Jamf Nation Community

Thanks @RobertHammen! Yeah, i saw/was thinking about that one too. Enrollment is the first time, yes? Separate from Check In and Update? So the existing machines that are already in the JSS and already have an AD bind will not be affected? Sorry if I'm not being clear.

It won't happen during a Recon, which is just an event that gathers inventory information. It would happen as part of a policy that happens during an Enrollment action to achieve what you want. That policy could simply include an AD bind action or run a script that performs the bind if you have other logic you want to include.

If you want to catch them all, you will create a smart group of systems not bound to AD and then scope the policy to that group. You could have multiple angles on this.

Yes, enrollment is the first time and this wouldn't touch existing Macs.

Again, I'd consider an Extension Attribute/Smart Group for AD binding status. That way, you could push out a bind via policy if you needed to...

Quick and Dirty Extension Attribute to return the result of which domain the Mac is bound to...

#!/bin/bash

ADdomain=`dsconfigad -show | awk '/Active Directory Domain/{print $NF}'`
echo "</result>$ADdomain</result>"

Thanks @alexjdale! I think I understand what/where you're going with this. @RobertHammen How would I set this up as a Smart Group then? Operator and Value?

I am able to join AD through policy but challenge is, how to configure site wise "COMPUTER OU" if we have multiple sites.