Changing a local account to a mobile account

Similar Messages

• Network accounts instead of Mobile accounts

  All of a sudden with any of our images and fresh build form CD, once joined machines are placed on the domain. When a network account logs in to them they get netowrk accounts instead of mobile accounts. Not sure what caused it but looking for an swer to why. Anyone have any ideals? Running Snow Leopard in an Active Directory environment.
  Thanks,
  Indiana

  you set up rules that control the syncs so you can decide when, how often and what gets synced.
  The time it takes to sync at login/log out is the only real frustration with mobile homes.
  Basically you have two types of sync: login/logout and background
  Login/Logout happens when you log in or log out (obviously!) and is meant to be used to sync the library and other files that can't sync while they are in use.
  Background sync happens on a schedule that you can set, and is meant to sync the rest of your home folder except Library and microsoft user data
  You can adapt the rules however you like though, and exclude individual files, folder or sets of folders from either or both of the syncs
  Its best not to be logged in to the same user at the same time on multiple macs, cos it could get into a real mess, you would log out of Mac A then log into Mac B and because Mac A completed its sync on log out then Mac B will have all the upto date files.
  If you did log into the same account on different macs at the same time it would show you syncing conflicts and you would be given the choice of saying the correct file is on This Mac or the Network Home

• Convert a mobile account into a local account

  Hello everyone!
  I originally had to convert local accounts to mobile accounts, but the mobile accounts are not working for us. Seems to be unstable at times and just not what we're looking for. Now I want to change these mobile accounts back to local accounts. Oooor if there is a way to disable sync services, that would be fine.
  I took the user out of the group that had our mobile account preferences, but the user is still backing up to the server.
  Thanks

  The way we do it is basically the same in either direction with the basic goal of retaining the user's data and settings:
  1) delete the user from the local machine, but leaving the home folder as is (the home folder will be changed to +user (deleted)+ )
  2) recreate the user account either as a new local account (from system prefs), or a new mobile account (by logging in and creating the account, then logout) as required.
  3) as an admin, delete the default home folder that was created when the account was created. I usually do this from the command line : sudo rm -rf /Users/user
  4) again from the command line, change the name of the home folder : sudo mv /Users/+user (deleted)+ /Users/user
  5) finally change the permissions on the home folder: sudo chown -R /Users/+user user+
  Test, it should be good from there.
  Miles

• How can I create a mobile account in Mountain Lion?

  Dear All,
  I have a problem creating a mobile account while joining an Active Directory domain controller (DC).
  ** Case one: While joining the DC, if these options are selected (Create mobile account at login) & (Force local home directory on startup disk), the home directory can not be created at all.
  So, how can case one be solved?
  ** Case two: While joining the DC, if (Creat mobile account at login) is not selected, and (Force local home directory on startup disk) is selected, home directory can be creatded, but not as mobile account.
  So, After creating the home directory, I can go to make it mobile account from Users & Groups/Active Directory user and choose mobile account.
  after creating mobile account, the user loged out and then loged in back again. from here Mobile account botton is disabled and I can not manage it.
  So, How can the bold underline part of case two be solved?
  Note: Active directory used is Windows Server 2008.
  Regards,
  Abdelaal,

  What is a "fax dialog"?
  This dialog, or something closely resembling it, is what you should see:
  Clicking Print sends the fax.
  It is possible Acrobat is interfering with something, in which case you should get rid of it, unless you know of a reason to require it.

• Mobile accounts not expiring

  Hi everyone,
  We have all of our Macs (running 10.7) bound to AD through the native plugin. We have the AD plugin set to create mobile accounts. We create three local groups on each machine and add the equivilent AD groups to the local groups. For instance, we have a local group called Students which has the member DOMAIN\AD Students. We then use local managed preferences to launch a login script to map drives for these accounts, which works correctly based on group membership.
  We've now set these same three local groups to have mobile account expiration. On a test machine, we set it to 2 days. We then logged in with a test account and rebooted, logged in again, and rebooted. After waiting all week, the account is still there (along with all of the other mobile accounts, but we don't know exactly when those students had logged in).
  Is there any place to check where the last time a user logged in? Does our setup sound like it should even work?
  Thanks!
  -MRCUR

  When logging in with an AD user, the "lastLoginTime" is not set on the mobile account. This seems to be the root cause of the accounts not expiring as expected, as the lastLoginTime is used to determine when the account should expire.
  This unfortunately seems like expected behavior when using AD accounts as opposed to local or OD accounts.

• Mobile Account Sync inherently broken?

  Hey guys I've got a setup with 2008 R2 servers running active directory domain services and distributed file system. I've got all of my macs bound to the directory for network authentication and local user login with mobile accounts being created on login. We've been having some really poor performance with the sync, it will simply stop syncing and provide no warning to the user. I've also noticed files becoming "hidden". Anyone else experience this or have a better way to set up?

  also, check ~/Library/Logs/FileSync/FileSyncAgent-Verbose.log and logs in ~/Library/Logs/FileSyncAgent/ on the client and/or server homedir.

• MOBILE ACCOUNTS ARE BROKEN!!!  At least for Active directory.

  Thanks ben6073 for posting your link to the solution. It worked for me as well.
  I did a clean install of SL, joined the machine to the AD domain using Directory Utility. Restarted and when the other user option finally came up in the login screen it would just shake after entering my credentials. As if I was using the wrong password. I then logged in with the local admin account and using the Directory Utility disabled the mobile account option. I then restarted and was able to log in using my credentials.
  MOBILE ACCOUNTS ARE BROKEN!!! At least for Active directory.
  Thanks ben6073 for the link to a fix. And thank you Rich for the post on google.
  http://groups.google.com/group/macenterprise/browse_thread/thread/2c2502b08bb84c 7a?pli=1
  G

  Greg Plassmeyer1 wrote:
  Thanks ben6073 for posting your link to the solution. It worked for me as well.
  MOBILE ACCOUNTS ARE BROKEN!!! At least for Active directory.
  I had this problem this morning. It went away after I rebooted and ran applejack in "auto pilot" mode. The machine is a macbook pro running Snow Leopard. The account is a mobile account tied to a windows active directory server. Applejack is available from http://applejack.sourceforge.net/. The auto pilot mode cleans out the system caches is /Library and /System/Library - perhaps this is what provides the fix? Just a guess.

• Mobile account disabled unable to re-enable

  First some background. We have an Open Directory Master setup on Snow Leopard Server 10.6.2. I have a default password policy of 5 attempts and the user account is locked out. I am in the process of binding Snow Leopard clients to Open Directory. All of my users are on laptops so I was setting them up with mobile accounts. First I would bind the machine to Open Directory, then I would have the user login with their network user account. Next using System Preferences I would convert the currently logged in network user account to a mobile account. I assumed I needed to do this so the user would be able to login to their machine while the server was unavailable.
  My issue is that the using a second machine the user locked out their account. I re-enabled the account in WGM, but the user cannot get into their laptop. I use WGM to view the local directory and it show the local cached account as disabled. Unfortunately there is no way using the GUI to re-enable the cached local account. Also using dscl I see that AuthenticationAuthority has ;DisabledUser; as the first value before LocalCachedUser.
  It seems I don't fully understand how mobile accounts work. I assumed that a cached version of the account would be created on the client machine for use when the Directory Server was unavailable. I thought that when the Directory Server was available that it would take precedence over the cached copy. Is this not how it works?
  Also my attempts do edit the user account using dscl to remove the ;DisabledUser; value were not successful. Is there an easy way to re-enable this account?

  Mr Beardsley wrote:
  I think what happens, at least in our office is that after the 24 hour period for Kerberos people will have to enter their password again for things like iCal, iChat, etc. If they mistype their password, and save it in keychain, I think it can rapid fire try to authenticate many times without any visual feedback and lock out the account. Reactivating in workgroup manager handles the account in OD, but unfortunately the local copy of mobile user account doesn't see or honor that the account has been reactivated on the server.
  I was doing the same thing as you deleting the mobile user account on the system, but that was getting to be a pain as I would have to remake the mobile user account and the user would lose their picture every time. After I discovered the pwpolicy command I have tested it several times and deleting the user account is no longer necessary. Just re-enable the account in OD, then run the command I put above to re-enable on the client.
  What I would love to see happen is that the client machine check with OD to see if the account is enabled/disabled then update itself to be in the some condition. Until then it's running a command on the client to get the account working again.
  Mr. B,
  I think you're right about all of this. I'm experiencing this too with only one mobile user. This user is in a different office all week. Then on Fridays he's here at our HQ. His laptop is set to sync every 3 hours. For some reason it is at this syncing stage that his account becomes disabled. I think the HomeSync function may be requesting a password that the user is entering incorrectly because they get confused as to what password to enter. I'm not sure if they are entering incorrectly once, 3 times, 10 times or what. They are frustrated and so am I.
  However, the pwpolicy command you provided DOES re-enable their local mobile account and it is available after restarting. So thanks for that!
  We have several different passwords that for any given user (SLS network account, file-server, email, plus their keychain password).
  Anyone have a tried & tested "user-friendly solution" to keeping these all in sync after our 2-month password expiration?

• Active directory mobile accounts

  Hi,
  Just did a clean install of Lion, joined it to my active directory (Windows SBS 2003). No issues with this part...
  But when I log in as a domain user, I get:
  the home folder for user is not located in the usual place or cannot be accessed
  Strangely enough, if I turn off mobile account creation, it works, and /Users/domainuser is created. If I then turn back on mobile account creation I get the error again.
  Anybody else experience this? Any pointers on how to troubleshoot?

  WORKAROUND for "Error: The home folder for user "ActiveDirectoryUser" isn't located in the usual place or can't be accessed. The home or Users folder may have been moved or deleted. If the home...."
  I was able to "Fix" the Mobile Account issue above in Lion -for now. (Valid as of 8/18/11 on Lion 10.7.1)
  - In Directory Utility -> Active Directory -> Advanced Options, I unchecked "Create mobile account at login" and left "Force local home directory on startup disk" checked
  - Log out then back in as a networked user,  -A local home directory will be created under /Users but will not be accessible if network is offline (non-mobile)
  - Open Terminal
  --- Type: cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources/
  --- Type: ./createmobileaccount -n username
  The username you specify with the createmobileaccount command will turn it from a standard account into a mobile account.
  This fixes Active Directory mobile accounts for the time being so now its on to Open Directory which refuses to stay bound after a reboot.

• How do I change a mobile account to a local account without server admin?

  Our company split into two seperate companies. We moved and the server stayed. All of our machines were on the server and had portable home directories. We no longer connect to a server. And the server we were connected to is no more. So we can't access it at all. Reinstall is not an option.
  I want to know if it's possible to change a mobile account back to a local account. Login takes FOREVER!! Is there anyway to fix this.
  Whenever I log into my administrator account on the machine, login is very quick.
  Are there some preferences I can delete or change? I went into Directory Access on my machine and unchecked the LDAPv3 and all of the other check boxes just to make sure, but it didn't have any effect.
  I also tried deleting the "Mirrors" folder, but when I log back in, it's there again.

  No one knows anything? I just thought it would be some preference file that I need to find and either change or delete.
  If anyone knows anything, please reply. The login issue is so frustrating.

• How do I change a mobile account back to a local account?

  I posted this under the "Using OS X Server" but having got any replies, so I thought I'd post it under PHD.
  Our company split into two seperate companies. We moved and the server stayed. All of our machines were on the server and had portable home directories. We no longer connect to a server. And the server we were connected to is no more. So we can't access it at all. Reinstall is not an option.
  I want to know if it's possible to change a mobile account back to a local account. Login takes FOREVER!! And I can't access my "Login Items" under "Accounts" in System Preferences. Is there anyway to fix this?
  Whenever I log into my administrator account on the machine, login is very quick.
  Are there some preferences I can delete or change? I went into Directory Access on my machine and unchecked the LDAPv3 and all of the other check boxes just to make sure, but it didn't have any effect.
  I also tried deleting the "Mirrors" folder and preferences file, but when I log back in, it's there again.

  Dont just untick the LDAPv3 Plug in, you have to
  select Configure and Delete the configuration, save
  the changes then quit.
  I did that.
  Navigate to /Library/Managed
  Preferences and remove any preferences there.
  Did that too. But whenever I log back in. They are there again.
  Next lauch NetInfo Manager in /Applications/Utilities,
  click on the lock and authenticate, select Config and
  delect mcx_cache.
  I did this also. There were actually 2 mcx_cache folders. One in the /config/mcx_cache and another at /mcx_cache. I deleted both of them.
  Next select System Preferences >
  Accounts and delete the Mobile Account thats there –
  it should have Mobile Account beneath it.
  This is the part I can't do because I need that account. If I delete the mobile user, I lose that account and I can't do that. Any suggestions here?

• Mobile Account - How to Map Share Point Locally on Server?

  Hello,
  Using mobile accounts on a mac mini server, this is a small home network. Primary reason for server was to use mobile accounts allow the various computers and laptops to be accessed by all family and guests with data linked to login.
  All work fine except, when I login into the server as my mobile account it is unable to sync, or find any files because the Share Points do not map locally. Warning message says use locally. This causes problems with itunes, mobile account syncs etc.
  Is there a way to map the Share Points using the network path, locally on the server in the mobile accounts?
  Thanks
  Peter

  You need to convert the project to sharepoint 2013,  you have to change the target office version 15.0 and target framework versions to 4.0 or 4.5. For more details go throught the below posts
  http://www.codeproject.com/Articles/522220/Converting-Multiple-SharePoint-2010-Projects-to-Sh
  http://social.msdn.microsoft.com/Forums/en-US/c15f274c-1dfe-47cc-b753-883307fc354f/migrate-sharepoint-2010-visual-webpart-to-sharepoint-2013-using-visual-studio-2012
  http://sharepoint.stackexchange.com/questions/58377/upgrade-a-vs-2012-sharepoint-2010-project-to-sharepoint-2013
  Raghavendra Shanbhag | Blog: www.SharePointColumn.com
  Please click "Propose As Answer " if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
  Disclaimer: This posting is provided "AS IS" with no warranties.

• Changing home direcotry location breaks mobile account sync

  Dear all, hope you could help me with the follow problem:
  I recently transferred my users' home directories to a new NAS.
  The old home location was e.g. afp://192.168.1.7/homes/user1 (old nas)
  I moved them to afp://192.168.1.9/homes/user1 (new nas)
  For all networked accounts things work fine.
  I have a 1 mobile account user (i.e. user1). When logging in, or when performing home sync, the client keeps on searching for the old nas (i.e. 192.168.1.7), although in workgroup manager I removed all references to the old nas, and updates the home location to the new nas.
  What's wrong? Is there a file locally on the client that stores information about the home location that is not updated? Can I change or delete that file???
  Thx for any help,
  Best regards,
  Stefan.

  you can change this on the client side by modifying the OriginalHomeDirectory and OriginalNFSHomeDirectory attributes in the user's account config.
  check the current config with dscl . -read /users/username on the client side.
  alternatively, you could create a new mobile account with /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobilea ccount (run without options for usage details).

• AD mobile account with local home directory

  I basically have the same question as this post:
  http://discussions.apple.com/message.jspa?messageID=696367
  I have set up Tiger workstations to authenticate to AD, I am forcing a local home dir. Everything works great. I want to do the same thing for Tiger laptop users with mobile accounts. The problem is that OS X creates a second home directory outside of /Users based on attributes from my AD schema. Just like with the non-mobile users, I want to ignore all home dir attributes from AD and just use the user's home dir that is in /Users. So the question is, how can you use a mobile account and force a local home dir with Apple's AD plugin??????

  Yes, I know how to click buttons in the gui, that does not fix the issue. The issue is that the Active Directory schema at my company includes extended attributes from the RFC 2307 schema. Apple's AD plugin does not know how to handle this extended schema especially when using mobile accounts.
  Apple's AD plugin reads these unix attributes from AD and thinks it knows what to do but ends up causing more problems then if there were no unix attributes at all.
  Since this post, I have opened a ticket with Apple. They were able to recreate the problem in their lab with their AD server. The only work around is to create a custom ActiveDirectory.plist file that forces the Mac to ignore what AD is telling it.
  This solution works unless the ActiveDirectory.plist file is deleted or corrupted. This problem will only become worse once Microsoft includes all of the RFC 2307 schema in their next service pack of Win 2003 server.

• Mobile Accounts not copying home folders to local machine

  Having recently upgraded my MacBook to 10.5 (and having a 10.5 server) I have noticed an error with mobile accounts. My account has not synced for a couple of weeks and I have checked all the directory settings and cannot see any errors.
  I've removed all directory services and rebooted, put them back and it will create a mobile account but nothing is being copied to the local hdd. So basically it is functioning like a network account rather than a mobile one.
  This works fine on our 10.4 clients but having tried different users on my 10.5 system it does the same....creates the account, mounts the server but does nothing else.
  This means when you sync it says its complete but does nothing...its like its lost permissions to the folder on the server but that seems very odd.
  Anyone else had issues with 10.5? We have an AD server with our users and a 10.5 server with OD replicating AD and holding the home folders.

  Are you still ahving this issue?
  Would you do like geekinit in this thread and post some partial screen grabs (although is problem included Windows server Active Directory and profile Manager which I will get up to soon.)
  Unable to deploy home folder mobility settings through an Apple MDM server
  Did you create a fileshare for Local Network accounts to put their stuff
  If so where is OS X server?
  Did you tell the user in OD to use that fileshare?
  Here's a screen grab example
  Francois.