Convert Local Accounts to Network/Mobile Accounts
Configuring a workstation to use a network or mobile account is beneficial in environments where administrators wish to manage authentication from a central server, utilize single-sign-on, or improve security by enforcing a password expiration policy.
To read more about the differences between network and mobile accounts, as well as instructions on binding to Open Directory and Active Directory, visit our article, Creating Network/Mobile Accounts with Local Homes.
In order to convert an existing local account to a mobile account, we must first remove the account from the local directory. Ideally, we will retain the existing data and ensure the existing home name matches the short name of the appropriate network user. Instructions are below. Contact us if you would like Robot Cloud to help automate this process!
Perform the Conversion
- Bind the workstation using the instructions in our Creating Network/Mobile Accounts with Local Homes knowledge-base article.
- Use Terminal to remove the username from the local directory. This will leave the local home folder in place. The command is below (substitute USERNAME for the short name of the user you are converting).
sudo dscl . delete /Users/USERNAME
- Change the name of the local home folder to match the directory short name. The command is posted below (substitute USERNAME for the original short name, and DIRUSERNAME for the directory short name).
sudo mv /Users/USERNAME /Users/DIRUSERNAME
- Log out to test the new account.
- At the login screen, select 'Other' or simply type the user's network credentials.
Clean Up Permissions
On the first login it is entirely normal to receive permissions errors. These can be corrected using two Terminal commands. Substitute USERNAME for the directory short name, and DOMAIN for the sub-domain of your directory server. IMPORTANT: You will want to run these two commands from an account other than the newly converted network account.
sudo chown -R USERNAME:"DOMAIN\domain users" /Users/USERNAME
sudo chmod -R 755 /Users/USERNAME
Additionally, there are some applications which hard-code the path to support files in their preference plists. These applications will break if the username was changed. Ensure that all applications launch appropriately and modify the plists using a text editor to correct the path, or delete the plist, re-launch the application and re-configure the settings.
Comments
4 comments
This article was very helpful, thank you.
One issue I ran into was the very last listed command:
sudo chmod -R 755 /Users/USERNAME
That command made every file in the user's home directory executable. I have very little knowledge of how permission work and what is needed, so I don't know what that command should be but I know that the professor who's local account I migrated to the domain was not happy to find that all his text files were executable and whatever specific permissions he had on other folders and files were reset.
Hi, Jay, Sorry it took us 3 months to approve your comment! Hm. Not sure what happened there. "chmod -R 755" changes the permission of the folder. It does not alter how they work. Macs can't run .exe (executables) files so I'm guessing this had something to do with a Windows share? I hope you got it all sorted!
@Ben: Jay is correct. chmod 755 will recursively modify the folder and all its contents to executable.
The command should be chown (change owner), not chmod (change modify). You do not need to change the file permissions. You simply need to change the owner.
chown -R USERNAME /Users/USERNAME
chmod -R 755 (drwxr-xr-x)
= recursively change all files and folder permissions.Thanks for your comment Marc Hauge!
Please sign in to leave a comment.