So, you're wanting to run a script on Mobile (AD) accounts only?

I believe all Mobile AD accounts have huge UUID's. You could use those.

dscl . read Users/$userName | grep -i UniqueID

My Mobile Account's UniqueID is like 625,000,000
My Local Account's UniqueID is like 80

Regards,
TJ

Here's the script we use to accomplish this. Only does look up for AD users.

#!/bin/bash



# Based on macmule (Ben Toms) script from MacMule.com



# CheckBinary borrowed from Rich Trouton - https://gist.github.com/rtrouton/df24a3b1162605046a9e#file-gistfile1-txt

CheckBinary (){



    # Identify location of jamf binary.

    jamf_binary=`/usr/bin/which jamf`



        if [[ "$jamf_binary" == "" ]] && [[ -e "/usr/sbin/jamf" ]] && [[ ! -e "/usr/local/bin/jamf" ]]; then

            jamf_binary="/usr/sbin/jamf"

        elif [[ "$jamf_binary" == "" ]] && [[ ! -e "/usr/sbin/jamf" ]] && [[ -e "/usr/local/bin/jamf" ]]; then

            jamf_binary="/usr/local/bin/jamf"

        elif [[ "$jamf_binary" == "" ]] && [[ -e "/usr/sbin/jamf" ]] && [[ -e "/usr/local/bin/jamf" ]]; then

            jamf_binary="/usr/local/bin/jamf"

        fi

        }



# Run the CheckBinary function to identify the location

# of the jamf binary for the jamf_binary variable.

CheckBinary



# Get the logged in users username

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`



# Check if loggedInUser is an AD account

accountCheck=$(dscl . read /Users/$loggedInUser OriginalAuthenticationAuthority 2>/dev/null)



if [ "$accountCheck" != "" ]; then

     $jamf_binary recon -endUsername $loggedInUser

else

     exit 0

fi

@stephanpeterson are you running that script along with a LaunchAgent or just though Jamf with login trigger?

Hey @jhbush1973! I've been using it just through Jamf with login trigger, but just yesterday afternoon started finding machines that have broken loginhooks. Looking at moving to LaunchAgent with custom trigger.