Skip to main content
Question

Auto-fill user information after enrolling through Recon

  • September 8, 2015
  • 7 replies
  • 61 views
C
Forum|alt.badge.img+5

Hi,

Just wondering if there is a way to get the JSS to auto-fill user information from AD after doing a silent enrol through recon?

I can manually go into the JSS data for each computer and see the computer account which lets me manually add the persons name, but if there is a way to automate it, it would be very handy.

Edit:

A script seems like it would be easiest // I'd need it to check local user accounts, and enter that username into the User and Location username field to auto-fill the AD records.

    7 replies

    S
    Forum|alt.badge.img+12
    • Simmo
    • Contributor
    • September 8, 2015

    It's definitely possible, I think using a dscl call to find the correct information from AD and then using the API to put the info in to the JSS.
    You might be able to find a script a user has already created around here, I can't imagine you're the first to want to do this.

    T
    Forum|alt.badge.img+5
    • triding
    • Contributor
    • September 8, 2015

    Yes. Ben Toms has done the script and as long as your LDAP server is configured correctly it all works beautifully, it's what I use.

    The info and script can be found here:-

    https://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • September 8, 2015

    Hi,

    The main command is sudo jamf recon -endUsername $3. I've used the same method as Ben, creating a login policy that runs the command once per computer.

    If you want it to keep up to date you could use "ongoing" for the execution frequency, although this will cause it to perform the lookup on every Mac for every login so "once per week" or "once per month" might be a better.

    scottb
    Forum|alt.badge.img+18
    • scottb
    • Valued Contributor
    • September 8, 2015

    See this thread @kingscollege

    LDAP User Info

    C
    Forum|alt.badge.img+5
    • Caleb_Anderson
    • Author
    • Contributor
    • September 10, 2015

    I tried to use the script on the MacMule page, but it kept returning a syntax error regarding the first ` in the code.

    I used this instead:

    #!/bin/sh
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
/usr/sbin/jamf recon -endUsername $loggedInUser

    It seemed to have worked for some, but not others. We have 185 users who are assigned to a department in AD that is also added to the JSS, but the script won't add any of them to their groups.

    Any ideas?

    S
    Forum|alt.badge.img+8
    • steve.mcginn
    • Contributor
    • January 27, 2017

    I was able to figure out how to get this working using the MacMule's page. This is game changing for me...im now going to be able to scope things based off LDAP groups.

    Thanks @triding for adding that info!

    R
    Forum|alt.badge.img+3
    • rapa
    • New Contributor
    • May 31, 2018

    For us (JSS 9.101 / macOS Sierra) we had to substitute the "loggedInUser" line with this:

    loggedInUser= $(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");')

    Terms & ConditionsCookie settingsAccessibility statement