AD Admin Group Offline Admin?

Login Script correct?

On Oct 20, 2011, at 11:53 AM, Thomas Larkin wrote:

taking a note from Cem I whipped this up, please test and post on the script repository if it works

#!/bin/bash

# add user to the local admin group if their account is an AD account
# run as a login hook via casper, $3 will retrun the current user

# see if the user has Active Directory present as their authentication authority

/usr/bin/dscl . read /Users/$3 AuthenticationAuthority | /usr/bin/grep "Active Directory"

# now check results of command and apply group membership accordingly

if [[ $? == 0 ]] ; do

then /usr/sbin/dseditgroup -o edit -a $3 -t user admin else /bin/echo "$3 is not an AD user..."

fi
done

# now check group membership of user and notify them of any changes

if [[ /usr/bin/dscl . read /Groups/admin GroupMembership | /usr/bin/grep -c $3 == 1 ]]

then /usr/sbin/jamf displayMessage -message "We have detected that your user account is a part of Active Directory and you have been added to the local admin group"

fi

exit 0

Hi Tom,

I tried the last script you posted here to move my AD admin user into the local admin group and an error was returned. Could you help? Or is there something out here that is working?

Thanks,
Chuck

/usr/sbin/jamf is version 8.6 Executing Policy PromoteAD... Creating directory structure for /Library/Application Support/JAMF/Downloads/ Downloading http://xxxx/CasperShare/Scripts/PromoteAD.bash... Running script PromoteAD.bash... Script exit code: 2 Script result: ;LocalCachedUser;/Active Directory/SJN/xxx.xxxxx.xxx:ctaylor:1E9B8FB6-4032-4F9E-B839-6CEEB0629185 /private/tmp/PromoteAD.bash: line 12: syntax error near unexpected token `do' /private/tmp/PromoteAD.bash: line 12: `if [[ $? == 0 ]] ; do '