Hello everyone....
I have a small issue here at work and I am trying to script out a way to automate a fix for it. I have a small number of users (I work in a 1:1 with 6,000 macbooks) that aren't really managed in my deployment. They are managed with a few policies, but the policies are broken because they never turn their laptops in or get them reimaged. I have had to wipe LDAP a few times for upgrades/maintenance/fixes and their synchronized portable home directory has a different UID than the new UID since I did fresh imports of user accounts both times I destroyed and rebuilt LDAP.
So, I have a script written which seems to be going the correct way of doing this, but I am not exactly a Unix wizard so I have some basic questions hopefully someone here can help me with.
The script's function will be to copy all local user accounts in /Users to /Users/username.bu for a full back up of the account. Then, it will initiate a log out, and a log out hook that will run the second script that will verify all data is copied to the back up folder (.bu) and then delete the account from directory services and wipe the original data out of their local user account.
This way, when the user logs in next, they will have pulled down the new account to their machine that has the exact same user/password but this time it will be the right UID. Then they will be in the proper OD groups and get group policy as normal.
I hope that makes sense. Also, only accounts that have a UID higher than 1000+ are directory accounts, so I want to ignore all accounts with an UID less than 999.
So far here is my script I wrote, and like I mentioned, I am completely self taught and have no formal education in programming.
#!/bin/bash
#
# First we need to grab the synchronnized user account
# All directory accounts will have a UID greater than 1000
# All local accounts will have a UID of 500 to 999
# We only want to move accounts with UID of greater than 1000
# This will also exclude the shared folder
#
userlist=`/bin/ls /Users | /usr/bin/grep -v "^Shared"`
checkuid=`/usr/bin/dscl . read /Users/$i UniqueID | /usr/bin/awk '/ID/ { print $2 }'`
for i in $userlist ; do
if (( $checkuid > 999 ))
then /bin/mkdir /Users/$i.bu ;; /bin/cp -R /Users/$i /Users/$i.bu
else /bin/echo "$i is not a directory user"
exit 5
fi
done
#
# now the tricky part we need to verify what was done, is done then delete the old account
# so the user can sync the new account with the proper UID
#
homefolder=`/bin/ls -l $userlist/`
backup="/Users/$userlist.bu"
# now compare contents
if [[ $homefolder == $backup ]]
then /usr/sbin/dscl . -delete /Users/$userlist
else /bin/echo "Contents do not match, exiting"
exit 1
fi
done
#
# Now remove the contents of those user accounts by comparing what has
# .bu on the end
#
removeuser=`/bin/ls /Users | /usr/bin/grep ".bu"
/bin/rm -rf /Users/$removeuser
exit 0
Now the second script will just copy that data back after the user logs in again and resynchronizes their PHD with the proper UID. Then the last bit will apply ownership to that new UID and exit.
A few questions....
1) Should I have used an integer comparison when comparing the current UID to it being greater than 999?
2) There are probably some issues with this script as I have not tested it out fully yet, because I was wanting some feed back to see if there was a better way to go. Is there a more efficient way to go about this?
Thanks for anyone who can help, it is greatly appreciated.
Tom