Hi all, I am trying to create a configuration profile to join a couple of classrooms to our Windows active directory domain. So far it has not been working, and I'm not sure exactly why.
I guess the main thing I don't know is what goes in the Client ID field? Do I have to enter in the name of the machine? That would be sort of inconvenient because it would mean that I have to change the config profile every time I wanted to bind a machine to the domain.
But I have everything else filled in and looking correct. It's set to SMB.
1) Yes, hundreds of times. Thousands, probably. Always using the Mac OS GUI. I also was able to get Deploy Studio to do it when I was using that software.
2) If by interactively you mean by using the GUI in the Mac OS, no, actually. I just assumed it would work. You can see that the config profile fails in the JAMF console, although it's not clear to me why.
Yep that's correct, in the GUI itself. Either try @jpeters21 suggestion below or go into Users & Groups and try binding there. You can sometimes get clearer reasons for configuration profile installation failures if you install it manually on the machine. Binding in the GUI can also help rule out client connectivity or configuration issues.
I did bind with the GUI, it worked as expected. I thought it might fail since this particular machine is running High Sierra, but I guess the Windows AD doesn't care about that. The error message is:
"The ‘Directory Binding Account’ payload could not be installed. Attempts
to bind to the server ‘accounts.ad.****.edu’ returned an unspecified
problem." (I added the asterisks.)
I can try manually installing the certificate.
if you are going to administer macs the basically need to give you all access on the computer side, and really some settings as well. Dont get me wrong I have a couple device manager only people that can only enroll and change assignments of the devices but that is also their only tasks. alternate for you if you can not get appropriate permissions, could be a terminal/bash script us dsconfigad commands
I was using profile creator and apple configurator myself, but it has been a while since i did that outside of Jamf. Really anything capable of XML editing can create a profile it you know the proper syntax, but why dont you give something like this a try right in jamf and see how it works for you. (stripped of company info)