Jamf Nation Community

BradLines · ‎07-09-2021

I need to make an extension attribute to check for a certain group on our AD. I can list all groups based on user but no luck basing it off computer name. Any ideas?

BradLines · ‎07-16-2021

I got it working! its kinda rudimentary but it does the trick and easy to read for a non-bash scripter

#!/bin/bash

domainName=`echo show com.apple.opendirectoryd.ActiveDirectory |scutil | grep DomainNameFlat | awk '{print $3}'`
if [ $? -ne 0 ]
then
echo "Failed to get domain name, exiting script"
exit 1
fi

if [ -z $domainName ]
then
echo "Failed to get domain name, exiting script"
exit 1
fi

computerName=$(networksetup -getcomputername)
upn=`dscl "/Active Directory/$domainName/All Domains" read "/Groups/NameOfTheGroup" GroupMembership`

inGroup="no"
for u in $upn; do
if [[ "$u" == "$computerName" ]] ; then
inGroup="yes"
break
fi
done

echo "<result>$inGroup</result>"

View solution in original post

daniel_behan · ‎07-14-2021

I have one that lists the Group Membership of users. The trick is the dscl lookup requires a $ sign appended to the end of the computer name.

#!/bin/sh

computer=$( hostname )

Groups=$( dscl /Active\ Directory/<domain>/All\ Domains read /Computers/$computer$ dsAttrTypeNative:memberOf | awk -F"OU" '{ print $1 }' | sed -e 's/CN=//g;s/,$//g;1d' | xargs )

echo "<result>$Groups</result>"

BradLines · ‎07-16-2021