Help

Plugin encountered an error processing request 10001

Go to solution
Not applicable

Posted on ‎08-18-2016 08:51 AM

Hello, I have been struggling with this error since our Jump Start. We have a service account that is to bind devices to our AD upon enrollment. Every time, both via policy or by going to user preferences I receive this error.

  • My AD account works to bind the devices in User Groups but the Service account receives (plugin encountered an error processing request 10001).
  • The service account CAN bind PC's to AD.
  • Domain is NOT .local
  • Computer name is under 15 characters.
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Not applicable

Posted on ‎09-12-2016 06:46 AM

What was needed was to give the JAMF service account proper permissions to the default Computers OU in AD. Go to the Security tab of the Computers OU and give the JAMF service account Full Control. Also, right-click on the Computers OU and create a custom task to delegate control of Computer objects (create and delete) to the JAMF service account.

View solution in original post

6 REPLIES 6

Go to solution
roiegat
Contributor III

Posted on ‎08-18-2016 08:54 AM

If everything seems to be ok, when it comes to AD binding there is one golden rule - Check the time. The time on the computer has to be the same or very close to the same as the AD server time.

A couple years ago we received macs that were about 6 minutes off fresh out of the box, none of them binded. So I always put a script to sync the time with the time server first and then bind.

Good luck.

0 Kudos

Go to solution
mark_mahabir
Valued Contributor

Posted on ‎08-18-2016 08:57 AM

Have you read the contents of this thread:
https://jamfnation.jamfsoftware.com/discussion.html?id=9588

0 Kudos

Go to solution
Not applicable

Posted on ‎08-18-2016 09:47 AM

Roiegat, I did forget to mention that they are tied to our domain time server and thus it is the same.

Mark, I have seen that before but the solution appears to be a script. I was under the impression that we could just use the directory binding policy unless it is broke. I could try the script but I assume if I receive the 10001 error while going to users and groups, the script would also produce such an error.

0 Kudos

Go to solution
Not applicable

Posted on ‎09-12-2016 06:46 AM

What was needed was to give the JAMF service account proper permissions to the default Computers OU in AD. Go to the Security tab of the Computers OU and give the JAMF service account Full Control. Also, right-click on the Computers OU and create a custom task to delegate control of Computer objects (create and delete) to the JAMF service account.

Go to solution
bacchusz
New Contributor

Posted on ‎04-09-2020 04:29 PM

The resolution posted above, when Tyler says JAMF service account, is that the account that should have permissions to bind to the domain in that specific OU?

Go to solution
user-JLNfDXiTHL
New Contributor

Posted on ‎05-06-2021 06:11 AM

@bacchusz Did you ever happen to find out the answer to your question? I'm like you, just one year in the future :)

0 Kudos