Help

macOS & Active Directory // How to append text to description field with bash?

Go to solution
adardano
New Contributor

Posted on ‎06-27-2018 08:36 AM

Good morning.

My institution is moving forward with migrating among domains. I came across this idea to see if I could take all existing Macs from our existing domain, and upon re-binding them to the new one, append text to the description field with a Shell Script. I'm unable to move the existing objects, I must re-bind.

I already have configuration profiles in place, but if anyone has any idea with how I can reference the description fields, any help would be appreciated.

Effectively, I'm looking for what was already done in this PowerShell article:

http://woshub.com/how-automatically-fill-computer-description-field-in-active-directory/

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
signetmac
Contributor

Posted on ‎06-27-2018 11:24 AM

You'd have to figure out what the dscl path is in your own environment. Here's mine:

ELV_ACCT=    # your Active Directory elevated account name here
PASS=        # may I recommend this workflow here: https://github.com/jamfit/Encrypted-Script-Parameters
DOMAIN=      # your domain here
COMPUTER=    # name of the computer you whose record you are altering
DESCRIPTION= # text you want to put in the Description field

dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -append /Computers/${COMPUTER}$ Comment "$DESCRIPTION"

Note: this won't work if you already have a description in the field. Obviously this isn't an issue if you've just bound the computer in the same script, but If the description on the record of an already existing computer is immaterial, then precede it with a delete of the Comment attrib:

dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -delete /Computers/${COMPUTER}$ Comment

View solution in original post

2 REPLIES 2

Go to solution
adardano
New Contributor

Posted on ‎06-27-2018 11:23 AM

So far, I've figured out the command(s) which successfully append and delete descriptions [comments] from an active directory object:

dscl -u <AD username with permissions here> "/Active Directory/<Domain>/<subDomain>" -append /Computers/<RecordName> Comment <Insert Description here>

dscl -u <AD username with permissions here> "/Active Directory/<Domain>/<subDomain>" -delete /Computers/<RecordName> Comment

My next question would be: Is it possible to run this script without having to manually insert credentials?

0 Kudos

Go to solution
signetmac
Contributor

Posted on ‎06-27-2018 11:24 AM

You'd have to figure out what the dscl path is in your own environment. Here's mine:

ELV_ACCT=    # your Active Directory elevated account name here
PASS=        # may I recommend this workflow here: https://github.com/jamfit/Encrypted-Script-Parameters
DOMAIN=      # your domain here
COMPUTER=    # name of the computer you whose record you are altering
DESCRIPTION= # text you want to put in the Description field

dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -append /Computers/${COMPUTER}$ Comment "$DESCRIPTION"

Note: this won't work if you already have a description in the field. Obviously this isn't an issue if you've just bound the computer in the same script, but If the description on the record of an already existing computer is immaterial, then precede it with a delete of the Comment attrib:

dscl -u $ELV_ACCT -P $PASS "/Active Directory/$DOMAIN/All Domains/" -delete /Computers/${COMPUTER}$ Comment