Is there a way to inject AD UserID and User Full Name into Jamf Username: field and Full Name: field in the User and Location area? Or do I have to use Extension Attributes?
Jamf 10.25.1
Solved
Inject AD Info into Jamf Fields
Best answer by ThijsX
@sgiesbrecht You can run this script once a day or any moment you would like to populate the info into Jamf.
#!/bin/zsh
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo "Running recon for $loggedInUser `date`..."
#Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/bin/jamf recon -endUsername $loggedInUser
echo "Finished running recon for $loggedInUser `date`..."
+17That is controlled under Settings | System Settings | LDAP Servers, where AD is a type of LDAP Server. Is that failing for you in some way?
K, got it - it does work. Now I know where to look for additional AD attributes - Thx
Now can it be automatically updated with the Currently logged in user? Don't want to manually update each device
+20@sgiesbrecht You can run this script once a day or any moment you would like to populate the info into Jamf.
#!/bin/zsh
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo "Running recon for $loggedInUser `date`..."
#Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/bin/jamf recon -endUsername $loggedInUser
echo "Finished running recon for $loggedInUser `date`..."
+4@txhaflaire can your script be run once a day to update user's info in Jamf Pro? We currently have an issue where when looking at the computer's inventory record under user info, it shows the correct "username" but the Full Name and Email fields are showing someone else's name. This isn't happening for all users but more than it should be.
We are currently now using DEP enrollment for M1 Macs, and the user authenticates with AD creds during enrollment.
I have a case open with support as something similar happened last year, but we thought because we used to use user-initiated enrollment via the URL, that was the cause, but it seems like there's an issue with our mapping from LDAP to Jamf Pro. It's just confusing because it's not affecting all users.
+11Posted: 6/4/2021 at 2:41 PM CDT by jmdaul @txhaflaire can your script be run once a day to update user's info in Jamf Pro? We currently have an issue where when looking at the computer's inventory record under user info, it shows the correct "username" but the Full Name and Email fields are showing someone else's name. This isn't happening for all users but more than it should be. We are currently now using DEP enrollment for M1 Macs, and the user authenticates with AD creds during enrollment. I have a case open with support as something similar happened last year, but we thought because we used to use user-initiated enrollment via the URL, that was the cause, but it seems like there's an issue with our mapping from LDAP to Jamf Pro. It's just confusing because it's not affecting all users.
@jmdaul You might have the answer already but I believe that's to do with how Jamf handles updating blank fields for users.
eg. If the new user has an empty attribute while the existing user has that field filled, when updating the record, it retains the previous users data for that field instead of clearing them.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.