Posted on 02-17-2015 03:51 PM
Hi all,
I've traditionally used dsconfigad and/or Directory Utility to join Macs to AD. As you can now join the domain with a config profile, I wondered if there was anyone using this method and if you had any experiences (good or bad) to share?
Posted on 02-18-2015 10:55 AM
Ok, it doesn't look promising!
Posted on 02-18-2015 11:10 AM
Hey davidcland,
We originally did decide to use configuration profiles, but found there was an issue with AD binding through there (Which if i read correctly was fixed in 9.64). With configuration profiles, they enforce that the machine be bound the the specific AD you designate even if the user attempts to remove it.
We however decided to go with policies due to the AD configuration profile was not working properly for AD, but would keep switching to OD mode which caused some confusion at first. With policies, you do have some leverages you can use, such as placing the policy in self service for technician use.
Posted on 02-18-2015 11:35 AM
That sounds scary, I assume you need to embed plaintext credentials in the profile to bind?
Posted on 02-18-2015 11:44 AM
Once you have entered the password, they become blanked out with dots. So if someone happened to gain access your JSS, they would not gain access to your AD password.
Posted on 02-18-2015 12:56 PM
Thanks for the feedback. Doesn't sound like it's quite ready yet!