How to get user name in reports?

mqh7
New Contributor II

I began a thread a while ago but I can't access my old post. When I view in the inventory page in our JSS web portal I see the following columns.

computer name | Managed | OS | IP | Model | Serial number

Now, I've added the following columns: Username | Real Name | Email Address the problem is these 3 fields are blank for all machines.

I installed MySQL and I opened up the Jamfsoftware DB. I navigated down to the USERS Table. I returned all rows for USERNAME and the only names it returns are the ID's defined within the JSS web portal. (SettingsAccountsaccounts and groups)

So it does not appear there are any user names being collected by the JSS inventory. Also, under "Inventory Collectoin PreferencesAccounts" We have the following selected.

Collection Accounts "yes"
Include Hidden Accounts "yes"

So how do we get the user name? Or at the very least the "last logged on user" of each Mac?

26 REPLIES 26

mm2270
Legendary Contributor III

Its a little confusing, but the options you enabled, Collect Accounts and Include Hidden Accounts are not the values that would get populated into the Username, Real Name, Email Address, etc fields in the JSS. That collects the local accounts on the Mac, such as the shortnames associated with a home directory.

To get the full names, email addresses, etc, you need to enable the option located in "Inventory Settings > Inventory Collection Preferences > Location" called "Populate computer location information from LDAP accounts", or something along those lines. As the name suggests, you will need your JSS connected to your LDAP environment for that to work, if its not already.
Then give it some time. The info will only start to get populated as your Macs submit inventory again.

In addition to the above, you can add the Extension Attribute from the built in templates called "Last User" which will give you the shortname of the last user who was logged into the Mac at inventory time.

Hope that helps.

mscottblake
Valued Contributor

I believe those are populated when you select "Populate the computer location information of a username from an LDAP lookup on inventory update" from the Location tab in Inventory Collection Preferences.

mqh7
New Contributor II

Ok, I upgraded our JSS server to JSS v8.62. I then went into JSS and turned ON "populate the computer location information of a username from an LDAP lookup on inventory update" Then, on the same server I ran Recon. It took about 2 minutes but it finished and updated everything. I still Don't see any user information when I view the inventory.

Does this feature even work? We really need the user information for reporting and it seems like it should be easy to do but so far nothing has been easy.

mm2270
Legendary Contributor III

Have you confirmed that your LDAP connection set up in your JSS is working properly? One way to test is to go into an individual computer's details in Inventory and under the Location tab, click the (...) button to edit the details. Type in a short username in the Username: field, then click the lookup icon next to it to pull LDAP info in. If its working, you should see many of the other fields populate with data such as Real Name, Email Address, Phone, etc.
If it doesn't pull anything in, its not set up correctly or the mapping is off and you'll need to fix that.
You can also run tests from the LDAP Server Connection section.

mqh7
New Contributor II

ok, I did what you said and YES, when I search for a user name from the inventory/locations I see all sorts of users/real names/email address so our LDAP is working properly. Yet, still nothing when we view the main inventory page.

bentoms
Release Candidate Programs Tester

run the below @ login:

sudo jamf recon -endUsername $3

mqh7
New Contributor II

Ok, very cool. I ran that from a command line and it updated the JSS portal but still no user name or real name information. Question: does this command have to run at login or can I run it once logged in? I ran this once I was logged in from a Unix window.

If I have to run it as a Policy what type of file does it have to be? .sh? Or something else?

bentoms
Release Candidate Programs Tester

@login.. if you create a policy, select "create manually." Set it to execute @ login & in the "run command" field, enter;

sudo jamf recon -endUsername $3

That should do it.

mm2270
Legendary Contributor III

So what Ben suggested is the way many of us have been updating user information in Location for a long time now, prior to this new feature in Casper 8.6.x. I'm not sure why it isn't working for you, but I must confess I'm not actually using the new feature because our script in place works fine and we haven't bothered to switch to the new process yet.

You can build a full blown script to query your LDAP servers using the current user's name to pull in full name, email address, title, location, etc. Place those all in variables and use them in a recon step at the end that plugs all that data in.
For a full script it would need to be a script (.sh) file. For just the single command you can probably get away with putting that into the Run Command field in the Advanced section of a policy.

bentoms
Release Candidate Programs Tester

This is the script i used to use, http://macmule.com/2012/05/16/submit-user-information-from-ad-into-the-jss-at-login/

We've since updated/cleaned our AD & so i only do what i last posted now :)

jarednichols
Honored Contributor
@login.. if you create a policy, select "create manually." Set it to execute @ login & in the "run command" field, enter; sudo jamf recon -endUsername $3 That should do it.

You also have to check the "Populate the computer location information of a username from an LDAP lookup on inventory update" box in your inventory collection preferences (Location tab). This is what I've done and it works great.

Joel_Peasley
Contributor
Contributor

Just a quick note to outline what checking the box under Location Information Collection Settings in the JSS gains you. First you will need to have a username listed in that computer record under location information for this check box to work appropriately. Once a username is listed, every inventory update will also do a LDAP lookup to verify that we have the most current information for that username. So if that user has changed Job Titles, Phone Numbers or anything like that it will auto update in the JSS. Below is a guide of the steps that everyone listed above that you will need to do in order to populate the end username in location information within computer records.

  1. Make sure that we have Populate the computer location information of a username from an LDAP lookup on inventory update checked under Computer Inventory preferences.

  2. Use the following information to create a script that will pull the user information that we are looking for.

#!/bin/sh

/usr/sbin/jamf recon -endUsername $3

3) Upload that script lets upload it to the JSS with Casper Admin.

4) Next create a Policy that runs this script and make sure that we have it set to run once per computer and at login.

5) Once this runs on all of the targeted computers it should pull the username that we are looking for and populate it in the JSS. Once the JSS has that associated field filled out the next time that it does an inventory submission it will also do a LDAP lookup against that username that is now in place. This will pull to LDAP information and populate the other fields accordingly.

scottb
Honored Contributor

@Joel.Peasley][/url,

Reviving an old thread in hopes I can make some progress here. I've done the above with the difference being I used the "sudo jamf recon -endUsername $3" under "Files and Processes" in the policy that runs at login (once per computer).
I'm still not seeing Users populated - even after the next recon. I opened a case this AM because frankly, I've tried a half doze things here on JN with no tangible results. Any ides would be welcomed. Is there a reason using the script you posted as opposed to what the others are using would possibly work better?
JSS=9.32.

Thanks,
Scott

davidacland
Honored Contributor II
Honored Contributor II

Hi, new to this thread, but at first glance I would double-check the following:

  • Have you already filled in the username in the location section of the computer's inventory record? (if not it sounds like it won't work as it doesn't have a starting point for reference)
  • Are you able to update the user info by clicking the magnifying glass button in the computer's inventory record? (if this doesn't work, the script isn't likely to work either as they are using the same directory connection)

scottb
Honored Contributor

@davidacland,

Thanks for the reply.

1) No - if we knew that info, I'd be OK :) There is no existing inventory for us to populate that from, so no, we have nothing in there.

2) If I click the search icon, I get "No Matches!"

I added "Local accounts" just now under inventory, which of course shows the users in /Users. But I am still perplexed as to why I can not get that Username field populated. I've currently got about 50% of them with user names, so it works partially.

Still stumped...

davidacland
Honored Contributor II
Honored Contributor II

It sounds like you want to populate the username (and other related user fields) automatically without inputting anything into the computers record in the JSS.

Just to check, so you enrol and Mac, the user logs in and in the JSS you can see the username, telephone number & email address etc? Is that what you are looking for?

Another quick thing to check, have you connected Casper to your directory service?

scottb
Honored Contributor

@davidacland,

We are connected to AD and it's working well.
If I manually place a user's short (AD) name into the user field and click on the search icon, it will populate every time. So AD is working fine, but for some reason, I am not getting that populated on about 50% of the Macs. Assuming that of the remaining 50%, 45% are on AD and 5% local. Give or take.

I can go into the ~320 Macs and look at the /Users directory and pick an AD ID to put into the Username field, then search, but I am in no way thinking that's a great way to spend my time, and it doesn't fix the issue, sans for the Macs already in the JSS.

Thanks again.

gachowski
Valued Contributor II

Scott,

I just noticed the same thing, and I had it working in 8.X

"sudo jamf recon -endUsername $3" didn't when I did a quick test with 9.X I haven't had the time to do real testing or open a ticket

C

davidacland
Honored Contributor II
Honored Contributor II

It does sound like a bug in that case.

As a workaround you could use curl to upload the username into the appropriate field via the API at login, followed by "sudo jamf recon -endUsername $3".

Joel_Peasley
Contributor
Contributor

In doing a quick test on version 9.62 of the Casper Suite this worked properly. Using "sudo jamf recon -endUsername $3" within a script it pulled the logged in user name properly. I then checked the box for Collect user and location information from LDAP within Computer Inventory Collection options and did another inventory submission from the test computer which updated the LDAP information.

What versions of the Casper Suite are we seeing the failed behavior on?

Thanks,
Joel

scottb
Honored Contributor

@Joel.Peasley,

I'm on 9.32. Do you think that the script route vs using the line in the recon policy is a better way to go?

Joel_Peasley
Contributor
Contributor

I am seeing that if it is run via script in a policy it is working and it will fail if run via "Execute Command" in a policy. I'll work on our end to get additional information on why this is happening.

scottb
Honored Contributor

OK, I'm changing over to the script format to see how that goes. Thanks again to all that helped out.

** UPDATED **
This looks to be the answer. Since I can't mark it as such, I'm highlighting here.

1. Make sure that we have Populate the computer location information of a username from an LDAP lookup on inventory update checked under Computer Inventory preferences. UqbmFlNfahZzIvy66hnx #!/bin/sh /usr/sbin/jamf recon -endUsername $3 3) Upload that script lets upload it to the JSS with Casper Admin. 4) Next create a Policy that runs this script and make sure that we have it set to run once per computer and at login. 5) Once this runs on all of the targeted computers it should pull the username that we are looking for and populate it in the JSS. Once the JSS has that associated field filled out the next time that it does an inventory submission it will also do a LDAP lookup against that username that is now in place. This will pull to LDAP information and populate the other fields accordingly.

scottb
Honored Contributor

@Joel.Peasley - it's looking good here. I'd mark your info as the answer if it were my thread.
Of course I need more time to see how things go - so far, it appears that lots of folks are already on holiday and the rest don't logout/restart but once a month I think. But of all the Macs that have run the policy, I now see LDAP info populated and in the machines inventory.

Thanks again. This will also be a big help for the new Help Desk in searching for Macs based on user ID's via Casper Remote.

bentoms
Release Candidate Programs Tester

Just incase anyone stumbles across this thread, I've an updated version of the method I linked above.

Has been working for me throughout 8.x & 9.x versions of the JSS.

https://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/

lisacherie
Contributor II

+1 for seeing problems using $3.

Someone at jamf suggested this (can't remember who to pass credit).

if [ -z $3 ]; then currentUser=`stat -f '%Su' /dev/console`; else currentUser=$3; fi; jamf recon -endUsername $currentUser

Can add this to the execute command section of policy, it's nice because you can run it outside of login.