Submit User Information From AD Into The JSS At Login

UPDATE: Since 8.61+ User information can be submitted following the method outlined here.

For couple of years now i’ve ran various flavours of the below script via a login policy on my Mac clients.

The purpose of this script is to first check if the user is a network user, & if so then perform a lookup of their account against AD grabbing information that can then be submitted to the JSS in the relevant fields as per the above.

See below for the script:

NOTE: This script needs to be customised for YOUR environment for it to work, some fields of data may well be the same.. but it depends on dumb luck & your AD being relatively "standard."

5 thoughts on “Submit User Information From AD Into The JSS At Login

  1. ryanmanly

    I wanted to see if I can do this without calling dscl over and over.

    I got most of the way there when I realized that my JSS is not updating that extra info even when called by hand like

    # jamf recon –room 999

    …looks like I have a call to make tomorrow morning… 🙁

    But here you go. It doesn’t check for empties and the user is currently static. To use it simply go

    # dscl . -read /Users/foo | this_awk_script

    #!/usr/bin/env awk -f

    BEGIN {

    /^JobTitle/{ getline; pos = $0 }
    /^Phone/{phone = $2}
    /^EMail/{email = $2}
    /^Real/{ getline; real = $0}
    /^Unique/{uid = $2}
    /:company:/{ getline; co = $0}
    /:department:/{dept = $2}

    END {
    args = ” -endUsername “user ” -realname'”real”‘ -email” email ” -position'” pos “‘ -phone ‘” phone “‘ -department” dept
    system(“jamf recon” args)

  2. xdvasquez

    Hello, late to this and maybe there is a better way to do this. But do we still need to add the end user to every object we are testing or will the script automatically detect and populate logged in user.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.