My company is using Jamf to link Macs to an AD. I don't have the details but I can dig logs and product names if necessary. I recently got a new replacement Mac and got no clear instructions from IT on how to set it up. They just said to install what I needed and then run the Jamf enrollment. They didn't respond when I asked about Apple migration assistant.
I used the Apple migration assistant to move all my data and config, then run the Jamf enroll and everything worked. Now I got a (periodic) notification to change my AD password, but it wouldn't allow me to change it using "Users and Groups" stating that it could not reach the server.
I dig into console logs and found this:
opendirectoryd default 11:39:37.407202+0200 opendirectoryd original node '/Active Directory/DIR/domain.com' does not exist for cached user '<private>' GUID 'E.....7' opendirectoryd error 11:39:37.409334+0200 opendirectoryd changing account policies and password is not allowed for offline account
IT told me that the GUID is not correct and that I need to fully delete my Mac and reinstall from scratch and then run the enroll again. Obviously, I don't want to do that as it will take me a week to do so, and I already shipped the old Mac back so I can't use it to continue working on my projects in the meantime.
I tried various commands to untie my account (showing as Admin, Mobile) but they didn't work, it looks like the enrollment never worked in the first place despite changing the hostname and installing a bunch of applications. Apple tools (User & Groups, Directory Util) don't show any link the the AD.
I see that file, /var/db/dslocal/nodes/Default/users/<username>.plist contains stuff related to the AD.
My question is: how can untie my local user to those wrong settings, so that I can run registration again?
Thank you for the help!
Solved! Go to Solution.