Jamf Nation Community

cmudgeUWF · ‎08-15-2018

I'm working on a way to build Smart Groups based on a machine's OU in ADS. I've put together a Bash script to create an Extension Attribute reporting the DN, but it doesn't update the field in the Inventory for computers. I'm not sure why, because I verified the script is working. Anyone had any success with this? It's sort of imperative I get this functionality for RBAC for my sites and such.

#!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

ou=$(dscl '/Active Directory/<DOMAIN>/All Domains' -read /Computers/$compName$ distinguishedName | grep 'CN' | awk '{$1=$1;print}') 

echo "<result>$ou</result>"

mm2270 · ‎08-15-2018

What you have should work, though I might suggest a few modifications to it. Silly question, but have your Macs submitted inventory since the EA was created? Because you will only see results when they send in a recon to the Jamf Pro server. Before that, the EA field will remain blank.

As for my suggestions, drop the backslash before the $ character, since you can just wrap the $compName variable in brackets and add the $ character at the end. I would also use | tail -1 | xargs to grab the distinguishedName string.

#!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

domain="DOMAIN_NAME"

ou=$(dscl "/Active Directory/$domain/All Domains" read /Computers/${compName}$ distinguishedName | tail -1 | xargs) 

echo "<result>$ou</result>"

But as mentioned, it really should work fine even as you had it originally. If machines are submitting inventory and it's still not populating, then something else is going on, but I'm not sure what.

View solution in original post

tthurman · ‎08-15-2018

I'm honestly not sure what is making it not work.

I modified your script, however. It is working for me now.

I would recommend some more cleanup on your $ou variable.

#!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

domain="DOMAIN_NAME"

ou=$(dscl "/Active Directory/$domain/All Domains" read "/Computers/$compName$" distinguishedName | grep 'CN' | awk '{$1=$1;print}') 

echo "<result>$ou</result>"

Regards,
TJ

cmudgeUWF · ‎08-15-2018

Yeah I made that change, and I still have nothing. I'm at a loss.

ryan_ball · ‎08-15-2018

Is your domain variable in form contoso.com or CONTOSO?

cmudgeUWF · ‎08-15-2018

It's in the form of CONTOSO.

mm2270 · ‎08-15-2018

What you have should work, though I might suggest a few modifications to it. Silly question, but have your Macs submitted inventory since the EA was created? Because you will only see results when they send in a recon to the Jamf Pro server. Before that, the EA field will remain blank.

As for my suggestions, drop the backslash before the $ character, since you can just wrap the $compName variable in brackets and add the $ character at the end. I would also use | tail -1 | xargs to grab the distinguishedName string.

#!/bin/bash

compName=$(/usr/sbin/scutil --get ComputerName)

domain="DOMAIN_NAME"

ou=$(dscl "/Active Directory/$domain/All Domains" read /Computers/${compName}$ distinguishedName | tail -1 | xargs) 

echo "<result>$ou</result>"

But as mentioned, it really should work fine even as you had it originally. If machines are submitting inventory and it's still not populating, then something else is going on, but I'm not sure what.

tthurman · ‎08-15-2018

I'm not sure, honestly. Your script didn't work for me.

The script I rewrote, worked. Did you make sure it has the double quotes instead of single quotes. Also, make sure the - is not on read anymore and make sure there are double quotes around the "/Computers/$compName$" part.

Regards,
TJ

cmudgeUWF · ‎08-15-2018

@mm2270 That last script you provided did the trick! The goal is to create sites based on AD membership so I can allow other IT folks in other departments see only their machines.

Jamf Nation Community

Distinguished Names of Bound Macs