Jamf Nation Community

Stubakka · ‎10-23-2013

Hi everyone, I figured Id post this here due to having the eyes of highly skilled Apple admins and maybe someone will have a simple solution.

I do not current admin a managed environment with Casper (we are working on implementing it). I was at the JNUC and it was great, anyways.

My tools are pretty much limited to ARD, and creative thinking at this point.

Can anyone think of a simple way to build a Macintosh users distribution email list based on using ARD or some other tools at hand maybe my exchange admin can use to help me filter out users?

We thought about adding a task to our current ticket creation process that tasks to add the caller or email user identifying themselves as a Mac user to an exchange distribution list. Seems like alot of manual labor however.

Any help is appreciated. I was asked to do this because we are trying to have this going forward and also communicate to not upgrade to 10.9 without contacting the service desk first.

mm2270 · ‎10-23-2013

Its been a long while since my pre-Casper ARD using days. but I do think this is possible to do, with some caveats, and provided your users are logging into their Macs with AD accounts and not local ones. (If they're using local accounts, then you don't need to read any further, since I don't think there will be a workable solution)

If the users are logging in with AD accounts, the pertinent information about their accounts, such as name and email address among many others, gets stored in the local directory node with their cached account.
Since ARD can send a shell script to your Macs, you could send a script that would pull this information from the logged in account, or, if no user is logged in, then from the most common user listed in the 'last' command., and then query the local directory for the email address and echo that back.
ARD can send script output back to your console in a text window, so after the script completes you should have a list of email addresses from whatever it could pull.

Usual ARD caveats apply though, in that if a Mac isn't powered on, you can't pull anything from it. As such, you may need to run the script multiple times over the course of a week or so, and merge all the results.

If you need some help putting something like the above together for testing, just post back.

Stubakka · ‎10-23-2013

thank you so much, i will take a look at this and see what kind of script I can use to do what you explained :) Some users are bound and some are local accounts, however it think it would help a lot to at least get something started, I will follow up on this!

bentoms · ‎10-23-2013

Something like the below should work:

#!/bin/sh

# HARDCODED VALUE FOR "loggedInUser" IS SET HERE
loggedInUser=""

####################################################################################################
#
# SCRIPT CONTENTS – DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{print $3}'`

accountType=`dscl . -read /Users/$loggedInUser | grep UniqueID | awk ‘{print $2}’`

if (( "$accountType" > 1000 )); then
userRealName=`dscl . -read /Users/$loggedInUser | grep RealName: | cut -c11-`

if [[ -z $userRealName ]]; then
userRealName=`dscl . -read /Users/$loggedInUser | awk ‘/^RealName:/,/^RecordName:/’ | sed -n 2p | cut -c 2-`
fi

userEMail=`dscl . -read /Users/$loggedInUser | grep EMailAddress: | awk ‘{print $2}’`
if [[ -z $userEMail ]]; then
userEmail=`dscl . -read /Users/$loggedInUser | awk ‘/^EMailAddress:/,/^FirstName:/’ | sed -n 2p | awk ‘{print $1}’`
fi

Taken from a larger script of mine: http://macmule.com/2012/05/16/submit-user-information-from-ad-into-the-jss-at-login/

Stubakka · ‎10-25-2013

So how could i deploy this via ARD? kind of a noob with scripts :(

bentoms · ‎10-25-2013

Via the "Send UNIX" command.

Find a test mac & login with an AD account then try.

Stubakka · ‎10-25-2013

double post

Stubakka · ‎10-25-2013

Yeah i pretty much copied and pasted what you posted into ARD to a system thats mine and tried to send it to see what would happen but it kicked back an error.

grep: write error: Broken pipe
/bin/bash: line 27: syntax error: unexpected end of file

dwandro92 · ‎10-25-2013

I've never used ARD, but according to https://www.apple.com/remotedesktop/assetmanagement.html it allows you to pull user history reports. If you can pull a good user history report, you could just put the users into an array and utilize @bentoms script to output the results to a .csv file, which could then be sent to your Exchange admin. Another thought that comes to mind is to use your company's asset management database to pull the report, assuming there is one in place.

dwandro92 · ‎10-25-2013

if (( "$accountType" > 1000 )); then
userRealName=dscl . -read /Users/$loggedInUser | grep RealName: | cut -c11-

needs a "fi" after it

Stubakka · ‎10-25-2013

Im trying the user history report thing... never even knew it was there lol... amazing.

Jamf Nation Community

Tasked with creating Macintosh user email distribution list , without Casper