Help

Allowed admin group into extension attribute

Go to solution
kbreed27
Contributor

Posted on ‎05-25-2022 12:56 PM

Hey-oh JAMF nation. 

I am a new JAMF admin coming previously from a Helpdesk role. If I ask or say anything that doesn't make since please  bare with me, I'm trying to learn the ropes.

I am trying to get an extension attribute setup in JAMF to query what AD groups have been setup with local admin rights to our computers. 

This command outputs the information that I am trying to query:

dsconfigad -show | grep "Allowed admin groups" 

kbreed27_0-1653508181619.png

 

When I set it up as an extension attribute in JAMF, it doesn't actually return a result in JAMF. I'm sure it's something simple I'm missing. Any help would be greatly appreciated. I've tried a few different variations:

 

kbreed27_3-1653508436810.png

 

kbreed27_2-1653508392492.png

 

kbreed27_1-1653508298083.png

 

 

Thanks all!

0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Go to solution
Tribruin
Valued Contributor II

Posted on ‎05-25-2022 02:09 PM

You need to wrap your the results that you echo in the <result></result> tags. That is what Jamf is looking for when populating an EA. 

Also, your second script is not going to produce the right results in the variable. You want to use command substitution by enclosing the command in $(.....).

Your script should look something like this:

 

#!/bin/bash

ADadmin=$(dsconfigad -show | grep "Allowed admin groups")

echo "<result>$ADadmin</result>"

 Try running that script on a computer first, before you upload it to an EA.

View solution in original post

Reply

Go to solution
mm2270
Legendary Contributor III
In response to kbreed27

Posted on ‎05-25-2022 06:35 PM

That's not making sense. Did you copy and paste the script @Tribruin posted above, exactly as is? Or did you try to recreate it? Because the script posted above should absolutely work.

I see you tried to upload some images, but for some reason they aren't showing up, so I can't see what you were attempting to show us.

View solution in original post

Reply
4 REPLIES 4

Go to solution
Tribruin
Valued Contributor II

Posted on ‎05-25-2022 02:09 PM

You need to wrap your the results that you echo in the <result></result> tags. That is what Jamf is looking for when populating an EA. 

Also, your second script is not going to produce the right results in the variable. You want to use command substitution by enclosing the command in $(.....).

Your script should look something like this:

 

#!/bin/bash

ADadmin=$(dsconfigad -show | grep "Allowed admin groups")

echo "<result>$ADadmin</result>"

 Try running that script on a computer first, before you upload it to an EA.

Reply

Go to solution
kbreed27
Contributor
In response to Tribruin

Posted on ‎05-25-2022 02:51 PM

Thank you for the information! Unfortunately, no dice.

When I used your code to create a script, it did still produce the information that I was looking for in the Terminal, however when implemented into JAMF it still doesn’t return any information:

[cid:image001.png@01D87057.B5DB8D80]

[cid:image002.png@01D87057.B5DB8D80]

[cid:image003.png@01D87057.B5DB8D80]

[cid:image004.png@01D87057.B5DB8D80]

I did force a JAMF recon on my test machine to make sure that it looked for the new EA, unfortunately no dice.
0 Kudos
Reply

Go to solution
mm2270
Legendary Contributor III
In response to kbreed27

Posted on ‎05-25-2022 06:35 PM

That's not making sense. Did you copy and paste the script @Tribruin posted above, exactly as is? Or did you try to recreate it? Because the script posted above should absolutely work.

I see you tried to upload some images, but for some reason they aren't showing up, so I can't see what you were attempting to show us.

Reply

Go to solution
kbreed27
Contributor
In response to mm2270

Posted on ‎05-26-2022 08:25 AM

I guess I messed something up. I recreated the Extension attribute and copied and pasted the exact script again and it worked!

 

Thank you for the help.

0 Kudos
Reply