Returns nothing. I used Workgroup Manager to get the GUID however I can only get user level not Computer based. Since this AD Group is based on Machine Records I am wondering if their is any way I can do this without using something like Centrify.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

take a look at the script i linked earlier this morning. you can adapt it to do what you want. get the computer name from dsconfigad's output, check membership in the AD group in question. it should be pretty simple as long as your AD bind is working at all.

This only tells you a specific group with GID=1115105145 exists. It doesn't tell you if your client or user is a member of that group. Is that what you want?
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

jwhats below should work or be close,
#!/bin/bash
hostname=hostname
dscl /Active Directory/All Domains -read /Groups/groupname GroupMembership | grep –q $hostname
if f $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

I still don't really understand what you are trying to do but...these may
help.

dscl localhost -read "/Active Directory/All
Domains/Computers/${computer_acct}" dn

To get the OU for a given account. This is from a script I whipped up a
while ago that read a ton of account names from a list.

Also, just like dn at the end of the above command you can get even finer
detail from the command you just posted.

dscl "/Active Directory/All Domains" -read "/Groups/${group_name}"
GroupMembership

will just show you the user accounts in that group.

Ryan M. Manly
Glenbrook High Schools

p.s. Quotes are prettier than escaping spaces ;)

Hey Todd close to what I came up with!

#!/bin/bash
computerName="networksetup -getcomputername"
dscl /Active Directory/domain -read /Groups/groupname | grep GroupMembership
if [ $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"

I need to test this but I got a result with this.

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

I feel the need to mention that the computer name in Mac OS X and the
computer account name in AD *can* be different. 99.9% of the time they are
not but if you have a careless tech, a local admin that decides they want to
change the Computer name in sharing, or some other crazy bind issue it will
not match the computer account name from AD.

You need to parse the output of dsconfigad for that.

sudo dsconfigad -show | awk '/Computer Account/{ print $4 }'

Ryan M. Manly
Glenbrook High Schools

P.S.

Not to mention that it is possible for

hostname
scutil --get ComputerName
(I am fairly certain that "networksetup -getcomputername" corresponds to
this)
scutil --get LocalHostName
scutil --get Hostname

all to have different values.

Good Luck,
~Ryan

good reminder.

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

AD names won't be an issue. Our asset tags are printed according to our AD name and named accordingly.

#!/bin/bash

computerName="networksetup -getcomputername"

dscl /Active Directory/ffe.foxeg.com -read /Groups/fngmaccoolchange | grep "$computerName"
if [ $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"

If I replace $computerName with a value this script works, once the variable is in play it does not. So close yet so far!!!!

--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

I missed a –q in the grep command
grep –q $hostname

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

I think we have a winner!!! Tested this with a Smart Group and it worked like a champ!!!!

#!/bin/bash

computerName=$(networksetup -getcomputername)

dscl /Active Directory/domain -read /Groups/groupname | grep "$computerName"
if [ $? -eq 0 ]; then

result=yes
else
result=no
fi
echo "<result>$result</result>"

So if anyone needs to base an Extension Attribute on a Computer Group here you go!!!!

Thanks to everyone who helped steer me in the right direction!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

This is totally awesome work...

Super keen to have an EA that queries the AD computer account and loops through the AD group membership for that computer object then echo looping each group (yes EACH group)
This would populate machines in the JSS with there AD group membership in the EA fields.

I might have just repeated what someone has asked for or stated above and my apologies.

Going to give it a try will report back on the results.