So, we’ve all been there: A user is using his Mac with a local account. At some point IT needs to manage all Computers and Passwords, and thus this Mac together with it’s user needs to be ActiveDirectory managed. But of course: No setting, no file, nothing should change, because the user is king (and maybe the company’s boss that hates being upset, and even a changed background or shortcut-location upsets him….). Here’s how to do it:
- Create a new local user with admin rights.
- Logout of existing User and into the new admin user.
- Delete the user you want to migrate. When the system asks, don’t delete or archive the user folder, just leave it where it is.
- In a terminal issue the following command “sudo mv /Users/oldusername /Users/newusername” where newusername is the shortname of the AD User. This is critical!
- If not already happened bind the Mac to the AD.
- Use “chown” in terminal to change the owner of the users directory to the new domain user. Use the shortname, no need to write the FQDN of the AD.
- Use “directory utility” to change the settings and check the box to create a “mobile account at login”, and check the second box, too.
- Now logout, maybe reboot. (Sometimes it is needed, sometimes not, depending on how quickly the Mac gets the new AD binding.
- Login using the new users shortname. It should ask for a mobile profile, create one!
- You might need to update the keychain password.
Thats it: Enjoy your migrated user folder and settings. You shouldn’t notice any difference besides a new password 😉
One note: The new user is a standard user without administrative rights. If you need to give him/her or the Administrator-Group admin rights, you can to this in the “Directory Utility” as well. Single users won’t work, use groups like this: DOMAINNAME\groupname .
All the best.