Local Admin Account Creation (Without Casper) using Script.

Sonuw
New Contributor III

I have created a local admin account using below given script and its working fine for me.

#!/bin/sh
#Creating a new user.
dscl . -create /Users/test6
#Setting users default shell.
dscl . -create /Users/test6 UserShell /bin/bash
#Setting up users Full Name
dscl . -create /Users/test6 RealName TEST6
dscl . -create /Users/test6 UniqueID 512
dscl . -create /Users/test6 PrimaryGroupID 20
dscl . -create /Users/test6 NFSHomeDirectory /Users/test5
dscl . -passwd /Users/test6 123456
dscl . -append /Groups/admin GroupMembership test6

I am not enough knowledgeable in scripting part.
I am looking for solution code for searching next available UniqueID from the system when i run the script.any idea will appreciated.

1 ACCEPTED SOLUTION

rockpapergoat
Contributor III

you could try something like this:

dscl . -list /users UniqueID| sort -n -k 2 | awk '{ field = $NF }; END{ print field }' | xargs -I{} expr {} + 1

View solution in original post

9 REPLIES 9

rockpapergoat
Contributor III

you could try something like this:

dscl . -list /users UniqueID| sort -n -k 2 | awk '{ field = $NF }; END{ print field }' | xargs -I{} expr {} + 1

Sonuw
New Contributor III

@ rockpapergoat, Its working.
Thanks!

Regards,
SonuW

mm2270
Legendary Contributor III

Nate, your solution doesn't seem to account for any cached AD accounts, at least in my case. When I run that I get a UID returned in the AD range, i.e 10 digits long. It should probably only be looking at UIDs between 500 and 1000. Might want account for that, since I don't know if it would be a good idea to create a local admin account with a UID in a directory service range.

I was able to modify it like this and it worked in my case:

dscl . -list /Users UniqueID | sort -n -k 2 | awk '$2 < 1000 { field = $NF }; END{ print field }' | xargs -I{} expr {} + 1

rockpapergoat
Contributor III

mike, that sounds reasonable enough to me.

TheMacGuys
New Contributor III

This is a little different then what I am looking for but maybe you guys have a suggestion.

I would like to create a script that would check to ensure that our local hidden "casper" admin account is present. And if it is not...to add it. Any suggestions?

nessts
Valued Contributor II

check the box that says ensure account exists in the settings of casper would be the most appropriate thing to do i would think.
otherwise use the dscl command to search for your hidden admin account if its not in the list create it.
or being @TheMacGuys are you wanting one of the unix guys to write the script for you :)

TheMacGuys
New Contributor III

Nice.....

Where to look for that little check box would be helpful?

I have a little scripting experience, when I have time I am usually pull off some decent scripts but in my job roll, doing everything, I just don't have time so often I do look for scripting help. As awesome as it is I just can't add one more expertise into my schedule so I have to count on some outside help.....

mm2270
Legendary Contributor III

As @nessts][/url][/url][/url][/url mentioned, use dscl to look for your hidden account. I'm assuming its always named the same thing?

dscl . list /Users | grep ^hiddenadmin$

or if you want to limit the search to only sub 501 UID accounts:

dscl . list /Users UniqueID | awk '$2 < 501 {print $1}' | grep ^hiddenadmin$

Use a test situation to see if it returns a result, and if it doesn't then go about creating it in the rest of the script.
Keep in mind though that you'd be assigning a password for the account in plain text within the script, so just something to note from a security standpoint.
Edit: to get around the above situation, it might actually be better to have the script call a policy that creates the account with a custom trigger, that way the jamf binary is taking care of creating the account and not something coded directly in the script itself.

TheMacGuys
New Contributor III

Very cool guys, thank you very much for the feed back. I am out now for a week..out to MacTech in CA. But I will see if I can muster some time to work on this when I get back.