Jamf Nation Community

Matt · ‎09-26-2012

I was wondering what the command would be to find where a computer lives in AD in the following format

/mycompany.com/some location/sub location/laptops/$computer

I would like to take this and make it an Extension Attribute.

Fveja · ‎09-26-2012

I use the dscl command, like this:

dscl /Active Directory/MyDomain/All Domains -read Users/${user}

Hope that helps.

Florin

tlarkin · ‎09-27-2012

You can try this

dscl /Search list /Computers

hope that helps

Matt · ‎09-27-2012

Neither of those give me the info I need :( Ive been poking around with DSCL and can't see to find where the OU information is stored.

mm2270 · ‎09-27-2012

Then try a modifitcation on Larkin's suggestion above, as so-

dscl /Search read /Computers/ComputerName$

I tried this with a computer name I see when doing the basic search command I see the OU listed under AppleMetaRecordName, but I can't get dscl to give me that line without piping it through awk using something like this-

dscl /Search read /Computers/ComputerName$ | awk '/AppleMetaRecordName/{ getline; print $0 }'

mm2270 · ‎09-27-2012

I found the following will also work with AD directly-

dscl /Active Directory/DOMAIN/All Domains read /Computers/COMPUTERNAME$ | awk '/AppleMetaRecordName/{ getline; print $0 }'

The only issue I see in my case is that the OU also includes a CN=ComputerName, portion right in the front, which isn't technically part of the OU. I mean, it is, but it isn't in the sense that you don't really add that in to a binding config or script. It could be stripped out, but it may not be a problem to just leave the output as is.

Matt · ‎09-27-2012

Im getting no records found :(

mm2270 · ‎09-27-2012

On which? Either one? If so, the only thing i can think of is make sure you have the proper name as it shows up with a basic search command. Usually the records have a "$" to the end of the computer name. Without that it will fail in the limited tests I just did.

rmanly · ‎09-28-2012

Try this. "AppleMetaRecordName" works for me as well but looking for the dn is probably more agnostic.

sudo dscl "/Active Directory/SOMEDOMAIN/All Domains" read /Computers/mycomputername$ distinguishedName

Your dn/applemetarecordname MIGHT be so short that it is appearing on the same line in which case the {getline} bit wouldn't work...dunno about this though.

rmanly · ‎09-28-2012

Incidentally, for me, assuming you can get the info from something like the one above this gives exactly what you want in the format you want (EDIT: not quite). I hate using so many subs but *shrug* :D

dscl "/Active Directory/somedomain/All Domains" read /Computers/computername$ distinguishedName | awk '{getline;sub(/CN=/,"/"); gsub(/,OU=/,"/"); sub(/,DC=/,"/"); sub(/,DC=/,".");  print }'

Example Input:

CN=computername,OU=somedept,OU=abuilding,OU=thing,OU=foo,DC=bar,DC=com

Example Output:

/computername/somedept/abuilding/thing/foo/bar.com

EDIT: oops, backwards. :) but it is easier that way...

rmanly · ‎09-28-2012

disgusting :P

dscl "/Active Directory/somedomain/All Domains" read /Computers/acomputer$ distinguishedName | awk 'BEGIN { FS="/" }; getline { gsub(/,OU=/,"/"); sub(/CN=/,"/"); sub(/,DC=/,"/"); sub(/,DC=/,"."); printf("%s","/"); { for (i=NF; i>1; i--) printf("%s/", $i); printf("
") }}'

Output:

/bar.com/foo/thing/abuilding/somedept/computername/

EDIT: made example OUs match previous comment

EDIT2: the subs and gsubs don't have to be slashes in this one. Since we print them at the end with printf if it makes it less confusing something like this would work too

dscl "/Active Directory/somedomain/All Domains" read /Computers/acomputer$ distinguishedName | awk 'BEGIN { FS="#" }; getline { gsub(/,OU=/,"#"); sub(/CN=/,"#"); sub(/,DC=/,"#"); sub(/,DC=/,"."); printf("%s","/"); { for (i=NF; i>1; i--) printf("%s/", $i); printf("
") }}'

I just kept the slashes because I worked off of the previous pipeline

Jamf Nation Community

Which command to get AD OU info