Setting up new domain

Question

So we are setting up a new domain and migrating from 2 previous domains and I'm trying my best to script this correctly so the migration is smooth. I set this up as a policy on logout. So first I do a force unbind:

dsconfigad -force -remove

Then I have it rebind with the casper directory binding we created for the new domain.

Then I have it fix the user permissions for the new domain:

chown -R $3:&#034;domain users&#034; /Users/$3

Then I set the 14day timeout in OS X to 0:

dsconfigad -passInterval 0

My problem is that when all is said and done, everything appears to have correctly run, however at the login screen, when you login as that user again, it just pinwheels and never logs in.  When you do a hard reboot though, it works fine.  So I added a reboot to the script at the end, but it still just hangs.

Any ideas?

Gabe Shackney
Princeton Public Schools

mm2270 · Accepted Answer

OK, so one thing to look at when talking about AD mobile accounts, is the OriginalAuthenticationAuthority value in the local account.

dscl . read /Users/username OriginalAuthenticationAuthority

That may have information from the old domain. I assume the new domain has a new name. Personally if I were doing this, I'd probably remove the local cached account (leaving the old home dir) and recreate it using createmobileaccount. And then pair up the new correct account with the user's previous home folder. More scripting, but it should be more reliable since it will be making the account in local dir services from the new domain.

mm2270 · Answer

A few questions for you. Are we talking about cached AD mobile accounts here? Also, were user accounts migrated to the new domain exactly as they were in the old domain, like same UID and everything?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded