AD Account Rename + Mobile Accounts

Back story:

The information security team in my organization is currently working towards standardizing the naming scheme of some 4000+ Active Directory accounts. This means changing the login ID of those 4000+ accounts.

The problem:

Our Macs are bound to AD, and our users are logging into the Macs with AD/Mobile accounts.

The question:

On the Windows side of things, we've seen no issues with these changes so far through our testing. The users were able to log in using the new user ID without any issues.

The Macs, on the other hand, are giving us some issues. We're able to log into the mobile account, but anything that requires obtaining a kerberos ticket seeems to fail.

Has anyone had to go through a process like this in the past, and if so, what method did you use to accomplish this process with no hands-on work required for each device?



Take a look here...

Thanks @EdLuo! This looks perfect for needing to move users 1 by 1, but with several hundred Mac users in our environment, I'm not sure that this will work for us. @rtrouton's script does look promising though. I think I may be able to modify it to fit our automated needs with a bit of work.

@kburns where you able to modify the script from @rtrouton to work on OS10.12 or higher? We are looking for the same need, but I have not had any luck with the script producing the appropriate prompts. Any info would be appreciated.

I'd like to tag on @gmillercmsd12 comment for @kburns if there's any update by a chance?