Just wondering if anyone has come up with an extension attribute for Intune integration. Looking to use a smart group to keep track of devices (or users) not yet enrolled in intune.
Page 2 / 2
hey,
try this. Levi forgot to add quotes around the file path 
And I adjusted the way to get the current user as the command above also showed other users logged in.
#!/bin/sh
loggedInUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
AADUSERID="$(/usr/libexec/PlistBuddy -c Print "/Users/$loggedInUser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info" | grep aadUserId | cut -d '=' -f2 | xargs)"
if [[ "${AADUSERID}" == "" ]] ;
then
/bin/echo "<result>None</result>"
else
/bin/echo "<result>${AADUSERID}</result>"
fi
exit 0
For me the already given methods for getting the logged in user were still pulling the wrong username, so the script always returned "none".
The one I use is this one:
loggedInUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ { print $3 }')Given as the recommended method in this JNUC 2020 Scripting Best practices presentation
https://www.youtube.com/watch?v=L6sabMTyQV8
For me the already given methods for getting the logged in user were still pulling the wrong username, so the script always returned "none".
The one I use is this one:
loggedInUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ { print $3 }')Given as the recommended method in this JNUC 2020 Scripting Best practices presentation
Thank you, this is successful, and yes using the "scutil" is the way to go for loggedInUser....
Just wondering, I am getting the following result instead on "None":
"File Doesn't Exist, Will Create: /Users/_mbsetupuser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info"
Once one AAD Registers (In Self Service, and a recon), the EA is updated with the users AAD ID, as expected.
Returning "None" if the AAD / Intune Registration has not happened, would be nice....(so I think something may be missing / awry?)
Also, anyone have any ideas with guiding users to Self Service and performing the Intune Registration Install, using Jamf Helper notification right now....Much thanks in advance...
Thank you, this is successful, and yes using the "scutil" is the way to go for loggedInUser....
Just wondering, I am getting the following result instead on "None":
"File Doesn't Exist, Will Create: /Users/_mbsetupuser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info"
Once one AAD Registers (In Self Service, and a recon), the EA is updated with the users AAD ID, as expected.
Returning "None" if the AAD / Intune Registration has not happened, would be nice....(so I think something may be missing / awry?)
Also, anyone have any ideas with guiding users to Self Service and performing the Intune Registration Install, using Jamf Helper notification right now....Much thanks in advance...
I guess there are a number of ways you could implement this. We have a fairly dumb policy that runs a script. We can then run that policy Once a day, Once a week etc. I'm sure there are smarter ways of determining the frequency it should run at, basing it on Smart Groups or enhancing the script and using a launch daemon.
This is the script:
#!/bin/bash
# Define Variables
brandIcon="/Library/Application Support/JAMF/Jamf.app/Contents/Resources/AppIcon.icns"
policyID="91"
#get logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name 
&& ! /loginwindow/ { print $3 }' )
answer=$( osascript << EOF
button returned of (display dialog "Please finish setting up your computer by running the Device Compliance Registration. You will not have full access to company resources until you have completed this registration. Click OK to get started!" buttons {"OK"} default button 1 with icon POSIX file "$brandIcon")
EOF
)
echo "$answer"
if [[ $answer -eq "OK" ]]; then
su "$loggedInUser" -c "killall Self\\ Service"
su "$loggedInUser" -c "open \\"jamfselfservice://content?entity=policy&id=$policyID&action=view\\""
fiThis will close Self Service if open and then re-open it straight to the Self Service policy that actually performs the registration. In this example, Policy ID 91.
@Keav Excellent, looks very nice, will give this a try. Thank you!
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.