Using Directory Services information to generate a Telephone List
Using Directory Services information to generate a Telephone List
My organization creates a list of four digit extension numbers of all the employees in the organization, every year or so. The purpose of course is to provide a quick reference list, next to every telephone in the building. Until recently, the list has been maintained manually, and over time it has become an unruly mess of fonts, tabs and various styles. I have found it to be quite useless for some time.
Last year I decided to tackle this issue, and automate the list generation. My first attempt, was significantly better than the original manually generated list, but was less than ideal. It boiled down to running csvde with a long list of arguments on one of my domain controllers in order to generate a .csv file that contained more information than I needed. Then I moved that file to my mac, and through the use of some shell scripting I was able to trim the un-needed information out of the file and create a new, filtered, .csv file Following that, I was able to take the filtered .csv and run it through a mail merge document that I created in Word.
It worked, it generated the document exactly the way I wanted it. However, there were a few things I didn't like. My biggest gripe was that I had to use both the Win 2K3 Domain Controller (to generate the first file) and then had to use my Mac to process that file and ultimately generate the word document.
Over Christmas break this year, I set out to resolve that issue, and do some learning on a couple of topics that have interested me for a while now.
Apple has provided a command line utility called dscl (Directory Services Command Line) for at least the last two major releases of OS X. I have only just learned what it can do for me. I found it to be quite useful in pairing down the number of steps required to generate the telephone list.
Here is a copy of the script, fairly well commented, for ease of understanding.
#!/bin/bash
# Phone List Generator v. 2 by bill_wellington at aw.org
# This script will pull live data from Active Directory and output a .csv
# file (named as an argument) including first name, last name, department,
# phone ext. and mobile phone ext. It goes through a strips out all
# constituents who are students, members of the "Class of...", or who do
# not have a 4 digit extension listed in either their phone number or
# their mobile number. The list can then be used to generate a phone list
# using MS Word's mail merge functions.
# create file
touch /tmp/$1.csv
echo > /tmp/$1.csv
# pull a plist for every user in AD
for i in `dscl /Active\ Directory/All\ Domains/ -list /Users` ; do
dscl -plist /Active\ Directory/All\ Domains/ -read /Users/${i} FirstName LastName Department PhoneNumber MobileNumber | \
# remove lines matching following regex - these extra xml delimiters that we will not use
grep -v '^<?xml.*$' | \
grep -v '^<!DOC.*$' | \
grep -v '^<plist.*$' | \
grep -v '^</plist>' | \
grep -v '<key>.*$' | \
# remove xml tags around the data we want to keep, insert commas between fields
sed -e '/<dict>/d' -e 's@</dict>@@' \
-e '/<array>/d' -e 's@</array>@@' \
-e 's/<string>//' -e 's@</string>@,@' | \
# remove tab characters (0x09) from original xml output
sed -e 's/ //g' | \
# clean up ampersands
sed -e 's/&/\&/g' | \
# remove line breaks
sed -n -e ":a" -e "$ s/\n//gp;N;b a" | \
# remove students and all other without 4 digit extension
grep -v "Student" | \
grep -v "Class of " | \
grep '^.*[0-9][0-9][0-9][0-9].*$' | \
# ok, now we have the data we want, let's put the fields in the right order
sed -e 's/\([0-9][0-9][0-9][0-9],\)\([0-9][0-9][0-9][0-9],\)/\2\1/' | \
sed -e "s|\([a-zA-Z \&'/-]*,\)\([a-zA-Z ]*,\)\([a-zA-Z '-]*,\)\(.*\)|\3\2\1\4|" | \
# remove trailing commas from lines with a cell number
sed -e 's|\(.*,.*,.*,.*,.*\),|\1|' >> /tmp/$1.csv
done
# prepare final .csv
echo "Last Name, First Name, Department, Ext., Cell" > $1.csv
sort -f /tmp/$1.csv | \
#remove blank lines
sed -e '/^$/d' >> $1.csv
# add in static numbers
echo "Activity Bus 1,,,,5448" >> $1.csv
echo "Activity Bus 2,,,,5449" >> $1.csv
echo "Auction Office,,,5454," >> $1.csv
echo "AWSPA Office,,,5454," >> $1.csv
echo "Bishop's Suite,,,5409," >> $1.csv
echo "College Counseling,,,4339," >> $1.csv
echo "Courtesy Phone,,,8604," >> $1.csv
echo "Dorm Parent Office,,,5423," >> $1.csv
echo "Dorm Parent Cell 1,,,,5446" >> $1.csv
echo "Dorm Parent Cell 2,,,,5447" >> $1.csv
echo "Extended Day,,,8627,5445" >> $1.csv
echo "Front Office,,,8642," >> $1.csv
echo "HelpDesk - Tech,,,8999," >> $1.csv
echo "Housekeeping (Daytime),,,,5438" >> $1.csv
echo "Kitchen,,,4153," >> $1.csv
echo "Meeting Rooms,,,," >> $1.csv
echo "Conference Room,,,8893," >> $1.csv
echo "Cottage 1st Floor,,,8894," >> $1.csv
echo "Cottage 2nd Floor,,,8895," >> $1.csv
echo "Huston Room,,,8891," >> $1.csv
echo "Sutton Room,,,8892," >> $1.csv
echo "Security,,,5426,5444" >> $1.csv
# Future Plans This scrpt perhaps through some fancy "osascript" commands
# should be able to launch MS Word, and perform the mail merge. I need to
# check and see if Word's Mail Merge functions are scriptable using
# AppleScript.
Deploying Mac OS X 10.5.x With BootCamp - Part 1
Recently we deployed 110 MacBooks to faculty and students in our school. We did not escape the process unscathed, and instead came away with a few process items that I want to pass along to others. We looked at using Deploy Studio to automate our imaging process. We also looked a Clonezilla which has worked really well on our Windows deployments in the past. Clonezilla will take an exact copy of your drive, and replicate it of other drives of similar size, as you might expect. We chose Deploy Studio for the additional post imaging scripting that was available. You can build up a workflow that will automatically bind the OS X partition to AD, and to OD, reset the LKDC, and deal with the byHost preferences, along with numerous other thngs.
Setting up Deploy Studio was fairly straight forward. We have an OS X server that was able to perform the role of our NetBoot server. From there, Deploy Studios setup assistant pretty much configured everything cleanly for us.
We built up our perfect image, with OS X 10.5.8 and BootCamp providing us with a Windows XP SP3 partition. Capturing that data with Deploy Studio was simple, and we were off to the races. Or so we thought. Off our 110 machines, all of them had “dirty” NTFS partitions pushed down to them by Deploy Studio. About one-third of those machines ran ChkDsk in less that a minute and then booted up into Windwos Setup with no issues. The other two-thirds of our machines had issues with security descriptors. After more than an hour of ChkDsk repairing these descriptors, the machines would beet into setup and complain that ther were missing or corrupt files. I spent an additional hour with 2 machines and some XP SP 3 CDs trying to locate missing files. I never got the Windows partition into a fully bootable state. Clearly something was very wrong, but what was it, and why was it affecting us so inconsistently?
We found that if we reimaged the failed machines, we would have roughly the same failure rate, but we would have more machines done. We also at this time employed Clonezilla to bang out a number of machines, that would need subsequent handling from us to perform all that we were asking Deploy Studio to script for us.
Ultimately we got the image deployed to all 110 machines, but ended up with a great number of problems with our workflow (particularly on the manually configured Clonezilla machines) We also had a disaster of a time getting the students logged in to the machines, which ultimately led us to a second imaging which I will talk about in Part 2 of this article.
Macintosh OS X - Active Directory Integration
Having an interesting issue with and OS X/AD integration. I have a Windows 2003 domain with many servers. I also have an OS X server running Open Directory. The OS X server is bound to AD, and all of the Macintosh clients are bound to both AD and to OD. This forms Apple’s “Golden Triangle” and allows users to login to a Mac using their AD credentials, while allowing you to specify “preferences” for the machine via the OD server. These preferences can be though of as Group Policies for Macs, however they are nowhere near as detailed as the catalog of settings you can enforce using Group Policy on the WIndows side.
Anyway.. I have a small issue with this system, and I am not yet certain where it comes form. My users all have a home directory mapped to the drive letter P:. This is specified in their AD accounts in the form of \\fileserver\users\students\user_name.
Recently, during a MacBook deploy to a small group of students I discovered that none of them could log in… or more specifically, they were able to log in, but received a message as the Mac tried to mount the sharepoint. I don’t have a copy of the message here, (its on my desk at work) but essentially it said that the sharepoint was not available. The students clicked OK to this and the machine proceeded to log them out.
A head scratcher indeed.
The machines are also running BootCamp with WIndows XP, and the students were able to log in and access their mapped drive under XP… so what gives. Also… I was able to login to a student computer as myself and get my network home folder mapped to my dock.
With a little bit of thinking, and some experimentation by one of my coworkers, we discovered that if we used the server’s correct hostname, rather than the generic “fileserver” CNAME that had been assigned to the machine, the student’s could log in.
None of this explains why for the past week we have had faculty (who have little more in the way of privileges than the students) able to log into their newly deployed Macs, pulling their network home form the same server, using the same CNAME, with absolutely no problem.
I can see that I will need to do a good bit of testing to see just what permission level the faculty has, that grants them access to the fileserver by it’s CNAME record rather than by it’s A record. It would make sense to me if this failed for users, but that it only effects a subset of them makes me wonder what kind of magic is working behind the scenes.
I will update this as I come up with more info.
Subway
It has been years since I last rode the subway. Seattle doesn't exactly have one, and neither does Tacoma. Last time I did this, people either read a book or listened to their walkman. I look around today and see that nearly everybody is listening to an iPod, phone, and tapping away on a phone of some sort. I guess that puts me in sync with everybody else around me.
Media has taken over our lives. It occupies our work lives, our personal lives, and even the spare cycles in between.
Tethering BlackBerry Storm to Mac OS 10.5 over Bluetooth
Finally I can tether my BlackBerry to my Mac and get a connection. Here is the how to.
1 Pair the BlackBerry to your Mac via Bluetooth
2. Set up the modem for dial up using the following settings:
Dial Number #777
Account Name : .(JavaScript must be enabled to view this email address) (Example: .(JavaScript must be enabled to view this email address))
password vzw
In advanced setup, under bluetooth Tab choose the following
Vendor : other
Model: Verizon support (PC5220) I have also read that the 5320 profile works.
Enable Error Correction
Wait For Dial Tone
I have heard reported that if you want to do this via a USB cable, you must go to http://www.vzam.net/ and download the Verizon Access Manager for pairing the Mac with the Motorola Q. Haven’t tried it yet, but I think I will give it a whirl in the upcoming days.
