I’ve seen several places where a smaller company has been integrated into a large company, or where the number of Macs in the company has grown, and now you want those users to have their machines and login managed under the network directory system, be that Open Directory or Active Directory. The most frequent issue with this is that a user has an existing home directory that they’ve been working with and want to be able to bring this over to the new environment. This is a walk-through of how to make that process as painless as possible.
Note: These instructions are based around a 10.5.x client OS. 10.5 uses plist files for user records, where 10.4 used Netinfo. The same theory applies to 10.4, but the method is different, in that the user must be removed from Netinfo.
We’re going to start this assuming that we have already successfully bound our client machine to the existing directory authentication structure. What you may notice here, is that even though your user account exists on the directory server, you may not be able to login with it’s credentials. This is probably because the shortname of both your local user account and your network user account are the same. The search policy for Directory Services on the client will always look to the local machine for authentication first.
You may need to create a new administrative user at this point as you will need to be logged into the client as some user other than the user that you are planning to migrate. Using this alternate user, use the Terminal to navigate to /var/db/dslocal/nodes/Default/users
macmini:~ admin$ sudo -s Password: bash-3.2# cd /var/db/dslocal/nodes/Default/users/
We had to use sudo before this command as the files within the Default node is only viewable by the root user.
From here we’re going to move the plist file for the user we want to migrate. I’m only moving, rather than removing to preserve the file in case I want to go back to the local user for any reason. Once you’ve tested a successful login at the end of this process you can delete the file we’re moving into /Users/Shared/.
mv andy.plist /Users/Shared/
You’ll notice if you run an “id” command on the user you just moved the local information will still show up.
bash-3.2# id andy uid=502(andy) gid=20(staff) groups=20(staff),103(com.apple.sharepoint.group.3),98(_lpadmin),101(com.apple.sharepoint.group.1),102(com.apple.sharepoint.group.2)
We need to restart the DirectoryService process before our change takes affect.
bash-3.2# killall DirectoryService bash-3.2# id andy uid=1026(andy) gid=20(staff) groups=20(staff),103(com.apple.sharepoint.group.3),98(_lpadmin),101(com.apple.sharepoint.group.1),81(_appserveradm),1030(all),1027(vpn),102(com.apple.sharepoint.group.2),79(_appserverusr),80(admin)
You’ll notice that the information coming back from the “id” is now from the directory server, and not the local user info, however, if we try to log in at this point the ownership of the files in the home directory will be incorrect. To fix this, we’ll run a recursive chown on the user home directory.
bash-3.2# chown -R andy /Users/andy
Your user is now ready to log in with their directory username and password, and their home directory will remain the same.