Sponsors
Sponsor Products
Mac binding to domain - naming convention
posted by Mike Moss  on March 4, 2019, 1:36 p.m. (4 years, 8 months, 26 days ago)
4 Responses     0 Plus One's     0 Comments  

Posting this here, but can probably be posted in a different category as well.

 

I've come to notice and issue when binding OS X clients to our domain. Can someone verify this is 'by design', a bug, or have some sort of fix/workaround..?

 

All our client machines (OSX, Windows and Linux) are bound to our Domain.

if you name a PC client machine as "TEST123" - then the AD object is called "TEST123" - simple.

 

However, on our Mac's it seems its reverting any workstation name to all lower case. So if you bind a Mac machine called "TEST123" it gets bound as "test123".

I checked all 4 names on a mac...

 

netBIOS

HostName

LocalHostName

ComputerName

 

all 4 are "TEST123"...and when the server dialog pops up to bind, it auto reverts the name to lower-case. Even after modifying that to all uppercase, it STILL binds to AD as lowercase. 

this is not just with one machine, but all our Mac clients. - Does this ring a bell with anyone? Is there a reason Mac does this? Is there a workaround to binding to AD exactly as you type it?

 

Thanks,

Mike

 

Thread Tags:
  domain osx, 

Response from Ronald Knol @ March 14, 2019, 11:17 p.m.

I can confirm the Mac behaviour - it's been that way for ages (at least since 10.9 I believe).

My workaround is to manually create the computer entry (in AD snap-in on Windows) before the Mac joins.

Then it keeps the name with how you create it.

 

0 Plus One's     0 Comments  
   

Response from Todd Smith @ March 4, 2019, 4:50 p.m.
The RFC for hostnames specifies that they are case insensitive.  Many applications will ignore the case of hostnames entirely, while others want to enforce only lowercase (most important is DNS). In my experience, hostnames have only ever been lowercase.
Cheers,Todd Smith
Head of Information Technology
soho vfx | 40 Hanna Ave. Suite 403, Toronto, Ontario M6K 0C3
office: (416) 516-7863 fax: (416) 516-9682 web: sohovfx.com
----- On Mar 4, 2019, at 3:39 PM, content <content@studiosysadmins.com> wrote:

Thanks for the response. If this is normal behavior then ill try to work around it. 

 

My reasoning is because we are using Sophos Enterprise here as our AV. We've noticed that we are getting duplicate workstation entries in our Sophos console.

Two identical machines appearing in Sophos. After some discussion with Sophos Tech support they have diagnosed that its because of the machines being named differerntly in AD vs what the local hostname is (TEST123 vs test123) - although this is tecnically one machine, Sophos sees it as 2...

 

It scans AD and finds "test123" as one machine, then when the end user machines checks in to gets its updates, etc it checks in as TEST123..therefor it doubles up. 

 

I was doing some testing to fix this naming issue, and found that it wont bind with uppercase charaacters. which is where this prompted me to post a question as to...why.

 

In order to fix my specific sophos issues on doubled up machines, seems like ill have to re-name each machine to be lower case so that it matches what the AD object is.

 

Thanks again.

Mike

 

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

0 Plus One's     0 Comments  
   

Response from Mike Moss @ March 4, 2019, 3:39 p.m.

Thanks for the response. If this is normal behavior then ill try to work around it. 

 

My reasoning is because we are using Sophos Enterprise here as our AV. We've noticed that we are getting duplicate workstation entries in our Sophos console.

Two identical machines appearing in Sophos. After some discussion with Sophos Tech support they have diagnosed that its because of the machines being named differerntly in AD vs what the local hostname is (TEST123 vs test123) - although this is tecnically one machine, Sophos sees it as 2...

 

It scans AD and finds "test123" as one machine, then when the end user machines checks in to gets its updates, etc it checks in as TEST123..therefor it doubles up. 

 

I was doing some testing to fix this naming issue, and found that it wont bind with uppercase charaacters. which is where this prompted me to post a question as to...why.

 

In order to fix my specific sophos issues on doubled up machines, seems like ill have to re-name each machine to be lower case so that it matches what the AD object is.

 

Thanks again.

Mike

 

0 Plus One's     0 Comments  
   

Response from Sean Macrae @ March 4, 2019, 3:30 p.m.

Not sure of the reasoning if any but always have found the same to be true in my past experiences binding Mac's. No matter they will ony ever use the lowercase variants. 

0 Plus One's     0 Comments