Skip to main content
Question

Check User/Create User script


Forum|alt.badge.img+3

We are looking for a script that we can run to check to see if our local admin account is already setup in OSX. If it is, exit. If it is not, then create the local admin account. Does any one have a script that currently does that? I know we can use the JAMF binary as well as smartgroups with a policy, but it this situation, we would like to do it via a script. Most script I find only create an account but not check to see if it exists first. Thanks in advance for any guidance you can offer.

6 replies

Forum|alt.badge.img+9
  • Contributor
  • 125 replies
  • July 21, 2015

The CreateUserPkg utility should do the trick


Forum|alt.badge.img+17
  • Valued Contributor
  • 231 replies
  • July 21, 2015

Remember to specify a language when asking about scripts. Some bash examples:

Clearer, but more error prone:

#!/bin/bash
if [[ $(dscl . list /Users) =~ "shortusername" ]]; then 
    # do stuff 
else 
    # create user
fi

The problem is that a user named groot will match a search for a user named root, lpadmin will match a search for a user named admin, etc.

Cryptic, but a better test:

#!/bin/bash
dscl . read /Users/shortusername && echo do stuff || echo create user

Or in other words, if you can read a record for this exact user name, do stuff. If not, create the user.


Forum|alt.badge.img+10
  • Valued Contributor
  • 159 replies
  • July 21, 2015

I'd recommend using an extension attribute to check if the user exists. Then scope a smart group to that attribute. You can then use @dwandro92 suggestion in a policy that's scoped to that smart group to create the user.

Example extension attribute:

#!/bin/bash
result="`dscl . -list /Users |grep ladmin`"
if [ "$result" != "" ]; then
echo "<result>Yes</result>"
else
 echo "<result>No</result>"
fi
exit 0

Forum|alt.badge.img+17
  • Valued Contributor
  • 231 replies
  • July 21, 2015

If this is time insensitive enough to use an extension attribute, you wouldn't actually need one. Just create a smart group with criteria of Local User Accounts has "shortusername". Also, if using grep to parse dscl output, add regex anchors to avoid the problem I mentioned earlier with partial user name matches.


Forum|alt.badge.img+1
  • New Contributor
  • 5 replies
  • November 10, 2021
denmoff wrote:

I'd recommend using an extension attribute to check if the user exists. Then scope a smart group to that attribute. You can then use @dwandro92 suggestion in a policy that's scoped to that smart group to create the user.

Example extension attribute:

#!/bin/bash
result="`dscl . -list /Users |grep ladmin`"
if [ "$result" != "" ]; then
echo "<result>Yes</result>"
else
 echo "<result>No</result>"
fi
exit 0

I know it's an old post, but I just used this and it worked perfectly after replacing "ladmin" with the user I was looking for.

Thanks!


sam-sand
Forum|alt.badge.img+2
  • New Contributor
  • 11 replies
  • July 25, 2022
joshuasee wrote:

If this is time insensitive enough to use an extension attribute, you wouldn't actually need one. Just create a smart group with criteria of Local User Accounts has "shortusername". Also, if using grep to parse dscl output, add regex anchors to avoid the problem I mentioned earlier with partial user name matches.


One thing I noticed is that the built-in smart group criteria wasn't detecting two 'hidden' user accounts that we have on our machines (our local admin deployed via Jamf Pro, and one from Mosyle, which devices migrated to Jamf Pro still have).


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings