Need to change a user's username/home folder name to mirror their username in Active Directory

JPTomberlin
New Contributor

Our current environment uses the user name to inject credentials in kerberos for use with Okta. I'm trying to create a script to change the user name / home folder name to mirror their user name in our Active Directory environment.

2 REPLIES 2

AJPinto
Honored Contributor III

Modifying any attribute of a user account can corrupt the account, breaking it entirely. If the user account has a Secure Token, you cannot use CLI to modify any attributes of the account from Jamf as to modify a Secure Token holding account you need an account with a Secure Token which jamf does not have. This does not even get in to bash scripting to gather the information you want and pipe it in to the OS. This is not Windows and PowerShell, macOS is simply not designed to work with AD in the way Windows is so a lot of options simply dont exist. 

 

I suggest looking in to a tool like Jamf Connect that does all this for you when the account is created.

Tangentism
Contributor III

You should set this up when the machine builds that it uses the cloud mapping for the samAccountName as it will cause these issues.

 

To rectify those that have the issue, you can look at Directory Utility when not logged in as the user to carry it out manually.

To do it programmatically use the following command:

dscl . -append /Users/[username] [user record field]

but take in account that the user cannot be logged in so needs to be done at startup or .

I did have a script somewhere (but cant find it atm) as the build process for a customer didnt have the samAccountName in the SSO claim so want populating automatically. The guys building the machines didnt change what it was being populated in the SetUp Assistant so it used the UPN.

The main fields you need to change are:

RecordName
NFSHomeDirectory

Theres several other attributes that I updated which you should do just for good housekeeping. They are all prefixed with dsAttrTypeNative:

Once changed, reboot the machine then get the user to log in.