Dockutil script changes needed (group based instead of user based)


Hello all,

I've been using Dockutil to set the Dock for our elementary students and in it's current form it's based on user (because we had grade level login accounts, which we've since gotten ride of). 

I need to change our script so that it applies Dock settings based on the user's group (for example: class of 2037, class of 2036, class of 2035). I could break my head trying to figure it out but I'm hoping someone on here might know exactly what to do. Here's the current script:


#We need to wait for the dock to actually start
until [[ $(pgrep Dock) ]]; do

#Get the current logged in user that we'll be modifying
if [ ! -z "$3" ]; then
	user=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#Set variables

#Function for applying dock configuration
    #Remove all items for logged in user
    $du --remove all --no-restart $userHome
    #Adding base items to the dock    
    $du --add '/Applications/Google' --position 1 --no-restart $userHome
    $du --add '/Applications/'  --position 2 --no-restart $userHome
    $du --add '/Applications/Comic Life' --position 3 --no-restart $userHome
    $du --add '/Applications/The Print Shop' --position 4 --no-restart $userHome
    $du --add '/Applications/KID' --position 5 --no-restart $userHome

#Function for finishing base dock
    #Add local downloads
    $du --add '~/Downloads' --section others --position last --no-restart $userHome

    killall Dock


    case $user in
        p|k) echo "p or k found";; 
        1)  echo "1 found"
            $du --add '/System/Applications/Photo' --position 6 --no-restart $userHome;;
        2)  echo "2 found"
            $du --add '/System/Applications/Photo' --position 6 --no-restart $userHome;;
        3)  echo "3 found"
            $du --add '/System/Applications/Photo' --position 6 --no-restart $userHome
            $du --add '/Applications/Adobe Photoshop 2020/Adobe Photoshop' --position 7 --no-restart $userHome;;


exit 0

Legendary Contributor III

Hi there. By user's group, do you mean Active Directory groups? The accounts are AD based?

Hi @mm2270! Sorry, I should have been more clear: yes AD groups. 


Honored Contributor

What/where is the group you are wanting to target? Is is a MacOS User Group, JAMF Group, AD/AAD Group?

Hi @AJPinto! Sorry--AD groups. 


A little more information might be helpful. Our iMacs are bound to AD and we have LDAP sync for users and groups (and I've confirmed that user groups like "class of 2037" can be retrieved from our AD via the LDAP sync. 

I just don't know the scripting piece, how do I change the script specifically so that Dock items are applied only to specific Active Directory Groups? I'm hoping the solution is rather easy, just a matter of know the syntax/command.

Thanks in advance! :-)

Honored Contributor

You should be able to build a policy with your dock script, target it to all users and devices. Then set a scope limitation to the AD group you want it to hit. You can test this out by targeting a static group of devices, and limiting it to a specific AD group. You should see the policy only runs on devices with the users that meet the limitation requirement. 


Beyond that you could get very complex, and add to your script a function to query the users AD object with dscl and grep the AD groups. Then have if functions that run different dock functions based on the AD groups that are found.