Jamf Nation Community

Looks like the first round of "hot fixes" from Microsoft is in. There is another set due in mid April,2022.

After performing testing in our test environment, unfortunatly the hot fix had issues with installing on the DC.  Our Infrastructure team is taking the logs and errors back to Microsoft for evaluation and next steps. At this time, no still no fix for AD Bind.

We tested it on our 2022 Dcs, we instaledl it on all 3 dcs we still cant bind the mac to the AD if its a completly new one (no ad objekt) if i create an object manually i can bind it with all enforcements enabled 

Hello folks, just curious to ask if anyone tried applying the hot fixes onto their domain controllers running 2019 Windows Server ?

I didn't see this mentioned anywhere here but I ran into this issue and for me, the problem was actually DNS.  The only way I was pointed into the right direction, was I checked the network setting on the Mac, and noticed that the WINS NetBIOS name was coming up incorrect from what the computer name of the Mac should be.

It turns out, that while on the VPN, the IP assigned previously belonged to another Windows device, and was still in the Windows DNS.  The Mac and/or VPN see the name associated with DNS and attempt to use that instead of the actual computer name of the Mac.  Since this name already belongs to a Windows device in AD, the join fails.

To fix this, I simply deleted the DNS entries on my Windows Domain Controller associated with the IP that the Mac was getting.  After a reboot, the Mac was then no longer getting an incorrect name for WINS on the network page.  The bind then worked.

Hey Guys, some more Informations here?
Is there a new Hotfix from Microsoft? Did someone could test it?

Still gotta set the RegKey with Serveradmins and it is still anoying.
Thanks!
 

We were able to test in our test environment - the AD Bind and it is working in TEST.

The April patches seem to be working for us.  I will post again once those patches have been applied to the Production Environment.

I do not have access to a test AD environment and am not privy to what in any patches have been applied to our Production AD server, however I do know that actual hardware server was moved from one location to another over Easter weekend and so has been restarted recently.
Last Friday 22 April I was able to bind, via policy, a new M1 iMac running Monterey. Then today I was able to bind an Intel iMac running Catalina without any changes in security to our AD.

I am fairly certain we are running a Windows 2019 server for our AD. I will confirm and edit accordingly once I know!

Edit: Confirmation, we are running one Windows 2016 and two Windows 2019 Servers for our on site AD instances and yes, they have had all recent patches and as such we can now bind automatically with the RegKey set to 2 - highest security setting.

Using the above KB articles - and applying the April Microsoft patches - resolved the issue with being unable to bind in our environment.

Is this still an issue for folks? We are past the enforcement phase and we can still bind our Macs. 

How are you binding? Config Profile?