- Jamf Nation Community
- Products
- Jamf Pro
- Script help: Unable to re-add mobile users after r...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on
01-24-2024
07:52 AM
- last edited on
03-04-2025
07:13 AM
by
kh-richa_mig
Hi there,
I'm working on a script to wipe out student mobile accounts from our lab machines.
These machines are AD-bound, provisioning options are set to create mobile account at login with no confirmation.
Here's the script I'm running. As you can see, very simple because all our student accounts contain the "." character (e.g. john.doe) --
# list all users with the "." character in their names
USERS=$( dscl . ls /Users | grep -e "\." )
# echo users
echo Deleting the following users: $USERS
# delete users
/usr/bin/dscl . delete /Users/"$USERS"
echo User accounts deleted
# delete home folders
/bin/rm -rf /Users/"$USERS"
echo User home folders deleted
The script successfully removes my test student account, but then I'm unable to re-add the student to the device from the login screen after a reboot, which will prevent students from being able to use the computers.
Any ideas where I could get more information on what is broken?
Alternatively, if there's a smarter way I should be doing this, I'm also open to that!
Thanks in advance
Solved! Go to Solution.
Labels:
- Labels:
-
Scripts
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-29-2024 01:12 PM
I ended up reworking it to the following. As I mentioned in my comment below, my test account not working after-the-fact with the original script was actually pure coincidence that my identity automation team had disabled that test account for unrelated reasons in the middle of me testing it, lol. Either way, I the below method works great, although it does take a while to run if you have a lot of users on the device. Anyway thanks for the feedback!
#!/bin/bash
# Get a list of user accounts with "." in their usernames
userList=$(dscl . -list /Users | grep -E '\.')
# Iterate through the user accounts
for user in $userList; do
# Check if the user is a standard user (not a system account)
if [[ $(id -u $user) -ge 501 ]]; then
echo "Deleting user account: $user"
# Delete the user account
sysadminctl -deleteUser $user
# Delete the home folder
rm -rf /Users/$user
echo "User account and home folder deleted"
else
echo "Skipping system account: $user"
fi
done
echo "Student user accounts removed!"
exit 0
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 09:50 AM
Your script looks like it would attempt to delete everything in $USERS at once. You probably want to iterate through your $USERS array with a for loop. Additionally, I would do your user deletion with sysadminctl instead of dscl.
/usr/sbin/sysadminctl -deleteUser ${user}
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-29-2024 01:12 PM
I ended up reworking it to the following. As I mentioned in my comment below, my test account not working after-the-fact with the original script was actually pure coincidence that my identity automation team had disabled that test account for unrelated reasons in the middle of me testing it, lol. Either way, I the below method works great, although it does take a while to run if you have a lot of users on the device. Anyway thanks for the feedback!
#!/bin/bash
# Get a list of user accounts with "." in their usernames
userList=$(dscl . -list /Users | grep -E '\.')
# Iterate through the user accounts
for user in $userList; do
# Check if the user is a standard user (not a system account)
if [[ $(id -u $user) -ge 501 ]]; then
echo "Deleting user account: $user"
# Delete the user account
sysadminctl -deleteUser $user
# Delete the home folder
rm -rf /Users/$user
echo "User account and home folder deleted"
else
echo "Skipping system account: $user"
fi
done
echo "Student user accounts removed!"
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-26-2024 01:07 PM
I appreciate the guidance! I'll rework it and check it out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-26-2024 01:36 PM
OH MY GOD.
In a completely unrelated, right hand not talking to the left hand scenario, the part of my team that handles identity automation borked the exact test account that I was using. The script worked fine.
BUT, I'm still going to try it again with the for loop and sysadminctl anyway as it seems like a more elegant approach.
What a week.
