Skip to main content

Hi,



Just wondering if there is a way to get the JSS to auto-fill user information from AD after doing a silent enrol through recon?



I can manually go into the JSS data for each computer and see the computer account which lets me manually add the persons name, but if there is a way to automate it, it would be very handy.



Edit:



A script seems like it would be easiest // I'd need it to check local user accounts, and enter that username into the User and Location username field to auto-fill the AD records.

It's definitely possible, I think using a dscl call to find the correct information from AD and then using the API to put the info in to the JSS.
You might be able to find a script a user has already created around here, I can't imagine you're the first to want to do this.

Yes. Ben Toms has done the script and as long as your LDAP server is configured correctly it all works beautifully, it's what I use.



The info and script can be found here:-



https://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/

Hi,



The main command is sudo jamf recon -endUsername $3. I've used the same method as Ben, creating a login policy that runs the command once per computer.



If you want it to keep up to date you could use "ongoing" for the execution frequency, although this will cause it to perform the lookup on every Mac for every login so "once per week" or "once per month" might be a better.

See this thread @kingscollege



LDAP User Info

I tried to use the script on the MacMule page, but it kept returning a syntax error regarding the first ` in the code.



I used this instead:



#!/bin/sh

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "

");'`

/usr/sbin/jamf recon -endUsername $loggedInUser


It seemed to have worked for some, but not others. We have 185 users who are assigned to a department in AD that is also added to the JSS, but the script won't add any of them to their groups.



Any ideas?

I was able to figure out how to get this working using the MacMule's page. This is game changing for me...im now going to be able to scope things based off LDAP groups.



Thanks @triding for adding that info!

For us (JSS 9.101 / macOS Sierra) we had to substitute the "loggedInUser" line with this:



loggedInUser= $(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

Terms & ConditionsCookie settings