i want to set up a zero touch configuration, but the process stops after the prestage enrollment :(
i have AD, and want to have mobile accounts created on login. a local hidden admin account should be created too.
this is how far it goes now:
i get asked for username/password
i get asked to create an account for the previously entered username/password (what shouldn't happen at all)
here my process stops. meaning the policies i've created to install printers and some software do not run. they cannot run, because remote login is not enabled, and the hidden admin account is not created. but the profile is installed. the machine is still listed as unmanaged in the inventory list.
i'm not bound to the configured AD
after binding manually to the domain, i can login with domain users and managed accounts will be created automatically
what am i missing or what is wrong here?
any help is welcome :)
btw: when i connect to https://myjamf/enroll, login, download and install the package, my policies get executed and the machine is listed as managed.
The documentation is extremely light around the Directory payload for the PreStage Enrolments. I'm also trying to figure out what each field refer too.
The quickadd should still install tho, others have related that to the Allow MDM profile removal setting. https://www.jamf.com/jamf-nation/discussions/12530/dep-quickadd-failed-to-download
will reply if i figure out the Directory payload fields.
my ad binding is working for prestage/dep
the directory server username is incorrect in your screenshot, it should be an account with binding rights (lan id).
the hostname of the server isn't populated in yours, it should be something like my.domain.com
client id is the machine name, you can look in the admin manual for options, I use $SERIALNUMBER - then during the setup of the machine to install the extra stuff, I unbind, change the name to our naming convention, then rebind - annoying but whatever. If you look in the admin guide and search for $SERIALNUMBER it will bring you to the list of options you can use.
the Organizational Unit is the bucket you use to put the machines in (this can be copied from your AD Binding Profile in jamf)
@rhoward: i'm not using any image. i'm unpacking a brand new mac, switch it on the first time and want to get it configured by zero touch magic
@Key1: you can even say, the documentation is not existent for that :( and yes, quickadd is running and doing what i've configured in the policies. but quickadd is not the way to go
@jwojda: yes, i'm connected to the network and the scope is assigned. the AD hostname is removed only for the screenshot. the AD binding is working fine. yes, i will switch to SSL as soon this is working.
but this shouldn't happen:
now i have that:
where this seems to be related to ldap attribute mappings: