stevewood-tx/gist:fa638783ff6f751ebbddfc54c5708e81

## gistfile1.txt
#!/bin/bash

# originally written by @franton

osvers_major=$(/usr/bin/sw_vers -productVersion | awk -F. '{print $1}')
osvers_minor=$(/usr/bin/sw_vers -productVersion | awk -F. '{print $2}')
osvers_dot_version=$(/usr/bin/sw_vers -productVersion | awk -F. '{print $3}')

if [[ "$osvers_major" -eq 10 && "$osvers_minor" -lt 13 ]]; then
	echo "<result>Older macOS version</result>"
	exit
fi

users=($( dscl . -list /Users | grep -Ev '(_|daemon|nobody|root)' ))

for (( loop=0; loop<${#users[@]}; loop++ ));
do
	result=( "${result[@]}" $( sysadminctl -secureTokenStatus ${users[$loop]} 2>&1 | awk -v user="${users[$loop]}" '{if ($7=="ENABLED") print user}' ) )
done

[ ${#result[@]} = "0" ] && echo "<result>No users have a Secure Token</result>" || echo "<result>${result[@]}</result>"
	#!/bin/bash

	# originally written by @franton

	osvers_major=$(/usr/bin/sw_vers -productVersion \| awk -F. '{print $1}')
	osvers_minor=$(/usr/bin/sw_vers -productVersion \| awk -F. '{print $2}')
	osvers_dot_version=$(/usr/bin/sw_vers -productVersion \| awk -F. '{print $3}')

	if [[ "$osvers_major" -eq 10 && "$osvers_minor" -lt 13 ]]; then
	echo "<result>Older macOS version</result>"
	exit
	fi

	users=($( dscl . -list /Users \| grep -Ev '(_\|daemon\|nobody\|root)' ))

	for (( loop=0; loop<${#users[@]}; loop++ ));
	do
	result=( "${result[@]}" $( sysadminctl -secureTokenStatus ${users[$loop]} 2>&1 \| awk -v user="${users[$loop]}" '{if ($7=="ENABLED") print user}' ) )
	done

	[ ${#result[@]} = "0" ] && echo "<result>No users have a Secure Token</result>" \|\| echo "<result>${result[@]}</result>"