Jamf Nation Community

---

@msnowdon wrote:

During prestage enrollment, the Macs are bound to AD and members of an AD group, tier2-users, is specified to be administrators. Local accounts are Mobile account enabled. However users of the group, tier2-users are no longer recognized as local administrators. I think this was working fine in Ventura, but Im running Sonoma now and all the local accounts are just recognized as Mobile accounts. 

---

Hello @msnowdon,
It seems like a macOS Sonoma update might be causing the issue with tier2-users not being recognized as local administrators. You could try updating your group policies or checking for any known issues with Sonoma and AD integration.

Best Regards,
James Keen

I have a test machine here on 14.7.1.  It's bound to a Microsoft Domain.  People who log on using AD accounts are getting Mobile accounts.  We do have some accounts in special AD groups and they are configured in the binding because of the groups to be local administrators just like yours.

I just tested logging on with a user in that special group and it is showing as an Administrator and Mobile as expected.  What have you checked?  Are you the only person doing the Mac administration there?

Some places I'd be looking are in the actual binding on a problem machine and see if the expected group is there as an Administrator group.  If it's not there, look on the Bindings in Jamf and see if the group is there.  If it is there on the local machine you need to figure out why the machine doesn't make members of that group Admins.

Is it reproducible?

If you perform an unbind/rebind action, do they get their admin status back? Having lived for far too long in an org that required binding, that was often a fix for me. That does not solve the root of the problem, which is binding itself is effectively broken on macOS.