ignore works as expected through jamfpro if we push, but not if we execute script manually from macos.

That’s because $4 are Jamf variables, which terminal app doesn’t know anything about.

This is our solution and it works well.

#!/bin/bash



# Enter the API Username, API Password and JSS URL here

apiuser="your-api-read-only-user" # create a user for read only (Active Directory or local on Jamf Server)

apipass="your-password" # password for the api-read-only

jssURL="https://your.jamfserver-url:8443"



# Get the Mac's UUID string

UUID=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformUUID/{print $4}')



# Make first a "Inventory Preload" with Asset Tag (Settings > Global Management)

# Pull the Asset Tag by accessing the computer records "general" subsection

Asset_Tag=$(curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssURL}/JSSResource/computers/udid/${UUID}/subset/general" | xmllint --format - 2>/dev/null | awk -F'>|<' '/<asset_tag>/{print $3}')



echo "$Asset_Tag"



scutil --set ComputerName "$Asset_Tag"

scutil --set HostName "$Asset_Tag"

scutil --set LocalHostName "$Asset_Tag"



# Make first a policy with a trigger for update-inventory

# Computers > Policies > General > General (Display Name: Update Inventory)

# Computers > Policies > General > Trigger (Custom Event: update-inventory)

# Computers > Policies > Maintenance > Update inventory



/usr/local/jamf/bin/jamf policy -trigger update-inventory



exit 0

@ esv

!/bin/sh

username=ls -l /dev/console | cut -d " " -f 4

scutil --set ComputerName "$4""$username"
scutil --set HostName "$4""$username".domain
scutil --set LocalHostName "$4""$username"

jamf recon

your above script works fine, But also the machines are getting removed from AD. I wanted the machines to be rename in AD as well is there any way for this.

@vijayragesh We name ours differently but the unbind - bind should work for you. We trigger a policy to bind call the trigger in the rename script. I have several bind policies based on the device use. Otherwise you would need to run dsconfigad -add -force -u "${username}" -p "${password}"

Username/Password used to perform binding

username="xxxxxx"
password="*xxxxxx"

Unbind from AD

dsconfigad -remove -force -u "${username}" -p "${password}"

rename computer

scutil --set ComputerName $computername
scutil --set LocalHostName $computername
scutil --set HostName $computername

Perform bind

jamf policy -trigger bind_to_ad

Hope this helps

"dsconfigad -remove..." actually removes the AD record, which may be required in some environments depending on how Active Directory is setup in regards to the login used to bind with.

In my environment I can get away with "dsconfig -leave -force" That way I'm not putting AD login details into a script, and the rebind automatically reconnects to the same AD record and corrects the name.

This is failing because the username contains a dot. For my environment, I can do without it since I am not going to be remotely connecting to the devices