[Casper] Computer group from AD

Miles Leacy miles.leacy at themacadmin.com
Fri Jan 9 11:35:46 PST 2009 

"Bound to a directory" and "Member of a group" are different concepts.
I would also like the ability to recognize computer accounts and computer
groups.

You could work around the current situation with a script using logic like
so:

1. Query LDAP (AD) for the groups "my computer" ($2, assuming your machine
names are the same as your AD names) belongs to.
2. grep the output for the group you want to key on.
3. call a custom trigger

The ability for Casper to recognize computer accounts & groups would be
better than this, but this can give you the same net effect as scoping a
policy to an AD group.  This also assumes you have the ability to perform
LDAP lookups in AD.  If your JSS is taking advantage of LDAP, then you could
use the same account to perform the lookup in the script.

----------
Miles A. Leacy IV

 Certified System Administrator 10.4
 Certified Technical Coordinator 10.5
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2009/1/9 Nichols, Jared <jared.nichols at ll.mit.edu>

>  Wouldn't you just create a smart computer group that goes off of the
> Active Directory Status attribute?  You could either make it "Active
> Directory Status" is <<name of AD>> (if you have more than one and you want
> to specify which) or you could make "Active Directory Status" is not "Not
> Bound"  It's a double negative, but that would return any machine bound to
> an AD, no matter what the AD is called.
>
> See Attachment.
>
> Maybe I don't understand completely your question?
>
> j
>
>
> On 1/9/09 12:57 , "Ernst, Craig S." <ERNSTCS at uwec.edu> wrote:
>
> Don't believe the JSS works with computer accounts in AD.
>
> Craig E
>
>
> On 1/9/09 11:56 AM, "Ryan Harter" <rharter at uwsp.edu> wrote:
>
> Hey Guys-
>
> Has anyone created a smart group that would take members based on if the
> computer is a member of an AD group.
>
> Essentially what I'm trying to do is scope a policy to a group of computers
> in AD, like you can with the User scope, but it doesn't seem to work with
> computers.
>
> When user's register for our disaster recovery system, their computer is
> added to a group in AD, and I would like to install the backup client on
> their machine based on whether or not they are in this group.  Any ideas?
>
> *
> Ryan Harter
> *UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu <mailto:Ryan.Harter at uwsp.edu <Ryan.Harter at uwsp.edu>>
>
>
>
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations – Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090109/6a48c128/attachment.htm

More information about the Casper mailing list