Unregister a local user from AD due to Macbook Apple migration

fennec
New Contributor II

Hi,

My company is using Jamf to link Macs to an AD. I don't have the details but I can dig logs and product names if necessary. I recently got a new replacement Mac and got no clear instructions from IT on how to set it up. They just said to install what I needed and then run the Jamf enrollment. They didn't respond when I asked about Apple migration assistant.

I used the Apple migration assistant to move all my data and config, then run the Jamf enroll and everything worked. Now I got a (periodic) notification to change my AD password, but it wouldn't allow me to change it using "Users and Groups" stating that it could not reach the server.

I dig into console logs and found this:

opendirectoryd	default	11:39:37.407202+0200	opendirectoryd	original node '/Active Directory/DIR/domain.com' does not exist for cached user '<private>' GUID 'E.....7'
opendirectoryd	error	11:39:37.409334+0200	opendirectoryd	changing account policies and password is not allowed for offline account

IT told me that the GUID is not correct and that I need to fully delete my Mac and reinstall from scratch and then run the enroll again. Obviously, I don't want to do that as it will take me a week to do so, and I already shipped the old Mac back so I can't use it to continue working on my projects in the meantime.

I tried various commands to untie my account (showing as Admin, Mobile) but they didn't work, it looks like the enrollment never worked in the first place despite changing the hostname and installing a bunch of applications. Apple tools (User & Groups, Directory Util) don't show any link the the AD.

I see that file, /var/db/dslocal/nodes/Default/users/<username>.plist contains stuff related to the AD.

 

My question is: how can untie my local user to those wrong settings, so that I can run registration again?

 

Thank you for the help!

1 ACCEPTED SOLUTION

fennec
New Contributor II
2 REPLIES 2

fennec
New Contributor II

I found the below script, is it safe? Would it work? (I'm on Big Sur 11.6)

https://github.com/rtrouton/rtrouton_scripts/blob/main/rtrouton_scripts/migrate_ad_mobile_account_to... 

fennec
New Contributor II

I executed the script and it looks like it cleared the Mobile status from my account. Now I need to restart and do the AD enrol again.