Renaming a Mac computer name and Active Directory

HelpDeskWarrior
New Contributor II

I have worked out how to change a Mac computer name in the JSS console then propagate it out to the client. I noticed that in the example of a name like 'test-name-air', the ComputerName and LocalHostName take this change but the HostName gets truncated to just 'testname'.

I am not sure if Active directory will care about the HostName being different or not. At this stage it doesn't appear to and I would prefer not to have to deal with further complications of scripting the rename of HostName if I don't have to.

Thanks for any help.

2 ACCEPTED SOLUTIONS

calumhunter
Valued Contributor

When the machine is bound to AD, it creates a computer object with the computer name at the time of binding. This is usually the hostname of the mac.

You can later change the hostname of the mac and it will have no effect on the AD binding. If you have no need to change the computer name in AD, i would not worry about trying to change it.

You can check to see what the computer name is that it used when it was bound to AD by running:

dsconfigad -show

You will see it listed next to computer account with a $ on the end of the name indicating it is a computer account

If you need to keep track of it, you might want to create an EA that grabs the computer account name from dsconfigad so you can see in the JSS what the name of the machine is in AD

View solution in original post

mm2270
Legendary Contributor III

dsconfigad -show displays what the Mac name was at the time of the bind, and not necessarily what the local Mac name is now. But its also the name of the computer record in AD as long as that bind is valid and hasn't been removed.
I think the point is, there isn't really a need to worry about the local computer name after its joined to AD. As best practice here, if we have to rename a Mac, we do an unbind and rebind to get the Mac back in AD under the new record, just to keep things relatively clean (AD is almost never "clean", but we at least try)
So unless having the name mismatch is a concern for you, you shouldn't need to do anything here.
And yes, there are 3 different names for a Mac. When a Mac is renamed manually in the Sharing Preference Pane, the OS does the job of making sure ComputerName, LocalHostName and HostName and all match as closely as possible (illegal characters in the ComputerName notwithstanding), but if its done via scripting they can get out of sync.

View solution in original post

8 REPLIES 8

calumhunter
Valued Contributor

When the machine is bound to AD, it creates a computer object with the computer name at the time of binding. This is usually the hostname of the mac.

You can later change the hostname of the mac and it will have no effect on the AD binding. If you have no need to change the computer name in AD, i would not worry about trying to change it.

You can check to see what the computer name is that it used when it was bound to AD by running:

dsconfigad -show

You will see it listed next to computer account with a $ on the end of the name indicating it is a computer account

If you need to keep track of it, you might want to create an EA that grabs the computer account name from dsconfigad so you can see in the JSS what the name of the machine is in AD

thoule
Valued Contributor II

Just to add to this, make sure that every computer binds with a unique name- 15chars max. I had a little script that would rename the computer to the serial number, do the binding, then put the name back to what it was.

HelpDeskWarrior
New Contributor II

@calumhunter My original post and point is that firstly the computer is being renamed by JSS, when this happens and all 3 computer name attributes are changed, the HOSTNAME is different to COMPUTERNAME and LOCALHOSTNAME.

Secondly, when I bind it to AD, it binds as the COMPUTERNAME / LOCALHOSTNAME, not the HOSTNAME as you suggest.

Anyway, I have used the dsconfigad -show command to see the computer account which is indeed COMPUTERNAME$.

mm2270
Legendary Contributor III

dsconfigad -show displays what the Mac name was at the time of the bind, and not necessarily what the local Mac name is now. But its also the name of the computer record in AD as long as that bind is valid and hasn't been removed.
I think the point is, there isn't really a need to worry about the local computer name after its joined to AD. As best practice here, if we have to rename a Mac, we do an unbind and rebind to get the Mac back in AD under the new record, just to keep things relatively clean (AD is almost never "clean", but we at least try)
So unless having the name mismatch is a concern for you, you shouldn't need to do anything here.
And yes, there are 3 different names for a Mac. When a Mac is renamed manually in the Sharing Preference Pane, the OS does the job of making sure ComputerName, LocalHostName and HostName and all match as closely as possible (illegal characters in the ComputerName notwithstanding), but if its done via scripting they can get out of sync.

HelpDeskWarrior
New Contributor II

@mm2270 Thanks, this is the specific point I'm wanting to address.

I did another test and I found that changing the name in JSS then running the 'reset computer names' maintenance task in a policy in Casper is not renaming HostName at all, only ComputerName and LocalHostName.

calumhunter
Valued Contributor

@HelpDeskWarrior

scutil is your friend

To get the names:

scutil --get ComputerName
scutil --get LocalHostName
scutil --get HostName

and to set the names:

scutil --set ComputerName "My Computer Name"
scutil --set LocalHostName "My-Computer-Name"
scutil --set HostName "My-Computer-Name"

in5542
New Contributor

The scutil -- set worked for me I did all 3. Thank you calumhunter

scutil --set ComputerName "My Computer Name"
scutil --set LocalHostName "My-Computer-Name"
scutil --set HostName "My-Computer-Name"

wakco
Contributor III

It has been my traditional understanding that scutils HostName field was supposed to be all lower case, while case didn't matter for ComputerName and LocalHostName, however as even Jamf's own jamf setComputerName option doesn't respect that, I have reason to believe that may no longer apply. That said, it is possible to bind a computer to AD with another computer name that is not what is set in the HostName field (which is the field the AD binding uses by default).

i.e. From the man page for dsconfigad:

dsconfigad -add fqdn -username username [-password password] [-computer computerid] [-ou dn] [-preferred server] [-force] [-localuser username] [-localpassword password] [-packetencrypt allow | disable | require | ssl]

And even when manually binding through the Directory Utility, you can change the computer name the computer gets bound with. Jamf's built-in feature doesn't provide any options for controlling this, while config profiles provide a Client ID field which might be worth looking into.