Tag: active directory

  • TCC in Mojave doesn’t prevent deleting local folders for AD-bound Macs

    Note: We’re currently using a setup of Force local home directory on startup disk for AD-bound Macs instead of Create mobile account at login or Use UNC path from Active Directory to derive network home location—so if you’re using either of those other options, your mileage may vary—definitely do some testing! This is also as…

  • Exporting a .csv of users out of Active Directory

    Even though I found many tutorials on how to export Active Directory users from a group into a comma-separated values text file, none did exactly what I wanted (specify an organizational unit, get only the active users, get the first and last name and the email address out). I had to do a little bit…

  • Deleting keychains at user logout

    Update: The easiest way to do this is actually to install Offset and then put a RemoveLastUserKeychains script into /usr/local/offset/logout-every (make sure it’s owned by root:wheel and has 755 permissions). Backstory This is a sequel to Deleting Mac Keychains in an Active Directory Environment, which talked about a way to delete keychains at logout using…

  • Fix ownership of copied folders for Active Directory Macs

    Warning This script does some serious system modifications. If you don’t know what you’re doing, ask questions in the comments. Don’t just run this script if you don’t understand what it does or how it’s doing it. This also assumes short usernames match up with user folder names, which they usually do. What issue this…

  • Deleting Mac Keychains in an Active Directory Environment

    Update: The easiest way to do this is actually to install Offset and then put a RemoveLastUserKeychains script into /usr/local/offset/logout-every (make sure it’s owned by root:wheel and has 755 permissions). What’s the problem? If you’re in a primarily or exclusively Mac environment, but you’re managing logins through Active Directory, password changes on the AD level…