I'm working on a project to convert our AD accounts to local accounts. So far in testing my script works EXCEPT that the generic password being set in the script doesn't apply. I'm having to go into another administrator account and reset the password manually.
#!/bin/sh
# AD Migration.sh
#
#
# Created by Ed Corfman on 8/28/19.
#
#
# Get list of users
listUsers="$(/usr/bin/dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}') FINISHED"
until [ "$user" == "FINISHED" ]; do
/usr/bin/printf "%b" "a
Select a user to convert or select FINISHED:
" >&2
select netname in $listUsers; do
if [ "$netname" = "FINISHED" ]; then
/bin/echo "Finished converting users to local accounts"
exit 0
fi
# Grab variables
shortname=$(dscl "/Active Directory/ORGNAME/All Domains/" -read /Users/"$netname" mailNickname | awk '{print $NF}')
realname=$(dscl "/Active Directory/ORGNAME/All Domains/" -read /Users/"$netname" RealName | sed 's/^ *//' | grep -v Real)
# start heavy lifting
mv /Users/$netname /Users/$shortname
if [ -d /Users/$netname/$shortname ]; then
rm -rf /Users/$netname/$shortname
fi
/usr/bin/dscl . -delete "/Users/$netname"
sysadminctl -addUser $shortname -fullName "$realname" -home /Users/"$shortname" -password "password" -hint "The default password is set to password" -adminUser "ServiceAccount" -password "ServicePassword"
/usr/sbin/chown -R "$shortname":staff /Users/"$shortname"
done
done
Anyone had issues with creating accounts with sysadminctl and passwords not applying? I don't care what the password is because once the user logs in the first time, I'll force a current password sync with Enterprise Connect. Anyone got any suggestions?
