Skip to main content
Question

Computer names and AD without bind


Forum|alt.badge.img+5

I know Binding is dead. 

But I have an issue that needs to be addressed with AD and computer names. Currently I am running a generic script that renames a macbook to the logged in user and the model of their Mac. ie: "nameuser-mbkp"

In order for our wifi and our VPN to work the device needs to exist in a specific AD OU. 

How could I automate an export of the computer names and feed it into a PowerShell instance to feed the AD OU? 

Any thoughts and ideas would be great. 

5 replies

Forum|alt.badge.img+21
  • Valued Contributor
  • 321 replies
  • January 14, 2022

Can't really help with the feed into AD, but you should be able to create a script that polls the api to get a list of all computer records.  Something like this:

curl -X GET "https://hostname.jamfcloud.com/JSSResource/computers" -H "accept: application/xml"

 

As a side note however, using PII (e.g. username or real name) in a device name is a SIGNIFICANT security and/or safety risk.   If the users are adults, you're probably fine, but if this is in a K12 deployment, it's probably a good idea to have a conversation with leadership about this as soon as possible.  Just my $0.02


Forum|alt.badge.img+5
  • Author
  • Contributor
  • 11 replies
  • January 14, 2022
jcarr wrote:

Can't really help with the feed into AD, but you should be able to create a script that polls the api to get a list of all computer records.  Something like this:

curl -X GET "https://hostname.jamfcloud.com/JSSResource/computers" -H "accept: application/xml"

 

As a side note however, using PII (e.g. username or real name) in a device name is a SIGNIFICANT security and/or safety risk.   If the users are adults, you're probably fine, but if this is in a K12 deployment, it's probably a good idea to have a conversation with leadership about this as soon as possible.  Just my $0.02


Yeah. I agree that it is a huge risk. We are a corporation however, so that does help. But I agree. I have had those conversations and we are implementing other considerations. Just in this moment, its not approved to do so. 

 

As far as the script. When I run that command directly I get a status page and a request for user authentication. 


Forum|alt.badge.img+21
  • Valued Contributor
  • 321 replies
  • January 14, 2022
agardner wrote:

Yeah. I agree that it is a huge risk. We are a corporation however, so that does help. But I agree. I have had those conversations and we are implementing other considerations. Just in this moment, its not approved to do so. 

 

As far as the script. When I run that command directly I get a status page and a request for user authentication. 


Curl supports passing a username and password.  Sorry for the confusion.  I just pasted in the example text from the api documentation (https://yourinstance.jamfcloud.com/api/).

Here's an example from one of my api scripts (pulling different data though):

/usr/bin/curl -k -u ${user}:${pass} -H "Accept: application/xml" ${jssurl}/JSSResource/computers/serialnumber/${serial}/subset/general -X GET -o /tmp/${serial}.xml

Variables obviously are defined earlier in the script. 


Forum|alt.badge.img+5
  • Author
  • Contributor
  • 11 replies
  • January 14, 2022
jcarr wrote:

Curl supports passing a username and password.  Sorry for the confusion.  I just pasted in the example text from the api documentation (https://yourinstance.jamfcloud.com/api/).

Here's an example from one of my api scripts (pulling different data though):

/usr/bin/curl -k -u ${user}:${pass} -H "Accept: application/xml" ${jssurl}/JSSResource/computers/serialnumber/${serial}/subset/general -X GET -o /tmp/${serial}.xml

Variables obviously are defined earlier in the script. 


That would work I think. However after some discussion with my team. I think we are going to export a CSV from JAMF via Email and parse it into SCCM daily. I think that will do the trick. 


mojo21221
Forum|alt.badge.img+12
  • Valued Contributor
  • 117 replies
  • January 20, 2022

We are in the same boat for our wifi and vpn certs.. Though our naming scheme is different. We use the serial of the device and a combo of other characters. Since it looks like you are creating a generic username for the machines (or close to it.) Perhaps either batch powershell all the users in your company to being part of that AD OU. Then make it part of your onboarding and offboarding process to add and remove from the OU


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings