Skip to main content
Solved

New User - Inventory from AD

  • June 15, 2015
  • 7 replies
  • 33 views
B
Forum|alt.badge.img+5

Hi All,

New user to the Casper Suite here and have a little issue with AD & Inventory...

As it stands, if we thin image using Netboot, our inventory doesn't update based on who's logged into the machine (we don't swap machines, a single machine is assigned to one person)

I have to manually go into inventory and type in the username and click the blue magnify glass... We are looking at reimaging 200 Macs and can't really do this for every machine.

If I enrol a machine via the webpage then I can assign a user to the machine and the inventory is correct, though this defeats the object of the NetBoot image which automates enrolment.

Any help would be great.

Thanks

Bill

Best answer by mm2270

@billystanton Just a quick note. What I posted above is not actually a script. Its a one line command that you can plug into the Execute Command field within the Files & Processes payload in a policy.

If you want it to be a script, you need to add the shebang to the beginning, so something like:

#!/bin/sh

jamf recon -endUsername $3

But I'd also look over Ben Tom's (Mac Mule) post on the topic as it explains everything in better detail than my quick post above. It should get things working as you want.

    7 replies

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • June 15, 2015

    Hi, is this what you're looking for: https://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • June 15, 2015

    Hi. There are actually a lot of existing threads here on JAMFNation that detail how to plug in the current user of a Mac into the User & Location section of the JSS' computer record, and then (assuming your JSS is connected to your LDAP environment and things are set up correctly), let the JSS pull in all the other information from LDAP.
    Here is one very recent discussion on this, although there are plenty of others: https://jamfnation.jamfsoftware.com/discussion.html?id=14837

    The basic principle here is to use the jamf binary within a script or policy that runs the following at login:

    jamf recon -endUsername $3

    $3 will translate to the user name of the person who logged in, but only when configured as a login/logout trigger and I think within Self Service policies.

    Back in your JSS, assuming again, that you have a valid LDAP connection set up, you'll want to enable the option called "Collect user and location information from LDAP" under the Computer Management > Computer Inventory Collection section. That setting will only work once the above script command runs on a Mac and populates the username (short ID) In other words, the JSS needs something to use for the LDAP lookup so it can pull in Full Name, Email Address, Phone Number, etc.

    B
    Forum|alt.badge.img+5
    • billystanton
    • Author
    • Contributor
    • June 15, 2015

    Thanks very much both.

    I will try @mm2270 script and then will report back.

    Wont pull in much information over night!

    Thanks!

    mm2270
    Forum|alt.badge.img+24
    • mm2270
    • Legendary Contributor
    • Answer
    • June 15, 2015

    @billystanton Just a quick note. What I posted above is not actually a script. Its a one line command that you can plug into the Execute Command field within the Files & Processes payload in a policy.

    If you want it to be a script, you need to add the shebang to the beginning, so something like:

    #!/bin/sh

jamf recon -endUsername $3

    But I'd also look over Ben Tom's (Mac Mule) post on the topic as it explains everything in better detail than my quick post above. It should get things working as you want.

    B
    Forum|alt.badge.img+5
    • billystanton
    • Author
    • Contributor
    • June 16, 2015

    It worked! Thank you both!

    C
    Forum|alt.badge.img+5

    Just thought I'd add this here, as someone who doesn't really 'get' coding - This script has been running on all our machines, doesn't require a login/logout to work, and will give you the currently logged in user (which is handy in an environment where people aren't switching laptops).

    This code came straight from JAMF Support.

    #! /bin/sh
user=$(ls -l /dev/console | awk '{print $3}');
jamf recon -endUsername $user
    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • October 27, 2015

    Hi @kingscollege

    That's not always the best method to grab the username, I have a post on an alternative method here.

    Also, as @davidacland linked to. The username is only part of the equation when it comes to AD details, as per my post here.

    Terms & ConditionsCookie settingsAccessibility statement