Inject AD Info into Jamf Fields

sgiesbrecht
Contributor II

Is there a way to inject AD UserID and User Full Name into Jamf Username: field and Full Name: field in the User and Location area? Or do I have to use Extension Attributes?

Jamf 10.25.1

1 ACCEPTED SOLUTION

ThijsX
Valued Contributor

@sgiesbrecht You can run this script once a day or any moment you would like to populate the info into Jamf.

#!/bin/zsh

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

echo "Running recon for $loggedInUser `date`..."

#Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/bin/jamf recon -endUsername $loggedInUser

echo "Finished running recon for $loggedInUser `date`..."

View solution in original post

6 REPLIES 6

joshuasee
Contributor III

That is controlled under Settings | System Settings | LDAP Servers, where AD is a type of LDAP Server. Is that failing for you in some way?

sgiesbrecht
Contributor II

K, got it - it does work. Now I know where to look for additional AD attributes - Thx

Now can it be automatically updated with the Currently logged in user? Don't want to manually update each device

ThijsX
Valued Contributor

@sgiesbrecht You can run this script once a day or any moment you would like to populate the info into Jamf.

#!/bin/zsh

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

echo "Running recon for $loggedInUser `date`..."

#Run recon, submitting the users username which as of 8.61+ can then perform an LDAP lookup
/usr/local/bin/jamf recon -endUsername $loggedInUser

echo "Finished running recon for $loggedInUser `date`..."

sgiesbrecht
Contributor II

Thank you txhaflaire

jmdaul
New Contributor II

@txhaflaire can your script be run once a day to update user's info in Jamf Pro? We currently have an issue where when looking at the computer's inventory record under user info, it shows the correct "username" but the Full Name and Email fields are showing someone else's name. This isn't happening for all users but more than it should be.

We are currently now using DEP enrollment for M1 Macs, and the user authenticates with AD creds during enrollment.

I have a case open with support as something similar happened last year, but we thought because we used to use user-initiated enrollment via the URL, that was the cause, but it seems like there's an issue with our mapping from LDAP to Jamf Pro. It's just confusing because it's not affecting all users.

Bol
Contributor II
Posted: 6/4/2021 at 2:41 PM CDT by jmdaul @txhaflaire can your script be run once a day to update user's info in Jamf Pro? We currently have an issue where when looking at the computer's inventory record under user info, it shows the correct "username" but the Full Name and Email fields are showing someone else's name. This isn't happening for all users but more than it should be. We are currently now using DEP enrollment for M1 Macs, and the user authenticates with AD creds during enrollment. I have a case open with support as something similar happened last year, but we thought because we used to use user-initiated enrollment via the URL, that was the cause, but it seems like there's an issue with our mapping from LDAP to Jamf Pro. It's just confusing because it's not affecting all users.

@jmdaul You might have the answer already but I believe that's to do with how Jamf handles updating blank fields for users.

eg. If the new user has an empty attribute while the existing user has that field filled, when updating the record, it retains the previous users data for that field instead of clearing them.