Jamf Nation Community

Mine works fine using the Casper Binding.. Which is basically dsconfigad GUI'd.

AD accounts too.

Can you do a screen grab of where you're setting it?

I've seen this in my environment as well, AD binding but it won't create mobile accounts, instead it creates normal network accounts.

dsconfigad is not working if you bind your system for example with Centrify Express (as we do at the moment). And we have experienced in our setup that it's not working properly.

There is /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount that can perform the same.

The command should be createmobileaccount -nS Username (n=Username S=set home sync off if home created)
We are stuck here as we want to run this on the users first login. Is there a way to fetch the username and pass it to the command?

Thanks for your help.

Hi Everyone,

I have successfully in the past used the built-in binding objects in the JSS to BIND and create mobile AD accounts. I have also used the dsconfigad command and the createmobileaccount command as well. Granted, some of what I did was very limited in testing environments, and no where near tested in a production environment. I have not extensively used ADmitMac or Centrify, but the JSS can create bindings from those products as well. Have you all tried going that route?

Is there a way to fetch the username and pass it to the command?

Yes, there are several ways to detect the current user, and pass it into a command. I have always preferred to test the ownership of /dev/console when doing this. If /dev/console is owned by root, then you are at the login window. If /dev/console is owned by any other user, they are the active user. Now, there may be some logistical issues if another user is connected to a virtual display via screen sharing. There would be technically multiple sessions, or if say you are using Fast-User-Switching. However, I have not fully tested those scenarios.

To test who owns the console I prefer this method:

ls -l /dev/console | awk '{ print $3 }'

Now, in bash we can just add that into an existing command using back ticks or dollar sign and parenthesis. Here is an example I whipped up on my test box here to show how it could work:

#!/bin/bash

message=$(echo "hello $(ls -l /dev/console | awk '{ print $3 }'), would you like some coffee?")

echo ${message}

Here is the output:

$ bash echo_test.sh 
hello tlarkin, would you like some coffee?

So, for your specific command, which I am not familiar with this command line binary, so please - test, test, test, and test some more, would be something like this:

createmobileaccount -nS $(ls -l /dev/console | awk '{ print $3 }')

Now, if you run this as a login script/command you can simply use $3 to return the current user. Casper has three built in positional parameters for scripting, $1 returns the boot volume, $2 returns the computer name and $3 returns the current user. So, in reality, if ran as a login policy you could just run this:

createmobileaccount -nS $3

Reference: https://jamfnation.jamfsoftware.com/article.html?id=146

Hope this helps,

Tom

like alexjdale I have used the commands below on a small group of Macs that were manually bound to AD but the Mobile accounts check was missed. Worked for us on 12 Macs. The JSS does this work for us on everything else during imaging so our scope in using this script was small and done on Mac OS 10.7.3. Good luck
dsconfigad -mobile enable
dsconfigad -mobileconfirm disable

Tom, thank you very much!
I will test this parameters later today with a test installation and let you know the status.

Thanks

Tom, I tested this and a BIG thank you to you...

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $3 is working super fine.

I though that there might be a problem with it due some notes in the Internet that this command return errors.
But all went fine.

This is a great way to configure Mobile accounts (without any sync).
If you need to define any Server to sync to you have to define them!

When I pass this command I get an error that /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount: option requires an argument --n *** error: unknown argument '?'

I am trying to run this command

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $3

as a policy at login. This is on OS 10.10.

Any ideas what I am doing wrong?

Thanks in Advance!

On Yosemite 10.10.2, when I try:

#!/bin/bash

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -nS $(ls -l /dev/console | awk '{ print $3 }')

I get:

*** user name "S" was not found: 0 ((null))

If I run:

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n$(ls -l /dev/console | awk '{ print $3 }') S

It works...

@gpalau, $3 only works for either login/logout policies or Self Service policies run from Casper. Otherwise, it means nothing to bash, so you're better off using ls -l /dev/console | awk '{print $3}' to capture the current user. Its just more portable in the end.