Jamf Nation Community

ericjboyd · ‎01-31-2014

We have already created groups and OUs in our AD for our computers as well as our users.

Is there a way to create a smart group based on all the computers in a specific OU?

mm2270 · ‎01-31-2014

I could swear there is a whole thread here on JAMFNation that discusses something along these lines, and has information about using an Extension Attribute to capture the OU. But for the life of me I can't find the exact thread. The darn search is pulling up all kinds of things, but not the one I remember.

I don't think this is the thread I was remembering. , but here is one that might at least point you in the right direction. If I find the other one, I'll add it below.

https://jamfnation.jamfsoftware.com/discussion.html?id=5455

ericjboyd · ‎01-31-2014

I searched here first, but didn't find much. Still looking...

mm2270 · ‎01-31-2014

Odd, I took another quick look and can't seem to find that thread. Maybe it was only in my head :)

Anyway, the basic idea would be to create an Extension Attribute that would grab the OU the Mac is joined to and save that into the database as a searchable and Smart Group enabled field.

Here's some syntax to help you get started. You may want to really add some logic to this to have the EA script determine if the Mac is even joined to Active Directory and in range of a domain controller, just in case you have an externally facing JSS that Macs can run inventory against, but can't hit your DC when outside the office.

#!/bin/bash

## get the Mac's AD computer name
ADCompName=$( dsconfigad -show | awk '/Computer Account/{print $NF}' )

## get the Mac's AD OU
MacOU=$( dscl "/Active Directory/DOMAIN/All Domains" read /Computers/$ADCompName | awk '/AppleMetaRecordName/{getline; print $0}' | awk -F, '{out=$2; for(i=3;i<=NF;i++){out=out","""$i}; print out}' )

echo "<result>$MacOU</result>"

Once that's in place, you should be able to build some Smart Groups using the "Like" operator and this EA. So something like

AD OU | Like | "An OU string"

As long as you use a unique enough part of the OU name to distinguish between different ones it should work.

daniel_behan · ‎02-03-2014

@mm2270 I think this was the discussion you were looking for. I'm doing Smart Groups by end user at the moment, but you should be able to use the same logic for computer group membership.

https://jamfnation.jamfsoftware.com/discussion.html?id=7292

Leal · ‎10-21-2014

Any update on this?

tkimpton · ‎10-22-2014

Due to multiple type of AD plugin in my environment I need the computer AD ou lookups done on the JSS

Any update?

mmayo · ‎10-23-2014

Not sure if this is a something you would prefer doing, but this is how we do it:

We stick to a strict naming convention for computers where we use an abbreviation of the building, the room number and the device number. Something like RM304M01 for Room 304 Mac #1 or RM304M20 for Mac #20. That said, we create those objects in AD and the parent OU it falls under is bound. When we image, we use the computer name and it automatically binds based on the objects already existing.

As far as smart computer groups, we create them like this:

Computer group display name is RM304 and criteria is Computer name is like RM304, that way it picks up all computers with RM304 in the name.

With the computer group created like that, the membership count is automatically populated with 20 in this case, since the systems are RM304M01 through M20. Hope this helps!

tkimpton · ‎10-29-2014

i will create another discussion. Mines on something else

Jamf Nation Community

Smart computer group based on the computers AD OU group.