Skip to main content

Hi All,



Does anyone already have a script for a user to initiate their own local to mobile account migration via Self Service? The machine will already be bound to AD.



The scenario will be:
1. User runs Local to Mobile Account Migration script via Self Service.
2. Rename computer to serial number
3. Log out the current user
4. Delete the current user's account keeping their local home directory.
5. User then logs in with their AD credentials picking up the local home directory. (all local usernames match AD usernames.)



Thanks! ;)

I've got a script that handles step 3 in the list. If you're interested, it's available here on my GitHub repo:



https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/migrate_local_user_to_AD_domain

This is what I ended up doing if anyone is interested! Hopefully it can help someone else out. You'd have to write in any exceptions you want to account for with your environment.




  1. Self Service Policy Script w/restart immediately



#!/bin/bash



# Get current user

CURUSERNAME=`ls -l /dev/console | cut -d " " -f 4`



# Create temp file with user path to migrate

echo /Users/$CURUSERNAME > /.what_ever_you_want_to_name_this_file



echo "PLEASE DO NOT HIT THE ACCEPT BUTTON BELOW OR LOGIN!!! Your account is migrating. Your machine will restart again in a few minutes." > /Library/Security/PolicyBanner.txt



exit 0



  1. Startup Trigger Script:



#!/bin/bash



# Check to see if migration file exists

# if so a policy script will be kicked off to migrate the user's local account to mobile



if [ -f "/.what_ever_you_want_to_name_this_file" ]

then

    /usr/sbin/jamf policy MigrateLocalAccountToMobile



    # Get current user from /.what_ever_you_want_to_name_this_file

    CURUSERPATH=`/usr/bin/awk '{print}' /.what_ever_you_want_to_name_this_file`



    # Get current username

    CURUSERNAME=${CURUSERPATH##*/}



    # Determine UID

    UIDNUMBER=`id $CURUSERNAME | /usr/bin/awk -F 'uid=' '{print $2}' | /usr/bin/awk -F '(' '{print $1}'`



    # Determine if local account

    if [ $UIDNUMBER -lt 1000 ] 

    then

        # move user directory

        /bin/mv $CURUSERPATH /Users/OLD_$CURUSERNAME



        # delete local account

        /usr/bin/dscl . -delete /Users/$CURUSERNAME



        # move user directory back

        /bin/mv /Users/OLD_$CURUSERNAME $CURUSERPATH



        # show only userpass & password text fields at login

        /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true



        # sleep till move completes to adjust perms

        /bin/sleep 2



        # fix ownership

        /usr/sbin/chown -Rf $CURUSERNAME $CURUSERPATH



        # fix perms

        /bin/chmod -Rf 600 $CURUSERPATH

        /bin/chmod -Rf u+rwX $CURUSERPATH

        /bin/chmod og+rX $CURUSERPATH

        /bin/chmod -Rf og+rX $CURUSERPATH/Public

        /bin/chmod og=wX $CURUSERPATH/Public/Drop Box

        /bin/chmod +a "user:$CURUSERNAME allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit" $CURUSERPATH/Public/Drop Box



       # Delete keychain files

       # Get Mac UUID

       system_profiler SPHardwareDataType | grep 'Hardware UUID' | awk '{print $3}'



       # delete UUID Keychain folder

       rm -rf $CURUSERPATH/Library/Keychains/" & macUUID & "/*



       # delete keychain.login

       security delete-keychain $CURUSERPATH/Library/Keychains/login.keychain



        # remove files

        /bin/rm /.what_ever_you_want_to_name_this_file

        /bin/rm /Library/Security/PolicyBanner.txt



        # sleep to make sure files fully delete

        /bin/sleep 2



        # restart

        /sbin/shutdown -r now



    else

        exit 0

    fi

else

    exit 0

fi


Note: These migration scripts does not account for local vs AD username differences, ours already match.

Terms & ConditionsCookie settings