High Sierra 10.13.3 and Delete AD users home folders

Aprilddc
New Contributor

We having been using a script deployed in JAMF to delete home folders upon log out. Our users are Active Directory users, many users one machine. It has been working great. Here is the script.

!/bin/bash

USER=$(stat -f '%Su' /dev/console)
dscl . -read /Groups/admin GroupMembership | grep -q "$USER"

if [ "$?" -eq "0" ]; then
echo "LOGOUT: admin folders will not be deleted."
exit 1
fi

if [ "$USER" == "testing" ]; then
echo "LOGOUT: testing account/folder will not be deleted."
exit 1
fi

if [ -d "/Users/$USER" ]; then
echo "LOGOUT: user account cleanup."
rm -R /Users/"$USER"
dscl . -list /Users | grep -q "$USER"

if [ "$?" -eq "0" ]; then
dscl . -delete /Users/"$USER"
fi
fi
exit 0

Now that we have a few machines Updated to High Sierra it has stopped working on those machines. We found it worked on 10.13.2 but once we updated to 10.13.3 it stopped. When looking in JAMF in the details of the Policy running the script it says on the failed machines: 1. Executing Policy remove home folder
2. running Script remove_home_folder
3. Script exit code 0
4. Script result: LOGOUT: user account cleanup rm/Users/student name(can’t type it)/Library/Applications Support: Directory not empty rm:/Users/student name/Library: Directory not empty rm:/Users/student name/Directory not empty
Thus making it so that the home folder remains. We believe that because of the discovered hack with logout stated in this article
https://siguza.github.io/IOHIDeous/
Apple has tried to fix the hack. By doing this our script has been broken. We are not sure how to solve this problem.

3 REPLIES 3

grecopj
Contributor

I too have a script that removes users on logout and it has been working well for us. However, we are still on 10.12 and I have not tested it with 10.13.x. I have certain users listed not to delete within in the script. Here it is. Maybe give it a shot and see if this works.

for dir in /Users/* do if [ ! "$dir" = "/Users/admin" ] && [ ! "$dir" = "/Users/viscom" ] && [ ! "$dir" = "/Users/root" ] && [ ! "$dir" = "/Users/main" ] && [ ! "$dir" = "/Users/Shared" ] ; then echo ${dir} rm -R $dir dscl . -delete $dir fi done

exit 0

DBrowning
Valued Contributor II

try changing rm -R /Users/"$USER" to rm -Rf /Users/"$USER" It will force remove the directory.

Aprilddc
New Contributor

By changing the script to as suggested by ddcdennisb we got the same error. However with a run of 2-3 times it finally did work. So our new script reads like this

!/bin/bash

USER=$(stat -f '%Su' /dev/console)
dscl . -read /Groups/admin GroupMembership | grep -q "$USER"

if [ "$?" -eq "0" ]; then
echo "LOGOUT: admin folders will not be deleted."
exit 1
fi

if [ "$USER" == "testing" ]; then
echo "LOGOUT: testing account/folder will not be deleted."
exit 1
fi

if [ -d "/Users/$USER" ]; then
echo "LOGOUT: user account cleanup."
COUNTER=0
while [ $COUNTER -lt 10 ]; do if [ -d "/Users/$USER" ]; then rm -Rf /Users/"$USER" fi let COUNTER=COUNTER+1
done
dscl . -list /Users | grep -q "$USER"

if [ "$?" -eq "0" ]; then
dscl . -delete /Users/"$USER"
fi
fi
exit 0

This does indeed delete the home folders. Thank you to all who helped!