Extension Attribute: Computer Names Matching AD Objects

Matt
Valued Contributor

Hey all basically made a script for people with OCD like me who like the Sharing Names to match the AD Object Name. The first script I will post is just for reporting. Ill post another script that will fix any computers with mismatches. Essentially, make this script an Extension Attribute, Smart Group, and choose "Yes" for computers in compliance and "No" for computers that have mismatched names. Enjoy and feedback if you have a better way of making this work!!!!

#!/bin/sh

adObject=`dsconfigad -show | awk '/Computer Account/{print $NF}' | tr '[a-z]' '[A-Z]' | sed s/.$//`
sharingName=`scutil --get ComputerName`

if [ $adObject = $sharingName ] ; then
  echo "<result>Yes</result>"
else 
  echo "<result>No</result>"

fi
13 REPLIES 13

Matt
Valued Contributor

To have the names change create a manual policy with a custom trigger. My trigger is named "cname". Click the advanced tab and check the boxes for Recon and Reset Computer names. Target your Smart Group and now all out of compliance computer names will be reset to the AD Object name they are bound too. Enjoy!

#!/bin/sh

# AD Object Match Report
# author: matt.lee@fox.com

adObject=`dsconfigad -show | awk '/Computer Account/{print $NF}' | tr '[a-z]' '[A-Z]' | sed s/.$//`
sharingName=`scutil --get ComputerName`

if [ $adObject = $sharingName ] ; then
  echo "Yes"
else 
  echo "No"  then `jamf policy -trigger cname`
fi

jwojda
Valued Contributor II

Thank you for this... but... mine are showing up as "No" in my SG even though they match.

Matt
Valued Contributor

Thats strange? Mine is working perfectly. Just checked it I have one computer listed as "localhost" with an AD bind of XXXXXX. Can you run them line by line and see what the output is?

jwojda
Valued Contributor II

I think I know what's going on. The EA returns the name in CAPS, whereas the JSS is reporting the name in lower-case. However, isn't that what the ```
tr '[a-z]' '[A-Z]'
``` command is supposed to take care of?

jhbush
Valued Contributor II

Script I use to reset computer names:

#!/bin/bash


setName=`cat /Library/Receipts/cname.txt`
compName=`/usr/sbin/scutil --get ComputerName`
hoName=`/usr/sbin/scutil --get HostName`
loHoName=`/usr/sbin/scutil --get LocalHostName`

    echo $setName
    echo $compName
    echo $hoName
    echo $loHoName

if [[  ${setName} != ${compName} ]]

   then echo "Incorrect Computer Name Detected... Changing Computer Name..."
    /usr/sbin/scutil --set ComputerName ${setName}
    /usr/sbin/scutil --set LocalHostName ${setName}
    /usr/sbin/scutil --set HostName ${setName}
    echo "naming convention fixed..."

    else echo "Correct Computer Name Detected"

fi

exit 0

mm2270
Legendary Contributor III

@John, I don't think it would or should matter if the computer name is returned back as lowercase for your EA.
but, if you think its making a difference there are two ways you can solve it with Matt's second script. His tr command is converting all lowercase to uppercase BTW.

1 - Add the same tr command in the scutil line, so something like this-

sharingName=`scutil --get ComputerName | tr '[a-z]' '[A-Z]'`

2 - Or, you could alternately turn case matching off for a portion of the script and then turn it back on.

**shopt -s nocasematch**

if [[ $adObject == $sharingName ]] ; then
  echo "Yes"
else 
  echo "No"  then `jamf policy -trigger cname`
fi
**shopt -u nocasematch**

Either will work, but the first method is the simplest. I would only use the nocasematch stuff if I needed to do a large number of non case matching comparisons in a script. For one variable comparison its really not worth it.

Matt
Valued Contributor

FYI the casing is just because OCD runs amuck!

SeanA
Contributor III

@Matt... did you post your second script (that fixes mismatches)?

jwojda
Valued Contributor II

so I ran the script manually and it returns error line 9, too many arguments.

Running script change_compname.sh... Script exit code: 0 Script result: /private/tmp/change_compname.sh: line 9: [: too many arguments Unmounting file server... Running Recon...
#!/bin/sh

# AD Object Match Report
# author: matt.lee@fox.com

adObject=`dsconfigad -show | awk '/Computer Account/{print $NF}' | tr '[a-z]' '[A-Z]' | sed s/.$//`
sharingName=`scutil --get ComputerName | tr '[a-z]' '[A-Z]'`

(***LINE 9***) if [ $adObject = $sharingName ] ; then
  echo "Yes"
else 
  echo "No"  then `jamf policy -trigger cname`
fi

mm2270
Legendary Contributor III

Place it in double brackets. As a matter of course, I almost always place test lines in double brackets, even in cases where single bracket may be fine. Its just safer. Might also be a good idea to quote the 2 variables, just in case either of them return something with a space in them.

if [[ "$adObject" = "$sharingName" ]]; then

nessts
Valued Contributor II

should be == for bash string compare not single =

mm2270
Legendary Contributor III

Ah, yep, you're right nessts. I just copied/pasted the above and edited it, but didn't catch that. Definitely should be ==

jwojda
Valued Contributor II

with the brackets and stuff the script ran fine. what I also noticed, is that the script itself didn't do anything - I totally missed the part about where Matt mentioned putting the policy to update computer names. :) So after I corrected that, i triggered the machine renaming and it still didn't do anything. The name was still wrong, ran recon and checked the terminal prompt. The only thing I didn't do was reboot the machine.