Submit User Information From AD Into The JSS At Login

Standard
UPDATE: Since 8.61+ User information can be submitted following the method outlined here.

For couple of years now i’ve ran various flavours of the below script via a login policy on my Mac clients.

The purpose of this script is to first check if the user is a network user, & if so then perform a lookup of their account against AD grabbing information that can then be submitted to the JSS in the relevant fields as per the below, (click to enlarge).

 

 

NOTE: This script needs to be customised for YOUR environment for it to work, some fields of data may well be the same.. but it depends on dumb luck & your AD being relatively “standard.”

4 thoughts on “Submit User Information From AD Into The JSS At Login

  1. ryanmanly

    I wanted to see if I can do this without calling dscl over and over.

    I got most of the way there when I realized that my JSS is not updating that extra info even when called by hand like

    # jamf recon –room 999

    …looks like I have a call to make tomorrow morning… 🙁

    But here you go. It doesn’t check for empties and the user is currently static. To use it simply go

    # dscl . -read /Users/foo | this_awk_script

    http://pastebin.com/ER9kYtCL

    #!/usr/bin/env awk -f

    BEGIN {
    FS=”:”;
    user=”foo”
    }

    /^JobTitle/{ getline; pos = $0 }
    /^Phone/{phone = $2}
    /^EMail/{email = $2}
    /^Real/{ getline; real = $0}
    /^Unique/{uid = $2}
    /:company:/{ getline; co = $0}
    /:department:/{dept = $2}

    END {
    args = ” -endUsername “user ” -realname'”real”‘ -email” email ” -position'” pos “‘ -phone ‘” phone “‘ -department” dept
    system(“jamf recon” args)
    }

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.