Jamf Nation Community

Cem · ‎03-19-2011

Hi Don,

We are using this script with 90% success rate in our refresh project as
we speak (blog.macadmincorner.com/migrate-local-user-to-domain-account).

It has tripped couple of times (I think technician forgot to reboot after
binding the Mac to AD - I will need to check this myself to be sure). If
it trips, it removes the account and renames the home folder. So you end
up with just home folder.

To get this script to work in a higher rate, you will need to restart the
Mac after bind to AD then run the script.
If the script still trips: Perhaps you can use following Terminal command
that you have been using should fix it - TBC
sudo chown -R username:"DOMAINgroup" /Users/username

BTW; we are using Time Machine and FireWire 800 Drives (it would have been
awesome if we had the Thunderbolt technology for older Macs and TB
Drive/s). We backup entire drive then only migrate account/s to the newly
built Mac. We then keep the data for a week for messy User/s to come back
if they need some data (some people leave their data all over the Volume
ie. Top folder, Applications etc...)

I would love to know, how do you handle your data migration process though.

Cheers

Cem

Cem · ‎03-20-2011

Oh I forgot to say, why we don't bind the Macs to AD from built?
Because we are using PGP WDE full disk encryption. It doesn't work if the Mac is bound to AD. So install/configure PGP first then bind to AD...
(I know it was a work around email from one the forum members, but we already have documentation and process in place....it is difficult to change that, also requires more time for testing)
Good news is PGP is working with new MBPs.
Cem

Sent from my iPad

jafuller · ‎03-21-2011

Cem,
We are using PGP successfully post-imaging with AD binding prior to enrollment and encryption. What issues are you seeing when you use PGP WDE after binding?

Also, we too have seen that the PGP 10.1.1 client is working with both 10.6.6 builds.

James Fuller | Technology Application Services | application developer II | V: 206.318.7153

Technology does not drive change -- it enables change.

Cem · ‎03-22-2011

James,

No issues. It is just a bit manual process.

Are you saying, your build configuration installs the PGP Desktop and binds the Mac to AD too? Then all you have to do is enrolment and encryption, correct?

I need to know how you achieve this.

I had issues with PGP.pkg installation. It wouldn't work if the logged in user is hidden admin or AD account. It requires straight forward account (ie 501 / 502 & in /Users)....so I had to create one (temp admin account - this will be deleted after PGP boot password prompt tested OK)

Then AD bind, PGP all works.

Cem

Sent from my iPhone

Cem · ‎03-23-2011

These should work to convert local account AD account. Last one will
create the AD mobile account to be sure. I have only tried it couple of
times...so test it plenty, if you are going to use it.
sudo mv /Users/johndoe /Users/jdoe
sudo chown -R jdoe:"DOMAINgroup" /Users/jdoe
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmob
ileaccount -n jdoe

Cem

donmontalvo · ‎03-23-2011

Hi Cem,

Thanks...hmmm...is this last step necessary if the Macs are bound to AD with this checked?

[x] Create mobile account at login

When the directory is mv'd to the correct name, and after the user:group are set, the user would then log in with AD credentials. Shouldn't the mobile account be handled automatically? :)

Thanks,
Don

--
https://donmontalvo.com

Cem · ‎03-23-2011

Yes it should you are right, but this way you can actually see the account
- so no risk taken...that is why I have said to be sure :)
c

Jamf Nation Community

OEM discs for Thunderbolt all show 10.6.6 build