Active Directory Users

Discussion in 'Mac OS X Server, Xserve, and Networking' started by freefika, Mar 15, 2017.

  1. freefika, Mar 15, 2017
    Last edited: Mar 15, 2017

    freefika macrumors newbie

    Joined:
    Feb 7, 2017
    #1
    Hi!

    I work in a school where we have over 50 iMacs. We have children from all classes accessing these iMacs. The iMacs are linked to the Active Directory and children log in with their AD credentials. A new account is setup for every child that logs in. This can be a bit cumbersome, especially if there are various children logging in (an more than 20 profiles/user accounts being created on every machine).

    I want to be able to delete all traces of users and user accounts from the iMacs except the local, shared, and guest account.

    Ideally, i would like to automate this process as well at any particular time etc...

    I am pretty new to networking and using terminal commands on Macs.

    Thanks.

    Note: all iMacs are running macOS Sierra
     
  2. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #2
    So is the active directory in what kind Microft Directory is the Domain?
     
  3. freefika thread starter macrumors newbie

    Joined:
    Feb 7, 2017
    #3
    yes microsoft directory. All the imacs are linked to the domain and any AD user can login on to the Mac. When a user does that, a profile is created for the user. This way, i will end up with each mac having multiple profiles. I want to clear them periodically.
     
  4. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #4
    What Microsoft directory is it running? I ask because it is welll known on Microsoft Server 2008s2 you need to start the Time server in the 2008 server! This will make sure when the user logs of their account(sleep) it will still log back on!
     
  5. freefika thread starter macrumors newbie

    Joined:
    Feb 7, 2017
  6. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #6
    So just delete the User from the Domain and email account (if you are running a web server inside if it). Plus if you are using VPN service delete the user from that too.
     
  7. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #7
    This is not what the OP is asking. When a network user signs in on a Mac, their account and home folder is left behind. What you suggest would delete the student's entire account from Active Directory.
    --- Post Merged, Mar 16, 2017 ---
    I would use configuration profiles to set mobility preferences, and in that, you can set the home folder to be deleted "as soon as possible", which functionally translates into "as soon as the user logs out."
    Do you have any sort of management infrastructure in place to configure these Macs?
     
  8. DJLC macrumors 6502a

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #8
    It sounds like you're probably using Mobile Accounts vs. Network Accounts. My understanding is that a Network Account creates a temporary profile on the client device (iMacs) that gets deleted when they log out. The downside is that if the iMac can't contact a Domain Controller, nobody can log in w/ an AD account.

    Your other option, as suggested above, is to use a profile that specific AD or Mobile Account settings. But in my experience the user profile deletion piece doesn't always exactly work..... :/
     
  9. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #9
    I also find that it's not 100% but I also have a script I can run through Remote Desktop to delete the leftovers if necessary.
     

Share This Page