Hello asegura,

Thank you for your response here.

I long have that setting enabled, but the JSS does not collect the info from AD account "Company" filed by default.

I'm still looking for a solution to collect this info.

Thank you.

We're using Casper 9's LDAP Attribute Matching extension attribute to collect the Company field from AD. Maybe this is what you're looking for?

Hello mml7,

Thank you for your response here.

My production JSS is 8.73.

My test JSS is 9.3.

Please send me info/details/settings so I can try it on my test JSS.

Thank you.

Even after you have LDAP and Collect User Location info configured, you still need a trigger with the end users name to do the lookup.

In my weekly inventory update policy, I use the following in the Run Command field and it works great...

/usr/sbin/jamf recon -endUsername $( ls -la /dev/console | cut -d " " -f 4 )

My users are logged in with their AD short name, and that works in the lookup.

@dpertschi, thank you for your response here.

My users are logged in their AD short name (1st initial + last name, example asmith) too.

I used the run command you posted here on Casper Remote (which for all intensions and purpose it would be similar to a policy), but I don't see the company info being collected.

Besides, on JSS 8.73, by default, it does not have a section/column for "Company" like it has for e-mail address, Department, etc.

I then tried creating an Extension Attribute using your command and I don't get company info being collected.

Sorry, can you post more details on how you have it setup? When you're viewing inventory, how do you get a "Company" section/column to show up?

Thank you.

Ahhh, I see what your saying. All I'm capturing is basic user info; name address, email, phone.

How about this... in your LDAP configuration mappings, map Room to your AD Company attribute.

Then in your Inventory Display Preferences, you can change the Label of Room to Company

I haven't used Casper for a while, but I'm sure I recall being able to map AD records in Casper. For example, map 'Company' to 'Department' and then change the label of Department to Company.

@dpertschi, I agree with your recommendation but I'm puzzled at how you've managed to change the label. Are you editing an XML file to achieve this? My JSS v9.3 doesn't show any options for renaming these fields; only enabling/disabling.

Because that capability to rename the labels was removed in version 9.x

See here: https://jamfnation.jamfsoftware.com/featureRequest.html?id=1346

@dpertschi, cstout, and mm2270, thank you for your response here.

The thing is that I also need the room info being collected, so renaming that label or any other label like Dept., etc., which is driven by AD, would not help in this matter.

In my case, I'm trying to collect the company info for all my AD users that have machines assigned and being reported to the JSS. In my case, I'm dealing with one big umbrella company and a bunch of small business units (companies) that fall under the big umbrella company.

I'd appreciate any other suggestion on how to accomplish this.

Thank you.

If you can't use any existing fields to remap, you can try capturing this with an Extension Attribute instead. I can't speak for your environment, but here, the Company information is stored in the following field in AD when viewed through a Terminal session - ```
dsAttrTypeNative:company

So in a script, say one set as an EA, you might be able to gather that information on either the logged in user, or the last user to log into the Mac. The script below will first attempt to use the logged in user, then move to 'last' user if it finds the logged in account is "root" meaning at the login screen. It does this since inventory collection could conceivably run when no-one is logged in.

I imagine this could be fleshed out more to do a check on the accounts UID to make sure its actually an AD account before attempting to look it up against your Active Directory.

!/bin/sh

First try getting the logged in user name

lastUser=$( ls -l /dev/console | awk '{print $3}' )

if [ "$lastUser" == "root" ]; then ## At the login screen. Try getting the last user to log in. lastUser=$( last | awk '/console/{print $1}' ) if [[ "$lastUser" == "wmtp" ]] || [[ "$lastUser" == "" ]]; then echo "<result>N/A</result>" exit 0 else userName="$lastUser" fi
else userName="$lastUser"
fi

Get the "Company" string for the user from AD (Change "DOMAIN" to your AD domain name)

Company=$( dscl "/Active Directory/DOMAIN/All Domains" read /Users/${userName} dsAttrTypeNative:company | awk -F': ' '{print $NF}' )

echo "<result>$Company</result>"
```

@mm2270, thank you for your follow up here.

I've tried your script/Ext Att above and I'm getting a "Data source (/Active Directory/123test.com/All Domains) is not valid" result.

I'm verifying with the AD team to make sure I'm using the right attribute/filed mapping.

I'll let you the results once I confirm and try with the appropriate info.

Thank you again.

Hi there,

I am using a pretty similar script to get informations pulled from AD to my 'Users & Locations' in JSS.

Think you need to get into you dscl to see which information you would like to pull. The situation where you get the "Data source (/Active Directory bla)" entry comes up, if you trigger this script outsider you company network...meaning there is no connection to your AD or your machine is not correctly bound to AD.

To check if it is connected, you could run another 1 or 2 lines before you start reading the dscl infos. Logic could be:

1. Check if computer is in the correct network
2. Check if it is bound to correct AD
3. If connected to correct network and AD proceed with script
4. pull infos from dscl
5. use recon to add the pulled dscl infos to your specifig "Users & Locations" filed.

#!/bin/bash
LOGIN=`/usr/bin/last -1 -t console | awk '{print $1}'`
OS_VERS=`sw_vers -productVersion | cut -c 1-4`


if [ "$OS_VERS" == "10.9" ]; then
    if [ "${LOGIN}" != "ladmin" ] || [ "${LOGIN}" != "adobeinstall" ] || [ "${LOGIN}" != "root" ] || [ "${LOGIN}" != "wtmp" ]; then

        # Read AD fields into variables.
        #USERNAME=`/usr/bin/dscl /Active Directory/Company/All Domains -read /Users/$LOGIN RecordName | awk '{print $2}'`
        REALNAME=`/usr/bin/dscl /Active Directory/Company/All Domains -read /Users/$LOGIN RealName | tail -n 1 | cut -c2-`
        EMAIL=`/usr/bin/dscl /Active Directory/Company/All Domains -read /Users/$LOGIN EMailAddress | awk '{ $1 = ""; print }' | cut -c2-`
        COMMENT=`/usr/bin/dscl /Active Directory/Company/All Domains -read /Users/$LOGIN Comment | awk '{print $2}'`
        OFFICE=`/usr/bin/dscl /Active Directory/Company/All Domains -read /Users/$LOGIN dsAttrTypeNative:physicalDeliveryOfficeName | head -2 | tail -1 | cut -c2-`
    else
        exit 0
    fi
fi

# Run Recon and insert AD values in Location fields.
/usr/sbin/jamf recon -endUsername "$LOGIN" -realname "$REALNAME" -email "$EMAIL" -position "$OFFICE" -room "$COMMENT"

exit 0

Hope that helps!

Cheers!

Woah, bookmarked this & just realised I hadn't replied.

Anyways I've a few write ups on LDAP mappings with JSS. From using Directory Utility to get the attribute details, to using a custom script or within the JSS (for v9).

http://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/