search

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MIT License
382 stars 57 forks source link

Directory Bind detection error #74

Closed ecrist closed 2 years ago

ecrist commented 2 years ago

I have a Mac that is very much joined to a domain, even confirmed with dsconfigad -show:

[corp-mac123:~] ecrist% dsconfigad -show
Active Directory Forest          = example.net
Active Directory Domain          = example.net
Computer Account                 = corp-mac123$

Advanced Options - User Experience
  Create mobile account at login = Enabled
     Require confirmation        = Disabled
  Force home to startup disk     = Enabled
     Mount home as sharepoint    = Enabled
  Use Windows UNC path for home  = Disabled
     Network protocol to be used = smb
  Default user Shell             = /bin/bash

Advanced Options - Mappings
  Mapping UID to attribute       = uidNumber
  Mapping user GID to attribute  = gidNumber
  Mapping group GID to attribute = gidNumber
  Generate Kerberos authority    = Enabled

Advanced Options - Administrative
  Preferred Domain controller    = not set
  Allowed admin groups           = Local Administrators
  Authentication from any domain = Disabled
  Packet signing                 = allow
  Packet encryption              = allow
  Password change interval       = 14
  Restrict Dynamic DNS updates   = not set
  Namespace mode                 = domain

But when I try to run macOSLAPS I get an error:

Error|2022-05-25 08:10:47|macOSLAPS|This machine does not appear to be bound to Active Directory
ecrist commented 2 years ago

I just unbound and rebound the machine to the domain.