Currently Being ModeratedJun 28, 2013 7:30 AM (in response to MyrkridianRhapsody)
Lets be clear on nomencalure: You don't want to delete the account. You want to delete the account's homefolder on the server. Correct?
I don't believe there is anything in OS X Server that manages account folder deletion (there are login controls, but the data would still be there). You could easily write a script however to delete the home folders. What is your experience in shell or Applescript?
You don't need to restart the server to run a script, delete folders or even manage accounts. If you want to write a script that launches at regular intervals, you can do so using launchd.
Does that help?
Thanks for the response Jaime. Yes I should be more clear: there are no open directory accounts on our OS X Server, and there are no home folders being stored/synced on the OS X server. All we are using OS X server for is to set preferences (dock, permissions, etc.) for a particular group of computers. When someone logs into a remote machine in the library, their credentials are verified in active directory, and a local home folder is made for them. To my knowledge there is no home folder anywhere other than the local machine. So when I say "delete the account", I mean delete it from the local machine. It will still exist in active directory of course, so the next time they log in, they will see a fresh account with all of the managed preferences I have set for them.
Make sense? There is a possibility I have this wrong mind you, but this is what I have deduced from the way things seem to be working.
Snow Leopard Server. I found this discussion link which seems to validate the thought that active directory doesnt play well with mobile homes/account expiry:
And I guess that answers my question... other than knowing what my options are for forcing these mobile accounts to delete on the remote machines.
Yes the symptom is the same... but no, logging in twice or more times does not resolve the problem. I have set the account expiration time from 0 to 24 hours and tried all different ways. The account never deletes on the remote computer.
Currently Being ModeratedJun 28, 2013 10:43 AM (in response to MyrkridianRhapsody)
OK, well, scripting it is. What you'll want to do is iterate through the accounts with dscl, checking mobile status, and remove the entry and the appropriate home folder. Let me know if you need some help with that.
Currently Being ModeratedJul 3, 2013 7:47 PM (in response to MyrkridianRhapsody)
Not sure if you came up with a solution since your last post but would be grateful if you could post a follow up to what you did. I am struggling to come up with a solution. I've used the account expiry with 10.68 server with 10.68 clients and all works great. Not so with 10.94 server and 10.84 clients. Not happy.
Still working on the script. I actually have a working script but need to modify it a bit more, as well as generate a launch daemon .plist to run it automatically. I'll post my results once I get it done.
So I got the script working. I found most of it on another site but modified it a little bit. Here it is:
UserList=`/bin/ls /Users | /usr/bin/grep -v "Shared"`
for u in $UserList ; do
if [[ `/usr/bin/dscl . read /Groups/admin GroupMembership | /usr/bin/grep $u -c` == 1 ]]
then /bin/echo "Admin account detected skipping..."
else /usr/bin/dscl . delete /Users/$u && /bin/rm -rf /Users/$u
rm -rf /Library/Managed\ Preferences/*
I then used Lingon X to write a launch daemon which will run the script every day at 5:30 AM. This way it will only delete user account information when no one is on the computer. You also have to make sure that your computer isn't asleep when the script is run, or else it will just skip it and wait until the next run cycle. So what you could do is set the launch daemon to run the script at 5:31 AM every Monday, but also set your Energy Saver prefs to wake up the machine at 5:30 AM every Monday. You could also build into the script to pass over any currently logged in users, but this is taking up too much of my time and seems to be working just fine.
More Like This
- Retrieving data ...
- This solved my question - 10 points
- This helped me - 5 points