Computer names and AD without bind

agardner
New Contributor III

I know Binding is dead. 

But I have an issue that needs to be addressed with AD and computer names. Currently I am running a generic script that renames a macbook to the logged in user and the model of their Mac. ie: "nameuser-mbkp"

In order for our wifi and our VPN to work the device needs to exist in a specific AD OU. 

How could I automate an export of the computer names and feed it into a PowerShell instance to feed the AD OU? 

Any thoughts and ideas would be great. 

4 REPLIES 4

jcarr
Contributor III

Can't really help with the feed into AD, but you should be able to create a script that polls the api to get a list of all computer records.  Something like this:

curl -X GET "https://hostname.jamfcloud.com/JSSResource/computers" -H "accept: application/xml"

 

As a side note however, using PII (e.g. username or real name) in a device name is a SIGNIFICANT security and/or safety risk.   If the users are adults, you're probably fine, but if this is in a K12 deployment, it's probably a good idea to have a conversation with leadership about this as soon as possible.  Just my $0.02

agardner
New Contributor III

Yeah. I agree that it is a huge risk. We are a corporation however, so that does help. But I agree. I have had those conversations and we are implementing other considerations. Just in this moment, its not approved to do so. 

 

As far as the script. When I run that command directly I get a status page and a request for user authentication. 

Screen Shot 2022-01-14 at 10.16.56 AM.png

jcarr
Contributor III

Curl supports passing a username and password.  Sorry for the confusion.  I just pasted in the example text from the api documentation (https://yourinstance.jamfcloud.com/api/).

Here's an example from one of my api scripts (pulling different data though):

/usr/bin/curl -k -u ${user}:${pass} -H "Accept: application/xml" ${jssurl}/JSSResource/computers/serialnumber/${serial}/subset/general -X GET -o /tmp/${serial}.xml

Variables obviously are defined earlier in the script. 

agardner
New Contributor III

That would work I think. However after some discussion with my team. I think we are going to export a CSV from JAMF via Email and parse it into SCCM daily. I think that will do the trick.