Applies to: Centrify DirectControl on all versions of Mac OS X.
A new local account is created on a system that has previously had an AD account linked via Account Migration.
After this local account is created, a few possible scenarios may occur:
- The new local account is unable to login
- The migrated AD account is unable to login
- The affected account is able to login, but has no permissions to do anything in their home folder (E.g: Create a new file or folder on the Desktop)
The new local account's home folder has a conflicting UID with the previously migrated account.
This can happen if the following sequence occurs:
- An existing local account exists with the UID of 501:
- Account migration is performed. The local profile is deleted and an AD account is mapped onto the /Users/old_local_user/ folder.
- This mapping is only recognised when the migrated AD user logs in.
From the machine's perspective, the UID 501 is no longer in use.
- If a new local account is created, then it could feasibly assign the new account the UID of 501.
- If this happens, then there will be two home folders in /Users/ with a UID of 501:
There are several options for removing the conflicting UIDs - two possible methods are below:
Note: Both options require a third unaffected account which can login with Local Admin privileges to perform the actions.
- Create a second new local account, so that the UID gets incremented to the next available value (hopefully non-conflicting).
- Then delete the first new local account (make sure to delete the home folder as well).
- Go to System Preferences > Users & Groups > In the user list on the left side, right-click on the new local account and select "Advanced Options...".
- Change the "User ID" to an unused local value and then save the profile.
- Open the Terminal and re-own the home folder back to the new local account with the command:
sudo chown -R new_local_user /Users/new_local_user/
An enhancement request has been submitted for better UID detection for future releases.
In the meantime, to best avoid the above scenario, if a new local account needs to be created on the Mac, it is recommended to do this BEFORE performing an Account Migration - this will ensure that the local UID has been incremented properly to the next value and avoid any conflicts in the home folder.