We are in the process to enable Disk Encryption . Now we have rolled out disk encryption Configuration Profile for user on high Sierra and Mojave , Which is disabled security token unable to process the Disk encryption.
We have a local account on all the Macs which is having secure token and its common account for all Macs . I am looking for script enable security token for AD user account using Local admin user.
We were in the same boat here when it came to enabling FileVault. Before we did this we wanted to make sure all the domain users had secure tokens. We started with a SmartGroup to identify those users. Then we used the script found here: https://github.com/TravellingTechGuy/manageSecureTokens
Keep in mind, when you create the policy to run this script you have to call out the variables. You'll likely want to change variables 4 and 5 to be something like AdminUser and AdminPassword and then pass those variables with the policy. Of course, this would only work if you had the same local admin account using the same admin password on each system.