- Jamf Nation Community
- Products
- Jamf Pro
- Plugin encountered an error processing request 100...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-18-2016 08:51 AM
Hello, I have been struggling with this error since our Jump Start. We have a service account that is to bind devices to our AD upon enrollment. Every time, both via policy or by going to user preferences I receive this error.
- My AD account works to bind the devices in User Groups but the Service account receives (plugin encountered an error processing request 10001).
- The service account CAN bind PC's to AD.
- Domain is NOT .local
- Computer name is under 15 characters.
Solved! Go to Solution.
Labels:
1 ACCEPTED SOLUTION
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2016 06:46 AM
What was needed was to give the JAMF service account proper permissions to the default Computers OU in AD. Go to the Security tab of the Computers OU and give the JAMF service account Full Control. Also, right-click on the Computers OU and create a custom task to delegate control of Computer objects (create and delete) to the JAMF service account.
Reply
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-18-2016 08:54 AM
If everything seems to be ok, when it comes to AD binding there is one golden rule - Check the time. The time on the computer has to be the same or very close to the same as the AD server time.
A couple years ago we received macs that were about 6 minutes off fresh out of the box, none of them binded. So I always put a script to sync the time with the time server first and then bind.
Good luck.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-18-2016 08:57 AM
Have you read the contents of this thread:
https://jamfnation.jamfsoftware.com/discussion.html?id=9588
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-18-2016 09:47 AM
Roiegat, I did forget to mention that they are tied to our domain time server and thus it is the same.
Mark, I have seen that before but the solution appears to be a script. I was under the impression that we could just use the directory binding policy unless it is broke. I could try the script but I assume if I receive the 10001 error while going to users and groups, the script would also produce such an error.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2016 06:46 AM
What was needed was to give the JAMF service account proper permissions to the default Computers OU in AD. Go to the Security tab of the Computers OU and give the JAMF service account Full Control. Also, right-click on the Computers OU and create a custom task to delegate control of Computer objects (create and delete) to the JAMF service account.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-09-2020 04:29 PM
The resolution posted above, when Tyler says JAMF service account, is that the account that should have permissions to bind to the domain in that specific OU?
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2021 06:11 AM
@bacchusz Did you ever happen to find out the answer to your question? I'm like you, just one year in the future :)
