Solved

Take an AD Managed Mac Profile and Make it a Local One

Posted on 2014-11-06
6
341 Views
Last Modified: 2014-11-20
Our organization has an Active Directory network, and very few Macs in the network.  When we first deployed my Macbook three years ago, we joined it to the Active Directory domain and the main profile I've been using since then is a managed profile that sometimes is roaming.

This worked fine until some recent domain changeover.  My profile is now orphaned and I'm living off cached credentials.

The IT dept washes their hands of supporting the Mac, and has told me to just create a new, local profile to work through in the future.  I'm on my own when it comes to doing this and getting permissions and access to all my old local files, preferences, etc.

I'm finding a few articles about taking a local profile and migrating it to managed, but very little about going the other way.  I'd like to get out of this domain!

My IT dept will be kind enough to come in and type a domain admin password for me if that is required as part of your procedure, but I am still looking to a bad domain for my network auth server, unplugging from network to do any admin authorization.  I really have a nasty feeling of living on borrowed time with this profile.  Thanks for your help!
0
Comment
Question by:centurydana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Accepted Solution

by:
serialband earned 500 total points
ID: 40427366
What do you need to migrate?

If you just need the data and don't care about the Dock and preferences create a local Profile and copy all the data from your domain profile.  Copy or move all the folders except the Library folder.  If you need certain settings, you can selectively copy the files from the ~/Library folder.  Login with the new account and change the ownership of the old account's files.

chown -R "NEW_ACCOUNT" /Users/OLD_ACCOUNT/

Once you've forced the ownership, you can open the files and drag and drop them into the new account.


If you need everything, I would suggest backing up the disk or duplicating it before you make the change.  You will need to create a 3rd account.

First, create an Admin account, make sure it's set with full admin permissions.
Delete your Domain Account, but save the deleted folder, and don't compress it.  (Select Don't change the Home Folder -- You did make a backup, right?)
Create a new account with the Domain account name you had and make it an Admin.
Once logged in, rename the Folder in Terminal.  If your account name is centurydana, then you should have a /Users/centurydana/ home folder.

mv "/Users/centurydana" "/Users/remove-me-later"
mv "/Users/centurydana (Deleted)/" /Users/centurydana/
chown -R centurydana /Users/centurydana/

It's important that you run the chown command to change the user ID on all the files, or you'll run into access problems.

Log out of the admin account and log in with the centurydana account.  You should have all your previous settings with a new non-domain password.
It should prompt you for a keychain password, or possibly not, if you created the account with the same password.  I haven't tried that scenario.  Enter your previous domain account password to unlock your old keychain and update it.

You should have all your previous Dock Icons and App preferences.  Since you're an Admin, you can now delete the intermediate account that you've created.  I've just tested this on an account and I've done this similar scenario on Windows as well.
0
 

Author Comment

by:centurydana
ID: 40427420
This looks like a solid procedure recommendation.  I'll give it a run tomorrow.  Thanks!
0
 
LVL 29

Expert Comment

by:serialband
ID: 40427602
Change one part.  "Once logged in, rename the Folder in Terminal."
Should just be "Rename the Folder in Terminal."   You should be doing this from the temporary Admin Account.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:centurydana
ID: 40435728
I swear I am going to attempt this soon. Every document I am seeing over network shares is like old cached versions or something, not showing the last two weeks of edits.  Weird.
0
 

Author Comment

by:centurydana
ID: 40455752
Hey I knocked this procedure out last night and it worked great.  I had to sudo the terminal commands for some reason but with that, worked fine.  Sorry it took so long, even with backups, I couldn't risk my workflow for a while until some stuff was done.

Thanks again!
0
 
LVL 29

Expert Comment

by:serialband
ID: 40455879
You do have to sudo the commands.  I forgot to add that since I wrote it off the top of my head.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question