App Store Extension Attribute

New Contributor

Hey all,

There used to be a plist file called "" in a user's library that you could pull a currently logged in apple ID in the app store from. It looks like that file doesn't exist anymore, so I was hoping there was another way to find out what apple ID a user is logged into in the App Store via a command/extension attribute.

Any ideas? Thanks!


Legendary Contributor III

There is a way, but it involves using a binary that you'd need to deploy to your Macs. Its called "mas" (for "Mac App Store") and it can be found here: It allows you to run a simple command to see what account is logged into the Mac App Store, but more than just that. Take a look at it and see if it will solve your issue.

Valued Contributor III
Valued Contributor III

I was actually just asking about this on the #jamfnation channel in the MacAdmins Slack. Looks like it's the primary account in ~/Library/Preferences/

So something like this:
/usr/libexec/PlistBuddy -c "Print :PrimaryAccount:0:1:identifier" /Users/$LOGGED_IN_USER/Library/Preferences/
would spit out an Apple ID (you'd need to establish the LOGGED_IN_USER).

I've done some poking around on a VM using Composer to see what files are modified on sign-in/sign-out and it seems like the route is the most consistent. But YMMV.

New Contributor II

Here's one based on @emily's suggestion. Appears to be working on 10.12.6 and 10.13.4.


loggedInMacUser=$(/usr/bin/stat -f%Su /dev/console)

if [ -e "/Users/$loggedInMacUser/Library/Preferences/" ]; then

    primaryAccountIdentifier=$(/usr/libexec/PlistBuddy -c "Print :PrimaryAccount:0:1:identifier" "/Users/$loggedInMacUser/Library/Preferences/" 2>&1)


    if [ "$result" -eq 1 ]; then

        echo "<result>$primaryAccountIdentifier</result>"

    elif [ "$result" -eq 0 ]; then

        echo "<result>$primaryAccountIdentifier</result>"



    echo "<result>No PList to check</result>"


Stderr is redirected in the event the entry is not in the plist (which appears to occur when not signed in). Thinking that output is more useful than an empty or null value.

Valued Contributor III

If your making it as an AE and wanting it to always be populated with the most recently used ID you might want to scrape through all users for the most recently modified one that contains an ID. Otherwise anytime there was an inventory update with no one logged in it would return empty.