arubdesu/MoveLocalToAD.sh

## MoveLocalToAD.sh
#!/bin/bash
# Copywright Allister Banks 12/2014, see bottom for license
# Migrate from Local domain to AD, inspiration from
# https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/migrate_local_user_to_AD_domain

CD="$HOME/Applications/CocoaDialog.app/Contents/MacOS/CocoaDialog"
declare -rx dig=/usr/bin/dig
declare -rx dscl=/usr/bin/dscl
declare -rx killall=/usr/bin/killall
declare -rx createmobileaccount="/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount"
declare -rx chown=/usr/sbin/chown
declare -rx mv=/bin/mv
DSLOCAL_PATH="/private/var/db/dslocal/nodes/Default"
ROOT_STASH="/private/var/root/"
# domain vars, replace OUR_DOMAIN/ourdomain.com as necessary
DOMAIN_DSCL="OUR_DOMAIN\\Domain\ Users"
DOMAIN_URL="ourdomain.com"
# generic die with reason function
die() {
  rv=`$CD ok-msgbox --title "Bailing Out" \
  --text "Bailing due to:" \
  --informative-text "$REASON" \
  --no-cancel --float`
  if [ "$rv" == "1" ]; then
    echo "Closing"
    exit
  fi
}
# May need modification to fit your site, but verify DNS resolution to confirm AD is accessible
CANHIT_AD_NUMBER=`$dig srv _ldap._tcp.$DOMAIN_URL | grep -c "ANSWER SECTION"`
if [ $CANHIT_AD_NUMBER != 1 ]; then
  REASON="Can't get to the domain controller, are we on the internal network?"
  die
fi
# verify we're bound to AD in the first place
WE_BOUND=`dscl localhost -list . | grep -c "Active Directory"`
if [ $WE_BOUND != 1 ]; then
  REASON="Hey, did the binding workflow succeed? Check the computer name doesn't already exist, maybe?"
  die
fi

START=`$CD ok-msgbox --title "Starting User Migration" \
--text "First, please select the current user's home folder" \
--no-newline --float`
if [ "$START" == "1" ]; then
  echo "User said OK"
elif [ "$START" == "2" ]; then
  echo "Canceling"
  exit
fi

GETUSER=`$CD fileselect --title "Select User to Migrate" \
--text "Which user are we migrating?" \
--with-directory $HOME/../ \
--select-directories`
if [ -n "$GETUSER" ]; then
  DAS_USER=`basename $GETUSER`
fi
# fetch full user name for confirmation
FULL_NAME=`$dscl /Search -read $GETUSER RealName | tail -n 1`

CONFIRM=`$CD msgbox --no-newline --title "Confirmation, or Call Allister" \
--text "Full user name is$FULL_NAME, right?" \
--informative-text "If wrong, please run 'sudo mv /Users/bad_user_name /Users/good_one' and try again" \
--button1 "HHokay!" --button2 "Whoops" --button3 "Cancel"`
if [ "$CONFIRM" == "1" ]; then
  echo "Continuing"
elif [ "$CONFIRM" == "2" ]; then
  REASON="You need to open Terminal and run 'sudo mv /Users/bad_user_name /Users/good_one' \
    (or just call Support)"
  # TODO - do the move for them, changing the var as appropriate
  die
elif [ "$CONFIRM" == "3" ]; then
  echo "Not ready to proceed"
  exit
fi
# move old user plist to root's home folder, just in case
$mv $DSLOCAL_PATH$GETUSER $ROOT_STASH
# kill local user
$dscl . -delete $GETUSER
# HUP dir service
$killall opendirectoryd
# make it so with new user name
$createmobileaccount -n $DAS_USER
# fix perms
$chown -R $DAS_USER:$DOMAIN_DSCL $GETUSER
# tell 'em they great
DONEZO=`$CD ok-msgbox --title "Done!" \
--text "Great work! Sign out for 5" \
--informative-text "Don't forget to check FileVault for this user, etc. Thanks!" \
--no-cancel --float`
if [ "$DONEZO" == "1" ]; then
  echo "Closing"
  exit
fi

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
	#!/bin/bash
	# Copywright Allister Banks 12/2014, see bottom for license
	# Migrate from Local domain to AD, inspiration from
	# https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/migrate_local_user_to_AD_domain

	CD="$HOME/Applications/CocoaDialog.app/Contents/MacOS/CocoaDialog"
	declare -rx dig=/usr/bin/dig
	declare -rx dscl=/usr/bin/dscl
	declare -rx killall=/usr/bin/killall
	declare -rx createmobileaccount="/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount"
	declare -rx chown=/usr/sbin/chown
	declare -rx mv=/bin/mv
	DSLOCAL_PATH="/private/var/db/dslocal/nodes/Default"
	ROOT_STASH="/private/var/root/"
	# domain vars, replace OUR_DOMAIN/ourdomain.com as necessary
	DOMAIN_DSCL="OUR_DOMAIN\\Domain\ Users"
	DOMAIN_URL="ourdomain.com"
	# generic die with reason function
	die() {
	rv=`$CD ok-msgbox --title "Bailing Out" \
	--text "Bailing due to:" \
	--informative-text "$REASON" \
	--no-cancel --float`
	if [ "$rv" == "1" ]; then
	echo "Closing"
	exit
	fi
	}
	# May need modification to fit your site, but verify DNS resolution to confirm AD is accessible
	CANHIT_AD_NUMBER=`$dig srv _ldap._tcp.$DOMAIN_URL \| grep -c "ANSWER SECTION"`
	if [ $CANHIT_AD_NUMBER != 1 ]; then
	REASON="Can't get to the domain controller, are we on the internal network?"
	die
	fi
	# verify we're bound to AD in the first place
	WE_BOUND=`dscl localhost -list . \| grep -c "Active Directory"`
	if [ $WE_BOUND != 1 ]; then
	REASON="Hey, did the binding workflow succeed? Check the computer name doesn't already exist, maybe?"
	die
	fi

	START=`$CD ok-msgbox --title "Starting User Migration" \
	--text "First, please select the current user's home folder" \
	--no-newline --float`
	if [ "$START" == "1" ]; then
	echo "User said OK"
	elif [ "$START" == "2" ]; then
	echo "Canceling"
	exit
	fi

	GETUSER=`$CD fileselect --title "Select User to Migrate" \
	--text "Which user are we migrating?" \
	--with-directory $HOME/../ \
	--select-directories`
	if [ -n "$GETUSER" ]; then
	DAS_USER=`basename $GETUSER`
	fi
	# fetch full user name for confirmation
	FULL_NAME=`$dscl /Search -read $GETUSER RealName \| tail -n 1`

	CONFIRM=`$CD msgbox --no-newline --title "Confirmation, or Call Allister" \
	--text "Full user name is$FULL_NAME, right?" \
	--informative-text "If wrong, please run 'sudo mv /Users/bad_user_name /Users/good_one' and try again" \
	--button1 "HHokay!" --button2 "Whoops" --button3 "Cancel"`
	if [ "$CONFIRM" == "1" ]; then
	echo "Continuing"
	elif [ "$CONFIRM" == "2" ]; then
	REASON="You need to open Terminal and run 'sudo mv /Users/bad_user_name /Users/good_one' \
	(or just call Support)"
	# TODO - do the move for them, changing the var as appropriate
	die
	elif [ "$CONFIRM" == "3" ]; then
	echo "Not ready to proceed"
	exit
	fi
	# move old user plist to root's home folder, just in case
	$mv $DSLOCAL_PATH$GETUSER $ROOT_STASH
	# kill local user
	$dscl . -delete $GETUSER
	# HUP dir service
	$killall opendirectoryd
	# make it so with new user name
	$createmobileaccount -n $DAS_USER
	# fix perms
	$chown -R $DAS_USER:$DOMAIN_DSCL $GETUSER
	# tell 'em they great
	DONEZO=`$CD ok-msgbox --title "Done!" \
	--text "Great work! Sign out for 5" \
	--informative-text "Don't forget to check FileVault for this user, etc. Thanks!" \
	--no-cancel --float`
	if [ "$DONEZO" == "1" ]; then
	echo "Closing"
	exit
	fi

	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.