Jamf Nation Community

Adam,

I've got a script that does this. It's posted here on my GitHub repo:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/migrate_local_user_to_AD_d...

Thanks guys, I'll give these a shot.

AT

hey guys, i'm fairly new with shell scripting and wanted to have one of you look at the following script and let me know if anything else should be added, i tested a few times and does the trick but not sure what else should i keep in consideration.

#!/bin/bash

clear

listUsers="$(/usr/bin/dscl . list /Users | grep -v eccsadmin | grep -v _ | grep -v root | grep -v uucp | grep -v amavisd | grep -v nobody | grep -v messagebus | grep -v daemon | grep -v www | grep -v Guest | grep -v xgrid | grep -v windowserver | grep -v unknown | grep -v unknown | grep -v tokend | grep -v sshd | grep -v securityagent | grep -v mailman | grep -v mysql | grep -v postfix | grep -v qtss | grep -v jabber | grep -v cyrusimap | grep -v clamav | grep -v appserver | grep -v appowner) FINISHED"
check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`

#Check for machine to be Domain Joined
if [ "${check4AD}" != "Active Directory" ]; then
    echo "This machine is not bound to Active Directory. Please run the self-service app under Preferences."; exit 1
fi

RunAsRoot()
{
    ## Pass in the full path to the executable as $1
    if [[ "${USER}" != "root" ]]; then
        #statements
        echo
        echo "*** This application must be run as root. Please authenticate below. ***"
        echo
        sudo "${1}" && exit 0
    fi
}

RunAsRoot "${0}"

until [[ "$user" == "FINISHED" ]]; do
    #statements
    printf "%b" "a

Select a user to convert or select FINISHED:
" >&2
    select user in $listUsers; do

        if [[ "$user" = "FINISHED" ]]; then
            #statements
            echo "Finished converting users to AD"
            break
        elif [[ -n "$user" ]]; then
            #statements
            if [[ `who | grep console | awk '{print $1}'` == "$user" ]]; then
                #statements
                echo "This user is logged in. 
Please log this user out and log in as another admin"
                exit 1
            fi

            # Delete user from dscl Directory
            echo "*** 
Removing local records"
            sudo /usr/bin/dscl . -delete "/Users/$user"

            sleep 10

            echo "*** 
Changing permissions on Local folder to new Directory account"
            sudo chown -R $user:"WHQ_NT_DOMAINdomain users" /Users/$user
            sudo chmod -R 755 /Users/$user


        fi
    done
done

hey guys, i'm fairly new with shell scripting and wanted to have one of you look at the following script and let me know if anything else should be added, i tested a few times and does the trick but not sure what else should i keep in consideration.

#!/bin/bash

clear

listUsers="$(/usr/bin/dscl . list /Users | grep -v eccsadmin | grep -v _ | grep -v root | grep -v uucp | grep -v amavisd | grep -v nobody | grep -v messagebus | grep -v daemon | grep -v www | grep -v Guest | grep -v xgrid | grep -v windowserver | grep -v unknown | grep -v unknown | grep -v tokend | grep -v sshd | grep -v securityagent | grep -v mailman | grep -v mysql | grep -v postfix | grep -v qtss | grep -v jabber | grep -v cyrusimap | grep -v clamav | grep -v appserver | grep -v appowner) FINISHED"
check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`

#Check for machine to be Domain Joined
if [ "${check4AD}" != "Active Directory" ]; then
    echo "This machine is not bound to Active Directory. Please run the self-service app under Preferences."; exit 1
fi

RunAsRoot()
{
    ## Pass in the full path to the executable as $1
    if [[ "${USER}" != "root" ]]; then
        #statements
        echo
        echo "*** This application must be run as root. Please authenticate below. ***"
        echo
        sudo "${1}" && exit 0
    fi
}

RunAsRoot "${0}"

until [[ "$user" == "FINISHED" ]]; do
    #statements
    printf "%b" "a

Select a user to convert or select FINISHED:
" >&2
    select user in $listUsers; do

        if [[ "$user" = "FINISHED" ]]; then
            #statements
            echo "Finished converting users to AD"
            break
        elif [[ -n "$user" ]]; then
            #statements
            if [[ `who | grep console | awk '{print $1}'` == "$user" ]]; then
                #statements
                echo "This user is logged in. 
Please log this user out and log in as another admin"
                exit 1
            fi

            # Delete user from dscl Directory
            echo "*** 
Removing local records"
            sudo /usr/bin/dscl . -delete "/Users/$user"

            sleep 10

            echo "*** 
Changing permissions on Local folder to new Directory account"
            sudo chown -R $user:"WHQ_NT_DOMAINdomain users" /Users/$user
            sudo chmod -R 755 /Users/$user


        fi
    done
done

hey guys, i'm fairly new with shell scripting and wanted to have one of you look at the following script and let me know if anything else should be added, i tested a few times and does the trick but not sure what else should i keep in consideration.

#!/bin/bash

clear

listUsers="$(/usr/bin/dscl . list /Users | grep -v eccsadmin | grep -v _ | grep -v root | grep -v uucp | grep -v amavisd | grep -v nobody | grep -v messagebus | grep -v daemon | grep -v www | grep -v Guest | grep -v xgrid | grep -v windowserver | grep -v unknown | grep -v unknown | grep -v tokend | grep -v sshd | grep -v securityagent | grep -v mailman | grep -v mysql | grep -v postfix | grep -v qtss | grep -v jabber | grep -v cyrusimap | grep -v clamav | grep -v appserver | grep -v appowner) FINISHED"
check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`

#Check for machine to be Domain Joined
if [ "${check4AD}" != "Active Directory" ]; then
    echo "This machine is not bound to Active Directory. Please run the self-service app under Preferences."; exit 1
fi

RunAsRoot()
{
    ## Pass in the full path to the executable as $1
    if [[ "${USER}" != "root" ]]; then
        #statements
        echo
        echo "*** This application must be run as root. Please authenticate below. ***"
        echo
        sudo "${1}" && exit 0
    fi
}

RunAsRoot "${0}"

until [[ "$user" == "FINISHED" ]]; do
    #statements
    printf "%b" "a

Select a user to convert or select FINISHED:
" >&2
    select user in $listUsers; do

        if [[ "$user" = "FINISHED" ]]; then
            #statements
            echo "Finished converting users to AD"
            break
        elif [[ -n "$user" ]]; then
            #statements
            if [[ `who | grep console | awk '{print $1}'` == "$user" ]]; then
                #statements
                echo "This user is logged in. 
Please log this user out and log in as another admin"
                exit 1
            fi

            # Delete user from dscl Directory
            echo "*** 
Removing local records"
            sudo /usr/bin/dscl . -delete "/Users/$user"

            sleep 10

            echo "*** 
Changing permissions on Local folder to new Directory account"
            sudo chown -R $user:"WHQ_NT_DOMAINdomain users" /Users/$user
            sudo chmod -R 755 /Users/$user


        fi
    done
done

Hey jpcorzo, I have a comment, if you want to hear it. Your listUsers command is about a million miles long :) That's because you're pulling ALL user accounts including system level ones and then excluding all the system level ones afterwards in your grep -v commands. There's a better way to do this.
Do this instead to pull all accounts with a UID of 501 and up to... infinity I guess-

listUsers=$(/usr/bin/dscl . list /Users UniqueID | /usr/bin/awk '$2 > 500 {print $1}')

in case you're curious about what that's doing, it lists all users along with the UID (UniqueID) in a column 2, then the awk section compares column 2 and tells it to show any with a UID of 500 and higher and then prints column 1, which is the username. That leaves you with only regular non system accounts in most cases.

I'll confess I've not read through the rest of your script, but line in the beginning caught my eye so i wanted to let you know about a better way to do that. Besides being very long and opening up dozens of sub commands with the pipes, you also run the risk of missing something to exclude since it can be hard to know exactly all of the system level account that show up in a dscl . list /Users command.