If a Mac is joined to the domain, then can a domain admin account be used to deploy the Kace agent?

Our Mac's are on the domain and have the Domain Admins as well as a domain admin service account as administrators when you go through the Macintosh Directory Utility deal to join it to the domain. But if I deploy using a domain admin account that is an admin on the Mac, it fails. If I deploy using a local admin on the Mac, it succeeds.

0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


Macs get a cert from the domain when you join.  when you image that is a different machine so the cert is invalid and domain credentials are useless.  create your mac master with the local user and then use a post task to join it to the domain.
Answered 05/06/2015 by: SMal.tmcc
Red Belt

  • Thanks for the response. This isn't for images though. With regard to existing Macs that are already joined to the domain, we're hoping there's a way to deploy the agent using a domain account instead of a local account.

    If we use a local account, then any end user who has admin rights (not my choice), will be able to change the password of the account we want to use to deploy with.
Please log in to comment