Help

Silent Mobile to Local Account conversion?

MatG
Contributor III

Posted on ‎01-13-2021 02:42 AM

I'm looking for a script that will silently convert a Mobile Account to a Local account, leave AD inplace and make the user admin.

Rich Trouton's script is great but requires input.

However I have edited it to remove the section that unbinds from AD and also edited to make the user admin without prompt but I can't figure out how to remove user selection part and just run.

I just need it to covert any mobile accounts it finds without any onscreen selection.

Anyone have a something to achieve this?

I know Jamf Connect can demobilize but cost is an issue.

4 REPLIES 4

Not applicable

Posted on ‎01-13-2021 06:07 AM

We're actually just starting this process ourselves. We start by installing NoMAD 1.2.2 and NoMAD Login 1.4, run the Terminal command "authchanger -reset -demobilize", and then throw up a prompt to request the user to reboot. Technically only a log off/log on is required but hey, as long as they're doing that anyway... The authchanger command with the demobilize switch will convert any Mobile account to a Local account at next login. It won't help at all with elevating rights from a Standard to an Admin account but that's another script.

#!/bin/sh

```

MatG
Contributor III

Posted on ‎01-19-2021 07:52 AM

@user-UpMOTQKrkX This was perfect and really simple.

Just to document for others
Create a policy with payload package with NoMAD Login 1.4 (did not require NoMAD)
Add payload Files and Process and added to Execute Command
authchanger -reset -demobilize;defaults write /Library/Preferences/menu.nomad.login.ad.plist DemobilizeUsers -bool true

We also added a reboot notification
On Reboot Mobile account is Local

LarryKuhlman
New Contributor II

Posted on ‎08-05-2022 09:01 AM

That works great for us.  Did you also have a script handy that that can run afterwards to unbind from AD and ensure the logged on user remains an admin?

Ive tried to use portions of the Der Flounder script to do that as a follow up.  I can easily unbind the Mac from AD but keeping the logged on user in the admin group afterwards is the tricky part. 

https://derflounder.wordpress.com/2016/12/21/migrating-ad-mobile-accounts-to-local-user-accounts/

b1gmacadm1n
New Contributor
In response to LarryKuhlman

Posted on ‎06-14-2023 07:19 PM

Hi Larry, can you PM me and share your experience with converting users from mobile to local and unbind via script? We're looking into doing something similar.

0 Kudos