Sunday, 7 June 2015

Add mobile user using self service on 10.10.3


 This is an updated script that also detects NFSHomeDirectory attribute if it exists for a given user and creates it for createmobileaccount to work on 10.10.3

 

#!/bin/sh

# Tausif - 07/06/2015 Added fix for OS X 10.1.3 mobile directory creation


IFS=$'\n'


# Logging Variables and Functions


logFile=/private/var/log/"$(basename "$0")".log


# Status messages are green, and logged.

function msg_status() {

    echo $(date "+%Y-%m-%d %H:%M:%S INFO: ") $1 | tee -a $logFile &> /dev/null

}


# Error messages are red, and logged.

function msg_error() {

    echo $(date "+%Y-%m-%d %H:%M:%S ERROR: ") $1 | tee -a $logFile &> /dev/null

}


function LogPrimer() {

msg_status "Start logging to $logFile"

}


# Global Variables & Functions

LogPrimer


# Make sure the script is being executed by root

if [ $(id -u) -ne 0 ]; then

    msg_error "This script must be run as root."

    exit 1

fi


SeaHorse="Yes No"

shortName=""

IDLELOOPBREAKCOUNTER=0


# Main Process #


# If the machine is not bound to AD, then there's no purpose going any further.

checkAD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`

if [ "${checkAD}" != "Active Directory" ]; then

osascript -e 'tell application "System Events" to display dialog "This machine is not bound to Active Directory." & "\nExiting..." with title "Domain Unavailable" buttons {"OK"} default button 1 giving up after 300 with icon 0'

msg_error "Domain Unavailable: This machine is not bound to Active Directory. Exiting..."

exit 1

else


until [ "$SeaHorse" == "Yes" ]; do


# Verify CORP ID

until [ -n "$UserName" ] && [ $UserName != "username" ] && [[ $shortName == $UserName ]];

do


# Loopbreak counter, to exit after 10 loops without interaction/success.

IDLELOOPBREAKCOUNTER=$[$IDLELOOPBREAKCOUNTER +1]

msg_status "Loop number $IDLELOOPBREAKCOUNTER."

if [[ $IDLELOOPBREAKCOUNTER -ge 10 ]];

then

msg_error "Looped $IDLELOOPBREAKCOUNTER times without success. Exiting..."

exit 1

fi


UserName=$(/usr/bin/osascript << EOF

tell application "System Events" to display dialog "Please enter the user's CORP ID:" default answer "username" with title "Create CORP Mobile Account" buttons {"Continue", "Cancel"} default button "Continue" giving up after 300 with icon path to resource "AccountsPref.icns" in bundle "/System/Library/PreferencePanes/Accounts.prefPane/Contents/Resources"

set UserName to the text returned of result

EOF)


# Check for cancelation, or preposterous UserName

if [ $? != 0 ] ;

then

exit 0

elif [[ -z $UserName ]] || [[ $UserName == "username" ]];

then

msg_error "Username cannot be blank, or username."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "Username cannot be blank, or username." with title "Error" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

fi


# Directory Search

#dscl search scope is set to  /Active\ Directory/CORP/All\ Domains because CORP is the short name of my domain change it for your environment.


FirstName="`/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName FirstName | awk -F'FirstName:' '{print $0}' | sed 's/FirstName://g'`"

LastName="`/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName LastName | awk -F'LastName:' '{print $0}' | sed 's/LastName://g'`"

RealName=$(echo $FirstName$LastName)

shortName="`/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName RecordName | awk '{print $2}'`"

HomeDir=$(/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName NFSHomeDirectory | awk '{print $2}' | sed 's/\'/home'//' | sed 's/^.//')


# DSLocal Search

localshortName="`/usr/bin/dscl . -read /Users/$UserName RecordName | awk '{print $2}'`"


if [[ $shortName != $UserName ]];

then

msg_error "Invalid username: $UserName not found in CORP"

/usr/bin/osascript -e 'tell application "System Events" to display dialog "'$UserName' not found in CORP." with title "Invalid Username" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

SeaHorse=No

break

fi


SeaHorse=$(/usr/bin/osascript << EOF

tell application "System Events" to display dialog "Is this the correct user?\n$RealName" with title "Confirm User ID" buttons {"Yes", "No"} default button "No" giving up after 300 with icon path to resource "AccountsPref.icns" in bundle "/System/Library/PreferencePanes/Accounts.prefPane/Contents/Resources"

set SeaHorse to the button returned of result

EOF)

if [[ $SeaHorse == "No" ]];

then

msg_error "User indicated that $UserName was not correct."

UserName=""

elif [[ $SeaHorse == "Yes" ]];

then

msg_status "User indicated that $RealName was correct."

if [ `who | grep console | awk '{print $1}'` == "$shortName" ];

then

msg_error "$RealName is logged in. Please log in as a local administrator. Exiting..."

set -x verbose

/usr/bin/osascript -e 'tell application "System Events" to display dialog "'$RealName' is logged in.\nPlease log in as a local administrator." with title "Error" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

exit 1

elif [[ $shortName == $localshortName ]];

then

msg_error "$RealName already exists in dslocal. Exiting..."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "'$RealName' already exists in dslocal." with title "Error" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

exit 1

fi

if [[ -z $HomeDir ]];

then

msg_error "unable to retrieve NFSHomeDirectory.."

cp -R /System/Library/User\ Template/English.lproj /Users/$UserName

chown -R $UserName /Users/$UserName

else

msg_error "Creating NFSHomeDirec locally.."

cp -R /System/Library/User\ Template/English.lproj /Users/$HomeDir

chown -R $UserName /Users/$HomeDir

fi

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -v -n $shortName

dscl . -append /Groups/admin GroupMembership $shortName

if [ $? == 0 ] ;

then

msg_status "Success! Created mobile administrator account for $RealName."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "Created mobile administrator account." with title "Success!" buttons {"Ok"} default button "Ok" giving up after 300 with icon path to resource "AccountsPref.icns" in bundle "/System/Library/PreferencePanes/Accounts.prefPane/Contents/Resources"'

exit 0

else

msg_error "Unknown Error. Exiting..."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "Unknown error. Account creation has ended." with title "Unknown Error" buttons {"Ok"} default button "Ok" giving giving up after 300 with icon caution'

exit 1

fi

fi

done

done

fi


exit 0
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Detect autopilot session

  Ensuring that some apps only install during autopilot is not easily accomplished, you can use the below powershell script as a requiremen...