Convert Local Account’s Home to AD account with Local Home

by on July 31, 2007 » Add more comments.

Here is a script that I use to convert a local home folder to be used by an Active Directory account. This script will rename the home folder first, then delete the local user account from NetInfo and rename the home folder back and change the permissions so the AD account can use the home folder. This script is Tiger only.

Please read the script before using so you understand how it works. It’s not terribly complicated.

Use at your own risk!

Download here

(*
 
Convert User to Domain account
Does not require modification for your enviornment. Can be run as is. 
 
TIGER ONLY. 
Leopard does not hve NI* utilities.
 
Copyright 2007 Patrick Gallagher
http://blog.macadmincorner.com
 
USE AT YOUR OWN RISK
NO WARRANTY EXPRESSED OR IMPLIED
*)
 
--Pick a local user from list of home folders that are present in /Users
--You can add a "| grep -v yourlocaladminaccount" after "Shared" if you wish to exclude that from the list
set userList to paragraphs of (do shell script "ls -1d /Users/* | cut -d/ -f3 | grep -v Shared")
set localName to choose from list userList
if localName is not equal to false then
 
	--Backup users home folder
	do shell script "mv /Users/" & localName & " /Users/" & localName & ".backup" with administrator privileges
else if localName is equal to false then
	display dialog "Operation cancelled"
end if
 
--Nuke the local account
do shell script "niutil -destroyval / /groups/staff users " & localName with administrator privileges
do shell script "niutil -destroyval / /groups/appserveradm users " & localName with administrator privileges
do shell script "niutil -destroyval / /groups/appserverusr users " & localName with administrator privileges
do shell script "niutil -destroyval / /groups/admin users " & localName with administrator privileges
do shell script "nicl . -delete /groups/" & localName with administrator privileges
do shell script "niutil -destroyprop / /users/" & localName & " _shadow_passwd" with administrator privileges
do shell script "niutil -destroyprop / /users/" & localName & " gid" with administrator privileges
do shell script "niutil -destroyprop / /users/" & localName & " uid" with administrator privileges
do shell script "niutil -destroyprop / /users/" & localName & " realname" with administrator privileges
do shell script "niutil -destroyprop / /users/" & localName & " shell" with administrator privileges
do shell script "niutil -destroy / /users/" & localName with administrator privileges
 
set netID to text returned of (display dialog "Verify the Network ID is correct" default answer localName)
 
if netID is not equal to false then
	do shell script "mv /Users/" & localName & ".backup /Users/" & netID with administrator privileges
	do shell script "id " & netID
	do shell script "chown -R " & netID & " /Users/" & netID with administrator privileges
	display dialog netID & " has been converted to a domain account"
else if netID is equal to false then
	display dialog "Operation cancelled"
end if

Find more like this: AD Integration, Automation, Mac, Scripting , , , , ,


10 Responses to Convert Local Account’s Home to AD account with Local Home

  • Anonymous says:

    thanks for the script- does this still work with Leopard ?

  • PatGmac says:

    No, it won’t work with Leopard because this script deletes the user account from NetInfo which no longer exists in Leopard.

  • Anonymous says:

    thanks for the reply- how could I modify it to work with leopard?
    Thanks!

  • Evening fellow Techs,
    (MacOSX/unix software install question)
    This website has helped me further my ability to do my job.
    I have another support issue.
    I manage 250+ Macs and have to do updates for various applications, like office, adobe and other off the shelf programs. They provide me with.pkg files. I push them out using Apple’s Remote Desktop. I can also use unix commands:
    HERE’S MY QUESTION – Using ARD I can get into their unix prompt and copy files into their Mac.
    I don’t know what syntax to use. I bit rusty.
    EXAMPLE: If I wanted to copy my hard/applications/texedit program from my mac to their same path..HOW would I do that? REMEMBER using (ARD) SO I’m already at their unix Mac prompt.
    EXAMPLE: Same for delete. Delete a file on their Mac. If I just get the basic commands to start me off I can handle other things.
    EXAMPLE: What about move a folder of items from my Mac to their Mac in a location?

    Thanks Guys

  • Patrick says:

    You need to use the “Copy” function of ARD, then use the “send unix command” to do something with the file(s) you just copied. Or you could use “curl -O http://yourserver.edu/filename.zip” to get the file and commands after that to unzip/install/whatever with them.

  • Mike Wyant says:

    Just wanted to point out that I think all you need to do to get this working on Leopard is the following:

    Replace this:
    do shell script “niutil -destroyval / /groups/staff users ” & localName with administrator privileges
    do shell script “niutil -destroyval / /groups/appserveradm users ” & localName with administrator privileges
    do shell script “niutil -destroyval / /groups/appserverusr users ” & localName with administrator privileges
    do shell script “niutil -destroyval / /groups/admin users ” & localName with administrator privileges
    do shell script “nicl . -delete /groups/” & localName with administrator privileges
    do shell script “niutil -destroyprop / /users/” & localName & ” _shadow_passwd” with administrator privileges
    do shell script “niutil -destroyprop / /users/” & localName & ” gid” with administrator privileges
    do shell script “niutil -destroyprop / /users/” & localName & ” uid” with administrator privileges
    do shell script “niutil -destroyprop / /users/” & localName & ” realname” with administrator privileges
    do shell script “niutil -destroyprop / /users/” & localName & ” shell” with administrator privileges
    do shell script “niutil -destroy / /users/” & localName with administrator privilege

    with this single line:

    do shell script “dscl . -delete /Users/ ” & localName with administrator privileges

    I’ve tested the command on Leopard, but not the entire script so YMMV.

  • Patrick says:

    “Just wanted to point out that I think all you need to do to get this working on Leopard is the following:
    with this single line:

    do shell script “dscl . -delete /Users/ ” & localName with administrator privileges”

    There would still be some cruft left over such as that user would still be a member of the various groups. You would also want to nuke the UID and GID it is using up.

  • Pingback: Migrate Local User to Domain Account | Mac Admin Corner

  • William Loring says:

    This script looks great, if it will work for me…

    Has it been confirmed that this script can be modified to work with Leopard/Snow Leopard? I’ve got about 25 clients that I want to move from standard accounts to AD accounts, and I really don’t want to have to tell them all that they’ll have to create new login accounts, then migrate all of their settings and files to the new account.

    Is it feasible to make this sort of switch work with any reliability?

    Thanks for any help or suggestions.

  • Patrick says:

    @William

    No, this script would have to be re-written for Leopard or SL. Use this one instead for Tiger/Leo/SL:
    http://blog.macadmincorner.com/migrate-local-user-to-domain-account/

Leave a Reply

Your email address will not be published. Required fields are marked *