Help

Apple DEP - using mobile accounts or local accounts

bbot
Contributor

Posted on ‎06-22-2017 02:07 PM

Our current DEP setup logs users in using a local account. This is done since AD binding comes after the user logs in.

Our current environment has mobile accounts. Does it make sense to stick with mobile accounts or local accounts?

We use AD based machine certs for wifi and DFS for file shares, so we'll need to retain our AD binding.

0 Kudos
3 REPLIES 3

MacSysAdmin
Contributor

Posted on ‎06-23-2017 06:15 PM

Since you already have to bind for Machine Certs and DFS shares just migrate the user from local to AD account with a script. Also this will allow for the user to be prompted when their password is about to expire.

0 Kudos

bbot
Contributor

Posted on ‎06-30-2017 10:35 AM

@BostonMac We use Apple Enterprise Connect for password expiration reminders. Our users rarely ever plug-in with a hardware or reboot, so they rarely ever see the password expiration natively from the OS.

My main question is - what do I lose from having accounts local vs having them mobile?

0 Kudos

bbot
Contributor

Posted on ‎07-17-2017 09:41 AM

Does anyone have a good non-interactive way of migrating the user's local user account to mobile account?

0 Kudos