
New Contributor III

Hi All,

My Mac are being bound during the imaging process. Yes It would fine. For testing - Im taking my already bound mac and removing the domain entry. Then rebooting the mac. Login works fine but when i test ( change Password) via the EC app it fails.
We have the app install and then using a Config profile.

mm2270
Legendary Contributor III

Just to back up a moment, the account you are logging into to do the password change, is that a pure local account from the start, or was it an AD cached mobile account? If it's the latter, has it been properly converted into a local account? There is a real difference between an account that has it's origins in the local domain versus an external domain derived account. If they aren't being properly converted to a true local account I imagine you may see the error you're encountering because the account still believes it belongs to an AD domain. There are keys in the account that you can view with dscl that indicate it's original node was from AD, not the local machine.

sidharth_bhalla
New Contributor II

hi,

How can I create config profile from the Plist and pushing via JSS?