How to reference AD Home Directory

PaGuarnieri
New Contributor

Hey all,

I'm currently trying to use dockutil to rearrange and manage how the dock should look for both faculty and students. My only problem at this point is that I don't know exactly how to reference a user's Home Directory as set within AD.

Our students' home folders are contained as such: one major folder ("Students") that then contains a folder for each individual school, and within each school, has the graduating years of all students, and then you'll find a user's folder. Rather than creating variables based on AD credentials to then reference the folders, I was wondering if there was a unix command that would say, "Look at a user's AD account information to find their home directory", to which I can then add as a variable and then SMB into that. (I've scoured the internet for a week now with no luck).

16 REPLIES 16

jescala
Contributor II

@PaGuarnieri dscl is what you're looking for. We don't use that record with our AD accounts so I can't really test it, but the syntax should be something like this:

dscl "/Active Directory/<domain_name>/All Domains" -read /Users/$USER dsAttrTypeNative:homeDirectory

Laurent_Pertois
New Contributor
New Contributor

Hello,

You can user dscl to retrieve that information, here is an example of code, you'll have to adapt to your environment, of course :

dscl /Active Directory/DOMAIN/name.domain.tld -read /Users/user.one OriginalHomeDirectory | awk '{ print $2 }' | sed -e 's/<[^>]*>//g'

If you don't know dscl and the informations needed, have a look using the interactive version, just type dscl in a Terminal window on a computer bound to your AD and use ls and cd to navigate.

For example, once dscl is launched, type ls and you should see something like that :

$ dscl
Entering interactive mode... (type "help" for commands)
 > ls
Active Directory
LDAPv3
Local

Contact
Search

(YMMV)

Then, move to ```
/Active Directory
using the
cd
``` command (hint : there is completion, just type Acti and tab key) then enter. Use ls once again and you should see the DOMAIN, cd into it, ls once arrived and you should get the name.domain.tld and so on until you reach Users.

HTH, feel free to ask more informations if needed.

Laurent_Pertois
New Contributor
New Contributor

Hello (again),

Depending on your settings, the command might be:

dscl /Active Directory/DOMAIN/All Domains -read /Users/user.one OriginalHomeDirectory | awk '{ print $2 }' | sed -e 's/<[^>]*>//g'

PaGuarnieri
New Contributor

@Pertois, Thank you for such a quick response. After getting past the name.domain.tld, a ls lookup shows a number of different subjects within the domain; however, it is not exactly as I see it from AD.

I see a "users" folder, but that folder only contains a finite amount of test/administrative accounts, and not the ones I'm looking for. Looking into AD, I see that our architecture is built as such:

OU named "Schools" >>>OU for the name of each school >>>OU for the year of the graduating class >>>Student account information

I can cd into the "OrganizationalUnit" folder, and from in there it shows a number of OUs (including the names of each individual school), however, once I cd into the school OU, there seems to be nothing in there.

Is there something that I'm missing? Also, does putting in "user.one" imply that you are looking at the user who is currently logged into the machine?

Laurent_Pertois
New Contributor
New Contributor

Hello,

Ok, that's gonna be a bit more tricky with all the OUs... But, this is a bit strange that you don't see them in the virtual Users container (I say virtual as it's not always related to the structure of your AD).

Can you try this and see if you have all the users :

dscl /Search -list /Users

This should list all users (local and domains) in the Search path depending on your Open Directory settings.

PaGuarnieri
New Contributor

I've now come across another problem (although this might just be related to how our AD is set up):

dscl doesn't set up the OU's in the way AD does; when I look into AD, I have Schools>"Name of Elementary School">"Grade">Users

in dscl, under the OrganizationalUnit folder, I have 10 instances of the OU "01st Grade" (10 elementary schools in the district, with each school OU having it's own "01st Grade" OU)

Any help/suggestions would be greatly appreciated.

Laurent_Pertois
New Contributor
New Contributor

Hello,

Yes, this happens as AD structures can be complex and Open Directory tends to flatten them. Is the Mac on which you connect to able to open a session for any user of the AD or only from a specific school.

Also, could you post here (with anonymous info if needed but explain what's been changed) the result of this command:

dscl /Search -read .

PaGuarnieri
New Contributor

Students are allowed to access any computer that is bound to AD.

Here are the results of the dscl /Search command:

CSPSSearchPath: /Local/Default /Active Directory/<DOMAIN>/All Domains
LSPSearchPath: /Local/Default
NodeOptions: QuerySkippedSubnode;Boolean
NodePath: Search
NSPSearch Path: /Local/Default
ReadOnlyMode: ReadOnly
RealName: Search
SearchPath: /Local/Default /Active Directory/<DOMAIN>/All Domains
SearchPolicy: dsAttrTypeStandard:CSPsearchPath
TrustInformation: Anonymous

Laurent_Pertois
New Contributor
New Contributor

Ok, that looks normal...

Have you tried the other command in my previous message?

dscl /Search -list /Users

PaGuarnieri
New Contributor

Yes, doing so does bring up a list of users; however, it doesn't list all users.

I'm currently logged into my test machine as a student who (by looking into AD) has a network drive set as his home directory within the list of attributes. However, his name does not show up when I run the dscl command listed above. Is this because the user accounts are within other OU's and not the Users OU?

Laurent_Pertois
New Contributor
New Contributor

Ok

If you are not listed there can be multiple reasons, although Open Directory can find you or you wouldn't be able to login... Do you happen to have a very large number of users ?

Can you try this:

dscl /Search -read /Users/nameOfUser

and this then:

dscl /Search -read /Users/nameOfUser OriginalHomeDirectory

Where nameOfUser is the short name of the account you are using for your tests and that doesn't appear in the list (i.e. the name of the Home Folder)

PaGuarnieri
New Contributor

I would guess that our user database is around 9000 users.

Running the first command brings up a huge record about the user, and running the second command gives me:

OriginalHomeDirectory: <home_dir><url>smb://<SERVER>/students/<SCHOOL>/<YEAR>/<USER></url><path>/</path></home_dir>

That SMB filepath is exactly what I need, however, every terminal command I've done thus far has given me an error.

Laurent_Pertois
New Contributor
New Contributor

I think your AD is limiting the number of records returned when you do a full listing, that's very common.

The first command returned you a complete list of all attributes of the user and the second only the attribute you search.

You can then use this to get what you search with this command :

dscl /Search -read /Users/nameOfUser | awk '/OriginalHomeDirectory/ { print $2 }' | sed -e 's/<[^>]*>//g'

But this will give you only a URL, you'll have to test if it's enough to add it in the Dock.

Have you checked if SERVER is not automatically mounted when a user connects? You can try this command:

dsconfigad -show

and check if "Mount home as sharepoint = Enabled" is present.

In that case, it should appear in /Volumes/students normally and you could derive the path from the output of dscl with this :

#!/bin/sh

ServerHome=$(dscl /Search -read /Users/nameOfUser | awk '/OriginalHomeDirectory/ { print $2 }' | sed -e 's/<[^>]*>//g' | awk -F'/' '{ print substr($0, index($0, $4))}')

LocalMountPoint="/Volumes/$ServerHome"

And then you can use $LocalMountPoint as the reference.

PaGuarnieri
New Contributor

Finally got it working!

By adding these two variables:

currentuser=$USER SMBHome=dscl /Active Directory/<DOMAIN>/All Domains -read /Users/$currentuser OriginalHomeDirectory | awk '{ print $2 }' | sed -e 's/<[^>]*>//g'

I was then able to add the link to the end of the dock ("$SMBHome") and clicking it will mount the user's networked home folder.

Thank you @Pertois for all of your help!

Laurent_Pertois
New Contributor
New Contributor

My pleasure, I totally forgot to add something for the user but you found it yourself.

Good to know I could help :)

Have fun now

jchurch
Contributor II

@PaGuarnieri

currentuser=$USER SMBHome=dscl /Active Directory/<DOMAIN>/All Domains -read /Users/$currentuser OriginalHomeDirectory | awk '{ print $2 }' | sed -e 's/<[^>]*>//g' I was then able to add the link to the end of the dock ("$SMBHome") and clicking it will mount the user's networked home folder.

mind if i borrow this? ;-)