Skip to main content

Add mobile user using self service on 10.10.3


 This is an updated script that also detects NFSHomeDirectory attribute if it exists for a given user and creates it for createmobileaccount to work on 10.10.3



#!/bin/sh

# Tausif - 07/06/2015 Added fix for OS X 10.1.3 mobile directory creation


IFS=$'\n'


# Logging Variables and Functions


logFile=/private/var/log/"$(basename "$0")".log


# Status messages are green, and logged.

function msg_status() {

    echo $(date "+%Y-%m-%d %H:%M:%S INFO: ") $1 | tee -a $logFile &> /dev/null

}


# Error messages are red, and logged.

function msg_error() {

    echo $(date "+%Y-%m-%d %H:%M:%S ERROR: ") $1 | tee -a $logFile &> /dev/null

}


function LogPrimer() {

msg_status "Start logging to $logFile"

}


# Global Variables & Functions

LogPrimer


# Make sure the script is being executed by root

if [ $(id -u) -ne 0 ]; then

    msg_error "This script must be run as root."

    exit 1

fi


SeaHorse="Yes No"

shortName=""

IDLELOOPBREAKCOUNTER=0


# Main Process #


# If the machine is not bound to AD, then there's no purpose going any further.

checkAD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`

if [ "${checkAD}" != "Active Directory" ]; then

osascript -e 'tell application "System Events" to display dialog "This machine is not bound to Active Directory." & "\nExiting..." with title "Domain Unavailable" buttons {"OK"} default button 1 giving up after 300 with icon 0'

msg_error "Domain Unavailable: This machine is not bound to Active Directory. Exiting..."

exit 1

else


until [ "$SeaHorse" == "Yes" ]; do


# Verify CORP ID

until [ -n "$UserName" ] && [ $UserName != "username" ] && [[ $shortName == $UserName ]];

do


# Loopbreak counter, to exit after 10 loops without interaction/success.

IDLELOOPBREAKCOUNTER=$[$IDLELOOPBREAKCOUNTER +1]

msg_status "Loop number $IDLELOOPBREAKCOUNTER."

if [[ $IDLELOOPBREAKCOUNTER -ge 10 ]];

then

msg_error "Looped $IDLELOOPBREAKCOUNTER times without success. Exiting..."

exit 1

fi


UserName=$(/usr/bin/osascript << EOF

tell application "System Events" to display dialog "Please enter the user's CORP ID:" default answer "username" with title "Create CORP Mobile Account" buttons {"Continue", "Cancel"} default button "Continue" giving up after 300 with icon path to resource "AccountsPref.icns" in bundle "/System/Library/PreferencePanes/Accounts.prefPane/Contents/Resources"

set UserName to the text returned of result

EOF)


# Check for cancelation, or preposterous UserName

if [ $? != 0 ] ;

then

exit 0

elif [[ -z $UserName ]] || [[ $UserName == "username" ]];

then

msg_error "Username cannot be blank, or username."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "Username cannot be blank, or username." with title "Error" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

fi


# Directory Search

#dscl search scope is set to  /Active\ Directory/CORP/All\ Domains because CORP is the short name of my domain change it for your environment.


FirstName="`/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName FirstName | awk -F'FirstName:' '{print $0}' | sed 's/FirstName://g'`"

LastName="`/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName LastName | awk -F'LastName:' '{print $0}' | sed 's/LastName://g'`"

RealName=$(echo $FirstName$LastName)

shortName="`/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName RecordName | awk '{print $2}'`"

HomeDir=$(/usr/bin/dscl /Active\ Directory/CORP/All\ Domains -read /Users/$UserName NFSHomeDirectory | awk '{print $2}' | sed 's/\'/home'//' | sed 's/^.//')


# DSLocal Search

localshortName="`/usr/bin/dscl . -read /Users/$UserName RecordName | awk '{print $2}'`"


if [[ $shortName != $UserName ]];

then

msg_error "Invalid username: $UserName not found in CORP"

/usr/bin/osascript -e 'tell application "System Events" to display dialog "'$UserName' not found in CORP." with title "Invalid Username" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

SeaHorse=No

break

fi


SeaHorse=$(/usr/bin/osascript << EOF

tell application "System Events" to display dialog "Is this the correct user?\n$RealName" with title "Confirm User ID" buttons {"Yes", "No"} default button "No" giving up after 300 with icon path to resource "AccountsPref.icns" in bundle "/System/Library/PreferencePanes/Accounts.prefPane/Contents/Resources"

set SeaHorse to the button returned of result

EOF)

if [[ $SeaHorse == "No" ]];

then

msg_error "User indicated that $UserName was not correct."

UserName=""

elif [[ $SeaHorse == "Yes" ]];

then

msg_status "User indicated that $RealName was correct."

if [ `who | grep console | awk '{print $1}'` == "$shortName" ];

then

msg_error "$RealName is logged in. Please log in as a local administrator. Exiting..."

set -x verbose

/usr/bin/osascript -e 'tell application "System Events" to display dialog "'$RealName' is logged in.\nPlease log in as a local administrator." with title "Error" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

exit 1

elif [[ $shortName == $localshortName ]];

then

msg_error "$RealName already exists in dslocal. Exiting..."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "'$RealName' already exists in dslocal." with title "Error" buttons {"Ok"} default button "Ok" giving up after 300 with icon caution'

exit 1

fi

if [[ -z $HomeDir ]];

then

msg_error "unable to retrieve NFSHomeDirectory.."

cp -R /System/Library/User\ Template/English.lproj /Users/$UserName

chown -R $UserName /Users/$UserName

else

msg_error "Creating NFSHomeDirec locally.."

cp -R /System/Library/User\ Template/English.lproj /Users/$HomeDir

chown -R $UserName /Users/$HomeDir

fi

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -v -n $shortName

dscl . -append /Groups/admin GroupMembership $shortName

if [ $? == 0 ] ;

then

msg_status "Success! Created mobile administrator account for $RealName."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "Created mobile administrator account." with title "Success!" buttons {"Ok"} default button "Ok" giving up after 300 with icon path to resource "AccountsPref.icns" in bundle "/System/Library/PreferencePanes/Accounts.prefPane/Contents/Resources"'

exit 0

else

msg_error "Unknown Error. Exiting..."

/usr/bin/osascript -e 'tell application "System Events" to display dialog "Unknown error. Account creation has ended." with title "Unknown Error" buttons {"Ok"} default button "Ok" giving giving up after 300 with icon caution'

exit 1

fi

fi

done

done

fi


exit 0

Comments

Popular posts from this blog

Removing corporate wireless restrictions completely : "The policies of your network prevent the creation of ad hoc (computer-to-computer) networks. For more information, contact your system administrator."

So i was recently tasked with removing wireless restrictions from a VP's windows 7 laptop that some infrastructure company had placed while contracted with our network, since he needed to enable setting up of adhoc connections on his laptop and he always got

"The policies of your network prevent the creation of ad hoc (computer-to-computer) networks. For more information, contact your system administrator."


A little bit of probing revealed that adhoc and peer to peer connections were blocked as evidenced by the the command 

netsh wlan show filter on an  elevated command prompt revealed that adhoc network type was blocked by group policy:

I removed the restrictions by:

1: open services.msc as administrator, scroll down to WLAN AutoConfig:

Migrating Outlook Profile to Office 365

We had a migration from Hosted Exchange to Office 365 and i was tasked with automating the local Outloook profile migration for Users:

I Created a GUI utility using powershell which would allow users to create an Office365 Profile and set it as default, I prepared PRF files for each version of office and an autodiscover.xml to be used for local autodiscover and uploaded them to a hosted site:

The PRF file to set settings for Office 365 are hard to find: i used the below entries:


;AutomaticallygeneratedPRFfilefromtheMicrosoftOfficeCustomizationandInstallationWizard;**************************************************************;Section1-ProfileDefaults;**************************************************************[General]Custom=1ProfileName=%UserName%-O365DefaultProfile=YesOverwriteProfile=YesModifyDefaultProfileIfPresent=false;**************************************************************;Section2-ServicesinProfile;**************************************************************[Service…

To Unlock Windows Update locked due to group policy.

To Unlock Windows Update locked due to group policy.




Open gpedit.msc and browse to the location /Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication Settings and double click "turn off access to all windows update features" and set it to disabled.