Skip to main content
Solved

AD Migration & Application Ownership rights

  • March 1, 2016
  • 4 replies
  • 29 views
S
Forum|alt.badge.img+3

We are currently in the process of migrating our staff to AD from local accounts. I am using the script from here

The issue that is coming up is that the local user loses rights to update applications and applications break as well and need to be reinstalled. After migrating a user, I found that the applications installed by the previous user is now owned by a UID (502). I tried to chown all the 502 applications to the AD account, however, the applications are still breaking.

Has anyone experienced this issue while doing AD migrations? If so, how did you tackle this issue? We are trying not to reinstall every broken app from updates.

Best answer by rich.trouton

I went through a domain migration a couple of years ago and wrote a post on how to fix these permissions issues. It's available from here:

https://derflounder.wordpress.com/2013/11/20/fixing-permissions-after-changing-directory-services/

    4 replies

    T
    Forum|alt.badge.img+15
    • thoule
    • Contributor
    • March 1, 2016

    Are you using a -R on your chown command?

    R
    Forum|alt.badge.img+33
    • rich.trouton
    • Hall of Fame
    • Answer
    • March 1, 2016

    I went through a domain migration a couple of years ago and wrote a post on how to fix these permissions issues. It's available from here:

    https://derflounder.wordpress.com/2013/11/20/fixing-permissions-after-changing-directory-services/

    S
    Forum|alt.badge.img+3
    • sysadmins11
    • Author
    • New Contributor
    • March 1, 2016

    I actually did this as well, however, apps were still unable to update. Just out of curiosity, do your AD users have local admin rights still?

    I don't know if this is possible, but we want our users to be able to update their installed applications sitting in the /Applications folder without giving them admin rights.

    S
    Forum|alt.badge.img+3
    • sysadmins11
    • Author
    • New Contributor
    • March 3, 2016

    I just want to put a note that the following code does work. 

    find / -uid old_uid -exec chown -v username {} ; > logfile.txt

    However, it does not chown items that have symbolic links. I was able to bypass this by doing

    find / -uid old_uid -exec chown -Rv username {} ; > logfile.txt
    Terms & ConditionsCookie settingsAccessibility statement