Jamf Nation Community

Can you be a little more specific on what you need to pull, from where? From what you wrote, it sounds like you're saying you need to create a piece of criteria that will pull in the AD department info that can later be used to build a Smart Group. Is that right?

@mm2270 Yes that is correct.

@RogerUL Are you talking about when you go to management settings>Network Organization>Departments, because just to test I added one of our departments but it still hasn't pulled the information.

@Benjamin.Diehl you will need to run sudo jamf recon to force an inventory on the client to get it to populate. and they have to be entered exactly including all white spaces or it will not work.

It will only update per computer when the computer submits inventory, if I'm not mistaken. Until at least some of your Macs send in new inventory, you're not going to see anything update.

@Benjamin.Diehl you also should verify your collecting that information in your inventory settings.

I noticed in the LDAP AD server attributes there is a user mapping attribute listed as Department, that seems like it has the flexibility to pull the Active Directory department attribute. 1. Is it possible to build a smart group from that attribute? 2. Is it possible to have that show up in the user details too?

@RogerUL @mm2270

@Benjamin.Diehl yes it is possible. you need to go to your computer management settings make sure collect user and location info from LDAP is checked in computer inventory collection
you also need to make sure in your computer inventory display settings that department is checked

to create a smart group you will create a computer smart group with the department is.. setting.

Is it all possible for the Department information to also be placed into the users. Basically this all comes down to, we are moving our school wide iPad program to JSS. We are wanting to create smart groups based on peoples departments. For example our Admissions (staff) in AD have the department of ADMS, we are wanting JSS to pull that and place it in the users so that we can build a smart group that then places all of the admissions people in that group and then from there set up profiles.

@RogerUL

Make an Extension Attribute with an input type of LDAP Attribute Mapping. In standard AD schema this attribute would be "department" minus the quote. You can then build Smart Groups from this information.

I'm just going to leave this here... https://github.com/jamfit/JSS-LDAP-Sync

Great thanks that is working sorta, no idea what the username and password it though. Everything we have tried hasn't worked even our IT director can't get the username or password right.

@mscottblake

@mscottblake OH ok thanks will try these other ones out

As mentioned previously, and from your questions above you already know this but just to update the thread: you will want "Collect user and location information from LDAP" checked , but for iPads it is in 'Mobile Device Inventory Collection' -> 'Inventory Collection". You will need to create the Department manually. You will need to tell the JSS which AD field to get the Department value from, at 'System Settings' -> 'LDAP Servers' -> [your server] -> Mappings -> 'User Mappings' (we use "department" without the quotes). Then when the iPad's Update Inventory command is processed, the JSS will update the record with whatever is currently in AD.

As of JSS 9.65, User and Location settings are not available on the User side. Have not had time to look at 9.7x. Please upvote the FR that this is a duplicate of.

chris

Thanks guys for all the input and help :)

@RogerUL @mm2270 @iJake @mscottblake @cdenesha

@cdenesha once I map the AD attributes for department and building will older computer objects in Jamf also have their User and Location inventory field updated via the LDAP info (assuming I created the corresponding Buildings and Departments in Jamf) or will this only apply to new computers being enrolled into Jamf?