Local user creation based on machine serial number

Matthew_Ramsay
New Contributor III

Now that we are fully leveraging DEP and PreStage Enrollments in JAMF Pro, and have decided against binding our fleet of MacBook Airs to Active Directory, there was a need to create local accounts for both students and teachers before deploying our new hardware.

The script below will download a copy of a tsv file that contains the following values:
Serial Number
Username
Password
First Name
Last Name
Machine Name
Graduation Year

Once the file is downloaded, the script will find it's own serial number in the list, assign the appropriate variables, create the local user, add them to the specified groups, and then set a value for ARD Field #1 that we use for Smart Groups.

The real benefit is that the list that is used is a Google Sheet that is shared with trusted techs that do not necessarily need access to the JAMF Pro server. This sheet can be constantly updated throughout the year so it is always current, but also retains version history as with all Google documents. You'll need to substitute in your FILEID in the curl command, and the file will have to have link sharing enabled.

I know I use grep to awk in setting a few variables and that it's gross, but I couldn't figure out how to search for a variable in awk. Anyway..it works. Hope this is helpful to someone out there!

#!/bin/bash
#This script will search for a serial number and create the user account
#of the user that is assigned to that serial number.
#Thanks and credit to jhbush for the user creation framework

# === Typically, this is all you need to edit ===

PATHTOSERIALS=/tmp/serials.tsv
curl -o /tmp/serials.tsv -L "http://spreadsheets.google.com/feeds/download/spreadsheets/Export?key=ENTER_GOOGLE_DRIVE_FILE_KEY_HERE&exportFormat=tsv"
LOCALSERIAL=$(system_profiler SPHardwareDataType | awk '/Serial/{print$4}')
USERNAME=$(grep $LOCALSERIAL $PATHTOSERIALS | awk '{print $2}')
FULLNAME=$(grep $LOCALSERIAL $PATHTOSERIALS | awk '{print $4" "$5}')
PASSWORD=$(grep $LOCALSERIAL $PATHTOSERIALS | awk '{print $3}')
MACHINENAME=$(grep $LOCALSERIAL $PATHTOSERIALS | awk '{print $6}')
GRADYEAR=$(grep $LOCALSERIAL $PATHTOSERIALS | awk '{print $7}')


echo Local serial is $LOCALSERIAL
echo Path to serials is $PATHTOSERIALS
echo Username is $USERNAME
echo Full name is $FULLNAME
echo Password is $PASSWORD
echo Machine name is $MACHINENAME
echo Grad year is $GRADYEAR

# A list of (secondary) groups the user should belong to
# This makes the difference between admin and non-admin users.
# Leave only one uncommented
SECONDARY_GROUPS="staff _lpadmin"  # for a non-admin user
#SECONDARY_GROUPS="admin _lpadmin _appserveradm _appserverusr" # for an admin user

# ====
#Check if script is run as root
if [[ $UID -ne 0 ]]; then echo "Please run $0 as root." && exit 1; fi

#Check if local serial number is found in the master list
if grep -q "$LOCALSERIAL" $PATHTOSERIALS
then
    echo "Serial number found.  Let's create the local user."
else
    # code if not found
    echo "Serial number not found in list.  Exiting..."
    exit 0
fi

# Find out the next available user ID
MAXID=$(dscl . -list /Users UniqueID | awk '{print $2}' | sort -ug | tail -1)
USERID=$((MAXID+1))

# Create the user account
dscl . -create /Users/$USERNAME
dscl . -create /Users/$USERNAME UserShell /bin/bash
dscl . -create /Users/$USERNAME RealName "$FULLNAME"
dscl . -create /Users/$USERNAME UniqueID "$USERID"
dscl . -create /Users/$USERNAME PrimaryGroupID 20
dscl . -create /Users/$USERNAME NFSHomeDirectory /Users/$USERNAME
dscl . -append /Users/$USERNAME Picture "/Library/User Pictures/Flowers/Lotus.tif"
dscl . -passwd /Users/$USERNAME $PASSWORD


# Add user to any specified groups
for GROUP in $SECONDARY_GROUPS ; do
    dseditgroup -o edit -t user -a $USERNAME $GROUP
done

#Create the home directory
createhomedir -c -u $USERNAME
echo "Created user #$USERID: $USERNAME ($FULLNAME)"

#Rename computer
scutil --set HostName $MACHINENAME
scutil --set LocalHostName $MACHINENAME
scutil --set ComputerName $MACHINENAME

#Set ARD Field(s) used for Smart Groups
jamf setARDFields -1 $GRADYEAR

#Delete list file from local Machine
rm $PATHTOSERIALS
1 REPLY 1

jesseshipley
Contributor

In case you were curious, the awk solution is

awk -v localserial="$LOCALSERIAL" '$0 ~ localserial {print $2}' $PATHTOSERIALS