We are looking at Reigning in Apple ID use on our Institutional Laptops for security reasons. We want to prevent users from using personal Apple IDs. We know we can block the Pane for managing them and that we can prevent making changes to internet accounts. That is great. However, if you are like us, we also need to get people logged out of their personal Apple ID and or change their email on the Apple ID to a private one so they retain control when we take over control of our Domain apple ids. Our issue was how to identify who we need to work with and what type of help they need. Enter JAMF Extension Attributes. The Script below can be added to an Extension Attribute so the Apple ID will be visible in JAMF.
#!/bin/bash
loggedInUser=$(stat -f%Su /dev/console)
icloudaccount=$( defaults read /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist Accounts | grep AccountID | cut -d '"' -f 2 )
echo "User: $loggedInUser, Apple ID: $icloudaccount"
echo "<result>$icloudaccount</result>"