Get last logged in Active Directory user

May
Contributor III

Hi all

I'm working on automating back ups for users that have left the company, the policy/script will run whilst logged in as the local administrator as the user's account will more than likely be disabled at this point.

I'd like part of the script to get the username of the latest logged in Active Directory user so we know we're back up the correct home folder and creating a directory with the correct name on the network share.

What i have so far works to select just the domain account home folders and exclude any local accounts, but the part i can't get to work is how to select the folder that has the latest modified date, from what i can see on the Googlesphere head -1 should get the last modified folder but in my testing that's not working.

Can anyone suggets a different way to skin this cat or why the command is not picking up the last modified folder ?

#!/bin/sh

lastaduser=$( find /Users/ -mindepth 1 -maxdepth 1 -type d -group "OURDOMAINDomain Users" | head -1 | cut -f 4 -d'/' )

echo "$lastaduser"
1 ACCEPTED SOLUTION

Look
Valued Contributor III

Something I whipped up, goes through the list of last console logins and finds the first entry that has any groups that are on the domain, you could make it ore accurate by manually altering the awk command to have the actual primary group for the domain although in most cases this should work.
You could probably also alter the awk to exclude certain user or users that were in certain groups.

#!/bin/bash
My_Domain="INSERTDOMAINHERE"
for The_User in $(last console | awk '{print $1}'); do
if [[ "$(id $The_User | awk '/'$My_Domain'/')" ]]; then
Last_User=$The_User
break
fi
done
if [[ "$Last_User" ]]; then
echo "$Last_User is the last domain account"
else
echo "No domain accounts detected for $My_Domain"
fi

View solution in original post

8 REPLIES 8

mm2270
Legendary Contributor III

The problem isn't head, its how you are using cut. Try it this way:

lastaduser=$( find /Users/ -mindepth 1 -maxdepth 1 -type d -group "OURDOMAINDomain Users" | head -1 | cut -d'/' -f3 )

Edit: Should just say that I don't know this is the most reliable way to get the last logged in AD user, but I haven't examined it too closely. I have a feeling someone will come along and show how this might be a fragile way to do it though.

May
Contributor III

Thanks @mm2270

I removed the cut part altogether (As below) to see if it's affecting the results but it still doesn't list the latest modified AD Folder, i'd agree that this isn't the best way to acheive what i need, an alternative approach would be great if anyone can point me in the right direction.

if i use ls -t /Users it correctly gives me the last modified home folder but i'd then need a way to select only the AD user home folders or exclude the local admin folders, (i was going to use the naming convention and only choose accounts with a period in but we have a few accounts that don't conform to that)

A possible alternative,
as this will be run by an admin in Self Service i wonder how simple (for me!) it would be to pop up a list of all the AD accounts using cocoa dialog (or similar) so the admin could then select which folder to back up?

#!/bin/sh
lastaduser=$( find /Users/ -mindepth 1 -maxdepth 1 -type d -group "OURDOMAINDomain Users" | head -1  )

May
Contributor III

Using this splendid command from @cbrewer i can get a list of all the Active Directory usernames and i don't need to use cut, plus it will work offline (using find /Users -group "OURDOMAINDomain Users" only works if the Mac can reach our network )

#!/bin/sh
userList=`dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'`
echo "$userList"

Can anyone suggest a way to then filter the list of AD usernames so i'm only left with the one that logged in last ?

Look
Valued Contributor III

Something I whipped up, goes through the list of last console logins and finds the first entry that has any groups that are on the domain, you could make it ore accurate by manually altering the awk command to have the actual primary group for the domain although in most cases this should work.
You could probably also alter the awk to exclude certain user or users that were in certain groups.

#!/bin/bash
My_Domain="INSERTDOMAINHERE"
for The_User in $(last console | awk '{print $1}'); do
if [[ "$(id $The_User | awk '/'$My_Domain'/')" ]]; then
Last_User=$The_User
break
fi
done
if [[ "$Last_User" ]]; then
echo "$Last_User is the last domain account"
else
echo "No domain accounts detected for $My_Domain"
fi

May
Contributor III

Thank you @Look, it works like a charm !

i'd been testing with last but hadn't figured the domain part, i really appreciate all your input !

EDIT

I'm testing this as an EA and had quite a few machine report back "No domain accounts detected for OURDOMAIN"
if i run the "last" command on these machines i get "wtmp begins at Tue May 10 15:38", just seeing what may be the cause, i'm assuming that there's no log file, looks like it may be depreciated

May
Contributor III

Hi @Look

All of the machines that are reporting back "No domain accounts detected for OURDOMAIN" are not on our company network, all the Macs in the office are reporting the users name back 100%, can you please explain where the awk '/'$My_Domain'/' part of the script is looking for the domain info ?

We'll be doing the back ups in th office so this isn't an issue, it'd just be good to fully understand what the script is doing.

Thanks again!

Look
Valued Contributor III

Its looking at the response to the id command which lists the groups the user is in.
I wasn't aware that this wasn't populated with AD groups if the domain was unavailable, although from what your saying this is probably the case.
By default it lists the current user but if you add a username i.e. id joebloggs it displays the groups for that specific user.

May
Contributor III

@Look Thanks

It does seem to be the case, i did some further testing with the script directly and it works when on VPN and not when off it.

The id command looks like it could be very useful also, cheers!