Although this scenario is not so common, but we have a KB for that - prior deploying JumpCloud agent to the device.
I recently came across a similar case - Mac bind with AD, with JC agent installed. So, I forked the dis-bind script mentioned in the KB to make it work in JC cmd:
Note - Only the “mobile accounts” can be converted to local accounts. And the script introduced by the KB below works halfway - only disjoining AD. Despite the conversation failure from the script, the “mobile” account will be retained as a local account once disjoined AD, data remains too.
Make sure this checkbox is ticked in "directory utility":
You can simply create a cmd in Jumpcloud and paste below lines in.
RemoveAD(){
# This function force-unbinds the Mac from the existing Active Directory domain
# and updates the search path settings to remove references to Active Directory
searchPath=`/usr/bin/dscl /Search -read . CSPSearchPath | grep Active\ Directory | sed 's/^ //'`
# Force unbind from Active Directory
/usr/sbin/dsconfigad -remove -force -u none -p none
# Deletes the Active Directory domain from the custom /Search
# and /Search/Contacts paths
/usr/bin/dscl /Search/Contacts -delete . CSPSearchPath "$searchPath"
/usr/bin/dscl /Search -delete . CSPSearchPath "$searchPath"
# Changes the /Search and /Search/Contacts path type from Custom to Automatic
/usr/bin/dscl /Search -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
/usr/bin/dscl /Search/Contacts -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
}
check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`
# Check for AD binding and offer to unbind if found.
if [[ "${check4AD}" = "Active Directory" ]]; then
RemoveAD; /bin/echo "AD binding has been removed."; break
fi
Expect an output like this:
😉
New to the site? Take a look at these additional resources:
Community created scripts:
Our new Radical Admin blog:
Keep up with Product News:
Ready to join us? You can register here.
