Skip to main content
Question

Need to Bind to AD

  • August 7, 2017
  • 7 replies
  • 36 views
M
Forum|alt.badge.img+5

What is the script to bind computer 10.12.6 to Active Directory?

    7 replies

    bpavlov
    Forum|alt.badge.img+18
    • bpavlov
    • Esteemed Contributor
    • August 7, 2017

    If you are using Jamf Pro just use a policy to accomplish this. In the Directory Binds policy payload, you pick the directory service you want to bind to. If you do not see any options there, then you need to first add a directory to your JSS. Go to the JSS > Settings > Computer Management > Directory Bindings and add a new directory binding.

    This all has the benefit of not having to hardcode any passwords into a script because the JSS will have all that information stored. All you would need to do is take care of some logic such as making sure that the binding takes place while the computer can reach the directory service to actually join/bind.

    G
    Forum|alt.badge.img+16
    • gachowski
    • Honored Contributor
    • August 7, 2017

    Friends don't let friends bind to AD.

    : )

    When I did bind to AD I used the Jamf scrip 

    /usr/local/bin/jamf bind -type ad  -domain 'XXX' -username "XXX" -passhash "XXX" -ou "CN=Computers,DC=XXX,DC=net" -mountStyle smb -uid "uidNumber" -userGID "gidNumber" -cache -multipleDomains -localHomes -shell none

    You can copy it from a machine after it's imaged but before it reboots . : ) I would just copy it off in target mode...1st run script I think

    C

    B
    Forum|alt.badge.img+3
    If you are using Jamf Pro just use a policy to accomplish this. In the Directory Binds policy payload, you pick the directory service you want to bind to. If you do not see any options there, then you need to first add a directory to your JSS. Go to the JSS > Settings > Computer Management > Directory Bindings and add a new directory binding.

    That right there. add your directory settings to jss then create a policy with the bindings. I have it setup as a self-service policy. You need to make sure your computer is named properly before binding since it binds using the computer name.

    and make sure your "computer OU" is in this format in Computer management->Management Framework->Domain Bindings:
    OU=SUBOUNAME,OU=PrimaryOUNAME,DC=YOURDOMAINNAME,DC=YOURDOMAINSUFFIX

    E
    Forum|alt.badge.img+7
    • edullum
    • Valued Contributor
    • July 17, 2018

    Where is says Active Directory Domain, is that the same as the Directory Server?

    V
    Forum|alt.badge.img+7

    Hi @brandonalexander , I dont see Domain Bindings under Management Framework. Does that get added once you set up AD binding?

    Tangentism
    Forum|alt.badge.img+10
    • Tangentism
    • Honored Contributor
    • October 29, 2018

    @vanschip-gerard Have a look under Settings > Computer Management > Directory Bindings.

    You need to set them up there first.

    mark_mahabir
    Forum|alt.badge.img+15
    • mark_mahabir
    • Jamf Heroes
    • October 29, 2018

    Consider whether you actually need to bind to AD and whether you could make use of NoMAD instead.

    If you really do need to bind, then there is a really good binding script here.

    Terms & ConditionsCookie settingsAccessibility statement