I wanted to touch base with the community and see if anyone is able to assist in simplifying user profile migration of AD users from Mac to Mac.
One point; average profile size is roughly ~150Gb.
Currently when a user gets a new machine we image it up with Casper, and then rsync their profile over our network. This involves enabling the root account on both machines and then running;
sudo rsync -aru --progress root@sourceip:/Users/username /Users/
After transfer is complete, I can walk into a clients office, drop their new machine on the desk and take the old one away. They login and there is everything just as they left it.
I'm being asked to make this even simpler so that those who don't use Mac on a daily basis are able to assist; i've had people telling me to wrap the process in AppleScript so that it's simply IP addresses and drop down menus.
Before I embark, does anyone have any other ideas or methods that you've found bullet proof enough to give to techies that don't use Macs?
Network home folders are something we will move to, but there will still be a good few hundred rollovers in the meantime.
This doesn't directly address the scenario you've been working with, but the most bulletproof way I can think of is using Migration Assistant. That would interrupt the user while they're working because Migration Assistant would lock the user out from doing anything while the profile transfer is taking place.
Another way to handle this issue would be to use a backup product like Crashplan. In that case, document how to install the backup agent on the new machine, then restore from the old machine's latest backup.
wrapping shell script in applescript (or calling applescript from shell script) is the way i've done these 'idiot proof' setups in the past.. other than the 'real fun' of escaping (which can drive you slightly mad) its all very doable...
i'm surprised there isn't anything in the resource kit to this effect, as migration is a common request.. and 'other tools that shall not be named here' seem to offer this feature...
Hi Guys, sorry to hijack.. But I what do you guys do with permissions on the migrated data?
Reason I ask is I've started partitioning our Macs with OS & User partitions.. When I reimage & the user logs back in the permissions do not seem correct.
Also, IIRC migration assistant doesn't work with NW accounts (accounts with an UID over 1000)..
When I migrate users I use the following for sync:
rysnc -aEv <localpath> admin@<host>:/<remotepath>
I've never had to enable root user to do this, the local admin account is fine. The only thing I've noticed is that on 10.7 machines I cannot rsync to /Users (which I'm now thinking is why you enable root). Instead I sync to /Users/Shared and then move the folder to /Users while ssh'd into that new machine.
As for permissions, I always do a chown on the directory once I'm done:
chown -R <user>:staff <userfolder>
I havent' had a permissions issue at all.
With the separate partitions, what I have noticed is that if the system creates the user home folder in /Users, I have to delete that folder and make sure the user account is pointed at the alternate location, usually /Volumes/Users/<user> in my case.
I enable root because it is the only account that has permission to dive into other user accounts. Remembering again that our users are all mobile account AD profiles. It probably doesn't require root to migrate a local account? I've never had to do this.
@bentoms The method of rsync that I use preserves file ownership permissions. I do not need to chown, chmod or copy anywhere else on the drive.
@Stevewood What extended attributes are you capturing with -E?
Casper will do everything as the super user, so it is very feasible to take your rsync migration script and run it via Casper Remote, feeding the IPs of the unit to migrate data from and the new unit.
This would take care of your requirement that it be easy to use and wouldn't force you to enable root, since it will run under sudo. "rsync -avE" migrations will preserve user permissions.
I always exclude ~/Library/Caches. There's not much else I've found that needs to be excluded.
Honestly, I wouldn't rely on anyone to use a PC to administer Casper anything. As a rule I make sure that any tech doing Casper work has at least remote access to a Mac workstation with the admin tools.
Casper really is a best of breed for ONLY the Mac platform.
This is a cool concept. I am just starting out in the Casper world. Can anyone share the script he is talking about as well as any good resources you have used to manage Macs in an Enterprise environment. I switched to Mac myself 6 years ago and just recently have been supporting them in an Enterprise environment. I am eager to learn and would appreciate anyone patient enough to answer a few questions if I don't understand something. I am looking to move out of the Windows world and just found a job willing to let me do so as well as having enough Macs to support and learn on. Any help is appreciated.