We're currently moving our users from managed mobile OD accounts to local user accounts, but we're running into some issues. We wrote a script to create the account and set essential attributes with dscl, and while the script doesn't return errors, the newly minted users cannot change their passwords. Instead they receive an error stating that their systems administrator may not allow them to change their password.
It should be noted that we're not converting existing accounts, rather we are creating new local accounts for each user when they get a new computer. However, the UID for the account is being set to match the user's old OD UID and the real name/short name will stay the same as well. The new computers are not bound to OD, so there shouldn't be any confusion.
Lastly, enabling Parental Controls on the account allows the user to change their password and I've noticed there are others here who have run into the same issue/work around, but I'd love a cleaner solution. Thanks in advance!
Edit: I need to redact my previous statement that enabling Parental Controls allows a password change. This is not in fact the case. What actually allows the PW change is unlocking the pref pane. If the pref pane is locked the user cannot change their password.