Renaming Computers with DEP enrollment

marc_littlejohn
New Contributor II

Hi

So the school I work at we are 1:1 with Mac Book Airs and we use DEP to enroll our devices

When a device is enrolled via DEP it is named "Name's MacBook Air"

Normally our device name scheme is mb-username for example mb-jbloggs

What would be the eaisest way via a policy or script to automatically rename these devices after DEP enrollment?

9 REPLIES 9

agetz
Contributor

There are actually a couple different ways. We were working on the same thing with our new deployment and actually opted to use the target disk imaging process for naming since we could just populate with a CSV file. I was able to get DEP naming to working with a policy that had a script tied to it. You can use the Apple method using scutil or the jamf method, both examples below. The jamf command seems to be iffy based on what Ive read in the forums so I would recommend the Apple method. The Jamf example is one I pulled from another discussion so it may need some tweaking to work. Hope this helps.

#!/bin/sh

serial="$(ioreg -l | grep IOPlatformSerialNumber | sed -e 's/.*"(.*)"/1/')"
scutil --set HostName M$serial
scutil --set LocalHostName M$serial
scutil --set ComputerName M$serial
$JAMF setComputerName --useSerialNumber

agetz
Contributor

This should accomplish what you are after.

#!/bin/bash

# grab current user
curUser=`ls -l /dev/console | cut -d " " -f 4`

scutil --set HostName mb-$curUser
scutil --set LocalHostName mb-$curUser
scutil --set ComputerName mb-$curUser

msjgc
New Contributor II

Works a treat, thank you :)

MatG
Contributor III

Just found this thread, battling with the same issue!

At DEP we authenticate against AD, this also binds to AD. At that point the Computer ID is Mats MacBook.

On enrolment we run a script to set Mac name based up location and serial, but as the Mac is already bound to AD the Computer ID does not get updated. So we have tried to unbind, run host script and rebind but still the Computer ID and JAMF is saying Mats MacBook.

TTG
Contributor
Contributor

In case you would like to use a CSV file for it...

https://github.com/TravellingTechGuy/renameMacCSV.

ndeangelis
New Contributor III

@MatG How are you setting the location variable? Can you share your script?

MatG
Contributor III

Hello,

we use a script that looks very complex, but the hostname is a country code and partial serial.

I'll sanitise the script a little for confidentiality and post.

MatG
Contributor III

Here we go, it grabs a CSV downloads and uses that.

Note that these are set
/usr/sbin/scutil --set ComputerName $HOSTNAME
/usr/sbin/scutil --set HostName $HOSTNAME
/usr/sbin/scutil --set LocalHostName $HOSTNAME

#!/bin/sh


####################################################
## Set the system hostname using country code plus serial number
####################################################
DOMAIN_NAME="yourAD.com"
DOMAIN_DN="dc=DOMAIN,dc=com"
SITEMAPURL="URL TO CSV of SITEMAP"

# The DN and password of an AD user account. Any acccount will do
USERDN='USERNAME'
USERPASS='PASSWORD'

# The DN of your sites container.
SITESDN='CN=Subnets,CN=Sites,CN=Configuration,dc=DOMAIN,dc=com'

# Figure out our primary IP address and subnet mask
NETDEVICE=$(printf "get State:/Network/Global/IPv4
d.show
quit" |scutil|grep PrimaryInterface|awk {'print $3'})
IPADDR=$(ipconfig getifaddr $NETDEVICE|tr -d "
")
NETMASK=$(ipconfig getpacket $NETDEVICE|grep subnet_mask|awk {'print $3'}|tr -d "
")

# Find a DC we can talk to
DCS=(`dig -t SRV _ldap._tcp.domain.com|awk {'print $8'}|grep -e '.$'|perl -pe 's/
/ /g'`)

for i in ${DCS[@]}
do
    ping -t 1 $i > /dev/null 2>&1 
    if [ $? -eq 0 ]
    then
        DC=$i
        break
    fi
done

if [ "$DC" == "" ]
then
    logger -t "Your_MacSetup" "Couldn't find a domain controller to do a site lookup. Exiting..."
    exit 1
fi

#echo "Using DC ${DC}"
## Added the following updated site lookup logic
## Should be much more resilient than what was previously used.

# Here's all of the possible values in a subnet mask octet
MASKVALS=("255" "254" "252" "248" "240" "224" "192" "128" "0")
MASK1VALUES=()
MASK2VALUES=()
MASK3VALUES=()
MASK4VALUES=()
LASTSEARCH=""
MYSITE=""

# Break up the subnesk mask into octet values
MASK1=`echo ${NETMASK} | sed 's/(.*).(.*).(.*).(.*)/1/'`
MASK2=`echo ${NETMASK} | sed 's/(.*).(.*).(.*).(.*)/2/'`
MASK3=`echo ${NETMASK} | sed 's/(.*).(.*).(.*).(.*)/3/'`
MASK4=`echo ${NETMASK} | sed 's/(.*).(.*).(.*).(.*)/4/'`


getSite() {
    # Use subnet mask to get our mask
    if [ "$MYSITE" != "" ]
    then
        # If we get here, stop since we've already done a successful site lookup
        return
    fi  
    LOCALMASK1=`echo ${2} | sed 's/(.*).(.*).(.*).(.*)/1/'`
    LOCALMASK2=`echo ${2} | sed 's/(.*).(.*).(.*).(.*)/2/'`
    LOCALMASK3=`echo ${2} | sed 's/(.*).(.*).(.*).(.*)/3/'`
    LOCALMASK4=`echo ${2} | sed 's/(.*).(.*).(.*).(.*)/4/'`

    # Do some binary math to start getting the piece after the / in the CIDR address
    BM1=$(echo "obase=2; ${LOCALMASK1}" | bc |sed 's/0.*$//' |tr -d "
" | wc -m|sed 's/ //g')
    BM2=$(echo "obase=2; ${LOCALMASK2}" | bc |sed 's/0.*$//' |tr -d "
" | wc -m|sed 's/ //g')
    BM3=$(echo "obase=2; ${LOCALMASK3}" | bc |sed 's/0.*$//' |tr -d "
" | wc -m|sed 's/ //g')
    BM4=$(echo "obase=2; ${LOCALMASK4}" | bc |sed 's/0.*$//' |tr -d "
" | wc -m|sed 's/ //g')

    # Add up the above and you get your mask
    MASK=$(( BM1 + BM2 + BM3 + BM4 ))

    # Now do the IP piece
    IFS=. read -r i1 i2 i3 i4 <<< "$1"
    IFS=. read -r m1 m2 m3 m4 <<< "$2"
    CIDRADDR=$(printf "%d.%d.%d.%d/$MASK
" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")

    # This keeps us from checking a duplicate which we may do in some cases
    if [ "$CIDRADDR" != "$LASTSEARCH" ]
    then
        LASTSEARCH=${CIDRADDR}
        logger -t "AZ_MacSetup" "Doing site lookup with ${CIDRADDR}"
        # Try doing a site lookup with the CIDR notation IP and mask from above
        MYSITERAW=`ldapsearch -h "${DC}" -x -D "${USERDN}" -w "${USERPASS}" -b "${SITESDN}" "(cn=${CIDRADDR})"|grep siteObject`
        if [ $? -eq 0 ]
        then
            # It worked!
            MYSITE=$(echo ${MYSITERAW} | sed -e 's/siteObject: //' -e 's/,.*//' -e 's/CN=//')
        fi
    fi
}

# Here's where we start searching
#
# Build an array of subnet masks we need to search
# We'll end up with an array of subnet masks that match ours and are less restrictive
for i in "${MASKVALS[@]}"
do
    if [ $MASK1 -ge $i ]
    then
        MASK1VALUES+=("$i")
    fi  
    if [ $MASK2 -ge $i ]
    then
        MASK2VALUES+=("$i")
    fi
    if [ $MASK3 -ge $i ]
    then
        MASK3VALUES+=("$i")
    fi
    if [ $MASK4 -ge $i ]
    then
        MASK4VALUES+=("$i")
    fi
done

# Now go by octets, from last to first, and do site lookups.
# Octet 4
for i in "${MASK4VALUES[@]}" 
do
    getSite $IPADDR "${MASK1VALUES[0]}.${MASK2VALUES[0]}.${MASK3VALUES[0]}.${i}"
done

# Octet 3
for i in "${MASK3VALUES[@]}" 
do
    getSite $IPADDR "${MASK1VALUES[0]}.${MASK2VALUES[0]}.${i}.0"
done
# Octet 2
for i in "${MASK2VALUES[@]}" 
do
    getSite $IPADDR "${MASK1VALUES[0]}.${i}.0.0"
done

# Get the sitemap file from a web server and put it in /tmp
curl $SITEMAPURL > /tmp/sitemap.csv

if [ "$MYSITE" == "" ]
then
    logger -t "AZ_MacSetup" "Site lookup failed for $IPADDR"
    exit 1
fi

# Get the GEO and physical location from the sitemap file using the site lookup info
GEO=$(grep -i -m1 $MYSITE /tmp/sitemap.csv | awk -F "","" {'print $2'} | sed 's/"//g')
MYOU=$(grep -i -m1 $MYSITE /tmp/sitemap.csv | awk -F "","" {'print $3'} | sed 's/"//g')
COUNTRY=$(echo $MYSITE | cut -c 1-2)

# Log what we found
logger -t "AZ_MacSetup" "Your IP address is $IPADDR"
logger -t "AZ_MacSetup" "Your site is $MYSITE"
logger -t "AZ_MacSetup" "Your GEO is $GEO"
logger -t "AZ_MacSetup" "Your OU is $MYOU"
logger -t "AZ_MacSetup" "Naming your computer `echo ${MYSITE} | tr "[:upper:]" "[:lower:]" | cut -c 1-2``system_profiler SPHardwareDataType|grep 'Serial Number (system):'|awk {'print $4'} | tr "[:upper:]" "[:lower:]"`."

# Generate and set a host name
HOSTNAME=`echo ${MYSITE} | tr "[:upper:]" "[:lower:]" | cut -c 1-2``system_profiler SPHardwareDataType|grep 'Serial Number (system):'|awk {'print $4'} | tr "[:upper:]" "[:lower:]"`
/usr/sbin/scutil --set ComputerName $HOSTNAME
/usr/sbin/scutil --set HostName $HOSTNAME
/usr/sbin/scutil --set LocalHostName $HOSTNAME
logger -t "AZ_MacSetup" "Your system is now named $HOSTNAME"

# Write out the OU we'll be using for AD to a file in /tmp
echo $MYOU > /tmp/ou.txt

sleep 2
####################################################
## Use the legacy binary if running on < 10.5 
####################################################
#os_version=$(system_profiler SPSoftwareDataType -xml | grep -A 2 'os_version</key>' | grep -o 'OS X [0-9]+.[0-9]+' | grep -o '[0-9]+.[0-9]+')
#major_version=$(echo $os_version | grep -o '[0-9]+.' | grep -o '[0-9]+')
#minor_version=$(echo $os_version | grep -o '.[0-9]+' | grep -o '[0-9]+')
#if [ $major_version -lt 10 ] || [ $major_version -eq 10 -a $minor_version -lt 7 ];then
#   /bin/rm /usr/sbin/jamf
#   /bin/mv /usr/sbin/jamf2 /usr/sbin/jamf
#   /bin/chmod +x /usr/sbin/jamf
#else
#   /bin/rm /usr/sbin/jamf2
#fi



####################################################
## Make sure we can talk to the JSS. Quit and throw an error if we can't.
####################################################
# /usr/sbin/jamf checkJSSConnection
# if [ $? -ne 0 ]
# then
# logger -t "AZ_MacSetup" "Couldn't connect to the Casper JSS."
# osascript -e "display dialog "There was a problem connecting to the Casper JSS. Please call the AZ help desk." buttons "OK""
## Turn off AD debug logging
odutil set log default
exit 1
fi


sleep 10

exit 0

ctarbox
Contributor II

@fabeloos I followed your posted link: https://github.com/TravellingTechGuy/renameMacCSV and really like this script using curl. I have everything set up and working fine, except running into an issue with the AD Bind having a client ID of 'no name'. It's not picking up the assettag name I've set. Not sure if this is a timing thing with the policy. I've tried the Directory bind in it's own policy and as a payload in the renameMacCSV policy, but get the same results each time. I am not using any authentication within the Pre-Stage Enrollment. Should I be?

If I unbind, then rebind the client, the assettag does indeed populate the Computer ID field in Directory Utility.

Cheryl