I have the JSS setup so that when I enroll it in the JSS it also binds the user to AD so that they can login using our domain accounts. We have a mixed windows and Mac environment so we want one login for everything and binding to AD allows us to do this.
Recently however when I either netboot and image a machine or just from enrolling using Recon the machines are failing to join AD. I've been manually binding them in System Preferences so that I could get them out the door but I want to be able to stop doing this.
It doesn't affect machines that are already bound, they are all working fine. Any ideas? I couldn't find a thread on this so sorry if there already is one.
Solved! Go to Solution.
My Logs seem to be showing that all tasks are completing. I though it might be the service account too, I tried re-adding them as well as making sure the accounts were not locked in AD but still doesn't seem to be working.
You could try making a policy with the AD Bind in it and run it next time a machine fails to join on enrollment/ on a test machine. If the machine joins without any issues you know its not the Directory Binding and can eliminate that and if it doesn't then you can check the log to see where it failed.
Hello @vishelp what we have done is systematically name all of our policies through a new work flow, it works really well. Essentially, the first the computers do is get named properly. We can do this via the JSS. Once named, they run the active directory binding policy. As you can see by the attached image, the 1st policy runs across all of our new computers. Then active directory binding happens against all new computers that are not reporting as bound. Our interval for checkin is 15 minutes. By the way, we also have an update inventory payload configured for each of our policies so we ensure the computers are reporting back correct information. Hopefully this helps.