I am testing Centrify (a simple way to manage non-windows machines in AD) and I noticed that if you join a mac to AD via the OS the TEM Console will show the AD path of the mac in the computer properties, so you can use that as a group criteria and, subsequently, a permissions boundary. If you join a mac to AD using Centrify, it does not show the path.
Pretty minor point, but using Centrify to join a mac or unix machine to AD is a lot more dummy proof, and you get some group policy stuff. I bought bigfix, in part, because of cross platform support - the same reason I am trying to use Centrify.
I work at Centrify and we’d be happy to help with this too. Can you send us an email at “support at centrify dot com” and we will work on it from our side.
I promise to post back to this site anything that we discover.
I don’t want to manually set that for the agent - for one it wouldn’t set right again if the machine was moved. What would make more sense would be for Centrify to know exactly where on the local OS you’re pulling the information from, so that they could write that same information to the OS (if possible) - that way the BigFix agent would pick it up automatically.
The Mac agent is currently using the Directory Services set of functionality to make it compatible with the most versions of OS X. System functions like dsGetRecordList/dsGetRecordEntry provide a lot of the information.