Has anyone else notice that using the sysadminctl to create local hidden admin accounts will NOT set a custom UID?
sysadminctl acts like it will set the requested UID but then assigns a standard UID (like 502 for example).
I typically never have to create local admin accounts (DEP & Jamf provision these things in MOST situations). But today is a day when I need to do it.
Here is an example of how I manually create an hidden admin account:
1 Create the account:
sudo sysadminctl -adminUser REDACTED -adminPassword REDACTED -addUser localadmin -fullName "local admin" -password REDACTED -UID 469 -home "/private/var/simradmin" -shell /bin/bash -admin
2 Create the homedir:
sudo createhomedir -c -u localadmin
3 Make sure its hidden from UI:
sudo dscl . create /Users/localadmin IsHidden 1
Almost everything above works, but the UID is NEVER the UID I requested. Regardless of the UI value I choose, the result is a standard (500 range) account UID.
I find this behavior odd. Thought Id share it. No errors or warnings.
I suspect this is related to SecureToken. But the account has a valid SecureToken. Not sure why a sub-500 UID would come into play here.
Back-story:
Those who are curious why I had to create an account manually: Desktop team had deployed 10 new Macs via DEP/Jamf. 9 of the Macs were perfect, but 1 didnt get a local admin account generated properly (from a PreStage). Desktop team didnt have time to re-deploy it "clean" so I took a look at it and tried to "fix" it fast and get back to work.
