Posted on 05-08-2020 11:32 AM
Sharing a sample extension attribute for Jamf Pro you might find useful with migrating users to Jamf Connect or NoMAD.
First EA will find all users on a machine that have passwords but have not been migrated to Jamf Connect Login. This may be useful for scoping a policy to DenyLocal login or it may be useful to find "rogue" accounts on your Mac fleet which may not be under control of the ID Provider.
Second EA will find all users on a machine that are mobile accounts. This may be useful to scope a smart group when using the Demobilize mechanism of Jamf Connect or NoMAD to convert users to local accounts.
With the issue of people taking machines to shelter in place, they may not have a connection to the domain controller, and their password may expire without warning. Use this to find machines that may have a network account and convert them before unbinding the Mac from the domain controller, for example.