Jamf Nation Community

sgiesbrecht · ‎11-16-2020

Is there a way to inject AD UserID and User Full Name into Jamf Username: field and Full Name: field in the User and Location area? Or do I have to use Extension Attributes?

Jamf 10.25.1

ThijsX · ‎11-17-2020

@sgiesbrecht You can run this script once a day or any moment you would like to populate the info into Jamf.

#!/bin/zsh

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

echo "Running recon for $loggedInUser `date`..."

#Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/bin/jamf recon -endUsername $loggedInUser

echo "Finished running recon for $loggedInUser `date`..."

View solution in original post

joshuasee · ‎11-16-2020

That is controlled under Settings | System Settings | LDAP Servers, where AD is a type of LDAP Server. Is that failing for you in some way?

sgiesbrecht · ‎11-17-2020

K, got it - it does work. Now I know where to look for additional AD attributes - Thx

Now can it be automatically updated with the Currently logged in user? Don't want to manually update each device

ThijsX · ‎11-17-2020

@sgiesbrecht You can run this script once a day or any moment you would like to populate the info into Jamf.

#!/bin/zsh

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

echo "Running recon for $loggedInUser `date`..."

#Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/bin/jamf recon -endUsername $loggedInUser

echo "Finished running recon for $loggedInUser `date`..."

sgiesbrecht · ‎11-17-2020

Thank you txhaflaire

jmdaul · ‎06-04-2021

@txhaflaire can your script be run once a day to update user's info in Jamf Pro? We currently have an issue where when looking at the computer's inventory record under user info, it shows the correct "username" but the Full Name and Email fields are showing someone else's name. This isn't happening for all users but more than it should be.

We are currently now using DEP enrollment for M1 Macs, and the user authenticates with AD creds during enrollment.

I have a case open with support as something similar happened last year, but we thought because we used to use user-initiated enrollment via the URL, that was the cause, but it seems like there's an issue with our mapping from LDAP to Jamf Pro. It's just confusing because it's not affecting all users.

Bol · ‎06-08-2021

Posted: 6/4/2021 at 2:41 PM CDT by jmdaul @txhaflaire can your script be run once a day to update user's info in Jamf Pro? We currently have an issue where when looking at the computer's inventory record under user info, it shows the correct "username" but the Full Name and Email fields are showing someone else's name. This isn't happening for all users but more than it should be. We are currently now using DEP enrollment for M1 Macs, and the user authenticates with AD creds during enrollment. I have a case open with support as something similar happened last year, but we thought because we used to use user-initiated enrollment via the URL, that was the cause, but it seems like there's an issue with our mapping from LDAP to Jamf Pro. It's just confusing because it's not affecting all users.

@jmdaul You might have the answer already but I believe that's to do with how Jamf handles updating blank fields for users.

eg. If the new user has an empty attribute while the existing user has that field filled, when updating the record, it retains the previous users data for that field instead of clearing them.

Jamf Nation Community

Inject AD Info into Jamf Fields