Computer names and AD without bind

agardner
New Contributor III

I know Binding is dead. 

But I have an issue that needs to be addressed with AD and computer names. Currently I am running a generic script that renames a macbook to the logged in user and the model of their Mac. ie: "nameuser-mbkp"

In order for our wifi and our VPN to work the device needs to exist in a specific AD OU. 

How could I automate an export of the computer names and feed it into a PowerShell instance to feed the AD OU? 

Any thoughts and ideas would be great. 

5 REPLIES 5

jcarr
Valued Contributor

Can't really help with the feed into AD, but you should be able to create a script that polls the api to get a list of all computer records.  Something like this:

curl -X GET "https://hostname.jamfcloud.com/JSSResource/computers" -H "accept: application/xml"

 

As a side note however, using PII (e.g. username or real name) in a device name is a SIGNIFICANT security and/or safety risk.   If the users are adults, you're probably fine, but if this is in a K12 deployment, it's probably a good idea to have a conversation with leadership about this as soon as possible.  Just my $0.02

agardner
New Contributor III

Yeah. I agree that it is a huge risk. We are a corporation however, so that does help. But I agree. I have had those conversations and we are implementing other considerations. Just in this moment, its not approved to do so. 

 

As far as the script. When I run that command directly I get a status page and a request for user authentication. 

Screen Shot 2022-01-14 at 10.16.56 AM.png

jcarr
Valued Contributor

Curl supports passing a username and password.  Sorry for the confusion.  I just pasted in the example text from the api documentation (https://yourinstance.jamfcloud.com/api/).

Here's an example from one of my api scripts (pulling different data though):

/usr/bin/curl -k -u ${user}:${pass} -H "Accept: application/xml" ${jssurl}/JSSResource/computers/serialnumber/${serial}/subset/general -X GET -o /tmp/${serial}.xml

Variables obviously are defined earlier in the script. 

agardner
New Contributor III

That would work I think. However after some discussion with my team. I think we are going to export a CSV from JAMF via Email and parse it into SCCM daily. I think that will do the trick. 

mojo21221
Contributor II

We are in the same boat for our wifi and vpn certs.. Though our naming scheme is different. We use the serial of the device and a combo of other characters. Since it looks like you are creating a generic username for the machines (or close to it.) Perhaps either batch powershell all the users in your company to being part of that AD OU. Then make it part of your onboarding and offboarding process to add and remove from the OU