But the policy will work if I run it from self service or if I issue the sudo jamf policy command at terminal. All my policy is running one command "kdestroy -a". Regardless of where it runs from it does not report any errors but when the command is executed during reoccurring checkin the kerberos tickets are not deleted. Its so odd because as I said before when I run it from self service it works and when I issue the sudo jamf policy command it works. So I'm a bit stumped.
So, you're not using "sudo" in the command issued via Jamf, correct?
I think - been years since I used AD, but that's a user command, and you might have to pull a user to run as. I'm likely wrong, but something(s) to look at...
How are is this policy built? As @scottb suggested, this needs to be run in the user space. If you are using a files and processes payload that runs as root. In addition if no one is logged in, I see it erroring out no matter what you do. You may need to wrap this in a script and have the script tell the command to run in the user space.
