Posted on 02-18-2020 09:51 AM
We need to bind our machines to specific OUs based on location and whether it's a laptop or desktop. I wrote (read: adapted from other scripts) this script up, but my scripting skills are pretty bad, would someone take a look at it and see if my logic/syntax is correct?
basically it looks if the device is a laptop and if so looks at the host name to determine location, then binds to location a or location b. if not a MacBook then bind to location c or d, via jamf policy triggers.
Is there a cleaner or better way to do this?
#!/bin/sh
LOGPATH='/private/var/log'
LOGFILE=/private/var/log/bind-$(date +%Y%m%d-%H%M).logging
osVersion=`sw_vers -productVersion | cut -d. -f1,2`
modelName=`system_profiler SPHardwareDataType | awk -F': ' '/Model Name/{print $NF}'`
shortModel=`system_profiler SPHardwareDataType | grep 'Model Name:' | awk '{ print $3 }'`
location=`hostname | cut -b 5-6`
## Setup logging
# mkdir $LOGPATH
set -xv; exec 1> $LOGPATH/postimagelogbind.txt 2>&1
##########################################
# Bind to AD
##########################################
#/bin/echo "Binding to AD"
#/bin/date
# Detects if this Mac is a laptop or not by checking the model ID for the word "Book" in the name.
IS_LAPTOP=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`
if [[ $shortModel == "MacBook" ]]; then
if [[$location == SA]]; then
jamf policy -trigger LocationLTBind
exit 0
elif [[$location == SB]]; then
jamf policy -trigger LocationLTBind
exit 0
fi
if [[ $shortModel != "MacBook" ]]; then
if [[$location == SA]]; then
jamf policy -trigger LocationDTBind
exit 0
elif [[$location == SB]]; then
jamf policy -trigger LocationDTBind
exit 0
fi
else
exit 0
fi
#/bin/echo "Done binding to AD"
#/bin/date
Posted on 02-18-2020 11:28 AM
One recommendation I have for you is to not use system_profiler three times in the script as you have right now. Although the script should generally work fine, calling system_profiler tends to be a little slow, and calling it 3 times will be slower still.
All the data you're looking for can be had with an ioreg call instead. Consider this as an edit near the top of the script.
Data=$(ioreg -rd1 -c IOPlatformExpertDevice)
modelName=$(awk -F'"' '/model/{print $4}' <<< "$Data")
There should be no need to extract "short model name" here as you can use something like this to see if "MacBook" is part of the model identifier string.
if [[ $modelName =~ "MacBook" ]]; then
I would also change this line:
if [[ $shortModel != "MacBook" ]]; then
to just an else
since really you only need to check if "MacBook" is part of the identifier string, which you are doing in the first if/then section. If it's not, then just move on to use one of the other 2 binding policy triggers.
A few other things I see. This line in your script doesn't seem to be used anywhere, so I'd consider removing it, since it's just wasting cycles:
IS_LAPTOP=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`
Lastly, I don't know if the lines that look like if [[$location == SA]]; then
are going to work correctly. Usually you need some space around the double brackets in the test, like this if [[ $location == SA ]]; then
So, rewriting this using the things I mention above, it would look something like this.
#!/bin/sh
LOGPATH='/private/var/log'
LOGFILE=/private/var/log/bind-$(date +%Y%m%d-%H%M).logging
osVersion=`sw_vers -productVersion | cut -d. -f1,2`
Data=$(ioreg -rd1 -c IOPlatformExpertDevice)
modelName=$(awk -F" '/model/{print $4}' <<< "$Data")
location=`hostname | cut -b 5-6`
## Setup logging
# mkdir $LOGPATH
set -xv; exec 1> $LOGPATH/postimagelogbind.txt 2>&1
##########################################
# Bind to AD
##########################################
#/bin/echo "Binding to AD"
#/bin/date
# Detects if this Mac is a laptop or not by checking the model ID for the word "Book" in the name.
if [[ $modelName =~ "MacBook" ]]; then
if [[ $location == SA ]]; then
echo "jamf policy -trigger LocationLTBind"
exit 0
elif [[ $location == SB ]]; then
echo "jamf policy -trigger LocationLTBind"
exit 0
fi
else
if [[ $location == SA ]]; then
echo "jamf policy -trigger LocationDTBind"
exit 0
elif [[ $location == SB ]]; then
echo "jamf policy -trigger LocationDTBind"
exit 0
fi
fi
#/bin/echo "Done binding to AD"
#/bin/date
Posted on 02-19-2020 11:42 AM
@mm2270 awesome thank you so much!! I will give it a whirl!