@adavenport321 , as with the script above, this hasn't been used in a while and doesn't take into account for Secure Tokens, but here ya go: Different Name Domain Migration
Hi All,
New to the whole Jamf environment and I've been tasked to migrate 200+ macs from an old domain to a new one. 90% of the users have the same username and password on both domains. I'm looking to migrate the macs to new domain and allow users to keep their existing mac profiles. Tried using @ddcdennisb script but I'm thrown at the below:
LoggedInUser=python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'
When running the script I get an error stating:
"FAIL You must be logged in as pmcadmin or admin account. Please Logout out of and logging as pmcadmin or admin and run this process again."
If I remove that line from the script I get the same error message.
Any advise/solutions much appreciated
Thanks,
Kishan
@kishan.hirani I finally got back into my account on here. I just wanted to update the forum here with my answer.
You will want to look for the lines near the end of the script that are an If statement. It should look something like this:
if [[ ${LoggedInUser} =~ “admin” ]] || | ${LoggedInUser} == “pmcadmin” ]]; then
echo “Not regular user logged in, lets run migraiton”
Run_Migration
else
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon /System/Library/CoreServices/Installer.app/Contents/Resources/Installer.icns -heading “FAIL” -description “You must be logged in as pmcadmin or admin account. Please Logout of $LoggedInUser and login as pmcadmin or admin and run this process again.” -button1 “OK”
fi
You would want to either remove the check for the username or change to the admin accounts you want to be able to run the script.
@DBrowning I cant see the two scripts in Git anymore can you send these over?
Hi @ddcdennisb Thanks again for all your help on this. I'm still having some issues, I was wondering what's your take on this.
- It properly unjoins from the old domain.
2.It properly joins to the new domain.
- Right after it shows the following error" Migration Incomplete" -description "The Migration has not completed. There was an issue with your migration, please reach out to Support for help." -button1 "OK"
I apologize if this take much of your time, but your help would be greatly appreciate it.
Here's the script with the modified variables:
!/bin/sh
LoggedInUser=python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'
oldDomain="olddomain.corp.com"
newDomain="newdomain.corp.com"
newDomainTrigger="ADBind"
runMigration ()
{
echo "Unjoining Old Domain"
dsconfigad -remove -force -u user -p pass
sleep 3
prompt for User's username for changing permissions later in the script
un=`/usr/bin/osascript <<EOT
tell application "System Events"
activate
with timeout of 600 seconds
set un to text returned of (display dialog "Please type in Active Directory Username" default answer "" with icon 2)
end timeout
end tell
EOT`
Chcek to see if disjoin worked. If not, a forced disjoin will be done and then joined to new Domain. If the disjoin worked at first it will just join to the new domain.
domain1=$(dsconfigad -show | grep 'Active Directory Domain')
if [[ ${domain1} =~ '$oldDomain' ]]; then
echo "Still on $oldDomain"
dsconfigad -force -remove -u user -p pass
sleep 10
/usr/local/jamf/bin/jamf policy -trigger $newDomainTrigger
else
echo "Looks like unjoin worked. Lets join the $newDomain Domain"
/usr/local/jamf/bin/jamf policy -trigger $newDomainTrigger
sleep 5
fi
sleep 3
Make sure we are on the new domain
echo "first check after bind"
domain2=$(dsconfigad -show | grep 'Active Directory Domain')
Line for recording in Policy Log
echo "results of first check $domain2"
sleep 3
If on the new Domain, reset permissions on home directory to new UUID for first Login
if [[ ${domain2} =~ '$newDomain' ]]; then
echo "Sweet you are on $newDomain You are all set"
echo "Lets clean up your old AD account"
#removing profile but not home dir
dscl . -delete /Users/$un
echo "Lets fix permissions on $un home directory"
#change ownership of home dir to new UUID
chown -R $un /Users/$un
sleep 2
prompt1=`/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon /System/Library/CoreServices/Installer.app/Contents/Resources/Installer.icns -heading "Migration Complete" -description "The Migration has completed successfully.
click OK and reboot your computer." -button1 "OK"`
echo "Results of $prompt1";
if [ "$prompt1" == "0" ]; then
exit 0
fi
else
prompt3=/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon /System/Library/CoreServices/Installer.app/Contents/Resources/Installer.icns -heading "Migration Incomplete" -description "The Migration has not completed. There was an issue with your migration, please reach out to Support for help." -button1 "OK"
echo "Results of $prompt3";
if [ "$prompt3" == "0" ]; then
exit 1
fi
fi
}
if [[ ${LoggedInUser} =~ "admin" ]] || [[ ${LoggedInUser} == "pmcadmin" ]]; then
echo "No normal user is logged in! lets run the migration!"
runMigration
else
echo "$LoggedInUser is logged in and this process will exit"
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon /System/Library/CoreServices/Installer.app/Contents/Resources/Installer.icns -heading "FAIL" -description "You must be logged in as pmcadmin or admin account. Please Logout of $LoggedInUser and login as pmcadmin or admin and run this process again." -button1 "OK"
exit 1
fi
Hi, Do you remember the fix . I am in a similar situation where it errors out with "Migration Incomplete" after properly joining to the new domain.
@DBrowning
Hi, Do you remember the fix . I am in a similar situation where it errors out with "Migration Incomplete" after properly joining to the new domain.
@DBrowning
@itznithinshetty It has been a long time since I did anything with this and don't remember If i was able to help resolve the issue.
Hi, Do you remember the fix . I am in a similar situation where it errors out with "Migration Incomplete" after properly joining to the new domain.
@DBrowning
New macOS devices don't have python installed so that may be part of the issue. I would try replacing the variable LoggedInUser= in the script.
replace
LoggedInUser=python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");'
with
LoggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
New macOS devices don't have python installed so that may be part of the issue. I would try replacing the variable LoggedInUser= in the script.
replace
LoggedInUser=python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");'
with
LoggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
Thanks! I have already updated the variable. although the domain bind works fine, it immediately errors after the bind
-first check after bind
results of first check Active Directory Domain = my new domain
Results of 0
Error running script: return code was 1.
