Skip to main content
Question

Can a policy/script be written to use JSS user/dept fields?

  • August 19, 2016
  • 4 replies
  • 35 views
dstranathan
Forum|alt.badge.img+19

Before I had JAMF in production, my IT team used ARD fields to locate/identify Macs. Generally we used 2 ARD fields to display the user and department that the Mac was assigned to. Made sorting ARD lists easy, etc.

I would like to automate the process of populating ARD fields based on the what user/dept the Mac is assigned to in the JSS. If a owner name or dept changes in the JSS, it wil be reflected in the ARD fields when the policy runs. This can happen at login, check-in, or scheduled once a day. Doesnt matter as long as it gets synced at some point on a reguar basis.

I have tried to remind our desktop techs to set the ARD fields manually at imaging time (in Casper Imaging), but this step is often forgotten, or the ARD data becomes stale over time as employees come and go.

Setting the ARD fields manually via a script is easy, its keep the fields in sync with the JSS thats the challenging part.

Getting the current console user would be easy to drop into an ARD field, but it wouldnt always be accurate because sometimes the current user is not the owner/primary user, so I cant rely on it. I really need to leverage the JSS's user/dept data because it is what I consider to be the canonical "truth".

4 replies

stevewood
Forum|alt.badge.img+38
  • stevewood
  • Hall of Fame
  • August 19, 2016

@dstranathan I wrote a script earlier this year for another post here on the Nation. You can find that script on my GitHub repo here: Update ARD Info Fields

That script uses the API to pull the info for the computer and update the fields.

dstranathan
Forum|alt.badge.img+19
  • dstranathan
  • Author
  • Valued Contributor
  • August 19, 2016

@stevewood Thanks, Steve. I figured I wouldnt be re-inventing the wheel here. This looks perfect. I windered if an API was available for this type of task.

I plugged in my JSS url and I added 

department = location[0].find('department').text

which appears to be working. But I'm getting an error:

updateARD = subprocess.check_output([jamf_check(), 'setARDFields', '-1', department, '-2', user_name])
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 573,
check_output raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['/usr/local/bin/jamf', 'setARDFields', '-1', 'Information Management', '-2', 'test_user']' returned non-zero exit status 1

I get the same error with your script too (unmodified).

All my Macs have Apple's OEM Python 2.7.10 (or older). No custom (i.e.; current) installs of Python here.

stevewood
Forum|alt.badge.img+38
  • stevewood
  • Hall of Fame
  • August 19, 2016

@dstranathan if you are simply running it from the Terminal, you need to make sure to use sudo since the call to the jamf binary requires it. If I run it without sudo I get the same error, but once I add sudo it works.

dstranathan
Forum|alt.badge.img+19
  • dstranathan
  • Author
  • Valued Contributor
  • August 19, 2016

@stevewood

Bingo. Worked from the Terminal when exculating permissions via sudo.

I was running it on-the-fly out of BBEdit with my local account.

So, just toss this python script into a JSS script and run it via Casper Remote as needed and/or a Policy, correct?

Thank you sir. This is awesome.

Terms & ConditionsCookie settingsAccessibility statement