Update User and Location

jwojda
Valued Contributor II

We've been using macmule's method for quite some time, and it's working but it creates a lot of extra junk in our users tab from local accounts mapping to AD names.

What's the easiest method of modifying for current best practices (I believe the python method of current user is preferred now) and have it run only against AD users (if a local account is decide then bypass the script)?

4 REPLIES 4

tthurman
Contributor III

So, you're wanting to run a script on Mobile (AD) accounts only?

I believe all Mobile AD accounts have huge UUID's. You could use those.

dscl . read Users/$userName | grep -i UniqueID

My Mobile Account's UniqueID is like 625,000,000
My Local Account's UniqueID is like 80

Regards,
TJ

stephanpeterson
Contributor

Here's the script we use to accomplish this. Only does look up for AD users.

#!/bin/bash

# Based on macmule (Ben Toms) script from MacMule.com

# CheckBinary borrowed from Rich Trouton - https://gist.github.com/rtrouton/df24a3b1162605046a9e#file-gistfile1-txt
CheckBinary (){

    # Identify location of jamf binary.
    jamf_binary=`/usr/bin/which jamf`

        if [[ "$jamf_binary" == "" ]] && [[ -e "/usr/sbin/jamf" ]] && [[ ! -e "/usr/local/bin/jamf" ]]; then
            jamf_binary="/usr/sbin/jamf"
        elif [[ "$jamf_binary" == "" ]] && [[ ! -e "/usr/sbin/jamf" ]] && [[ -e "/usr/local/bin/jamf" ]]; then
            jamf_binary="/usr/local/bin/jamf"
        elif [[ "$jamf_binary" == "" ]] && [[ -e "/usr/sbin/jamf" ]] && [[ -e "/usr/local/bin/jamf" ]]; then
            jamf_binary="/usr/local/bin/jamf"
        fi
        }

# Run the CheckBinary function to identify the location
# of the jamf binary for the jamf_binary variable.
CheckBinary

# Get the logged in users username
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

# Check if loggedInUser is an AD account
accountCheck=$(dscl . read /Users/$loggedInUser OriginalAuthenticationAuthority 2>/dev/null)

if [ "$accountCheck" != "" ]; then
     $jamf_binary recon -endUsername $loggedInUser
else
     exit 0
fi

jhbush
Valued Contributor II

@stephanpeterson are you running that script along with a LaunchAgent or just though Jamf with login trigger?

stephanpeterson
Contributor

Hey @jhbush1973! I've been using it just through Jamf with login trigger, but just yesterday afternoon started finding machines that have broken loginhooks. Looking at moving to LaunchAgent with custom trigger.