Jamf Nation Community

Hmm, that seems a little tricky, at least doing it purely with a Casper policy. Maybe its possible, but what I'd probably do is create both a global LaunchAgent (in /Library/LaunchAgents/) and a LaunchDaemon. The LaunchAgent should only run once per login, at the time any account logs in. It can run a script that checks the logged in user's ID to see if its an AD account. Easy enough in general to do by looking at the UID or by doing an id check on the account, or a dscl command, etc.
Once it sees that an AD account has logged in, it can capture the user account name and send it to a file. That file can be the WatchPath for the LaunchDaemon, so it will get triggered to run. The LaunchDaemon can either run a Casper policy that would rename the Mac according to the user name and other local info, or just do the rename itself in a script. It would also need to clean up the LaunchAgent so it doesn't run again and clean up itself as well.
You could also just leave the LaunchDaemon in place, in case you ever need it again. You'd only need to trigger it by writing into the file its using as the WatchPath, or install the LaunchAgent again.

I'm sure there's a less involved way to do this, and again, there may be some way entirely through a Casper Suite policy and no launchd jobs, but the above is probably how I'd approach the issue.

Oof! Good point by @bentoms If they are being joined to AD as "MacBook".. well, that's going to be ugly. I assume they are binding under that name since you're talking about AD logins. Didn't even think of that. Hmmm.

You are limited to 15 characters.

it's just like mm270

Bind once to AD with fake machine name with Casper , when the user logs in use a LaunchDaemon to trigger a script to get the user name, the unbind from AD, then set the machine name , then rebind in the same script.

You kinda have to time it in the script too as it takes some time to unbind from AD from.

C

the macbooks are being enrolled into casper as "macbook"

we are enrolling macbooks into casper with quick-add in the first run-script. skipping setup assistant. and we have successful binding to our AD via casper policy. (executed on successful enrollment into casper)

This all awesome! Now we just need these macbooks to rename themselves after the first user logs in.

in our previous rollout they got their unique name via DLE script installed at imaging. based on the user created in setup assistant. UID 501 (looking at the script now)

we want to skip setup assistant and just have casper execute a policy that renames the computer based on the first AD user that logs in. So they don't all show up as "macbook air" in casper.

these are for students.

it would be great if we had a seperate policy that did the same thing for staff but also promoted the first AD account that logged in into an admin.

this would be ideal.

we just need the right computer names in the JSS. how the computers show up in AD should be irrelevant?

Oh thats right... if we rename them after the binding we will un-bind them. maybe I need to revise the order of operations.

@TreeMan if you bind 1 Mac as MacBook? & then a second Mac as MacBook the 2nd will overwrite the 1st Mac's computer object due to them having the same name.

You should be setting the name 1st, THEN binding.

how the computers show up in AD should be irrelevant?

Are you sure? When I try to manually bind a Mac to our AD with the same computer name as another record in AD, it asks me if I want to join this Mac to the existing record. How is it that you're binding them all with the same name to AD and not overwriting existing records then?

Rename the machines to the serial number before the first bind.
Bind to AD.
Have a local file that is populated with the desired name on login or startup and an EA than reads this file and returns either TRUE or FALSE is the computername matches.
Create a smart group of the FALSE entries and create a policy for this smart group that runs once per machine (or more often if need be) that does the following.
Unbind and rebind using a script stored in Casper (to make the username & password a little harder to get at) that reads the name from the local file and rebinds with it.
Recon afterwards to remove from the smart group.

We actually have something similar running, although our machine names come for a database so we are reading from that instead.

Now that may just do the trick!