Solved: What is the best practice to check if MacOS device is Domain Joined or not?

Nate Zhang · ‎06-12-2019

In one of the deployment, we need to check MacOS is Domain Joined or not so that we can apply ISE posture check to that device.

If this is a Non-Domain Joined device (like BYOD) device, we would apply it to go through BYOD flow.

Authentication is using EAP-PEAP.

ldanny · ‎06-13-2019

You can use the AD attribute - "AD-Host-Exists = True" as a condition.

View solution in original post

Francesco Molino · ‎06-12-2019

Hi

If mac devices are joined to a Microsoft AD domain, it means the object ad will be a member, at least of domain computers.

If you create a rule that use this group, the result will show if the device is member or not of your AD.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Nate Zhang · ‎06-13-2019

Hi Francesco,

Thank you for the information. Yes, the Mac devices are Domain Joined.
Could you elaborate more about the rule? How should it be configured and which condition to be used?

ldanny · ‎06-13-2019

You can use the AD attribute - "AD-Host-Exists = True" as a condition.

Francesco Molino · ‎06-15-2019

Sorry for my late answer I was at Cisco Live but you got the answer. Sorry

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question