How To: Map Drives & Printers Based On AD Group Membership On OSX

Standard

UPDATE: Now works with Lion as it reads the correct node name as seen in Directory Utility.

Having recently started a new role, I needed a mechanism for my Mac users to map drives & printers at login.

Script Logic’s Desktop Authority is used by my new employs PC Admins to mount drives & printers on the PC Clients.

This is using AD Security Groups to map both drives & printers &  I decided to follow this methodology for the Mac clients.

This solution actually has 3 parts;

  1. AppleScript App
  2. LaunchAgent
  3. Postflight Script

And below, I’ll piece it all together.

AppleScript App

User Information

1st thing, we need to get the users name:

The the users UniqueID:

Next we need to get what dscl calls the nodename. This is what you see under your search paths in Directory Utility.

The following will give you a list of all the users AD Group Memberships, this is also a live query/lookup which means that if a user is connected externally over VPN they can also run this app to map their drives & printers:

The following will read the users SMBHome attribute & convert the \’s to //’s so the Mac can use the URL to map the drive later. This is the same as the users UNCPath. We’re using this script & not the AD-Plugin to mount this drive as it will allow the user to login even if there is an issue with their home/profile folder.

Now we’re almost ready to start mapping drives & printers, but before we start.. we should check to see if this users account is a network account & local account as if it’s local we will skip this app.

Now we’ve got all the user information we need it’s time to start mapping the drives & printers.. with the drives 1st:

Shares

The below will map the users home/profile folder, is nothing is set for the users home profile the app continues. This method instead of mounting the users profile allows for the user to login even if there is an issue with the user profiles share, unlike when using the AD Plugin.

Now we want to start mapping drives. Change the below values for your environment & repeat this pre for each share you wish to mount;

  • GROUPNAME : AD Security Group Name that is to map the drive.
  • PROTOCOL : Protocol by which to connect to the share (AFP or SMB).
  • SERVERNAME.FQDN : Fully Qualified Domain Name for the server serving the share you wish to connect to.
  • SHARENAME : The name of the share.

Printers

Now if we just go a head & install printers that already exist, you’ll get an error. So we need to grab a list of all installed printers & pass to a variable.


Now to map a printer. Change the below values for your environment & repeat this pre for each printer you wish to map. The error section will create a queue with a generic PPD incase the correct one cannot be found;

  • GROUPNAME : AD Security Group Name that is to map the drive.
  • PRINTERNAME : Name you wish the printer to be in the GUI.
  • PRINTERIP : IP of printer/queue. If using a printserver this would be in the format lpd://PRINTERSERVER.FQDN/PRINTQUEUE.
  • PPDLOCATION : Local path to printer PPD. NOTE: as we’re calling a shell script from within Applescript each \ becomes \\. For example: /Library/Printers/PPDs/Contents/Resources/HP\\ DesignJet\\ 500ps\\ plus\\ C7770G.ppd.gz
  • PRINTERLOCATION : Location/Description field as shown in GUI.

[github file = “/macmule/MapDrivesAndPrintersBasedOnADGroupMembershipOnOSX/blob/master/MapDrivesAndPrintersBasedOnADGroupMembershipOnOSX.applescript” start_line=”63″ end_line=”72″]

All together


Once you’ve added all the drives & printers you wish to map, save the AppleScript as an Application. Below is all the pre from above cobbled together with some comment lines too.

LaunchAgent

All the above will only work when run as the user you wish to mount the drives & printers as,  for this I created a LaunchAgent.

As this will allow the app to run at every login & as the  user logging in.

To create the LaunchAgent, copy the below. Replace APPLICATIONNAME with the name of your AppleScript application & save as com.APPLICATIONNAME.plist in /Library/LaunchAgents/ with 755 permissions.

You should be able to test this now, by logging out then in on a mac that has the app & this LaunchAgent, but you may run into an issue or 2. The below will help with that.

Postflight Script

You may come across a couple of issues at login:

  1. If you login & your account is not an admin, you’ll be prompted to authenticate as an admin to install printers.
  2. The 1st time you login with an AD Account on 10.6 , you may not be granted a kerberos ticket.

To resolve both, we’ll create a postflight script that will run as part of the install process after the application & launchagent have been installed

Details on how to resolve the admin authentication prompt is given here, & details on how to make sure a kerberos ticket is granted & 1st login is here.

So with the above,  your script should look something like:

Packaging

Now we’re got all the components, you’ll need to package them in whatever app you prefer.

But remember, test, test, test!!

85 thoughts on “How To: Map Drives & Printers Based On AD Group Membership On OSX

  1. Eric

    There is a missing ” at the end of this line in the big block:
    set ADGroups to do shell script "dscl /Active\\ Directory/All\\ Domains -read /Users/" & loggedInUser & " | awk '/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'"
    set ADHome to do shell script "dscl /Active\\ Directory/All\\ Domains -read /Users/" & loggedInUser & "| grep SMBHome: | cut -c 10- | sed 's/\\\\/\\//g' "

  2. Chris Dietrich

    Great script!

    Just one thing, the part where it checks if an account is local or not didn’t work for me (on 10.6.8, haven’t tried Lion yet). “accountType” was returned correctly, but i think it’s returned as a string and then can’t be compared to the Integer “1000”.
    To get around this, i added

    set UID to accountType as integer

    and changed the local account checking part to

    if UID is less than 1000 then
    tell me to quit
    else

    (rest of the script)

    end if

    This may not be elegant as i’m pretty much a noob in Applescript,
    but it seems to work nicely.

  3. Ben Smith

    User Names with a space breaks the script. Anyway to make it work with spaces in the username?

    • Ben Toms

      Can you try & replace the 1st line with:

      set loggedInUser to do shell script “whoami” as quoted form

  4. Larry

    This is a great script Ben, Do you know what changes I need make to have it mount our hidden home shares?

    • Ben Toms

      Hi Larry,

      Thanks for the compliment!

      By hidden do you mean shares then end with a $? If so, we use them where I work too.

      Just use the share path with the $ at the end as normal.

      If that’s not it, lemme know & please give an example.

      • Larry

        Hi Ben, yes we hide our network home by adding $ to the end. So all I did was added the following lines to your applescript:
        Set HomeDirectory to “smb://domain-fs1.domain.net/” & loggedInUser & “$”
        Mount volume HomeDirectory

        We don’t use AD to map our home directory. They seem to be mounting just fine. Thanks again for sharing your script with us.

        • Matt

          I believe even Microsoft suggests moving to ABE from $ hidden shares. (Better security and more capabilities ), and ABE works great with MacOS in my experience.

  5. jonathan

    your script is awesome, it saved my sanity and quite a bit of time! our file structure is a bit different: //servername/sharepoint$/usershare. in 10.7, if you use smb:// it mounts the share point and not the users’ share. to work around this i used the shell command: mount -t smbfs //servername/sharepoint$/username /Volumes/home. the only issue is that you need a directory to mount the drive to, i create directories on the fly in /Volumes and mount the drive there. the directories disappear on logout or reboot.

  6. Rusty

    Nice work mate, saw this coming through the JAMF page, looking to implement this with my current environment, in which we have the GPO drive mappings exporting to a couple of CSV files, then copied to the local DC’s,(in which our windows users have a login script to connect their drives, because we have way too many locations haha) and try and have a similar script for mac, that doesn’t have to be maintained every time a drive mapping is changed or added but dependant on GPO changes and the CSV files. but i think im going to have to have a bit of a play and learn a bit more before i try and put this into place. haha

    Either way, nice work mate! keep it up!

  7. Tanya Pfeffer

    Does this work with networked users as well? When I run: dscl . -read /Users/tpfeffer” in the terminal, I get: “DS Error -14136 (eDSRecordNotFound).

    It works when the users are mobile, but not networked. Any thoughts?

  8. Tanya Pfeffer

    If I just log in as a networked user (create home dir on login), it doesn’t work. If I convert that account to be a mobile user in system prefs, then the script does work.

    • Ben Toms

      Hi Tanya,

      Odd. Is the Network users account hosted somewhere other than the local mac?

      I’ve only ever used “Mobile Accounts.”

  9. Tanya Pfeffer

    I’m not entirely sure what the differences are. I’m pretty new to AD integration on Macs.

  10. Anthony

    Ben i have the same issue as Tanya — did you get a resolution? My problem is that we DONT use mobile accounts and therefore the line:

    dscl . -read /Users/

    doesnt work. I can manually type in a command line entry of:

    dscl
    cd /Active\ Directory/DOMAINNAME,All\ Domains/Users
    read anthonyuser

    And get all the AD infor for the user “anthonyuser” HOWEVER when i type:

    dscl . -read /Active\ Directory/DOMAINAME/All\ Domains/Users/anthonyuser

    I get:

    read: invalid path
    DS Error: -14009 (eDSUnknownNodeName)

    Thank you for the script and any assistance

    • Ben Toms

      Hi Anthony,

      Sorry no solution yet, but does the below work:

      dscl -read /Active\ Directory/DOMAINAME/All\ Domains/Users/anthonyuser

      • Matt

        I’m attempting to hunt down this problem right now as well. We used to have all of our users on 2 domains, with different format usernames, and could test student versus staff via the username format. In about a month we’re moving them all onto one Domain, and switching students to usernames of the same format as staff, so I’ll need to adjust my login scrips to work via AD Security Groups. Your above script has been a great help in stream lining the process, I thank you.

        Right now I have 2 machines on my desk Both 10.8.2 machines. one machine my script worked, the other it didn’t. I worked it down to the grep on the UniqueID. On the machine that is not working, when I run the ” dscl . -read /Users/USERNAME | grep UniqueID | cut -c 11-” command I receive a ” DS Error: -14136 (eDSRecordNotFound)” error. I’ve been attempting to work down the variables on each machine, and have attempted a few things to no avail.

        I’ve gone through and rebound them to AD&OD, verified their search paths were the same, and tested the scripts on a 10.7 machine (which also did not work) One thing that has peaked my interest, though I’m not sure if it has anything to do with anything, is when I check permissions on my home folder, on the machine thats working, I see a “DOMAINNAME\Domain” user, while on the machine thats not working, I’m seeing a “Fetching…” user, as if its unable to grab data on that user, which would show similar behavior to when I try to grep the UniqueID of the User in question.

        If you have any ideas they’d be much appreciated. If I find a workaround/fix for this, I’ll post back here as well.

  11. Scott Davis

    I think I’ve done everything correctly, but am having some trouble. The script runs when I’m logged in as the local admin account I used to create the script, but when I log in as an either an AD or other local account, it doesn’t run. I’ve checked the launchagent by running launchctl load /Library/LaunchAgents and I receive a message on my launchagent that says “Dubious ownership on file (skipping). It has 755 permissions. Any ideas? This is on both a 10.7 and 10.8 machine.

    thanks!

  12. Mr G

    Hi Ben,

    Ive been using an adaptation of your script for a year or more with no issue, until however i updated iMac’s to mavericks…

    Here’s what ive been using:

    set loggedInUser to do shell script “whoami”

    set ADHome to do shell script “dscl /Active\\ Directory/STHELENS/All\\ Domains -read /Users/” & loggedInUser & ” SMBHome | sed ‘s/\\\\/\\//g’ ”

    –display dialog ADHome

    try
    mount volume “SMB:” & ADHome
    on error
    –continue
    end try

    The issue it seems is apple’s implementation of SMB2 and incompatibilities .. most sites say to switch to cifs protocol, but im unsure how to implement this in your script?
    Any advice or help would be great

    Thanks

  13. Adam

    not sure, if I am missing something, but I am trying to follow this to automap a users home folder on a new DFS.

    We have “lastname.#” usernames, so the user folder corresponds to //DFS.NAME.SPACE/dfsroot/Users/Default/”lastname.#”/

    Is there a way that I am missing from here that can just find the current user, and take that username and append to the end of the users file path. Looking to map directly there, rather than tell them go to users, and locate your username.

    • WordPress.com Support

      If you try the 1st part of the script, does the correct Username get returned?

      (The loggedInUser part).

      Also, are the users home folders specified in their AD account?

  14. austinspooner

    I am wondering how to get this to work correctly for our home drives. The path is smb:///fileserver/home/username currently its just mapping “file server” instead … any ideas?

  15. sebus

    And how would I mount additional drive for Mac user, where the path to the network share location is stored in another AD attribute?

    Basically I need to have Home Directory mount on /home & //another_path_AD_attribute_stored on /Volumes/other_mount

  16. shortie

    Hi Ben,

    How are things set up in your shop if you don’t use network homes, are your desktops just backed up using something like CrashPlan and you just use mobile accounts on your laptops?

  17. Cassie

    Works great but I did have to change Account_Type to “(do shell script “dscl . -read /Users/” & Login_User & ” | grep UniqueID | cut -c 11-“) as integer”

  18. david

    I am testing script and I have a few questions

    where do you get the nodename from ?
    Do you have to add every share in the script with every user or does the $ switch work ?

  19. Rohit

    Ben, Is this script works 100% , I am looking for similar requirement to run a logon script to map drives on Mac.

      • rohit

        Hey Ben, The script works perfectly fine on my mac , but one of the mac getting below issue , what these logs indicate ? Any idea?

        3/29/16 10:33:43.253 AM lsd[2605]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist
        3/29/16 10:33:43.290 AM com.apple.xpc.launchd[1]: (com.apple.ScriptEditor.id.MapMyDrive.180512[2892]) Could not find and/or execute program specified by service: 13: Permission denied: /Applications/MapMyDrive.app/Contents/MacOS/applet
        3/29/16 10:33:43.290 AM Finder[2616]: spawn_via_launchd() failed, errno=111 label=com.apple.ScriptEditor.id.MapMyDrive.180512 path=/Applications/MapMyDrive.app/Contents/MacOS/applet flags=1 : LaunchApplicationClient.cp #1136 LaunchApplicationViaLaunchDJobLabel() q=com.apple.root.default-qos
        3/29/16 10:33:43.290 AM com.apple.xpc.launchd[1]: (com.apple.ScriptEditor.id.MapMyDrive.180512[2892]) Service setup event to handle failure and will not launch until it fires.
        3/29/16 10:33:43.290 AM Finder[2616]: spawn_via_launchd() failed, errno=111 label=com.apple.ScriptEditor.id.MapMyDrive.180512 path=/Applications/MapMyDrive.app/Contents/MacOS/applet flags=1
        3/29/16 10:33:45.000 AM kernel[0]: hfs: unmount initiated on Recovery HD on device disk0s3
        3/29/16 10:33:58.378 AM com.apple.preference.security.remoteservice[2928]: Unknown class AddRemoveBarCell in Interface Builder file at path /System/Library/PreferencePanes/Security.prefPane/Contents/Resources/Base.lproj/SecurityPref.nib.
        3/29/16 10:33:58.728 AM authd[109]: copy_rights: _server_authorize failed
        3/29/16 10:33:58.841 AM authd[109]: copy_rights: _server_authorize failed
        3/29/16 10:34:07.000 AM kernel[0]: hfs: mounted Recovery HD on device disk0s3

          • Rohit

            Later figured out that it was perms issues. After creating the package with 755 perms works fine. Thanks for response

            Another question – in my environment when the home drive gets mapped is there a way that it can be shown under sidebar in shared or somewhere else ? I can see it only when I go to /Volumes. In shared I see the file share with other shared directories as well including home directory. Any suggestions?

  20. Eric T

    Hey, Ben. Your work on this was invaluable when I was writing something similar for our environment–thanks! I do have one question: do you have any issues with the shares not reconnecting after sleep? This seems to be a real problem for me. It seems to be only longer sleep times, though I haven’t determined exactly how long. I don’t believe it’s a Kerberos issue, as I do get a new TGT when waking from sleep. In the system log I’m seeing entries from KernelEventAgent stating “tid ######## type smbfs mounted on ‘/mount/path’, from ‘//username@server/share’, not responding” followed by another entry a period of time (not consistent) later that is the same except “not responding” has been replaced with “dead”. Any thoughts would be appreciated!

      • Eric T

        That’s one of the things I have to look into. The log entries are occurring during sleep, so I wonder if it’s something related to Power Nap and the computer coming into a semi-awake state and there being an issue with Kerberos being expired, DHCP lease being up, etc that doesn’t get resolved in this state, though it would during a full wake.

        I’m also looking into SleepWatcher (http://www.bernhard-baehr.de) to see about re-running my drive mounting script at wake. That’s more of a workaround than a solution, though.

        Thanks for the input!

  21. Martin

    Thanks a lot for this wonderful script Ben which works a treat in our environment!

    However, I’m an AppleScript beginner. I want to knock up a new script that will unmount all existing drives that are mounted, and run the application that I created above and make it available in Casper Self Service. Do you have any advice re that?

    Thanks!

  22. Andy Sims

    Hey Ben this script is awesome! One question. We use high level AD groups to Map drives so we have groups nested inside of other groups. Is there anyway to list what groups users are indirectly apart of?

    • Dan S

      We ran into the same problem and this command worked for us:

      id -Gn USERNAME

      This command returns ALL group membership, including the local groups. All the Active directory groups are formatted “DOMAIN\Name of Group”. Another nice thing about this command is that it does not rely on the account being a mobile account and can be used with network accounts.

      • Thanks Dan. Yea I don’t use much of this code anymore. I have a plan to release something later this year for this in Swift. Hope it happens.

  23. Joseph L Loveless

    Need a little help with the mounting user shares. Our setup is //servername/share$/USERNAME (multiple servers. Users are added to a group that gives access to the share$ and then they are added to their folder permissions. I’m having trouble getting the script to work for that. I can get it to go to share$ just not the username as I would like. Any help would be appreciated.

    • Eric

      Were you able to find a solution for this? I think I’m in the same or a similar situation: our personal drives are //server/share$/username. The combination of App and LaunchAgent works great to map drive and create Desktop icon, but if users open a Finder window under “Shared” it only shows //server/. And our users don’t have specific access to share$ so when they click to view //server/ it appears to be empty.

      • jonathan

        I posted my solution very early on in the comments. We have a similar file structure and ran into this problem back in 10.7. It’s not perfect, but it works:

        your script is awesome, it saved my sanity and quite a bit of time! our file structure is a bit different: //servername/sharepoint$/usershare. in 10.7, if you use smb:// it mounts the share point and not the users’ share. to work around this i used the shell command: mount -t smbfs //servername/sharepoint$/username /Volumes/home. the only issue is that you need a directory to mount the drive to, i create directories on the fly in /Volumes and mount the drive there. the directories disappear on logout or reboot.

        • Eric

          Thanks for your comment, but I’m trying this and it’s not working out for me.

          I replaced the mount volume “smb:” command with:

          do shell script “mkdir /Volumes/” & loggedInUser
          do shell script “mount -t smbfs ” & pathHomeDrv & ” /Volumes/” & loggedInUser

          pathHomeDrv is a variable I set earlier since ADHome doesn’t work for us. If I run the app the drive doesn’t map and nothing appears in Volumes

  24. Abishek

    Hey Ben, Thanks for the script. Our sys admin slightly modified your script to map the drives found in the memberOf field for the AD User. Below is the script

    —————————————————————————————————-

    — More information: https://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/

    — GitRepo: https://github.com/macmule/MapDrivesAndPrintersBasedOnADGroupMembershipOnOSX

    — License: https://macmule.com/license/

    —————————————————————————————————-

    ——————————-
    — User Information
    ——————————-

    — Get the logged in users username
    set loggedInUser to do shell script “whoami”

    — Get the Users account UniqueID
    set accountType to do shell script “dscl . -read /Users/” & loggedInUser & ” | grep UniqueID | cut -c 11-”

    — Get the nodeName from the Users account
    set nodeName to do shell script “dscl . -read /Users/” & loggedInUser & ” | awk ‘/^OriginalNodeName:/,/^Password:/’ | head -2 | tail -1 | cut -c 2-”

    — Get the Users group membership from AD
    set ADGroupList to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & ” | awk ‘/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msDS-SupportedEncryptionTypes:/’ | grep .DL | sed s/’ CN=’//g | sed s/’\\.DL.*$’//g”

    — Change the text item delimiter to ‘return’ to correctly delimit the list captured from the shell command above (otherwise Apple Script will delimit on individual characters)
    set {oldTID, AppleScript’s text item delimiters} to {AppleScript’s text item delimiters, return}

    — Save each text item from ADGroupList into the array ADGroups
    set ADGroups to every text item of ADGroupList

    — Get the Users AD Home Folder
    set ADHome to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & “| grep SMBHome: | cut -c 10- | sed ‘s/\\\\/\\//g’ ”

    — Checks to see if account is an AD Account, if its not exit
    if accountType is less than 1000 then
    tell me to quit
    end if

    ——————————
    — Drives
    ——————————

    — Home Folder — Maps the drive specified in the profile field for the AD User continue if user has no profile path set
    try

    mount volume “smb:” & ADHome

    on error

    end try

    — Group Folders — Maps the drives found in the memberOf field for the AD User

    try

    repeat with ADGroup in ADGroups
    mount volume “PROTOCOL://SERVERNAME.FQDN/” & ADGroup
    end repeat

    on error

    end try

    — Revert text item delimiters back to default
    set AppleScript’s text item delimiters to oldTID

  25. Eric

    I’m beyond a beginner at this, but was able to make the .app and .plist, and when I manually added them to the necessary locations and logged out/in on my computer it worked! (which is a testament to the great work you did on the instructions!) I then added the files to a .PKG, uploaded to our JSS, and made a policy to install it on a computer at logout.

    I logged out/in on the computer, I see the .plist in /Library/LaunchAgents and the .app in Applications, but the .app doesn’t launch at login. If I run the .app it maps the drive, so this is probably an issue with the .plist, right? I just don’t understand why it works if I move it there manually but not if I install using the .PKG. Would it be better to do a .DMG, or are there any settings I might’ve missed? I made sure the .plist, .app, and .PKG had 755 permissions. I made the .PKG in Composer, literally the only things it contains are the .app (in the Applications folder) and the .plist (in the /Library/LaunchAgents folder)

    • Abishek

      Hi Eric, If it helps, i am running the app as a user level Login item payload via Configuration Profiles.

  26. Andy h

    Hi,
    Looking at getting three macs in our AD environment and using your script for the drive mapping on 10.13.2. Working great for one set of users but not for another. only thing i can see that could cause the issue is a space in the file path of the home area.
    \\file1\Users\Teaching Staff\Work
    and
    \\file2\Users\Students\Work\

    Users on file 2 work great get home area and some extra drives i mapping. Users on file 1 only get the extra drives no home area. Any advice?

    • Dan S

      You could escape the space, but I usually just place quotes around my file paths out of habit to avoid these issues.

      • ron Mck

        Hello, just wondering if you have a way to format it. I’m running into the same issue.

        This command below works for some of my users, though others have the following as a SMBHome value:
        \\server\llps students$\studentccount

        set ADHome to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & “| grep SMBHome: | cut -c 10- | sed ‘s/\\\\/\\//g’ ”

        With the space in the list, that seems to get returned with command listed above. Wondering if you can help me out.

  27. Ronald

    Hello Everyone,

    I’m wondering if you could help me out as a little new to the scripting.
    I’ve been using the script listed above and it been working great with my account. When I try it with other users, It doesn’t work and with no errors. All accounts are AD. What I noticed is When I run this:

    — Get the logged in users username
    set loggedInUser to do shell script “whoami”

    — Get the Users account UniqueID
    set accountType to do shell script “dscl . -read /Users/” & loggedInUser & ” | grep UniqueID | cut -c 11-”

    — Get the nodeName from the Users account
    set nodeName to do shell script “dscl . -read /Users/” & loggedInUser & ” | awk ‘/^OriginalNodeName:/,/^Password:/’ | head -2 | tail -1 | cut -c 2-”

    — Get the Users group membership from AD
    set ADGroups to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & ” | awk ‘/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'”

    — Get the Users AD Home Folder
    — set ADHome to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & “| grep SMBHome: | cut -c 10- | sed ‘s/\\\\/\\//g’ ”

    –TEST RESULTS Script
    set ADHome to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & ” SMBHome”

    The results show “SMBHome: \\\\.\\Ron.Mckerral$”

    Which is correct and the share mounts correctly

    When tried with another account, here is what I get:

    “SMBHome:
    \\\\ES-LLPS\\LLPS Students$\\s1llps”

    What I’m finding is that the original script returns “ ” and it looks like most of the AD accounts are coming back on 2 lines. I asume this is what causing the issue.

    Is there a way to fix this with this code? Or is it even possible that this would be the problem?

    set ADHome to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & “| grep SMBHome: | cut -c 10- | sed ‘s/\\\\/\\//g’ ”

    Any assistance would be great.

    Thank you.

  28. Eric L

    This continues to work great for us. However, we recently brought in a Department whose main focus is BYOD, and they want users to be able to get network drives even though their devices wouldn’t be bound to AD. Is there any way this could be adapted to allow that? I assume it would require a display dialog prompt that asked for username and password, and probably wouldn’t rely on the launchagent since users would only need the drives occasionally.

    The part I’m stuck on is getting the AD group membership, which I believe as described here would only work if the device is bound to AD. The only workaround I could think of would be to collect the username and password through display dialog, temporarily bind the computer to AD and create the user mobile account, do all the processes you’d defined above, then disconnect the computer from AD and delete the user account. But as I think about that it seems totally impractical, and would add a bunch of computer objects to our Active Directory for these temporary bindings.

    • Eric L

      It’s still working for me on 10.14, though I’m working on moving to NoMAD as that seems to be a little more seamless. If you can’t use NoMAD, this could be a good option for you.

  29. James

    Hello Are you able to help, I am using this Script on MacOS Sierra 10.12.6, when I run :

    — Get the logged in users username
    set loggedInUser to do shell script “whoami”

    — Get the Users account UniqueID
    –set accountType to do shell script “dscl . -read /Users/” & loggedInUser & ” | grep UniqueID | cut -c 11-”

    — Get the nodeName from the Users account
    set nodeName to do shell script “dscl . -read /Users/” & loggedInUser & ” | awk ‘/^OriginalNodeName:/,/^Password:/’ | head -2 | tail -1 | cut -c 2-”

    — Get the Users group membership from AD
    set ADGroups to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & ” | awk ‘/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'”

    — Get the Users AD Home Folder
    –set ADHome to do shell script “dscl ” & quoted form of nodeName & ” -read /Users/” & loggedInUser & “| grep SMBHome: | cut -c 10- | sed ‘s/\\\\/\\//g’ ”

    It comes back with:

    Result:
    “”

    I believe this is causing errors in the script

    Is anyone able to help, sorry if this is a very basic question, I am very new to Applescript, I am running this from script editor just to test it if that helps!

  30. John

    Does this now work with Mojave? Also, I know you save the launcher agent in the Library of Mac HD, but where do you actually save the “.app” with the script that was created? I’ve tried a few places, such as in Applications, Users local Root folder, Users root..

    • Eric L

      Possibly something having to do with the PPPC service SystemPolicyNetworkVolumes, which is related to mounting network drives and was introduced in Catalina?

Leave a Reply to Joseph L LovelessCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.