- Jamf Nation Community
- Products
- Jamf Pro
- Re: Printer Mapping via JSS HELP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2017 08:33 AM
Hello Casper admins!
I'm relatively new to both the Mac world and JSS computer management. We are primarily a windows shop but as of this summer we will be offering Macs to users (due to popular demand). I have been tasked with coming up with a workflow to add our printer fleet to JSS and map them to their respective users, perhaps using self service (hopefully using Active directory OUs) I have no idea how to do any of this AD integration is even possible with JSS. Also I don't know if its possible for the endpoints to print to the print server rather than printing directly to the printer.
My hope is to get some insight on some of what you guys are doing out there in the wild, perhaps get some information on how you did it. Also what the requirements are in terms of getting this up and running?
Thanks in advance,
Sincerely a Noob Mac admin
Solved! Go to Solution.
Labels:
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2017 11:46 AM
On the Windows side of the house, we map printers using AD groups. I mirrored that - I created a printer in the JSS (using the smb:// path to the object on the print server), then created a policy to map that printer at login and scoped it to the same AD group that the Windows machines use.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2017 12:02 PM
The first step is to make sure you have LDAP servers set up in the JSS. This is under System Settings>LDAP Servers. The actual set up is pretty self explanatory, but it's an easy step to miss.
Unfortunately, you cannot, as far as I know, scope based on OUs, but you can scope based on AD group membership. This is done, as limitation, not a target, so you'll target a smart that contains the computers you want, then limit it to specific AD groups.
Also, if the drivers for your printers aren't included in MacOS, you may want to set up some logic to ensure the drivers are installed before they can install the printers. We currently accomplish this using a smart groups that look for an install receipt for the driver install package. Those that don't have it only see the driver install policy in the Printers section of self service. Once they install it (the policy includes an inventory update to make sure they get moved to the "driver installed" smart group), they get printers scoped to them based on AD group membership, and the printers appear in self service.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2017 11:46 AM
On the Windows side of the house, we map printers using AD groups. I mirrored that - I created a printer in the JSS (using the smb:// path to the object on the print server), then created a policy to map that printer at login and scoped it to the same AD group that the Windows machines use.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-28-2017 12:02 PM
The first step is to make sure you have LDAP servers set up in the JSS. This is under System Settings>LDAP Servers. The actual set up is pretty self explanatory, but it's an easy step to miss.
Unfortunately, you cannot, as far as I know, scope based on OUs, but you can scope based on AD group membership. This is done, as limitation, not a target, so you'll target a smart that contains the computers you want, then limit it to specific AD groups.
Also, if the drivers for your printers aren't included in MacOS, you may want to set up some logic to ensure the drivers are installed before they can install the printers. We currently accomplish this using a smart groups that look for an install receipt for the driver install package. Those that don't have it only see the driver install policy in the Printers section of self service. Once they install it (the policy includes an inventory update to make sure they get moved to the "driver installed" smart group), they get printers scoped to them based on AD group membership, and the printers appear in self service.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-01-2017 01:18 PM
You can absolutely scope policies to AD OU's but it does require you use an Extension Attribute and a Smart Group to make it happen. Below is my Extension Attribute to create the OU path for the machine. You will have to modify it a little bit for your environment, but it should get you pretty close. Then you just create a smart group that has something along the lines of "AD Path 'is like' /AD/OU/org/dept/group"
#!/bin/sh
ADPath() {
ADConnectionCheck=$(dsconfigad -show)
ADComputerName=$(dsconfigad -show | grep "Computer Account" | awk '{print $4}')
ADComputerOU=$(dscl /Search read /Computers/"$ADComputerName" dsAttrTypeNative:distinguishedName 2> /dev/null | sed -e 's/dsAttrTypeNative:distinguishedName://g' | tr -d "
" | sed -n 's/OU=//gp' | sed -n 's/DC=//gp' | sed -n 's/CN=//gp')
if [[ -n "$ADConnectionCheck" ]]; then
if [[ -n "$ADComputerOU" ]]; then
IFS=',' read -r -a ADArray <<< "$ADComputerOU"
for (( i=${#ADArray[@]}-1,j=0 ;i>=1;i--,j++ ));
do
ADReverseArray[j]="/"${ADArray[i]}
unset ADReverseArray[0]
unset ADReverseArray[2]
done
ADPath="$(echo ${ADReverseArray[@]} | tr -d " ")"
echo "<result>$ADPath</result>"
else
echo "<result>Location Error</result>"
fi
else
echo "<result>Bind Error</result>"
fi
}
ADPath