Skip to main content
Solved

Renaming a Mac computer name and Active Directory


Forum|alt.badge.img+5

I have worked out how to change a Mac computer name in the JSS console then propagate it out to the client. I noticed that in the example of a name like 'test-name-air', the ComputerName and LocalHostName take this change but the HostName gets truncated to just 'testname'.

I am not sure if Active directory will care about the HostName being different or not. At this stage it doesn't appear to and I would prefer not to have to deal with further complications of scripting the rename of HostName if I don't have to.

Thanks for any help.

Best answer by calumhunter

When the machine is bound to AD, it creates a computer object with the computer name at the time of binding. This is usually the hostname of the mac.

You can later change the hostname of the mac and it will have no effect on the AD binding. If you have no need to change the computer name in AD, i would not worry about trying to change it.

You can check to see what the computer name is that it used when it was bound to AD by running:

dsconfigad -show

You will see it listed next to computer account with a $ on the end of the name indicating it is a computer account

If you need to keep track of it, you might want to create an EA that grabs the computer account name from dsconfigad so you can see in the JSS what the name of the machine is in AD

View original
Did this topic help you find an answer to your question?

8 replies

Forum|alt.badge.img+10
  • New Contributor
  • 596 replies
  • Answer
  • December 2, 2015

When the machine is bound to AD, it creates a computer object with the computer name at the time of binding. This is usually the hostname of the mac.

You can later change the hostname of the mac and it will have no effect on the AD binding. If you have no need to change the computer name in AD, i would not worry about trying to change it.

You can check to see what the computer name is that it used when it was bound to AD by running:

dsconfigad -show

You will see it listed next to computer account with a $ on the end of the name indicating it is a computer account

If you need to keep track of it, you might want to create an EA that grabs the computer account name from dsconfigad so you can see in the JSS what the name of the machine is in AD


Forum|alt.badge.img+15
  • Contributor
  • 589 replies
  • December 2, 2015

Just to add to this, make sure that every computer binds with a unique name- 15chars max. I had a little script that would rename the computer to the serial number, do the binding, then put the name back to what it was.


Forum|alt.badge.img+5

@calumhunter My original post and point is that firstly the computer is being renamed by JSS, when this happens and all 3 computer name attributes are changed, the HOSTNAME is different to COMPUTERNAME and LOCALHOSTNAME.

Secondly, when I bind it to AD, it binds as the COMPUTERNAME / LOCALHOSTNAME, not the HOSTNAME as you suggest.

Anyway, I have used the dsconfigad -show command to see the computer account which is indeed COMPUTERNAME$.


mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • December 2, 2015

dsconfigad -show displays what the Mac name was at the time of the bind, and not necessarily what the local Mac name is now. But its also the name of the computer record in AD as long as that bind is valid and hasn't been removed.
I think the point is, there isn't really a need to worry about the local computer name after its joined to AD. As best practice here, if we have to rename a Mac, we do an unbind and rebind to get the Mac back in AD under the new record, just to keep things relatively clean (AD is almost never "clean", but we at least try)
So unless having the name mismatch is a concern for you, you shouldn't need to do anything here.
And yes, there are 3 different names for a Mac. When a Mac is renamed manually in the Sharing Preference Pane, the OS does the job of making sure ComputerName, LocalHostName and HostName and all match as closely as possible (illegal characters in the ComputerName notwithstanding), but if its done via scripting they can get out of sync.


Forum|alt.badge.img+5

@mm2270 Thanks, this is the specific point I'm wanting to address.

I did another test and I found that changing the name in JSS then running the 'reset computer names' maintenance task in a policy in Casper is not renaming HostName at all, only ComputerName and LocalHostName.


Forum|alt.badge.img+10
  • New Contributor
  • 596 replies
  • December 3, 2015

@HelpDeskWarrior

scutil is your friend

To get the names:

scutil --get ComputerName
scutil --get LocalHostName
scutil --get HostName

and to set the names:

scutil --set ComputerName "My Computer Name"
scutil --set LocalHostName "My-Computer-Name"
scutil --set HostName "My-Computer-Name"

Forum|alt.badge.img
  • New Contributor
  • 1 reply
  • October 10, 2017

The scutil -- set worked for me I did all 3. Thank you calumhunter

scutil --set ComputerName "My Computer Name"
scutil --set LocalHostName "My-Computer-Name"
scutil --set HostName "My-Computer-Name"


wakco11
Forum|alt.badge.img+9
  • Valued Contributor
  • 146 replies
  • March 23, 2022

It has been my traditional understanding that scutils HostName field was supposed to be all lower case, while case didn't matter for ComputerName and LocalHostName, however as even Jamf's own jamf setComputerName option doesn't respect that, I have reason to believe that may no longer apply. That said, it is possible to bind a computer to AD with another computer name that is not what is set in the HostName field (which is the field the AD binding uses by default).

i.e. From the man page for dsconfigad:

dsconfigad -add fqdn -username username [-password password] [-computer computerid] [-ou dn] [-preferred server] [-force] [-localuser username] [-localpassword password] [-packetencrypt allow | disable | require | ssl]

And even when manually binding through the Directory Utility, you can change the computer name the computer gets bound with. Jamf's built-in feature doesn't provide any options for controlling this, while config profiles provide a Client ID field which might be worth looking into.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings