search

BIG-RAT / mobile_to_local

Migrate mobile Active Directory account to a local account
MIT License
55 stars 4 forks source link

RealAnigai - Jamf Script Available #12

Open Anigai opened 1 month ago

Anigai commented 1 month ago

Hi BIG RAT,

What a great project. Thanks for the credit in the latest release btw.

I'm not super familiar with using Github yet and I think I'd have to be given permissions to give you Pull Requests? But anyway, I have completed my script and tested it for a large scale deployment and while it's fairly basic and doesn't yet take advantage of your fixes since i've been using v2.6.1 for this it might be useful to someone in future so here it is. Trying to contribute is the least I can do to thank you.


#!/bin/bash
# Written 16-05-24 by RealAnigai
# Completed alpha testing on 20-05-24 with the now initial version 0.5 beta1 by RealAnigai
# Modified 21-05-24 by RealAnigai to version 0.6 beta2
# Moved to version 1.0 on 13-06-24 after successful user testing of 0.6 beta2
# Current version is 1.0 of this script
# I wrote this script to initiate the conversion of macOS user accounts from Mobile to Local accounts
# It depends on the tool called "Mobile To Local.app" 2.6.1 by BIG RAT on Github to be installed on the users machine first before running and will fail without it
# Also it depends on Filevault being enabled for the user.  If the machine has Filevault and the user is not enabled the tool will lockout the user
# They will be converted successfully but would need a local admin to reset their local password for them
# I have included logic to check that the current user has FileVault enabled for them in order to prevent the need for that
# After they click the "Install" button the machine will restart after 15 minutes(via Jamf and not this script) and boom, they're now a local account
# The Kerberos SSO Extension can now ensure all macOS and AD passwords are synced on the machine as long as the users VPN is on.
# Documentation on the Mobile To Local tool is available here https://github.com/BIG-RAT/mobile_to_local

# TL:DR this script converts the logged in user from a Mobile Account to a Local Account when they click the "Install" button in Jamf Self Service
# This can take upwards of 10 minutes from my testing

# Fetch the username of the currently logged in user and store the result into CurrentUser
#CurrentUser=$(stat -f "%Su" /dev/console)
CurrentUser=$USER

# If the user doesn't show up in the Filevault enabled list, display a notification and exit with an error status
# If the user does show up in the Filevault enabled list, execute the Mobile To Local tool to silently convert them to a Local Account
if [[ !  $(sudo fdesetup list | grep -io $CurrentUser)  ]]; then
        osascript -e 'display notification "Filevault must be enabled first! Please ask IT for assistance." with title "Self Service says"'
        exit 1
else
        sudo /Applications/Mobile\ to\ Local.app/Contents/MacOS/Mobile\ to\ Local -unbind false -userType admin -mode silent
fi
Anigai commented 1 month ago

Man i have no idea how to put code here even with this haha

BIG-RAT commented 2 weeks ago

Thanks - see if I can't find a better place to keep this at some point.