Lost AD bind - script or?

KRIECCO
Contributor

For some reason we often see mac´s lost is bind to AD. If looking In ad the PC object is there, but network account login is not available.
Is there somehow a script that can repair this, like it is possible to do on windows where there exist a powershell option.

You can of course remove the mac from ad and add again, but with a script it would be easier or less user disturbing

3 REPLIES 3

Look
Valued Contributor III

You can definitely script and I'll pull one out of our system tomorrow. It's worth noting that AD bind loss on Macs is pretty commonly caused by having the machine timeout default to a rather low 14 (I think) days, if you set this to 0 the bind lasts indefinitely even when the machine doesn't see AD for prolonged periods of time (although you probably have something in AD to eventually deal with stale machines as well).

AVmcclint
Honored Contributor

@rossoneris Take a look at this whole thread, but see where I came in and read my comments: https://www.jamf.com/jamf-nation/discussions/12776/apple-macs-losing-ad-binding#responseChild127128

I was never able to completely stop the Macs from dropping off AD, but I was able to greatly minimize the problem. I was also able to build a Policy that detected when a Mac fell off AD and then rejoin it. It works great and it is one less thing for me to worry about. The only time I encounter a problem now is if a user tries to change their password during the 15 minute window between the detection of the AD problem and the automated fix. That has only happened twice in the year+ since I got this setup.

KRIECCO
Contributor

LOOK - did you have a script ?