Home > DeployStudio, Mac administration, Mac OS X > DeployStudio 1.7.3 using configuration profiles for Active Directory binding on OS X El Capitan

DeployStudio 1.7.3 using configuration profiles for Active Directory binding on OS X El Capitan

As part of the release of DeployStudio 1.7.3, DeployStudio is now using an unsigned configuration profile to manage binding to an Active Directory domain for Macs running OS X 10.11.x.

Screen Shot 2016 04 02 at 5 00 04 PM

Screen Shot 2016 04 02 at 5 00 24 PM

This undocumented change currently appears to apply only to Macs running OS X El Capitan. Earlier versions of OS X are still being bound to AD using Apple’s dsconfigad tool. For more details, see below the jump.

The relevant changes are available via the links below:

DeployStudio AD binding script for OS X 10.11.x: https://github.com/timsutton/DeployStudioDiffs/blob/9c0f3a9366995f6371f79c76c10637397d5d1c92/Packages/Admin/DeployStudio%20Admin.app/Contents/Plugins/DSADBindingTask.bundle/Contents/Resources/Scripts/ds_active_directory_binding/ds_active_directory_binding.10.11.sh

Configuration profile header: https://github.com/timsutton/DeployStudioDiffs/blob/9c0f3a9366995f6371f79c76c10637397d5d1c92/Packages/Admin/DeployStudio%20Admin.app/Contents/Plugins/DSADBindingTask.bundle/Contents/Resources/Templates/ConfigurationProfileHeader.plist

Default configuration profile options: https://github.com/timsutton/DeployStudioDiffs/blob/9c0f3a9366995f6371f79c76c10637397d5d1c92/Packages/Admin/DeployStudio%20Admin.app/Contents/Plugins/DSADBindingTask.bundle/Contents/Resources/Templates/PayloadContent.plist

Based on observation, it appears that the configuration profile is assembled from the ConfigurationProfileHeader.plist and PayloadContent.plist files referenced in the above links, then named ds_active_directory_binding_uuid_goes_here.mobileconfig, with the UUID included in the filename to ensure that the profile’s filename is unique.

Screen Shot 2016 04 02 at 5 27 26 PM

One thing to be aware of is that the .mobileconfig files generated by DeployStudio 1.7.3 do not appear to set all options for the Apple Active Directory plug-in correctly. I’ve posted about the issue in the DeployStudio forums and also notified the DeployStudio folks via Twitter:

To see what a DeployStudio 1.7.3-generated AD configuration profile looks like, please see the example below:

Hat tip to @tvsutton for discovering this change.

  1. Sean
    April 5, 2016 at 3:33 am
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: