Skip navigation

Account Expiry

594 Views 14 Replies Latest reply: Jul 8, 2013 10:21 AM by MyrkridianRhapsody RSS
MyrkridianRhapsody Level 2 Level 2 (470 points)
Currently Being Moderated
Jun 28, 2013 7:18 AM

Hi there,

 

I work at a college as the Mac Support Speciallist. We have an OS X server that is integrated with our Active Directory setup. The Library Macs are tied to this server so students can log in with their active directory accounts. This was all set up by my predecessor so I am trying to make sense of everything here so bear with me... it looks like he had configured the server to have accounts be mobile, and expire after 24 hours (meaning the local home folder would be deleted after that time). However, my research indicates that this will not work when using active directory accounts. And as a matter of fact, everyone here was under the impression that it WAS auto deleting the accounts, although all of the Macs have like 400 accounts on them now, apparently over the course of a year since the server was set up.

 

So my question is this: Is there a way to have the accounts delete on their own? We want the luxury of the students being able to login with their network credentials, but it isn't super important for them to store information for a long duration of time on the library computers, so having them expire/delete is fine even though it is not being synced to a server somewhere. The only option I can think of is to write a startup script to delete the accounts and have the machine auto restart at like 3 AM so it runs everyday. Any other ideas would be much appreciated!

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Jun 28, 2013 7:30 AM (in response to MyrkridianRhapsody)

    Lets be clear on nomencalure: You don't want to delete the account. You want to delete the account's homefolder on the server. Correct?

     

    I don't believe there is anything in OS X Server that manages account folder deletion (there are login controls, but the data would still be there). You could easily write a script however to delete the home folders. What is your experience in shell or Applescript?

     

    You don't need to restart the server to run a script, delete folders or even manage accounts. If you want to write a script that launches at regular intervals, you can do so using launchd.

     

    https://developer.apple.com/library/mac/documentation/darwin/reference/manpages/ man8/launchd.8.html

     

    Does that help?

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Jun 28, 2013 8:18 AM (in response to MyrkridianRhapsody)

    No, you're fine. I'm still waking up I wasn't thinking about Mobile Homes. What version of OS X Server are you using?

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Jun 28, 2013 8:54 AM (in response to MyrkridianRhapsody)

    Well, there is this...

     

    http://support.apple.com/kb/TS3736

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Jun 28, 2013 9:41 AM (in response to MyrkridianRhapsody)

    Right, but is that the behavior you are seeing? Does it properly get deleted if the user has logged in more than once?

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Jun 28, 2013 10:43 AM (in response to MyrkridianRhapsody)

    OK, well, scripting it is. What you'll want to do is iterate through the accounts with dscl, checking mobile status, and remove the entry and the appropriate home folder. Let me know if you need some help with that.

  • Peter Greco Calculating status...
    Currently Being Moderated
    Jul 3, 2013 7:47 PM (in response to MyrkridianRhapsody)

    Not sure if you came up with a solution since your last post but would be grateful if you could post a follow up to what you did. I am struggling to come up with a solution. I've used the account expiry with 10.68 server with 10.68 clients and all works great. Not so with 10.94 server and 10.84 clients. Not happy.

     

    Thanks,

    Pete

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.