I'm working on a bash script designed to enable Macintosh (10.8) users that are given admin permissions from Active Directory, to retain their Admin credentials when they're not authenticating to AD (ie: took a work computer home and working offline). By default you lose Admin permissions if you can't authenticate... theoretically this script should add users from specified AD groups and make them local admins.
I'm just running into one error near the end when it attempts to append the users from the groups, instead of doing so and exiting the script, it's stating, "No group name provided" three times. I'm a bash novice, so here's to some assistance! I've changed our AD domain to mytfa.org to keep it similar but inconspicuous as the word "example" when mirrororing "example.com" was thoroughly confusing in the various connotations of this script.
#!/bin/bash
#
#
# Script to detect if a user is a member of the admin group. If not, and they are not a student, it will add them.
#
#
# say "script started"
# Check if user is already an admin
IsAdmin=$(dseditgroup -o checkmember -n . -u $1 admin)
# say "Is Admin variable assigned"
# echo "$IsAdmin"
if [[ $IsAdmin == yes* ]]
then
# echo "No further action needed"
# say "user is an admin"
exit
else
# All TFA check... -n is not null -o comparison for or $1 stores username
# say "All TFA check"
ATmember=$(dseditgroup -n /Active Directory/MYTFA/mytfa.org -o checkmember -u $1 All TFA)
# Tech Team check
# say "Tech Team check"
TTmember=$(dseditgroup -n /Active Directory/MYTFA/mytfa.org -o checkmember -u $1 Tech Team)
# Administrators check
# say "Administrators check"
AAmember=$(dseditgroup -n /Active Directory/MYTFA/mytfa.org -o checkmember -u $1 Administrators)
# Adds to local admin if user is a member of All TFA, Tech Team, or Administrators
if [[ $ATmember == yes* ]] || [[ $TTmember == yes* ]] || [[ $AAmember == yes* ]]
then
# say "User is a member"
# echo "User is a member of All TFA, Tech Team, or Administrators."
sudo dscl . append /Groups/admin GroupMembership $1
fi
fi
exit
Using 10.8.4 as root also tried as AD Admin account. Original source ( http://pastebin.com/86hjq4Hi )