Jamf Nation Community

Treger · ‎09-05-2016

Hey guys,

I don't know if anyone has run into this before but maybe someone knows something that can help.

We recently went through a re-brand at the company, as a result all machines which are bound to AD have display names (locally on the Mac) for the users such as this first.last (LDN-DLK) The new names should look like this first.last (LDN-MLG) as they are in AD. This in most cases would not cause concern but as I am now mapping drives with Casper it is causing the login prompt for the servers to come up with the display name first.last (LDN-DLK) instead of first.last in the server connection login prompt box. If the login on the machine and the AD account match then it displays correctly as first.last and the user can type in their password and away they go.

This does not affect anything else for login, email etc. It is just the login prompt box for the Casper map drive. I have used a Config profile to deploy the Shares and they are mapped via AFP. Does anyone know a way to update the user display name on the Mac so that it matches AD or maybe to get Casper to pull the right creds with the Config Profile?

talkingmoose · ‎09-06-2016

To answer your "else", "endif" or other question, you'd start the entire set of conditional statements with "if" and end the entire set of conditional statements with "fi". For each "if" in the middle, you'd use "elif".

if foo; then
    bar
elif foo2; then
    bar2
elif foo3; then
    bar3
else
    baloney sandwich
fi

However, now that you're adding multiple conditional statements, it makes a lot more sense to look up the display name in Active Directory to keep the script efficient.

You'll need to substitute the NETBIOSDOMAIN name with your own network's NetBIOS domain name. The below script is untested.

#!/bin/sh

# get local usernames above 500
userList=$( dscl /Local/Default -list /Users uid | awk '$2 >= 501 { print $1; }' )

#recurse through the user list
while IFS= read aUser
do
    # get the display name of the user account
    currentDisplayname=$( id -F "$aUser" )

    # look up the display name in Active Directory
    newDisplayname=$( dscl "/Active Directory/NETBIOSDOMAIN/All Domains/" read "/Users/$aUser" RealName | tail -n 1 | xargs )

    # write the new full name back to the user record
    dscl . change "/Users/$aUser" RealName "$currentDisplayname" "$newDisplayname"
done <<< "$userList"

exit 0

View solution in original post

Treger · ‎09-07-2016

If I added this:

#!/bin/sh
userList=$( dscl /Local/Default -list /Users uid | awk '$2 >= 501 { print $1; }' ) | grep -v administrator )

Would that work? and if so is it case sensitive?

View solution in original post

talkingmoose · ‎09-05-2016

Add the following script to your JSS and then create a policy to run it Once Per Computer where you need to change names. It will recurse through all user accounts above 500 and change "LDN-DLK" to "LDN-MLG" in their full names.

Please be sure to TEST TEST TEST!

#!/bin/sh

# get local usernames above 500
userList=$( dscl /Local/Default -list /Users uid | awk '$2 >= 501 { print $1; }' )

#recurse through the user list
while IFS= read aUser
do
    # get the full name of a user account
    currentUsername=$( id -F "$aUser" )

    # if the full name contains "LDN-DLK"
    if [[ "$currentUsername" = *LDN-DLK* ]]; then

        # substitute "LDN-DLK" with "LDN-MLG" in the full name
        newUsername=$( echo "$currentUsername" | sed 's/LDN-DLK/LDN-MLG/' )

        # write the new full name back to the user record
        dscl . change "/Users/$aUser" RealName "$currentUsername" "$newUsername"
    fi
done <<< "$userList"

exit 0

Treger · ‎09-06-2016

Thanks @talkingmoose, I will definitely give this a go, however there are multiple business units, is there a way to pull the actual AD Display name? if not I have to just customise for each unit and then find a way to deploy it so that it amends each user correctly...?

Treger · ‎09-06-2016

If I replicate this part and update it with the additional containers will it work of do I need to add "else" "endif" or other parameters in-between to get it to roll through the user list correctly?

#!/bin/sh

 # if the full name contains "LDN-DLK"
    if [[ "$currentUsername" = *LDN-DLK* ]]; then

        # substitute "LDN-DLK" with "LDN-MLG" in the full name
        newUsername=$( echo "$currentUsername" | sed 's/LDN-DLK/LDN-MLG/' )

        # write the new full name back to the user record
        dscl . change "/Users/$aUser" RealName "$currentUsername" "$newUsername"
    fi

Treger · ‎09-06-2016

e.g:

#!/bin/sh

# get local usernames above 500
userList=$( dscl /Local/Default -list /Users uid | awk '$2 >= 501 { print $1; }' )

#recurse through the user list
while IFS= read aUser
do
    # get the full name of a user account
    currentUsername=$( id -F "$aUser" )

    # if the full name contains "LDN-DLK"
    if [[ "$currentUsername" = *LDN-DLK* ]]; then

        # substitute "LDN-DLK" with "LDN-MLW" in the full name
        newUsername=$( echo "$currentUsername" | sed 's/LDN-DLK/LDN-MLW/' )

        # write the new full name back to the user record
        dscl . change "/Users/$aUser" RealName "$currentUsername" "$newUsername"
    fi

    #if the full name contains "LDN-LWW"
    if [[ "$currentUsername" = *LDN-LWW* ]]; then

        # substitute "LDN-LWW" with "LDN-MLG" in the full name
        newUsername=$( echo "$currentUsername" | sed 's/LDN-LWW/LDN-MLG/' )

        # write the new full name back to the user record
        dscl . change "/Users/$aUser" RealName "$currentUsername" "$newUsername"
    fi

    #if the full name contains "LDN-LPR"
    if [[ "$currentUsername" = *LDN-LPR* ]]; then

        # substitute "LDN-LPR" with "LDN-MLP" in the full name
        newUsername=$( echo "$currentUsername" | sed 's/LDN-LPR/LDN-MLP/' )

        # write the new full name back to the user record
        dscl . change "/Users/$aUser" RealName "$currentUsername" "$newUsername"
    fi

    #if the full name contains "LDN-OPN"
    if [[ "$currentUsername" = *LDN-OPN* ]]; then

        # substitute "LDN-OPN" with "LDN-MLO" in the full name
        newUsername=$( echo "$currentUsername" | sed 's/LDN-OPN/LDN-MLO/' )

        # write the new full name back to the user record
        dscl . change "/Users/$aUser" RealName "$currentUsername" "$newUsername"
    fi


done <<< "$userList"

exit 0

talkingmoose · ‎09-06-2016

To answer your "else", "endif" or other question, you'd start the entire set of conditional statements with "if" and end the entire set of conditional statements with "fi". For each "if" in the middle, you'd use "elif".

if foo; then
    bar
elif foo2; then
    bar2
elif foo3; then
    bar3
else
    baloney sandwich
fi

However, now that you're adding multiple conditional statements, it makes a lot more sense to look up the display name in Active Directory to keep the script efficient.

You'll need to substitute the NETBIOSDOMAIN name with your own network's NetBIOS domain name. The below script is untested.

#!/bin/sh

# get local usernames above 500
userList=$( dscl /Local/Default -list /Users uid | awk '$2 >= 501 { print $1; }' )

#recurse through the user list
while IFS= read aUser
do
    # get the display name of the user account
    currentDisplayname=$( id -F "$aUser" )

    # look up the display name in Active Directory
    newDisplayname=$( dscl "/Active Directory/NETBIOSDOMAIN/All Domains/" read "/Users/$aUser" RealName | tail -n 1 | xargs )

    # write the new full name back to the user record
    dscl . change "/Users/$aUser" RealName "$currentDisplayname" "$newDisplayname"
done <<< "$userList"

exit 0

talkingmoose · ‎09-06-2016

FYI, if you receive this script in email, refer to the script in the post online. I've made changes.

Treger · ‎09-07-2016

@talkingmoose that works perfectly!!! However if is Converting the Local Admin account to RealName: Administrator is there a way to skip that??

Thanks for the info on Else Elif etc, I have got myself a book now so hopefully I can have a go at this and stop asking annoying questions about basic scripting...

Treger · ‎09-07-2016

If I added this:

#!/bin/sh
userList=$( dscl /Local/Default -list /Users uid | awk '$2 >= 501 { print $1; }' ) | grep -v administrator )

Would that work? and if so is it case sensitive?

Treger · ‎09-07-2016

Ok... sorry for the spamming, thought I would give that a go anyways, I could just re-image the machine if I screwed it up completely... It did work and it is case sensitive. Do you know how I would add another account after that? I have another local admin for the Studio that I would exclude but I have no idea how I would go about adding that on top of local admin...?

talkingmoose · ‎09-07-2016

As you've probably guessed, the issue with "administrator" is you're using that name as a local admin account, but it also happens to be the default name of the administrator account for Active Directory.

Best practice would be to avoid duplicating names for local accounts that already existing in your directory. That's why "ladmin" for "local administrator" is a popular name.

To skip "administrator" in the script, add this just after the "do" line:

    if [ "$aUser" = "administrator" ]; then
        continue
    fi

I haven't tested this in the full context of the script.

Jamf Nation Community

Login Display Name