Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2940: Creating a new local account after doing an Account Migration may create a conflicting local UID

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:11 AM

Applies to: Centrify DirectControl on all versions of Mac OS X.

 
Problem:
 
A new local account is created on a system that has previously had an AD account linked via Account Migration.
 
After this local account is created, a few possible scenarios may occur:
  • The new local account is unable to login
  • The migrated AD account is unable to login
  • The affected account is able to login, but has no permissions to do anything in their home folder (E.g: Create a new file or folder on the Desktop)
 
Cause:
 
The new local account's home folder has a conflicting UID with the previously migrated account.
 
This can happen if the following sequence occurs:
  1. An existing local account exists with the UID of 501:

    501:20  /Users/old_local_user/
     
  2. Account migration is performed. The local profile is deleted and an AD account is mapped onto the /Users/old_local_user/ folder.
     
  3. This mapping is only recognised when the migrated AD user logs in.
    From the machine's perspective, the UID 501 is no longer in use.

     
  4. If a new local account is created, then it could feasibly assign the new account the UID of 501.
     
  5. If this happens, then there will be two home folders in /Users/ with a UID of 501:

    501:20  /Users/new_local_user/
    501:20  /Users/old_local_user/
 
Workaround:
 
There are several options for removing the conflicting UIDs - two possible methods are below:
 
Note: Both options require a third unaffected account which can login with Local Admin privileges to perform the actions.
 
Option 1. 
  • Create a second new local account, so that the UID gets incremented to the next available value (hopefully non-conflicting).
  • Then delete the first new local account (make sure to delete the home folder as well).
 
Option 2. 
  • Go to System Preferences > Users & Groups > In the user list on the left side, right-click on the new local account and select "Advanced Options...".
  • Change the "User ID" to an unused local value and then save the profile.
  • Open the Terminal and re-own the home folder back to the new local account with the command:

    sudo chown -R new_local_user /Users/new_local_user/
 
 
Resolution:
 
An enhancement request has been submitted for better UID detection for future releases.
 
In the meantime, to best avoid the above scenario, if a new local account needs to be created on the Mac, it is recommended to do this BEFORE performing an Account Migration - this will ensure that the local UID has been incremented properly to the next value and avoid any conflicts in the home folder.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.