Help

Automate migrating local accounts to AD Network accounts

ryanstaylornet
New Contributor

Posted on ‎12-16-2009 10:42 AM

I asked JAMF Support if there is a solution to my problem in-house. They
didn't a solution available and suggested I post my problem here.

I'd like to know if it's possible to migrate a local user account to a
network account through Casper after a machine has been bound to AD.

I want to bind a large number of Macs to my client's domain. I have
everything setup in Casper 6 to bind the machines using a policy for our
three domains. The majority of our users have local accounts that match the
ID and password of their AD account. So after the machine is bound, my tech
has to go to the machine or through Apple remote desktop, login in to our
admin account and run three UNIX
commands to convert the local account to a network account. Then the client
logs in with the AD credentials and everything is fine. The account then
appears as Mobile Managed as it should be.

What I would like to know is if the conversion process can be scripted and
run as a policy after the machine has been bound. I've been using the UNIX
commands from the MacEnterprise.org site:
http://www.macenterprise.org/articles/migratingalocalusertoanetworkuser

We're trying to avoid having to manually hit every machine after we bind
them just to move the account over.

This is only for our systems running OSX 10.5.8.

Thank you for your help!

-- Ryan S. Taylor
ACS Mac Enterprise Services
818-588-6414
ryan.taylor at acs-inc.com

0 Kudos
2 REPLIES 2

tlarkin
Honored Contributor

Posted on ‎12-16-2009 12:52 AM

Ryan,

I have some scripts that go through all user accounts and do certain
actions. One of these could probably be modified to do what you ask. However, I do not have AD, so I cannot test it out at all.

Like here is one to go through every user in /Users and reapply
ownership and permissions to the home directory.

#!/bin/bash

for a in `/bin/ls /Users | grep -v "^Shared$"` ; do

/usr/sbin/chown -R $a:staff /Users/$a

#now set the proper permissions

sleep 5

/bin/chmod -R 700 /Users/$a

echo "$a is now fixed with proper permissions and ownership"

done

exit 0

You could do something like this and use your dscl commands and other
commands to accomplish what you want. All you need to do is loop
through /Users and run commands as the short names are the home folder
name. If you needed to check UID that is also possible. I just don't
have AD to test it with.

jarednichols
Honored Contributor

Posted on ‎12-16-2009 11:33 AM

I made an automator action that does this. Customize for your use.

j