@daniel.behan Hi Daniel. I just tried your script, and it does not appear to be working. We are on 10.8. Is it still working for you?

@nberanger I also use an EA to grab the logged in user AD group membership. From there I create a smart group with the criteria of "User AD Group" -> "like" -> "<name of AD group to scope to>" this should drop devices into the smart group if the user is apart of the ad group I'm targeting. Below is the EA script.

!/bin/sh

loginUsername=$(stat -f "%Su" /dev/console)

Groups=$(dscl '/Active Directory/DOMAIN' -read /Users/"$loginUsername" | awk '/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/')

echo "<result>$Groups</result>"

Thanks @mrheathjones I tried using your script, but it isn't returning any results for me. I should only have to change "DOMAIN" to our domain, correct? We do use the jamf infrastructure manager to connect to LDAP, so maybe that has something to do with it?

We use a similar script to Daniel but target the computer not the user. Useful if multiple users login.

#!/bin/sh currComputer=$( dsconfigad -show | grep 'Computer Account' | awk '{print $4 }' ) Groups=$(dscl "/Active Directory/Domain" read /Computers/$currComputer dsAttrTypeNative:memberOf | tr " " " " | awk -F"OU" '{ print $1 }' | sed -e 's/CN=//g;s/,$//g;1d' ) echo "<result>$Groups</result>"

.

@nberanger Just curious if you figured this out? We are trying to do the same thing but get no results as well. We also use the JAMF Infrastructure Manager

Hey @EUC600 I ended up giving up on this as I could not get it working. If you do manage to make it work though, I would love to hear how you did it :-)

Cheers!