Trouble with migrating AD mobile account to local account - Jamf MDMed device

[mrigucci]

Original script found here: rtrouton_scripts/rtrouton_scripts/migrate_ad_mobile_account_to_local_account/

We tested the above script on a device that did not have a Jamf MDM profile first without any issues, but after deploying that script to a device with Jamf MDM, we're now unable to log into the newly created local account. To be more specific, when the user tried to log into the newly localized account, there is a prompt to set a new password. When trying to set up a new password, a password requirements window pops up and says "Not allowed to change own password". Because that didn't work, naturally we tried changing the password of the newly localized account through a different local admin account on the computer and we were prompted with the same password requirements window. We also tried to reset the password with a script but that failed with an error message:

"sudo /usr/bin/dscl . -passwd /Users/ dang961”sago passwd: DS error: eDSAuthPasswordQualityCheckFailed

DS Error: -14165 (eDSAuthPasswordQualityCheckFailed)" I called Jamf support and they tried to have us remove the MDM and re-add the MDM after running the script, however of course since we already ran the script (and the machine is no longer domain attached), we were unable to test whether that would solve the issue. If you need anymore information, I'd be happy to provide it. Please let me know your thoughts. **My question is this:** how do we log back onto that account at this point? We've migrated the data but if we have to wipe the machine, the data transfer won't be as seamless as we were hoping. FYI: - the device we are trying to take off of AD has MacOS El Capitan 10.11.6 **TLDR:** - cannot log into newly localized account because of Jamf MDM (?)

[rtrouton]

No idea. Since my script worked without MDM in the mix, I would encourage you to continue working with Jamf Support to figure out what exactly is causing the issue.