Mac local to AD account conversion
Is there a quick and easy way to convert Mac OS X local user accounts to authenticate from Active Directory instead of the local Mac user account?
I am working a project for a new company where I have discovered that the computers that have been set up so far have been set up with local user accounts that have the exact same name as the user’s Active Directory logon account.
The problem is that whenever users on these Macs logon to their Macs using their Active Directory username and password they are in fact being logged in and authenticated by the Mac OS X operating system instead of being authenticated by the Active Directory domain servers.
This presents obvious security problems as well as creating other problems such as when users change their local Mac user account password s these passwords aren’t updated in Active Directory.
I am hoping that there is a quick and easy way (or a utility or method) that will allow us to change all of these local Mac OS X user accounts so that they have to contact the Active Directory domain controllers to be authenticated.
All of these Macs were added to the Active Directory domain before these local accounts were created.
Is this possible or do all of the existing local user accounts need to be renamed (and the data and settings copied) so that the users will be able to logon using their Active Directory user names and passwords?
Or what other methods, utilties, or apps are available to fix this issue?
iMac, OS X Mavericks (10.9.3), Mac local & AD account logon