Jamf binary's deleteAccount not working from launchdaemon

Question

I'm trying to complete a script run by a launchdaemon to delete a specific account if it is over X hours old. I started with Sean Rabbit's similar script here. But drifted away as I didn't need all that.

I've tried "dscl -delete" and "sysadminctl -deleteUser" but they just convert the account to a standard user.

I'm now trying to use "jamf deleteAccount" but it doesn't even seem to run (log created, but nothing in it).

In all three cases the script works fine when run with sudo, and it's my understanding that /Library/LaunchDaemons/ are run as root?

#!/bin/bash
# Some Variables
jamfBinary="/usr/local/bin/jamf"
user="eucadmin"
ageLimit=5 #in minutes
    ageLimit=$((ageLimit * 60))
currentTime=$(date +%s)

#list users and if our target is on the machine check its admin and then if it's too old delete it
users=$(/usr/bin/dscl . list /Users)
if echo "$users" | /usr/bin/grep -wq "$user" && groups eucadmin | grep -qw admin;then
    userCreateTime=$(/usr/bin/dscl . -readpl /Users/$user accountPolicyData creationTime | /usr/bin/awk '{ print $NF }')
    userCreateTime=$( /usr/bin/printf "%.0f" "$userCreateTime" ) ### convert the userCreateTime to an integer   
    userAge=$(( currentTime - userCreateTime ))
    if (( userAge > ageLimit ));then
#        /usr/bin/dscl . -delete "/Users/$user"
#       First tried dscl, but left account as standard
#       Notes: First tried dscl, error that it couldn't delete home because of something in pictures, so delete pictures first
#        if [ -e /Users/$user ];then
#            rm -rf /Users/$user/Pictures
#            rm -rf /Users/$user
#        fi
#       Note - Tried sysadminctl, but also left account as standard
#      sysadminctl -deleteUser "$user"
#      Finally trying Jamf binary, but it doesn't even seem to run.
       $JAMF_BINARY deleteAccount -username $user -deleteHomeDirector
        echo "Attempted to delete $user"
        echo "running recon"
#        $jamfBinary recon   
    fi
else  
    echo "$user doesn't exist, exiting"
fi
exit

And the launchdaemon which I know works at least... (installed in /Library/LaunchDaemon

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ice.jit_purge</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/ice_jit_purge.sh</string>
</array>
<key>StartInterval</key>
<integer>300</integer>
<key>StandardErrorPath</key>
<string>/var/log/ice_jit_purge.log</string>
<key>StandardOutPath</key>
<string>/var/log/ice_jit_purge.log</string>
<key>Debug</key>
<true/>
</dict>
</plist>

cwaldrip · Accepted Answer

And it looks like the Jamf deleteAccount command, running from my script started by a launchdaemon, does delete the account from the machine. Still curious why dscl and sysadminctl wouldn't delete the account.

cwaldrip · Answer

Discovered that some latter was preventing the shell script from being executed, but after clearing that the dscl and sysadminctl still can't delete the account, just convert it to standard. Also fixed my jamfBinary variable.

Jamf binary's deleteAccount not working from launchdaemon

2 replies

Reply

Most helpful members this week

Cookie policy

Cookie settings

Reply

Related topics

LaunchDeamon for Kerberos SSOicon

Apple Software Updates not working from home.icon

Restarting the Jamf binary when Macs stopping checking inicon

grep command not working through Policies: Worked from Jamf Remote for many years.icon

Scripting help needed - launchdaemonicon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings