Jamf Nation Community

Millertime · ‎05-16-2012

Greetings!

I'm attempting to query AD for specific attributes of a user, then assign those values to a computer's inventory record. Under 'location' there are 5 different fields available, (I'm omitting Building and Department, since they have to be setup manually in the JSS), and I have mapped them to the appropriate attributes w/in AD. Does anyone know of a way to pull back even more info? Could you possibly leverage an Extension Attribute (maybe through a script that would query AD) to return values?

For instance I have an attribute in AD that would allow me to easily assign the user's Manager to their inventory record. Or another that would allow me to know when their password is going to expire. These are just a few examples off the top of my head.

Thanks!
Bill

bentoms · ‎05-16-2012

Bill, I have a script that queries AD for the currenty logged in users information (job title, telephone number, email etc). Then submits this info to AD.

I've been meaning to upload it to my blog, will do it tonight/tomorrow & will post a link here.

View solution in original post

nkalister · ‎05-16-2012

sure- anything that can be echoed to the command line inside of <result></result> tags can be an extension attribute.
I use extension attributes to track when my user's 802.1x certificates will expire and then notify them 60 days ahead of expiration.

Millertime · ‎05-16-2012

I'm glad to see someone else buyin' what I'm sellin'. Now I just need to figure out how to do it! :)

tks!

mm2270 · ‎05-16-2012

As Nick states, any value that can be returned in a script is fair game for an Extension Attribute, so, as long as you develop a script that would pull the appropriate AD info, you should be able to gather it.
In addition to that, if you're asking if there's a way to have that data populated in the Location section, yes, its possible. The trick is to go into Settings > inventory Options > Inventory Display Preferences > Extension Attributes. There you'll see any EA's you've created with drop down menus next to each. Right now there aren't as many places you can direct them to than I would like, but fortunately "Location" is one of your choices. Change it to that, and now that data will show up in the Location section of the details of a Mac, right alongside all their other "location" info. It will also appear there under Advanced Searches.

bentoms · ‎05-16-2012

Bill, I have a script that queries AD for the currenty logged in users information (job title, telephone number, email etc). Then submits this info to AD.

I've been meaning to upload it to my blog, will do it tonight/tomorrow & will post a link here.

Millertime · ‎05-16-2012

Mike - Great info! I wasn't aware of that, but it'll be nice to have all of that info in one place.

Ben, That's fantastic to hear! If you don't mind, reply to this thread once you've uploaded it. I'd love to give it a shot.

Thanks!

bentoms · ‎05-16-2012

Posted the script here, http://macmule.com/2012/05/16/submit-user-information-from-ad-into-the-jss-at-login/

nkalister · ‎05-16-2012

I use a similar script, though mine recently got a lot smaller when Tlarkin pointed out I could map many of the attributes I had in the script in the LDAP connection configuration on the JSS.

rtrouton · ‎05-16-2012

I've got a similar script, adapted from Ben's original script. I've got a post on it here:

http://derflounder.wordpress.com/2011/12/05/auto-populating-the-location-info-in-the-casper-jss-inve...

tkimpton · ‎05-16-2012

Rich

The URL doesn't work. Are you an Adobe employee? Lol

rtrouton · ‎05-16-2012

Don't know what to tell you there. Link works for me.

bentoms · ‎05-17-2012

Links working & thanks for the credit :)

FYI, the one on my site has some AWK statements & less cut commands so you may want to have a nose Rich.

Millertime · ‎05-17-2012

I can't wait to try this out. Thanks guys! This forum and community ROCKS!

Jamf Nation Community

Need more info from AD!