Jamf Nation Community

@ rockpapergoat, Its working.
Thanks!

Regards,
SonuW

Nate, your solution doesn't seem to account for any cached AD accounts, at least in my case. When I run that I get a UID returned in the AD range, i.e 10 digits long. It should probably only be looking at UIDs between 500 and 1000. Might want account for that, since I don't know if it would be a good idea to create a local admin account with a UID in a directory service range.

I was able to modify it like this and it worked in my case:

dscl . -list /Users UniqueID | sort -n -k 2 | awk '$2 < 1000 { field = $NF }; END{ print field }' | xargs -I{} expr {} + 1

mike, that sounds reasonable enough to me.

This is a little different then what I am looking for but maybe you guys have a suggestion.

I would like to create a script that would check to ensure that our local hidden "casper" admin account is present. And if it is not...to add it. Any suggestions?

check the box that says ensure account exists in the settings of casper would be the most appropriate thing to do i would think.
otherwise use the dscl command to search for your hidden admin account if its not in the list create it.
or being @TheMacGuys are you wanting one of the unix guys to write the script for you :)

Nice.....

Where to look for that little check box would be helpful?

I have a little scripting experience, when I have time I am usually pull off some decent scripts but in my job roll, doing everything, I just don't have time so often I do look for scripting help. As awesome as it is I just can't add one more expertise into my schedule so I have to count on some outside help.....

As @nessts][/url][/url][/url][/url mentioned, use dscl to look for your hidden account. I'm assuming its always named the same thing?

dscl . list /Users | grep ^hiddenadmin$

or if you want to limit the search to only sub 501 UID accounts:

dscl . list /Users UniqueID | awk '$2 < 501 {print $1}' | grep ^hiddenadmin$

Use a test situation to see if it returns a result, and if it doesn't then go about creating it in the rest of the script.
Keep in mind though that you'd be assigning a password for the account in plain text within the script, so just something to note from a security standpoint.
Edit: to get around the above situation, it might actually be better to have the script call a policy that creates the account with a custom trigger, that way the jamf binary is taking care of creating the account and not something coded directly in the script itself.

Very cool guys, thank you very much for the feed back. I am out now for a week..out to MacTech in CA. But I will see if I can muster some time to work on this when I get back.