- Jamf Nation Community
- Products
- Jamf Pro
- Re: AD/Centrify and Inventory
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-02-2012 07:45 AM
Hi
I'd like to get more of the AD groups and OU details imported with the Macs into JSS. Is there an easy way to do this?
Cheers,
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-09-2012 05:33 PM
what information are you trying to get?
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-02-2012 08:32 AM
Its been a while since I've used it, but I know that Centrify has some command line tools to get information from a system about its AD status, possibly the OU its in, etc.
I also remember that Centrify's documentation on this was incredibly weak. Took me forever just to find some docs on how these tools worked. That may have changed though. I would look into this as a start though. Almost sure there are ways to get this information using a script in an Extension Attribute.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-09-2012 05:33 PM
what information are you trying to get?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2012 12:54 AM
I'm trying to get some kind of group info like OU or GID.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2012 04:07 PM
Starting from version 5.x Centrify's got this cool tool called adedit which provides ways to get AD information from *nix and Mac OS X machine. Command to retrieve Zone related AD information is quite different from that of just AD objects. You need to be more specific about what information you want to get.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-12-2012 05:12 AM
Ideally I'd like to be able to retrieve OU information and gather that in the inventory.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-16-2013 08:32 AM
Not currently available via adinfo, to my knowledge. You can get your current zone, but that could certainly transcend OUs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-21-2013 12:59 PM
adquery might give you some of the info you are looking for.
For the primary and unix groups for a user
adquery user --adgroups <usernamehere>
For the Active Directory groups for a user
adquery user --adgroups <usernamehere>
I'm not sure how to get the AD OU that the Mac is joined to.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-21-2013 01:14 PM
It took Centrify Support 26 minutes to respond with this which works for me.
You can use the adquery command to actually query the computer object as well.
So if for example a Mac with the hostname "test-mac" is located in the OU "/Testing OU/Mac Computers/", then the command:
adquery user -C test-mac
Will return the canonical name: domain.com/Testing OU/Mac Computers/test-mac
Alternatively, you can also query for the distinguished name as well:
adquery user -D test-mac
Returns: CN=test-mac,OU=Mac Computers,OU=Testing OU,DC=domain,DC=com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-22-2013 06:49 AM
Makes sense, as computer objects are users. Good for that support rep (as the one I got didn't come up with that).
