joshua-d-miller/macOSLAPS

macOSLAPS AAD

crofmmv opened this issue · 5 comments

Hi we don't have an on prem AD and our macOS are not bound to a domain. the macOS hosts use Jamf Connect for AAD logins but we still have a local admin account, does macOSLAPS work with AAD?

I see thanks for your reply, would macOSLAPS work with an admin account that was created during setup Assistant on an Apple Silicon(M1) device?

So I've got the following so far;

macLAPS pkg deployed
macLAPS PList Config we are using the Method Local as we don't have AD.

I can run macLAPS on the device for the first time that has both deployed to it.

both the macOSLAPS password and expiration files are in the /private/bar/root/Library/Application folder but how to I get them up to Jamf Pro?

Regards,

Crawford

Hello @crofmmv,

Those files are temporarily created. The next run will remove them. You would need to create an extension attribute in Jamf to send the password to Jamf. You can see the examples here: https://github.com/joshua-d-miller/macOSLAPS/blob/master/jamf%20Extension%20Attributes/Password:Expiration%20Combined.sh

Hello @crofmmv,

Wanted to check in and see if you feel submitting the password to Jamf is acceptable over Azure AD.

Thanks!