- Jamf Nation Community
- Products
- Jamf Pro
- macOS & Active Directory // How to append text to ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-27-2018 08:36 AM
Good morning.
My institution is moving forward with migrating among domains. I came across this idea to see if I could take all existing Macs from our existing domain, and upon re-binding them to the new one, append text to the description field with a Shell Script. I'm unable to move the existing objects, I must re-bind.
I already have configuration profiles in place, but if anyone has any idea with how I can reference the description fields, any help would be appreciated.
Effectively, I'm looking for what was already done in this PowerShell article:
http://woshub.com/how-automatically-fill-computer-description-field-in-active-directory/
Solved! Go to Solution.
Labels:
- Labels:
-
Imaging
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-27-2018 11:24 AM
You'd have to figure out what the dscl path is in your own environment. Here's mine:
ELV_ACCT= # your Active Directory elevated account name here
PASS= # may I recommend this workflow here: https://github.com/jamfit/Encrypted-Script-Parameters
DOMAIN= # your domain here
COMPUTER= # name of the computer you whose record you are altering
DESCRIPTION= # text you want to put in the Description field
dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -append /Computers/${COMPUTER}$ Comment "$DESCRIPTION"Note: this won't work if you already have a description in the field. Obviously this isn't an issue if you've just bound the computer in the same script, but If the description on the record of an already existing computer is immaterial, then precede it with a delete of the Comment attrib:
dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -delete /Computers/${COMPUTER}$ Comment
Reply
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-27-2018 11:23 AM
So far, I've figured out the command(s) which successfully append and delete descriptions [comments] from an active directory object:
dscl -u <AD username with permissions here> "/Active Directory/<Domain>/<subDomain>" -append /Computers/<RecordName> Comment <Insert Description here>
dscl -u <AD username with permissions here> "/Active Directory/<Domain>/<subDomain>" -delete /Computers/<RecordName> Comment
My next question would be: Is it possible to run this script without having to manually insert credentials?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-27-2018 11:24 AM
You'd have to figure out what the dscl path is in your own environment. Here's mine:
ELV_ACCT= # your Active Directory elevated account name here
PASS= # may I recommend this workflow here: https://github.com/jamfit/Encrypted-Script-Parameters
DOMAIN= # your domain here
COMPUTER= # name of the computer you whose record you are altering
DESCRIPTION= # text you want to put in the Description field
dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -append /Computers/${COMPUTER}$ Comment "$DESCRIPTION"Note: this won't work if you already have a description in the field. Obviously this isn't an issue if you've just bound the computer in the same script, but If the description on the record of an already existing computer is immaterial, then precede it with a delete of the Comment attrib:
dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -delete /Computers/${COMPUTER}$ Comment
Reply
