I have an script I use to mount network drives for AD bound macs in our organization. I only recently started and we have users that exist in multiple domains. Macs that had been bound have had the domain search priority modified to allow for the correct authentication. I made the authentication script based on that model. I am now trying to get all newly deployed macs bound with dsconfigad setting the namespace to forest instead of domain (primarily because users may want to authenticate with both accounts, which are named the same).
Here is the script I used to gather all the requisite information for mounting their drives. This works when the system is configured as domain such that the user accounts are created user not domain\user.
-- Get the logged in users username
set loggedInUser to do shell script "whoami"
set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-"
-- Get the Users account UniqueID
set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-"
-- Get the nodeName from the Users account
set nodeName to do shell script "dscl . -read /Users/" & loggedInUser & " | awk '/^OriginalNodeName:/,/^Password:/' | head -2 | tail -1 | cut -c 2-"
-- Get the Users group membership from AD
set ADGroups to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & " | awk '/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'"
-- Get the Users AD Home Folder
set ADHome to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & "| grep SMBHome: | cut -c 10- | sed 's/\\\\/\\//g' "
-- Checks to see if account is an AD Account, if its not exit
if accountType is less than 1000 then
tell me to quit
end if
My issue is that when setting dsconfigad to forest the name returned by whoami is domain\user which applescript is smart about and returns domain\user such that it will display domain\user if I call something like display dialog. I thought I could write a subroutine that would parse into something I could pass as domain\user but alas after a day of dickering around I haven’t been able to wrap my brain around how to structure it to pass loggedInUser as domain\user not domain\user
I was thinking something like this but it still returns domain\user.
on theSplit()
set fulluser to do shell script "whoami"
set AppleScript's text item delimiters to "\\"
set parts to text items of fulluser
set firstitem to the first item of parts
set seconditem to the second item of parts
set slash to "\\"
set loggedInUser to firstitem & slash & seconditem
end theSplit
return theSplit()
I’m a bit at a loss here, I don’t want to continue binding macs and then reorganizing the directory search parameters but I’m afraid my script fu is bare bones and I’m not sure how to get this working.
Thanks,
-alex-
I believe you don’t need to go via AppleScript to get your logged-in user.
Replace loggedInUser here:
set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-"
like so:
set accountType to do shell script "dscl . -read /Users/$(whoami) | grep UniqueID | cut -c 11-"
And all occurrences of loggedInUser likewise.
The only caveat: I don’t have access to an AD network, so I cannot tell whether it would work there.
The test at the end, on the account type, should go right after the line where you read it, so the script stops right away, and does not waste time reading more data.
Sorry for not coming back sooner, been busy. I was able to use the advice here with some additional modifications to get the script working on systems bound both ways. I can’t believe it didn’t occur to me to just call whoami in the script strings instead of using the variable. I was really making this business harder than it needed to be.
Here’s what I ended up with.
-------------------------------
--- User Information
-------------------------------
-- Get the logged in users username
on theSplit()
try
set fulluser to do shell script "whoami"
set AppleScript's text item delimiters to "\\"
set parts to text items of fulluser
set firstitem to the first item of parts
set seconditem to the second item of parts
set slash to "\\"
set username to seconditem
on error
set username to do shell script "whoami"
end try
return username
end theSplit
set loggedInUser to theSplit()
-- Get the Users account UniqueID
set accountType to do shell script "dscl . -read /Users/$(whoami) | grep UniqueID | cut -c 11-"
-- Get the nodeName from the Users account
set nodeName to do shell script "dscl . -read /Users/$(whoami) | awk '/^OriginalNodeName:/,/^Password:/' | head -2 | tail -1 | cut -c 2-"
-- Get the Users group membership from AD
set ADGroups to do shell script "dscl " & quoted form of nodeName & " -read /Users/$(whoami) | awk '/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'"
-- Get the Users AD Home Folder
set ADHome to do shell script "dscl " & quoted form of nodeName & " -read /Users/$(whoami) | grep SMBHome: | cut -c 10- | sed 's/\\\\/\\//g' "
I had to maintain the loggedinUser variable because after gathering this information I have dozens of strings like the following.
if ADGroups contains "Anatomy-Users" then
mount volume "smb://server.domain.forest.edu/" & loggedInUser & "$"
mount volume "smb://server.domain.forest.edu/Anatomy"
end if
if ADGroups contains "Anatomy-Davissonlab" then
mount volume "smb://server.domain.forest.edu/DavissonLab"
end if
We don’t use the SMBHome field AD so I have to mount all the network drives via this script.
Thanks again for the help.
Instead of invoking a subshell the get the name of the currently logged in user you can also use shell’s variable LOGNAME.
-- Get the Users account UniqueID
set accountType to do shell script "dscl . -read /Users/$LOGNAME | grep UniqueID | cut -c 11-"
But since this code is to get the current user id we can also use the shell variable $UID shell variable directly
-- Get the Users account UniqueID
set accountType to do shell script "echo $UID"