Jamf Nation Community

sysadmins · ‎03-01-2016

We are currently in the process of migrating our staff to AD from local accounts. I am using the script from here

The issue that is coming up is that the local user loses rights to update applications and applications break as well and need to be reinstalled. After migrating a user, I found that the applications installed by the previous user is now owned by a UID (502). I tried to chown all the 502 applications to the AD account, however, the applications are still breaking.

Has anyone experienced this issue while doing AD migrations? If so, how did you tackle this issue? We are trying not to reinstall every broken app from updates.

rtrouton · ‎03-01-2016

I went through a domain migration a couple of years ago and wrote a post on how to fix these permissions issues. It's available from here:

https://derflounder.wordpress.com/2013/11/20/fixing-permissions-after-changing-directory-services/

View solution in original post

thoule · ‎03-01-2016

Are you using a -R on your chown command?

rtrouton · ‎03-01-2016

I went through a domain migration a couple of years ago and wrote a post on how to fix these permissions issues. It's available from here:

https://derflounder.wordpress.com/2013/11/20/fixing-permissions-after-changing-directory-services/

sysadmins · ‎03-01-2016

I actually did this as well, however, apps were still unable to update. Just out of curiosity, do your AD users have local admin rights still?

I don't know if this is possible, but we want our users to be able to update their installed applications sitting in the /Applications folder without giving them admin rights.

sysadmins · ‎03-03-2016

I just want to put a note that the following code does work.

find / -uid old_uid -exec chown -v username {} ; > logfile.txt

However, it does not chown items that have symbolic links. I was able to bypass this by doing

find / -uid old_uid -exec chown -Rv username {} ; > logfile.txt

Jamf Nation Community

AD Migration & Application Ownership rights