Allowed admin group into extension attribute

kbreed27
Contributor

Hey-oh JAMF nation. 

I am a new JAMF admin coming previously from a Helpdesk role. If I ask or say anything that doesn't make since please  bare with me, I'm trying to learn the ropes.

I am trying to get an extension attribute setup in JAMF to query what AD groups have been setup with local admin rights to our computers. 

This command outputs the information that I am trying to query:

dsconfigad -show | grep "Allowed admin groups" 

kbreed27_0-1653508181619.png

 

When I set it up as an extension attribute in JAMF, it doesn't actually return a result in JAMF. I'm sure it's something simple I'm missing. Any help would be greatly appreciated. I've tried a few different variations:

 

kbreed27_3-1653508436810.png

 

kbreed27_2-1653508392492.png

 

kbreed27_1-1653508298083.png

 

 

Thanks all!

2 ACCEPTED SOLUTIONS

Tribruin
Valued Contributor II

You need to wrap your the results that you echo in the <result></result> tags. That is what Jamf is looking for when populating an EA. 

Also, your second script is not going to produce the right results in the variable. You want to use command substitution by enclosing the command in $(.....).

Your script should look something like this:

 

#!/bin/bash

ADadmin=$(dsconfigad -show | grep "Allowed admin groups")

echo "<result>$ADadmin</result>"

 Try running that script on a computer first, before you upload it to an EA.

View solution in original post

mm2270
Legendary Contributor III

That's not making sense. Did you copy and paste the script @Tribruin posted above, exactly as is? Or did you try to recreate it? Because the script posted above should absolutely work.

I see you tried to upload some images, but for some reason they aren't showing up, so I can't see what you were attempting to show us.

View solution in original post

4 REPLIES 4

Tribruin
Valued Contributor II

You need to wrap your the results that you echo in the <result></result> tags. That is what Jamf is looking for when populating an EA. 

Also, your second script is not going to produce the right results in the variable. You want to use command substitution by enclosing the command in $(.....).

Your script should look something like this:

 

#!/bin/bash

ADadmin=$(dsconfigad -show | grep "Allowed admin groups")

echo "<result>$ADadmin</result>"

 Try running that script on a computer first, before you upload it to an EA.

Thank you for the information! Unfortunately, no dice.

When I used your code to create a script, it did still produce the information that I was looking for in the Terminal, however when implemented into JAMF it still doesn’t return any information:

[cid:image001.png@01D87057.B5DB8D80]

[cid:image002.png@01D87057.B5DB8D80]

[cid:image003.png@01D87057.B5DB8D80]

[cid:image004.png@01D87057.B5DB8D80]

I did force a JAMF recon on my test machine to make sure that it looked for the new EA, unfortunately no dice.

mm2270
Legendary Contributor III

That's not making sense. Did you copy and paste the script @Tribruin posted above, exactly as is? Or did you try to recreate it? Because the script posted above should absolutely work.

I see you tried to upload some images, but for some reason they aren't showing up, so I can't see what you were attempting to show us.

I guess I messed something up. I recreated the Extension attribute and copied and pasted the exact script again and it worked!

 

Thank you for the help.