Remove Directory Binding via dsconfigad with $4 and $5 from policy via self service

thundercr250
New Contributor II

I am trying to use parameter $4 and $5 for username and password in my script to unbind from AD.

If I enter the username and password directly into the script it works fine but if I use the options it runs forever and never finishes.

#!/bin/bash
####################################################################################################
#
# Copyright (c) 2010, JAMF Software, LLC.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the JAMF Software, LLC nor the
#                 names of its contributors may be used to endorse or promote products
#                 derived from this software without specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
#       This program is distributed "as is" by JAMF Software, LLC's Resource Kit team. For more
#       information or support for the Resource Kit, please utilize the following resources:
#
#               http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
#               http://www.jamfsoftware.com/support/resource-kit
#
#       Please reference our SLA for information regarding support of this application:
#
#               http://www.jamfsoftware.com/support/resource-kit-sla
#
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   unbindAD.sh -- Unbind from Active Directory.
#
# SYNOPSIS
#   sudo unbindAD.sh
#   sudo unbindAD.sh <mountPoint> <computerName> <currentUsername> <username> <password>
#
#   If the $username and $password parameters are specified (parameters 4 and 5), these will be
#   used to unbind the machine from Active Directory.  The username/password that should be used in
#   this script should be an Active Directory user that has permissions to remove/unbind a machine
#   from Active Directory.
#
#   If no parameters are specified for parameter 4 and 5, the hardcoded value in the script will be
#   used.
#
# DESCRIPTION
#   This script will unbind a client machine from an Active Directory domain.
#   The <username> and <password> values can be used with a hardcoded value in the script, or read 
#   in as a parameter.  Since the Casper Suite defines the first three parameters as (1) Mount 
#   Point, (2) Computer Name and (3) username, we are using the fourth parameter ($4) as the 
#   passable parameter. 
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.0
#
#   - Created by Nick Amundsen on August 7th, 2008
#
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################
### Ensure we are running this script as root ###
rootcheck () {
if [ "`/usr/bin/whoami`" != "root" ] ; then
  /bin/echo "script must be run as root"
  exit 0
fi
}

# HARDCODED VALUES ARE SET HERE
apiUser=""        ## Set the API Username here if you want it hardcoded
apiPass=""      ## Set the API Password here if you want it hardcoded


# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "username"

if [ "$4" != "" ] && [ "$apiUser" == "" ]; then
       apiUser=$4
fi

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 5 AND, IF SO, ASSIGN TO "password"
if [ "$5" != "" ] && [ "$apiPass" == "" ]; then
       apiPass=$5
fi

####################################################################################################
# 
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################




#echo "Unbinding the computer from Active Directory..."
if [[ ${osvers} -lt 7 ]]; then
  dsconfigad -f -r -u $apiUser -p $apiPass
fi

if [[ ${osvers} -ge 7 ]]; then
 dsconfigad -force -remove -u $apiUser -p $apiPass
fi


#echo "Restarting Directory Services..."
sudo killall DirectoryService

!

```

```/bin/sh

1 REPLY 1

mm2270
Legendary Contributor III

Hi there. First thing is, for readability purposes, please consider editing your post, highlighting the entire script in the post editor field and clicking the script button in the post editing toolbar (looks like >_) This will put triple backtick marks around top and bottom of the script and format it correctly here on the forum.

Second thing is, you may not know it, but you can run scripts with parameters passed to them directly from Terminal to see if there's an issue, before putting them into a policy. It involves using the jamf binary. Here's the general syntax

sudo jamf runScript -script unbindAD.sh -path /path/to/local/script/file -p1 "parameter 4 goes here" -p2 "parameter 5 goes here"

Last couple of things - this script may not have been edited since 2008, as it indicates in the script comments at top. I'm doubtful the script still works. But you're saying it runs ok if you hardcode the values in, so I don't know. Also, I see a section where it's referencing an OS variable that I don't actually see defined in the script, so I'm wondering if what you posted is the complete script?