+20Can someone be as to kind to give me some coding love!
I need to create an Extension Attribute that calls an AD Group. I want to use this to make a smart group (X Users get X script.)
Any help would be much appreciated!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
Best answer by Matt11
I think we have a winner!!! Tested this with a Smart Group and it worked like a champ!!!!
#!/bin/bash
computerName=$(networksetup -getcomputername)
dscl /Active Directory/domain -read /Groups/groupname | grep "$computerName"
if [ $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"
So if anyone needs to base an Extension Attribute on a Computer Group here you go!!!!
Thanks to everyone who helped steer me in the right direction!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
+20Returns nothing. I used Workgroup Manager to get the GUID however I can only get user level not Computer based. Since this AD Group is based on Machine Records I am wondering if their is any way I can do this without using something like Centrify.
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
+13take a look at the script i linked earlier this morning. you can adapt it to do what you want. get the computer name from dsconfigad's output, check membership in the AD group in question. it should be pretty simple as long as your AD bind is working at all.
+5This only tells you a specific group with GID=1115105145 exists. It doesn't tell you if your client or user is a member of that group. Is that what you want?
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885
+18jwhats below should work or be close,
#!/bin/bash
hostname=hostname
dscl /Active Directory/All Domains -read /Groups/groupname GroupMembership | grep –q $hostname
if [ $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services
+12I still don't really understand what you are trying to do but...these may
help.
dscl localhost -read "/Active Directory/All
Domains/Computers/${computer_acct}" dn
To get the OU for a given account. This is from a script I whipped up a
while ago that read a ton of account names from a list.
Also, just like dn at the end of the above command you can get even finer
detail from the command you just posted.
dscl "/Active Directory/All Domains" -read "/Groups/${group_name}"
GroupMembership
will just show you the user accounts in that group.
Ryan M. Manly
Glenbrook High Schools
p.s. Quotes are prettier than escaping spaces ;)
+20Hey Todd close to what I came up with!
#!/bin/bash
computerName="networksetup -getcomputername"
dscl /Active Directory/domain -read /Groups/groupname | grep GroupMembership
if [ $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"
I need to test this but I got a result with this.
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
+12I feel the need to mention that the computer name in Mac OS X and the
computer account name in AD *can* be different. 99.9% of the time they are
not but if you have a careless tech, a local admin that decides they want to
change the Computer name in sharing, or some other crazy bind issue it will
not match the computer account name from AD.
You need to parse the output of dsconfigad for that.
sudo dsconfigad -show | awk '/Computer Account/{ print $4 }'
Ryan M. Manly
Glenbrook High Schools
+12P.S.
Not to mention that it is possible for
hostname
scutil --get ComputerName
(I am fairly certain that "networksetup -getcomputername" corresponds to
this)
scutil --get LocalHostName
scutil --get Hostname
all to have different values.
Good Luck,
~Ryan
+18good reminder.
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services
+20AD names won't be an issue. Our asset tags are printed according to our AD name and named accordingly.
#!/bin/bash
computerName="networksetup -getcomputername"
dscl /Active Directory/ffe.foxeg.com -read /Groups/fngmaccoolchange | grep "$computerName"
if [ $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"
If I replace $computerName with a value this script works, once the variable is in play it does not. So close yet so far!!!!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
+18I missed a –q in the grep command
grep –q $hostname
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services
+20I think we have a winner!!! Tested this with a Smart Group and it worked like a champ!!!!
#!/bin/bash
computerName=$(networksetup -getcomputername)
dscl /Active Directory/domain -read /Groups/groupname | grep "$computerName"
if [ $? -eq 0 ]; then
result=yes
else
result=no
fi
echo "<result>$result</result>"
So if anyone needs to base an Extension Attribute on a Computer Group here you go!!!!
Thanks to everyone who helped steer me in the right direction!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
+7This is totally awesome work...
Super keen to have an EA that queries the AD computer account and loops through the AD group membership for that computer object then echo looping each group (yes EACH group)
This would populate machines in the JSS with there AD group membership in the EA fields.
I might have just repeated what someone has asked for or stated above and my apologies.
Going to give it a try will report back on the results.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.