Migrate a user account to a Mac OS X Directory Service.
usage: dsMigrateClient.py [-h] [--computer COMPUTER_NAME] [-d] [--delete] [--dns DNS_SERVER] [-f filename] [-H] [-i] [--iconpng PATH] [--iconico PATH] [-j] [--log PATH] [-p PASSWORD] [-P PASSWORD] [-s] [--search_binddn LDAP_DN] [--search_bindpass PASSWORD] [--search_uri ATTR] [--search_userattr ATTR] [--search_userdn LDAP_DN] [-t {AD,LDAP}] [-u USERNAME] [-U USERNAME] [-v] [target_domain]
Migrate a user account to a Mac OS X Directory Service.
positional arguments: target_domain AD domain or LDAP server
optional arguments: -h, --help show this help message and exit --computer COMPUTER_NAME computer name which will be set in new directory. -d, --debug log all debugging info to log file. --delete delete script and settings file after running. --dns DNS_SERVER set up manual DNS entries. -f filename, --file filename read setting from file. -H, --headless headless (daemon) mode. Wait to run until all users are logged out. -i, --interactive run in interactive mode. Ask logged in user for password, set up launchdaemon to run in headless mode, and logout. --iconpng PATH path to PNG icon (used in JAMF dialogs). --iconico PATH path to ICO icon (used in password dialog). -j, --jamf display status using JAMF Helper. --log PATH path to log directory (/var/log is default). -p PASSWORD password for target (new) domain administrator. -P PASSWORD password for source (old) domain administrator. -s, --serial use system serial number as computer name. --search_binddn LDAP_DN LDAP bind user DN on target domain (for searching for target username). --search_bindpass PASSWORD LDAP bind password on target domain. --search_uri ATTR LDAP URI to search for target username. --search_userattr ATTR LDAP attribute to search for target username. --search_userdn LDAP_DN LDAP DN on target domain to search for target username. -t {AD,LDAP}, --target_type {AD,LDAP} target directory type. -u USERNAME administrator user for target (new) domain. -U USERNAME administrator user for source (old) domain. --local_username USERNAME local administrator user. --local_password PASSWORD local administrator password. -v, --verbose verbose output.
/tmp/dsMigrateClient.py -f /tmp/example.ini
To run the migration, create a Casper package with the script, the ini file, and the icon files for the dialogs and upload it to the JSS. Then create a policy which installs the package and executes the script with the ini file as an argument ( /tmp/dsMigrateClient.py -f /tmp/exampleLocal.ini ) and allow it to be run from Self Service. Users can then initiate the migration from the Self Service application.
- Only one directory service connected at start (the source) or none (for local migration to directory)
- Users to migrate are local or mobile users (not tested for network users)
- Migration is AD to OD, OD to AD, local to AD or local to OD.
- User documents are in /Users/ folder. Migration does not currently change permissions outside of each user's folder.
- Get current DS nodes.
- Get mobile users.
- Get FileVault users.
- Set DNS (if specificed)
- Add new DS node.
- Remove and save local groups from mobile users.
- Remove mobile users.
- Remove old DS node.
- Migrate mobile user home ownership.
- Add mobile users with new DS node.
- Add saved local groups to mobile users.
- Set user password (from interactive mode) to new DS node.
- Set FileVault key for mobile user
- Perform JAMF recon & manager
- Get the logged in username and ask for the user's password.
- Save the username, password, and other arguments to ini file to run in headless mode.
- Launch launchdameon which will run in headless mode.
- Log out user.
- Unload loginwindow
- Run migration (standard mode)
- Load loginwindow
- Remove launchdaemon