Looking to see if any of the other MacAdmins out there knows how to scope a policy to an AD computer group. All my Macs are bound to AD. I'm looking to setup a process for our licensed applications where the computers are placed into a particular AD group, then, those in that group are queried and pulled into a Smart Group or Policy.
I haven't been able to find anything within the Smart Group criteria to target, or, in the policy Scope. It appears you can use limitations for LDAP User groups, however, not LDAP Computer groups.
Any help is greatly appreciated.
Just an update on this. My ticket with Jamf Support came back with a response that Jamf Pro doesn't have a builtin functionality to query LDAP computer groups - only user groups.
Unfortunately for me, I can't use user groups since not all our Macs are 1:1. Some are shared and most software license models are based on device and not user. Jamf Support did suggest that this could potentially be done by creating a script that can run on each device and return all the LDAP computer groups that device is a member of. Then, I could use an extension attribute and a smart group to pull all those devices in.
I'm pretty green with writing scripts, however, I'm sure someone else in the world had the same need and could have written something up. I'll do some further research. If not, then now's the time to learn scripting.
In Primary School we base smart groups of LDAP groups so we can dynamically move students around classes. College up we use smart groups based of LDAP groups for topics so the student device gets apps and settings based on what classes they are enrolled into.
All this info is feed into AD from the school management system automatically. This is a big hole in Jamf Pro, LDAP fields just don't cut it 🤷:male_sign: