I work for a small business, for the few years we've been running we've had individual MacBooks with local user accounts. We need to formalise this a bit in order to get an industry security accreditation, we need to prove password rotation and things like that.
I've set up Apple Server on a spare Mac Mini and created the network, I'm able to set up new users and login via the connected macbooks. The issue I have is we've all got long established profiles, apps, settings and so on, so I need a way to get these existing profiles tied to the users, there doesn't seem to be a standard way to do this and any guides/videos I find are very outdated.
I created a open directory user matching my local user, renamed my user (home) directory, deleted my local account using the root user and signed in to my network user on my macbook, then logged back into the root got rid of the network users user (home) directory and renamed my old one back, I tried to set the ownership of the directory to the network user account but when I logged in it was a world of pain, I couldn't even open apps due to the permissions.
I ended up losing my old local account, luckily I was able to get all of my files back and set the user and group permissions to my new user, although I've lost my settings and configs. There was obviously a whole load of other files I wasn't aware of in the Library that just didn't like the change.
Is there a way I can link Open Directory users to already existing local mac users, or somehow switch over?
Thanks!
Best Answer
This is my old note, that I did. I am writing here as this might help you. All instructions may not be accurate for the path as macOS has changed a lot. But I would suggest you give a try on one machine first. Please make a backup of everything or try on one idle machine.
Step 1: Steps 1 – 24 (Basic setup)
Step 2: Steps 25-27 - Reset User folder Permissions and ACLs
Now, in Batchmod, browse to the user's Public folder and select the Drop Box folder and apply the following permissions:
After all steps are complete and the user can log into their domain account successfully and see all their data, then log back into the local admin account you have been using and do the following:
I recommend leaving the local admin account in place so you can get into the machine in the future if anything ever goes awry with the connection to the domain. It can happen.
Go through this also: http://www.walcott.com/blog/converting-a-local-mac-user-account-to-and-open-directory-server-mobile-account