Active Directory Users

freefika

macrumors newbie
Original poster
Feb 7, 2017
5
0
Hi!

I work in a school where we have over 50 iMacs. We have children from all classes accessing these iMacs. The iMacs are linked to the Active Directory and children log in with their AD credentials. A new account is setup for every child that logs in. This can be a bit cumbersome, especially if there are various children logging in (an more than 20 profiles/user accounts being created on every machine).

I want to be able to delete all traces of users and user accounts from the iMacs except the local, shared, and guest account.

Ideally, i would like to automate this process as well at any particular time etc...

I am pretty new to networking and using terminal commands on Macs.

Thanks.

Note: all iMacs are running macOS Sierra
 
Last edited:

freefika

macrumors newbie
Original poster
Feb 7, 2017
5
0
So is the active directory in what kind Microft Directory is the Domain?
yes microsoft directory. All the imacs are linked to the domain and any AD user can login on to the Mac. When a user does that, a profile is created for the user. This way, i will end up with each mac having multiple profiles. I want to clear them periodically.
 

satcomer

macrumors 604
Feb 19, 2008
6,925
1,172
The Finger Lakes Region
yes microsoft directory. All the imacs are linked to the domain and any AD user can login on to the Mac. When a user does that, a profile is created for the user. This way, i will end up with each mac having multiple profiles. I want to clear them periodically.
What Microsoft directory is it running? I ask because it is welll known on Microsoft Server 2008s2 you need to start the Time server in the 2008 server! This will make sure when the user logs of their account(sleep) it will still log back on!
 

chrfr

macrumors G3
Jul 11, 2009
9,721
3,581
So just delete the User from the Domain and email account (if you are running a web server inside if it). Plus if you are using VPN service delete the user from that too.
This is not what the OP is asking. When a network user signs in on a Mac, their account and home folder is left behind. What you suggest would delete the student's entire account from Active Directory.
[doublepost=1489671326][/doublepost]
Hi!

I work in a school where we have over 50 iMacs. We have children from all classes accessing these iMacs. The iMacs are linked to the Active Directory and children log in with their AD credentials. A new account is setup for every child that logs in. This can be a bit cumbersome, especially if there are various children logging in (an more than 20 profiles/user accounts being created on every machine).

I want to be able to delete all traces of users and user accounts from the iMacs except the local, shared, and guest account.

Ideally, i would like to automate this process as well at any particular time etc...

I am pretty new to networking and using terminal commands on Macs.

Thanks.

Note: all iMacs are running macOS Sierra
I would use configuration profiles to set mobility preferences, and in that, you can set the home folder to be deleted "as soon as possible", which functionally translates into "as soon as the user logs out."
Do you have any sort of management infrastructure in place to configure these Macs?
 

DJLC

macrumors 6502a
Jul 17, 2005
774
154
North Carolina
Hi!

I work in a school where we have over 50 iMacs. We have children from all classes accessing these iMacs. The iMacs are linked to the Active Directory and children log in with their AD credentials. A new account is setup for every child that logs in. This can be a bit cumbersome, especially if there are various children logging in (an more than 20 profiles/user accounts being created on every machine).

I want to be able to delete all traces of users and user accounts from the iMacs except the local, shared, and guest account.

Ideally, i would like to automate this process as well at any particular time etc...

I am pretty new to networking and using terminal commands on Macs.

Thanks.

Note: all iMacs are running macOS Sierra
It sounds like you're probably using Mobile Accounts vs. Network Accounts. My understanding is that a Network Account creates a temporary profile on the client device (iMacs) that gets deleted when they log out. The downside is that if the iMac can't contact a Domain Controller, nobody can log in w/ an AD account.

Your other option, as suggested above, is to use a profile that specific AD or Mobile Account settings. But in my experience the user profile deletion piece doesn't always exactly work..... :/
 

chrfr

macrumors G3
Jul 11, 2009
9,721
3,581
But in my experience the user profile deletion piece doesn't always exactly work..... :/
I also find that it's not 100% but I also have a script I can run through Remote Desktop to delete the leftovers if necessary.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.