Help

Filling username info after iPad DEP enrollment

jimmybreeze
New Contributor

Posted on ‎06-02-2022 01:11 PM

Hello,

At my old job, whenever someone would login with their AD creds at the remote management screen, it automatically filled out the username info in a device record with what they logged into remote management with. Now that I'm at my new job, it doesn't seem to be doing that. I was not an admin at my old job so unsure how that was setup. What are my options to get iPad Enrollments to do that?

0 Kudos
7 REPLIES 7

mickgrant
Contributor III

Posted on ‎06-02-2022 11:11 PM

You will want to make sure "Collect user and location information from LDAP"  is checked for both Computers and Devices.

Settings > Computer Management - Management Framework > Inventory Collection > Check "Collect user and location information from LDAP"

Settings > Device Management > Inventory Collection > Check "Collect user and location information from LDAP"

0 Kudos

jimmybreeze
New Contributor
In response to mickgrant

Posted on ‎06-03-2022 07:28 AM

Those are both checked, and it works when I put the username in manually, but it's not populating after re-enrolling.

0 Kudos

Bol
Valued Contributor

Posted on ‎06-04-2022 03:48 AM

That's odd. Things to test in line with this issue could be;

  • Delete the mobile device record from Jamf then test re-enrollment (you could also remove the Jamf user record).
  • Settings - System Settings - LDAP Servers - Test - Look Up Username (confirm AD lookup on user object from Jamf)
  • Settings - Global Management - User-Initiated Enrollment - Access - LDAP Groups (won't apply for pre-stage but for information sakes, check what AD group is here. eg. Domain Users)
  • Settings - Global Management - Inventory Preload (Check if the device has a record and delete if so. Every update, a mobile device will overwrite any user information with that pre-loaded here).
  • Mobile Devices - PreStage Enrollments Use existing site membership, if applicable. Use existing location information, if applicable. (Test enrollment with both of these unchecked).
  • Settings - Global Management - Enrollment Customization - PreStage Panes - LDAP Groups (If exists, confirm AD groups are correct. They should be if enrollment is allowed to proceed from the login screen).


Good luck!

0 Kudos

jimmybreeze
New Contributor
In response to Bol

Posted on ‎06-06-2022 07:08 AM

Hmm interesting, everything seemed to be setup right until the last step. There are no groups included in there. For LDAP, it's set as "All LDAP Users." I'll look into if that needs to actually have groups in. Not sure how it's working without that.

0 Kudos

Bol
Valued Contributor
In response to jimmybreeze

Posted on ‎06-06-2022 05:16 PM

That should be ok, I have that at one site also. I think it's Jamf's default group eg. Everyone 

If it wasn't setup correctly it wouldn't let anyone past that point, which yours does, so i'm a little stumped. 

Perhaps log this one to Jamf support with all the troubleshooting. There could be something in the database preventing the associations from happening? At a guess anyway.

0 Kudos

Bol
Valued Contributor

Posted on ‎06-06-2022 05:18 PM

Do you have multiple sites setup also? Even if you don't use them, users could be assigned to the wrong one and it doesn't allow the population, that's why I thought removing the user before testing. Just something to look at.

0 Kudos

jimmybreeze
New Contributor
In response to Bol

Posted on ‎06-07-2022 06:11 AM

1 site, looks like my predecessor has some webhooks setup, but aren't working, that do the same thing. Looking into that too.

0 Kudos