How to convert a local user account to a network user account?

ahmaduhhs
New Contributor II

Hello Everyone,

I hope you can help me. I have roughly 25 Macs that need to be bound AD, and then to convert the local user profile to a network user account.

AD is in place and all users have active AD accounts. I was able to bind a Mac to AD login as a user and then I tried this instructions here but cant seem to get it to work also tried the reverse but it wont seem to work.

http://robotcloud.screenstepslive.com/s/2459/m/5322/l/112415-convert-local-accounts-to-network-mobile-accounts

Potential could I delete the local user account, choosing to keep the home folder then rename it to the AD account name or will that mess up permissions?

Thank you in advance for your help.

13 REPLIES 13

chriscollins
Valued Contributor

@ahmaduhhs I do this all the time. Usually in the opposite direction but the long and short of it is the same.

1.) Delete either local account or cached mobile account, keep home folder.
2.) Make sure original home folder's name matches new account's short name and rename if necessary. 3.) Make sure permissions on home folder match new user account's UID using the chown command.

You can script this or do some other more fancy things but those are the basic steps.

rtrouton
Valued Contributor III

I have a script that is designed to help migrate a local user to an Active Directory account. It's available via the link below:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/migrate_local_user_to_AD_d...

ahmaduhhs
New Contributor II

@chriscollins Thank you for the reply. How do I make sure permissions on home folder match new user account's AD UID?

ahmaduhhs
New Contributor II

@rtrouton love it! Thank you man!
What is the best way to run it? Terminal > Local admin account?

rtrouton
Valued Contributor III

@ahmaduhhs, it's a .command file so it's designed to be double-clicked on to launch. It'll open a Terminal window and then the script's prompts will walk you through the process of migrating a local account to the equivalent AD account.

This script is also interactive, so you'll need to provide responses to questions and the script will then use that information to move the selected local account to the equivalent AD account. Once you've moved finished moving the accounts, select FINISHED from the script's menu and the script will exit and say Process Completed. It is safe at that point to close that Terminal window.

ahmaduhhs
New Contributor II

@rtrouton I must be missing something here :( df8b347c64224dca98689f9b3344dd2d
If I drag and drop into terminal i get this:
-bash: /Users/ad/Desktop/MigrateLocalUserToADDomainAcct.command: Permission denied

mm2270
Legendary Contributor III

@ahmaduhhs I haven't read Rich's post, but if the file is saved as a .command file, then you double click it to run it. You don't pull it into Terminal.

ahmaduhhs
New Contributor II

@mm2270 yeah i tried both ways and the s.s. i posted what comes up when i clicked on it, i also tried running through terminal for good measure.

mpermann
Valued Contributor II

@ahmaduhhs you may need to set the execute permissions on the file.

ahmaduhhs
New Contributor II

@mpermann sorry not sure how to execute permissions on the file :( sorry for being dense today.

mpermann
Valued Contributor II

@ahmaduhhs try the following:

chmod ugo+x /path/to/file.command

Then hopefully you can double-click the command file and have it run.

jwojda
Valued Contributor II

the script is a .sh, no?

for the netIDprompt, do I put in the user account I'm trying to fix or an account with domain joining permissions?

bearzooka
Contributor

Hey guys!

I am using a script pretty similar to this, but configured to run at next boot, so the current user (e.g. local) is the one that is converted from local to network user (e.g. uid0414).

Nevertheless, every once in a while, the whole thing is failing because the command (mv) that moves from the local to the network user finds that there's a folder with that name already, so it moves the whole tree below that old folder… the problem is that this is a freshly formatted machine!!! So I don´t know where this folder is coming from.

As a workaround I am copying (cp) instead of moving, but this is of course inefficient and slow.

Does any of you have a clue about how a clean install of Sierra might have a folder existing under /Users? Maybe after binding with the AD the machine gets information of previously existing users?

Thanks!