Hi Everyone,
With the OS X AD plugin, if you enable the mobile accounts it will cache the AD account locally in Apple's directory services, and map AD mappings as well. All local accounts have a UID range of 500 to 999. This has been the case since like OS X 10.2 (maybe since 10.0, but I cannot remember that far back). So if I take a look at my users on my laptop:
bash-3.2$ dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'
aesopr
bcrocker_ad
test1
test2
test3
tlarkin
bash-3.2$
So I have 4 local accounts and 2 AD accounts on this laptop. Now if I run that same dscl query but only for UIDs greater than 1000, it should return my 2 AD user accounts:
bash-3.2$ dscl . list /Users UniqueID | awk '$2 > 1000 { print $1 }'
aesopr
bcrocker_ad
bash-3.2$
This is because in my AD binding I have the box checked for the AD plugin to create a mobile account, so it will cache a record to the local BSD database for each user. If you don't have that box checked it will never cache the credentials, and never make a local mapping/record of that user. Which means it won't show up in System Preferences unless they are logged in, since that would all get mapped at login, and never cached.
I hope that makes sense.
Thanks,
Tom
