We use a script (runs once) triggered during computer setup to find the logged in user’s AD information. We test (If/Then) for the user’s membership in our “Faculty and Staff” or our “Students” OU and flag the computer accordingly. But something is failing at the dscl command (see below) about 10-20% of the time.
Relevant excerpts from the script are as follows:
#VERIFY LOGGED IN USER NAME
LoggedInUser=$(ls -l /dev/console | awk '{ print $3 }')
echo "Hello $LoggedInUser
#VERIFY COMPUTER IS BOUND TO AD
echo "Here is the domain this computer is bound to:"
dsconfigad -show | awk '/Active Directory Domain/{print $NF}'
# FIRST LIST ALL THE USER’S OU’s SO THAT THE JAMF LOGS GIVE SOME POSITIVE DATA FOR TROUBLEHOOTING PURPOSES
echo "Here is a list of ALL the OU's that LoggedInUser is a member of:"
dscl '/Active Directory/##ourdomain##/All Domains' -read /Users/"$LoggedInUser" | grep "OU";
# GREP FOR USER MEMBERSHIP IN FACULTY OU AND FLAG AS SUCH. OTHERWISE FLAG AS STUDENT:
if
dscl '/Active Directory/##ourdomain##/All Domains' -read /Users/"$LoggedInUser" | grep "Faculty and Staff";
then
touch /var/.faculty
else
touch /var/.student
100% of the time the $LoggedInUser and the Active Directory Domain echo their correct values. But about 10-20% of the time the two dscl commands return no OU’s for $LoggedInUser in that Domain, even though they are definitively in “Faculty and Staff”. Those computers thus get flagged as .student and my user setup is destroyed. But when that happens, if I log that same user onto another freshly restored computer, most (but not all) of the time the script DOES find their correct OU’s and the comp gets flagged correctly. So sometimes dscl works and sometimes it fails.
What could the problem be? And how might I test what's going on? I feel like it's a bad connection to AD though I don't know how I'd verify that.
Any help would be greatly appreciated!
