Hello everyone,
I have a problem in PreStage Enrollment, when passing through the sAMAccountName, maybe someone here has a solution for it.
We need user certificates per configuration profile, which is why I set up a new PreStage Enrollment for MDM Enabled Users, but currently the ShortName (sAMAccountName) is not taken over for the AccountName if the value contains capital letters (which is unfortunately often the case here).
The other attributes were already in use, which is why we used "Room" for mapping the sAMAccountName/onpremisessamaccountname, which works so far, but in PreStage only as long as there is no capital letter. If there is a uppercase letter in it, the value is not filled in the macOS account setup and the fields are not locked.
AD and AAD are set up and Entra ID as IDP for SSO.
There are already hundreds of rolled out Macs in this cloud instance and various dependencies on the username, which is set to the UPN. This is why we cannot generally change the username mapping to the sAMAccountName and change the "account information" to "Device owner's details" in the PreStage Account Settings, which I would expect not to occur with it.
So far I can only think of two options, so I hope that someone else here has another idea.
Option 1 (high impact possible):
Change all sAMAccountNames to lowercase - this could cause problems in various other systems, which is impossible to estimate.
Option 2 (messy, dirty and AD admins will hate me):
Build an automation that writes the sAMAccountName as a lowercase value to another AD attribute, pass that through to the AAD as well, and set up the mapping in Jamf with them.... (AD attributes are almost all in use... whether this is an option at all is therefore not clear yet)
