Script AD account migration for users

ianmb
Contributor

We're due to enroll a large number of Macs into Casper shortly, and many of our users have account names that don't match their current usernames in AD (e.g. joebloggs instead of jrb1)

I'd like to automate the account migration process so that a script runs when the user authenticates, to read in the local account name and copy all data over to the newly created mobile AD account. So essentially put the migration process in the user's hands rather than our technicians if at all possible (because of the large number of enrollments I'd like to cut down the time a technician spends onboarding each Mac). The trouble is, my scripting skills are virtually non-existent currently, but I'm learning.....

Is this possible, or is there a better way? I wondered whether I could somehow adapt @spraguga's script here:

https://jamfnation.jamfsoftware.com/discussion.html?id=10443

I'd be extremely grateful for any pointers!

2 REPLIES 2

davidacland
Honored Contributor II

The basic steps you'll need to perform are:

  1. Change the name of the current users home folder to match the AD user (mv /Users/oldname /Users/ADname)
  2. Change the ownership to match the AD username (chown -R ADname /Users/ADname)
  3. Clean up any files you don't want retained (possibly keychain files) (mkdir /Users/ADname/Migrated Files && mv /Users/ADname/Library/Keychains/* /Users/ADname/Migrated Files/). In this example, I create a new folder in the root of the home folder and move the contents of the Keychain folder to it (safer than just deleting)

The user then logs in to their AD account and it uses the home folder that was renamed.

The only difficulty you're going to have is step 1 as the script won't know what the AD name should be. You could use the read command to ask the technician what the ADName is, then have the script do it's thing, or give it a CSV file using something like oldname,ADname convention. If I was doing it the CSV way I'd use something like grep "oldname2" names.csv | awk -F',' '{print $2}'.

In this example I'm pointing this at a file called names.csv with the following contents:

oldname,ADname
oldname2,ADname2
oldname3,ADname3

Hope this helps get you started.

spraguga
Contributor

@ianmb My script will work fine using a Self Service offering if the following criteria is met:
1. The computer is on the AD network
2. The user is logged into their local account that they want to migrate
3. The user is logged into Self Service with their AD account.
4. A Self Service offering that the user can run to start the migration.

This way the migration script can get the Self Service logged in AD account and migrate the user automatically. Once the computer restarts, has to be on network to be able to log back into the system, it will pick up their old home folder.