JumpCloud Community

Although this scenario is not so common, but we have a KB for that - prior deploying JumpCloud agent to the device. 

I recently came across a similar case - Mac bind with AD, with JC agent installed. So, I forked the dis-bind script mentioned in the KB to make it work in JC cmd:

Note - Only the “mobile accounts” can be converted to local accounts. And the script introduced by the KB below works halfway - only disjoining AD. Despite the conversation failure from the script, the “mobile” account will be retained as a local account once disjoined AD, data remains too.

Make sure this checkbox is ticked in "directory utility":

You can simply create a cmd in Jumpcloud and paste below lines in.

RemoveAD(){

    # This function force-unbinds the Mac from the existing Active Directory domain
    # and updates the search path settings to remove references to Active Directory 

    searchPath=`/usr/bin/dscl /Search -read . CSPSearchPath | grep Active\ Directory | sed 's/^ //'`

    # Force unbind from Active Directory

    /usr/sbin/dsconfigad -remove -force -u none -p none
    
    # Deletes the Active Directory domain from the custom /Search
    # and /Search/Contacts paths
    
    /usr/bin/dscl /Search/Contacts -delete . CSPSearchPath "$searchPath"
    /usr/bin/dscl /Search -delete . CSPSearchPath "$searchPath"
    
    # Changes the /Search and /Search/Contacts path type from Custom to Automatic
    
    /usr/bin/dscl /Search -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
    /usr/bin/dscl /Search/Contacts -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
}

check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`
# Check for AD binding and offer to unbind if found. 
if [[ "${check4AD}" = "Active Directory" ]]; then
	
    RemoveAD; /bin/echo "AD binding has been removed."; break
fi

Expect an output like this:

😉