Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Account Migration Tool

Macintosh Account Migration Tool
Mar 2011
Centrify Corporation
Abstract
This document provides an overview for the first release of Centrify Account Migration Tool for Macintosh
Centrify Corporation
785 N Mary Ave, Suite 200
Sunnyvale, CA 94085
TEL
FAX
URL
(408) 542-7500
(408) 542-7575
www.centrify.com
Legal Notice
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious, and no association with any
real company, organization, product, domain name, e-mail address, logo, person, place or event is intended
or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without
limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into
a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of Centrify Corporation.
Centrify may have patents, patent applications, trademarks, copyrights, or other intellectual property rights
covering subject matter in this document. Except as expressly provided in any written license agreement from
Centrify, the furnishing of this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property.
©2010 Centrify Corporation. All rights reserved.
Centrify and DirectControl are trademarks of Centrify Corporation in the United States and/or other
countries. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective
owners.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
II
Contents
Legal Notice .................................................................................................. ii 1 Introduction ............................................................................................. 1 2 Feature Overview ..................................................................................... 1 2.1 Limitations.............................................................................................................. 1 3 Platforms .................................................................................................2 4 Installation ..............................................................................................2 5 UI Overview and Use Cases ......................................................................2 5.1.1 Use Case 1 – Local Mac user account. ........................................................ 3 5.1.2 Use Case 2 – Local Mac user account that has no matching AD account
with the same name. ................................................................................... 5 5.1.3 Use Case 3 – Apple AD user account.......................................................... 6 5.1.4 Saving the mapped records. ........................................................................7 5.1.5 Program Exit. .............................................................................................. 8 6 Updating the keychain on first login........................................................ 8 7 Removing account mapping .................................................................... 9 8 Uninstalling Centrify and restoring the local user account ...................... 9 © CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
III
ACCOUNT MIGRATION TOOL
1 Introduction
This tool is designed to provide a simple, error free method for associating an existing
home directory with an Active Directory User account.
With this tool a user can avoid running “adfixid” and “adrmlocal” on a Mac with existing
accounts.
2 Feature Overview
The Account Migration Tool provides the following features:
•
Works with Centrify Express users, as well as DirectControl with Auto-Zone or
Zone enabled users.
•
Map an existing local user account to an AD account. A typical local user account
has the UID of 501 on every Macintosh. This allows you to map the home
directory on every mac to a unique AD user.
•
Map an existing Apple AD user local home directory to an AD account. A home
directory created using the Apple AD user with have a unique uid like 12345678.
This tool will allow you to map that home directory to a unique AD user.
•
Allows the user to select the local home directory and auto-select the machine AD
user
•
Allows the user to map a local home directory to an AD user that does not have
the same logon name.
•
Automatically delete the local user account record if necessary. Deleting the local
user account record will NOT delete the home directory for that user.
2.1 Limitations
The following limitations apply:
•
A local administrator account must exist and must be used to run the tool.
•
If the local account was an administrator this setting will be lost and will need to
be re-set after the user logs in.
•
The tool can only be used to map 1 user account on a machine. It is possible to
map more accounts but it’s not supported in this version.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
1
ACCOUNT MIGRATION TOOL
•
The tool has no rollback mechanism. Rolling back requires manual steps
•
Mac OS 10.5 and 10.6
•
It should work with any version of DirectControl
3 Platforms
4 Installation
Product can be copied from the download site or the centrify idisk. No installation steps
are needed.
5 UI Overview and Use Cases
The Account Migration Tool uses a UI that tries to match the look and feel of the current
ADJoin tool.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
2
ACCOUNT MIGRATION TOOL
Figure 1 Main Dialog
The following picture shows the Account Migration Tool when it is launched. It will show
the list of home directories that exist in the /Users directory.
The user will click and select the home directory they want to map.
The also has the option to select a different starting point for the home directory.
If they click the … button it will let them select a different directory. This can be used to
specify a different home directory path, for example migration of Thursby AdmitMac
users where the home directory is the path /Domain/<addomain>/username.
5.1.1 Use Case 1 – Local Mac user account.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
3
ACCOUNT MIGRATION TOOL
Figure 2 Account Mapping Tool after the user selects a home directory
This case has a home directory with a UID of typically 504. There will also be a locally
defined user record. (ie qatest)
The user also has an account in Active Directory with a matching username. (qatest)
When the user selects a home directory the username and the UID/GID of the local
account will be displayed in the upper right corner.
The tool will then search Active Directory and try to find the user with the same
username.
It will show the user’s record, UID and GID from Active Directory so the user can confirm
that this is the correct binding.
It will then display a notice in redtelling the user that the local user account will be
deleted but the home directory will not be affected.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
4
ACCOUNT MIGRATION TOOL
5.1.2 Use Case 2 – Local Mac user account that has no matching AD account with
the same name.
Figure 3 User selects a home directory that has no AD match
In this case the user will be prompted to enter an alternate User account.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
5
ACCOUNT MIGRATION TOOL
Figure 4 User selects an alternate mapping account.
Note that the user is notified the local home directory will be deleted
5.1.3 Use Case 3 – Apple AD user account.
In this case we know several things.
A local home directory will exist with a big UID number.
There will be no local user record
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
6
ACCOUNT MIGRATION TOOL
Figure 5 Mapping an AD user account to a Centrify AD account. (Note the screenshot is
inaccurate, the AD UID will be different from the home directory uid)
The mapping information will be displayed but the user will not be told the local home
directory record is to be deleted. (There isn’t one).
5.1.4 Saving the mapped records.
When the user presses the “Map User” the following steps occur;
The tool creates the /etc/centrifydc/passwd.ovr file
It writes the mapping record and the null record:
+qatest:qatest::503:20::/Users/qatest:
+:::::::
It runs “adreload”
It runs “adflush”
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
7
ACCOUNT MIGRATION TOOL
5.1.5 Program Exit.
After the user mapping has been created the user will receive the following dialog. The
program will then exit.
Figure 6 Program Exit
If the user presses the “Quit and Make No changes” button then the program will quit.
6 Updating the keychain on first login
After you have logged in with your AD account, you may receive a Keychain update
dialog. If your new password does not match the previous password used to create the
Keychain, then OS X will prompt for your old credentials and automatically update the
Keychain. Enter your old password to update your keychain, or you can create a new
one.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
8
ACCOUNT MIGRATION TOOL
7 Removing account mapping
If you run the program a second time, it will prompt you to delete the
/etc/centrifydc/passwd.ovr file.
Figure 7 User is notified that an existing passwd.ovr file exists.
The user is given the option to continue or to quit.
If the user presses “OK” then the passwd.ovr file is deleted, and the tool runs “adreload”
and “adflush”.
If the user presses “Quit” the program quits and no changes are made. This will clear the
mapping file from the machine.
8 Uninstalling Centrify and restoring the local user account
If you want to uninstall Centrify and reuse the local account you will need to re-create the
local account.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
9
ACCOUNT MIGRATION TOOL
Create the local account with the same username as previously existed, the Mac will
prompt you to re-own the existing local user directory. It will create the user account with
the same UID and GID it had previously.
© CENTRIFY CORPORATION 2010. ALL RIGHTS RESERVED.
10
Related documents
Centrify DirectManage: Group Policy Management
Centrify DirectManage: Group Policy Management
reading
reading
Construction Check List for The Preserve, Delwood Point, and
Construction Check List for The Preserve, Delwood Point, and
Faculty Directory Information Form
Faculty Directory Information Form
Data Classification Examples
Data Classification Examples
Membership Enrollment Form
Membership Enrollment Form
File-Directory
File-Directory
Installing the CAR package.doc
Installing the CAR package.doc
Windows Azure Active Directory Overview
Windows Azure Active Directory Overview
Centrify Technical Support Policies
Centrify Technical Support Policies
Using Centrify Express on Amazon EC2
Using Centrify Express on Amazon EC2
Centrify Server Suite 2015 Group Policy Guide
Centrify Server Suite 2015 Group Policy Guide
Lab Guide (Q2 2021) - Centrify PAM Administration
Lab Guide (Q2 2021) - Centrify PAM Administration
Download