Page 1 of 1

Migrating from ADmitMac to Apple's Active Directory

Posted: Wed Aug 02, 2017 1:32 pm
by jim_t
We expect to be having a lot of customers asking about migrating from ADmitMac to Apple's AD due to our "end of life" announcement. I wanted to go over the problems that customers may see and the steps to try to mitigate those problems.

The primary problem a customer will run into will be the difference in UID for the domain account home folder. ADmitMac has always used a different calculation for UID than Apple's AD, so though the account is the same, the ownership of the files is seen as a different user. If a customer simply removes ADmitMac and binds with Apple's, they will probably be able to log in, but won't have access to their own files.

Another issue that may be seen is the difference between a Local home and a mobile account. A Local home migration is easier because a mobile account creates an account in Directory Services on the Mac. That account must be removed half-way through the migration process, but the home folder can be left in place but may need to be renamed.

Answers to the following questions will help determine what steps to provide for a particular environment:
  1. Are machines configured to use local home folders or mobile accounts?
  2. How many machines have accounts that need to be migrated?
  3. Is the customer comfortable with Terminal commands?
  4. Does the customer need a scripted solution?
Here are the basic steps:
  1. Log in as a local admin
  2. Remove ADmitMac domain binding
  3. Copy the local home folder to /Users, or rename the mobile account home folder
  4. If a mobile account is used, remove the account in Users & Groups, but don't change the home folder
  5. Bind the Mac to Active Directory using Apple's AD
  6. Find the UID and GID for the user using the Terminal
  7. Change the ownership of the existing home to the new UID/GID pair
Please contact for any assistance.