- Jamf Nation Community
- Products
- Jamf Pro
- Re: Scripting the creation of AD Mobile Accounts i...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Scripting the creation of AD Mobile Accounts in OS X?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2013 06:11 PM
Hi all,
I'm curious if anyone knows of a way to script the process of creating Active Directory Mobile Accounts with Administrator privileges in OS X?
Dream configuration:
Netboot computer and in Casper Imaging:
1) Specify a computer name
2) Select AD Mobile Account Script and set first variable to AD username, second variable to AD password
3) Select Auto Login script to Set Auto Login to this newly created AD Mobile Account and again pass same AD creds as variables [Start with Gavin Brock's script http://www.brock-family.org/gavin/perl/kcpassword.html ?]
4) Check box for AD Bind
From Install Configuration Pulldown, select a preconfigured Configuration which would include the following:
Thin OS
Software packages
Scripts to Configure Basic System Prefs
Execute AD Mobile Account Creation Script w/AD creds set as variables...
Execute Set Auto Login Script
Is it possible to Script the AD Mobile account creation process in Mac OS X?
Thanks for any feedback you may be able to provide!
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-08-2013 07:35 AM
You can modify the settings in your Directory Binding object (via JSS web pager) to enforce the creation of Mobile Accounts. However this won't give you admin rights to accounts by default.
If your after a scriptomatic way, add theses lines to a "at reboot" script in Casper Imaging:
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $4 -h /Users/$4 -P
dscl . -append /Groups/admin GroupMembership $4
hope this helps!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-08-2013 07:45 AM
The setting of making sure the computer creates mobile accounts / forces home directories is separate from creating making sure that account has local admin control.
Here's the man page for dsconfigad which you will use to bind / make sure the options for mobile, confirm mobile acc ount creation, force home folder, etc. etc. are set.
http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/dsconfigad.8.html
If all the users that you want this to happen also belong to the same AD group, you can specify which AD groups are local admins also using dsconfigad. If they are not all in the same AD group, you maybe able to pre populate an admin user in dscl . -append /Groups/admin GroupMembership username (not exactly sure) but worst come to worst, you can have it set as a login hook, have it run as a Casper Policy for those computers. Here's the dscl man page
http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/dscl.1.html
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-09-2013 04:21 PM
Hi Sonic84,
Thanks for this info. I've has success with:
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $4
What's the significance of "-h /Users/$4 -P" ?
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-11-2013 07:33 AM
Also, has anybody figured out how to prevent the benign error response? If this is run in a policy or self-service item, I get the mobile account, but I also get a log marked "failed". I hate having to explain that it works when it fails, but it might fail when it fails.
Redirecting to stdout or /dev/null doesn't work.
