- Jamf Nation Community
- Products
- Jamf Pro
- Re: Not all AD users showing up in "Scope"
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not all AD users showing up in "Scope"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-21-2015 07:53 AM
Am trying to make some iPad apps available to a couple of specific users. I've done this many times before, but now when I go into "Scope > Add > Users" it's only showing 506 entries when it should be about 14000.
One of the users I need is in there, the other is not. Both are in AD. Any ideas?
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-21-2015 07:55 AM
Oh, and it may or may not be related, but on our Casper server (running OS X 10.7.5) I am no longer able to open the JSSDatabaseUtil.jar. When I double click it nothing happens. Was going to try running some database repairs in the hopes of fixing the above issue.
Any ideas on this would also be greatly appreciated. Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-21-2015 09:32 AM
In our environment, they don't show up unless that user has enrolled a device. Once they do, their AD credentials show up as a scope option in our list.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 08:12 AM
Tagging on to what @qhle373 said, you also have to make sure when you assign the device it is assigning to the AD account and not creating it's own local account. Happens if you misspell a username.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 09:28 AM
A vendor here reported that Apple's AD plugin has a 1,000 computer/user paging limit…that might be causing what you are seeing…I can send or post sources if you need more info…
I believe it affects OSX 10.7-10.10, but I haven't tested it in a while.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 10:39 AM
Ok, that makes sense. Thanks for the replies!
As for the 1,000 computer/user paging limit... that would explain why some issues I'm having with a local website I host from OS X Server and trying to use AD credentials to control who can access which pages. Is there any way around this 1,000 paging limit?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 10:48 AM
Yeah, I've seen this too. You can see it directly in the Directory Utility.app. Open the app, make sure the "in node" is set to your AD domain path, then change the "Viewing" to Users or Computers or any other item. After it scans you can see on the bottom of the window it will show "1,000 records" We have over 50k users in AD here, so its definitely not pulling all records - not by a long shot.
I don't know of a way around this limitation.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 12:33 PM
According to our vendors, Apple has yet to resolve it and it has been an issue with the Apple AD plugin for many years now….
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 11:12 PM
@mattschenk I'd add the users to an AD group (in AD), & then limit access using that group.
