Skip to main content
Question

Active Directory Distinguished Name Extension Attribute

C
Forum|alt.badge.img+4

I had a script working to gather a machine's DN for building Smart Groups that was fine until Mojave dropped:

#!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

domain="DOMAIN"
offthegrid="Not on the Domain"
ou=$(dscl "/Active Directory/$domain/All Domains" read /Computers/${compName}$ distinguishedName | tail -1 | xargs) 

if [[ $ou = "Data source (/Active Directory/DOMAIN/All Domains) is not valid." ]];
    then
        echo "<result>$offthegrid</result>"
else
    echo "<result>$ou</result>"
fi

So far, I'm not sure what changed in Mojave with this attribute. Has anyone encountered this?

3 replies

mm2270
Forum|alt.badge.img+16
  • mm2270
  • Legendary Contributor
  • 7880 replies
  • July 10, 2019

What happens if you run the script locally on a Mojave Mac joined to the domain? What result does it return, if any? I no longer have a system joined to AD on hand, so I can't test it myself.

M
Forum|alt.badge.img+9
  • myronjoffe
  • Valued Contributor
  • 135 replies
  • July 10, 2019

Have you tried using an extension attribute with LDAP attribute mapping: distinguishedName instead?

R
Forum|alt.badge.img+18
  • ryan_ball
  • Contributor
  • 475 replies
  • July 10, 2019

I wrote this a while back and posted it here for somebody:

#!/bin/bash
# If full domain is contoso.com, you need to capture the CONTOSO only part, but you can get this from the Keychain
DomainName=$(/usr/bin/security dump-keychain -d /Library/Keychains/System.keychain | grep "/Active Directory" | tail -n 1 | sed -n -e 's/^.*Directory///p' | tr -d '"')
CompName=$(/usr/sbin/dsconfigad -show | awk '/Computer Account/{print $NF}')

dn=$(/usr/bin/dscl "/Active Directory/$DomainName/All Domains" read /Computers/"$CompName" dsAttrTypeNative:distinguishedName | cut -f2- -d ' ')
echo "<result>$dn</result>"
exit 0

Reply


Most helpful members this week

Terms & ConditionsCookie settingsAccessibility statement

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings