Configure Directory Services Profile
The Directory Services payload enables administrators to remotely associate a computer with a directory service. This ensures compliance with domain policies and enhances password security settings.
To use Directory Profiles remotely on an enrolled device, follow these steps:
1. Navigate to SureMDM Web Console > Profiles > macOS > Add >Directory Services > Configure.
2. Enter a Profile Name.
3. In the Directory Profiles prompt, Configure Directory Profiles settings, and then click Save.
| Settings | Description |
|---|---|
| Server Host Name or IP Address | Enter directory server name. |
| Client ID | Enter the client ID associated with the device in the directory. |
| User Name | Enter the username of the user used to authenticate and bind the device to the server. |
| Password | Enter the password of the user used to authenticate and bind the device to the server. |
| Organizational Unit | Enter the Organizational Unit (OU) where the joining computer object is added. |
| User Experience | Create Mobile Account at Login - Select this option to create a mobile account. When this option is selected, the user's data is stored locally and they are automatically logged into a mobile account. Require Confirmation before Creating a mobile account - Select this option to send a confirmation message to the end-user. Force Local Home Directory on Startup Disk - Select this option to forces the local Home directory to be created on the startup disk. Use UNC Path from Active Directory to Derive Network Home Location - Select this to determine the UNC specified in the active directory when mounting the network home. Mount Style - Select the following mount style options: SMB AFB Default User Shell - Specify the default shell for the user after logging into the computer. |
| Mapping | Map UID to Attribute - Specifies an Active Directory attribute from map to the user ID. Map User GID to Attribute - Specifies an Active Directory attribute from map to the user group ID. Map Group GID to Attribute - Specifies an Active Directory attribute from map to the group ID. |
| Administrative | Preferred Domain Server - Enter the name of the domain server to use for authentication. Allow Authentication from Any Domain in the Forest - Allow any domain in the first to authenticate. Namespace - Enter the primary account naming convention based on forest or domain. Packet Signing - Select to ensure that the data is secure. Packet Encryption - Select to encrypt data. Restrict DDNS - Enter the restrict dynamic DNS updates to the specified interfaces (for example, en1 and en1). Password Trust Interval - Set to determine how often the computer trust is updated. |
The newly created profile will be listed in the Profiles section.
4. Go back to the Home tab and select the macOS device(s) or group(s).
5. Click Apply to launch Apply Job/Profile To Device prompt.
6. In the Apply Job/Profile To Device prompt, select the created profile and click Apply.