Skip to main content
Solved

Distinguished Names of Bound Macs

  • August 15, 2018
  • 7 replies
  • 26 views
C
Forum|alt.badge.img+4

I'm working on a way to build Smart Groups based on a machine's OU in ADS. I've put together a Bash script to create an Extension Attribute reporting the DN, but it doesn't update the field in the Inventory for computers. I'm not sure why, because I verified the script is working. Anyone had any success with this? It's sort of imperative I get this functionality for RBAC for my sites and such.

#!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

ou=$(dscl '/Active Directory/<DOMAIN>/All Domains' -read /Computers/$compName$ distinguishedName | grep 'CN' | awk '{$1=$1;print}') 

echo "<result>$ou</result>"

Best answer by mm2270

What you have should work, though I might suggest a few modifications to it. Silly question, but have your Macs submitted inventory since the EA was created? Because you will only see results when they send in a recon to the Jamf Pro server. Before that, the EA field will remain blank.

As for my suggestions, drop the backslash before the $ character, since you can just wrap the $compName variable in brackets and add the $ character at the end. I would also use | tail -1 | xargs to grab the distinguishedName string.

#!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

domain="DOMAIN_NAME"

ou=$(dscl "/Active Directory/$domain/All Domains" read /Computers/${compName}$ distinguishedName | tail -1 | xargs) 

echo "<result>$ou</result>"

But as mentioned, it really should work fine even as you had it originally. If machines are submitting inventory and it's still not populating, then something else is going on, but I'm not sure what.

    7 replies

    T
    Forum|alt.badge.img+14
    • tthurman
    • Valued Contributor
    • August 15, 2018

    I'm honestly not sure what is making it not work.

    I modified your script, however. It is working for me now.

    I would recommend some more cleanup on your $ou variable.

    #!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

domain="DOMAIN_NAME"

ou=$(dscl "/Active Directory/$domain/All Domains" read "/Computers/$compName$" distinguishedName | grep 'CN' | awk '{$1=$1;print}') 

echo "<result>$ou</result>"

    Regards,
    TJ

    C
    Forum|alt.badge.img+4
    • cmudgeUWF
    • Author
    • Contributor
    • August 15, 2018

    Yeah I made that change, and I still have nothing. I'm at a loss.

    R
    Forum|alt.badge.img+19
    • ryan_ball
    • Contributor
    • August 15, 2018

    Is your domain variable in form contoso.com or CONTOSO?

    C
    Forum|alt.badge.img+4
    • cmudgeUWF
    • Author
    • Contributor
    • August 15, 2018

    It's in the form of CONTOSO.

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • Answer
    • August 15, 2018

    What you have should work, though I might suggest a few modifications to it. Silly question, but have your Macs submitted inventory since the EA was created? Because you will only see results when they send in a recon to the Jamf Pro server. Before that, the EA field will remain blank.

    As for my suggestions, drop the backslash before the $ character, since you can just wrap the $compName variable in brackets and add the $ character at the end. I would also use | tail -1 | xargs to grab the distinguishedName string.

    #!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

domain="DOMAIN_NAME"

ou=$(dscl "/Active Directory/$domain/All Domains" read /Computers/${compName}$ distinguishedName | tail -1 | xargs) 

echo "<result>$ou</result>"

    But as mentioned, it really should work fine even as you had it originally. If machines are submitting inventory and it's still not populating, then something else is going on, but I'm not sure what.

    C
    T
    Forum|alt.badge.img+14
    • tthurman
    • Valued Contributor
    • August 15, 2018

    I'm not sure, honestly. Your script didn't work for me.

    The script I rewrote, worked. Did you make sure it has the double quotes instead of single quotes. Also, make sure the - is not on read anymore and make sure there are double quotes around the "/Computers/$compName$" part.

    Regards,
    TJ

    C
    Forum|alt.badge.img+4
    • cmudgeUWF
    • Author
    • Contributor
    • August 15, 2018

    @mm2270 That last script you provided did the trick! The goal is to create sites based on AD membership so I can allow other IT folks in other departments see only their machines.

    T
    Terms & ConditionsCookie settingsAccessibility statement