Submit User Information From AD Into The JSS At Login

UPDATE: Since 8.61+ User information can be submitted following the method outlined here.

For couple of years now i’ve ran various flavours of the below script via a login policy on my Mac clients.

The purpose of this script is to first check if the user is a network user, & if so then perform a lookup of their account against AD grabbing information that can then be submitted to the JSS in the relevant fields as per the above.

See below for the script:

NOTE: This script needs to be customised for YOUR environment for it to work, some fields of data may well be the same.. but it depends on dumb luck & your AD being relatively "standard."

4 thoughts on “Submit User Information From AD Into The JSS At Login

  1. ryanmanly

    I wanted to see if I can do this without calling dscl over and over.

    I got most of the way there when I realized that my JSS is not updating that extra info even when called by hand like

    # jamf recon –room 999

    …looks like I have a call to make tomorrow morning… 🙁

    But here you go. It doesn’t check for empties and the user is currently static. To use it simply go

    # dscl . -read /Users/foo | this_awk_script

    #!/usr/bin/env awk -f

    BEGIN {

    /^JobTitle/{ getline; pos = $0 }
    /^Phone/{phone = $2}
    /^EMail/{email = $2}
    /^Real/{ getline; real = $0}
    /^Unique/{uid = $2}
    /:company:/{ getline; co = $0}
    /:department:/{dept = $2}

    END {
    args = ” -endUsername “user ” -realname'”real”‘ -email” email ” -position'” pos “‘ -phone ‘” phone “‘ -department” dept
    system(“jamf recon” args)

Leave a Reply to Ben Toms Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.