Jamf Nation Community

This are AD users with a local home Folder.

OK. In that case, you'll need to provide their individual account's password as part of the enabling process. You may be able to script something in Self Service to help your folks with that.

Write a script auto enabling FV2 upon login. You can use JAMFHelper to post a rather annoying non-dismissable message which tells the user to restart so that FV can complete. It has been very successful for us.

I have a tool I've written which takes a local account profile and converts it to an AD account. If FileVault is enabled, the AD user should get FileVault access as well. There's a dmg in the repo so you don't have to compile. https://github.com/tmhoule/ProfileMigration
It does not have any checks for situations such as where a username is different than a home directory. It also assumes the AD user hasn't logged in (i.e.: a profile doesn't exists for that user already). But for a version 1.0 it works well for us. Feel free to experiment.

@jcurrin I found a nice script here in the community https://jamfnation.jamfsoftware.com/discussion.html?id=12143.
But this would require to provide the password of the management account.
Any other idea or suggestions on the script.

I'm sorry I'm not that good in scripting...

@maik.sanftenberg While that script does require passing the management account and password, that is passed as a variable from the JSS so it is not stored in the logs. The plist file is deleted once FileVault uses it, or you can place it in /tmp and it will be erased when the system restarts. So if you place a reboot into your script, the machine can reboot immediately and erase that plist file.

If you know the recovery key for the system, rather than passing the management account and password, you could use the recovery key. I've never done it this way, but I'm sure @rtrouton might have an idea of how to do this and how to gather the recovery key to use.