Skip to main content

Unlocking the power of extension attributes

Posted in: Jamf Pro

IT is a world where more times than not, interactions with users go something like “I need help…” instead of “Everything is going great.” And when the former happens, it’s your job to be the problem solver. So how do you do it? Extension attributes are an excellent place to start.

What are extension attributes
An extension attribute allows you to collect extra inventory from your computers or mobile devices. These can be in the form of a text field, drop-down menu, LDAP mapping or script.

Use cases for extension attributes
Extension attributes can be used in many powerful ways. You can create a field that allows admins to enter the "Retired Date" of a device so you can keep track of the devices that are no longer managed by your server. You can also create a drop-down menu that designates a device as "out for repair," allowing you to exclude it from different workflows.

You can even grab an LDAP attribute not mapped to the Jamf server by default — such as "Graduation Year" — for scoping purposes. For mobile devices, these attributes can be used as a variable in configuration profiles, which allow you to put the "Graduation Year" or other useful information on the lock screen of the device.

You didn’t think I’d forget about scripts, did you? With scripts — many of which are readily available on Jamf Nation —you can find out when the last CrashPlan backup ran, whether or not SSH is enabled, or locate the serial number of a Thunderbolt display connected to a computer.

And the list goes on and on

Creating powerful workflows with extension attributes
One of the most useful parts of extension attributes is leveraging them for criteria in smart groups. To do this, create an extension attribute that gathers the amount of times a battery has cycled, and use that information in criteria of a smart group to automatically email you when the battery of a device is running low.

To take the power of extension attributes one step further, combine them with policies within Jamf Pro. Doing this allows you to easily check if SSH is enabled, and if it isn't, enable it. Or ensure you’re able to remote into a computer. If a computer is bound to Active Directory, you can use an extension attribute to see what organizational unit a computer is in and scope policies to the correct subdivision of Active Directory. And lastly, circling back to our low battery example, you can have a policy automatically notify a user to bring their computer into the help desk when their battery is about to die.

Text, drop-down and LDAP extension attributes
Now that you know what extension attributes are capable of — and honestly, we’ve only scratched the surface — let’s dive into the nitty-gritty of how to make extension attributes come to life!

First off, if your extension attribute is simply a text field or drop-down menu, you just give it a name and options. If it's an LDAP attribute mapping, you fill in the name of the field in LDAP. If you don't have familiarity with creating these kinds of extension attributes, I would recommend checking out the appropriate sections of the Jamf Pro (formerly Casper Suite) Admin Guide:

Writing an extension attribute script
Creating extension attributes from scripts, however, is a bit trickier than the others. You can use either Bash or Python to write the script. I prefer Bash since that's what macOS is built on. However, you don't need extensive knowledge of Bash or Python to build an extension attribute.

There are many templates built into Jamf Pro, and even more posted on Jamf Nation that you can upload into your server.

Let’s look at the extension attribute that collects the number of times a battery has cycled. You can find this extension attribute as one of our built-in templates in Jamf Pro by navigating to Settings > Computer Management – Management Framework > Extension Attributes > New From Template > Battery Cycle Count.

This may look somewhat confusing if you're not familiar with Bash, but if you break it down, it's much easier to digest. Think of it like a sandwich, with different parts. There's the main command, inside of a command substitution, inside of some extension attribute specific XML, all inside of the echo command.

Main command
If you're on a Mac laptop, you can test this command in Terminal by running:

 ioreg -r -c "AppleSmartBattery" | grep -w "CycleCount" | awk '{print $3}' | sed s/\"//g

This should output the number of times your battery has cycled. That's the meat of this script; the primary output we want to capture in this extension attribute.

Command substitution
The command substitution is the $( ) component of the code. The command between the braces is executed in a subshell and the output is then placed in the original command. So instead of the gibberish we entered above, we just get a number.

Extension attribute specific XML
This is where the magic happens, between the <results> </results>. We add an opening and closing results tag around our output, and whatever is outputted in that area is captured in the inventory.

Echo command
And finally, we wrap it all within an echo command. I recommend wrapping everything in double quotes. So the outside of the sandwich looks like echo " ".

The great part is you can use this same structure and replace the middle section with any command, which would look like:

 echo "<result>$(TYPE-COMMAND-HERE)</result>"

And there you go! You’ve just created an extension attribute.

What else can you do?
Congratulations, you are ready to start using extension attributes in your own environment! They are very simple in theory, but incredibly powerful when combined with the rest of Jamf Pro. It's simply one more tool for you to use to solve unique problems in your environment and open endless management capabilities.

Not a current Jamf customer, but putting extension attributes to work is something you can get on board with?

Let’s Talk