How are you guys that use AD (no NoMAD, not there yet but working on it) enabling Filevault in your High Sierra workflow?
I ALMOST figured out how to script enabling SecureToken on a new created mobileaccount:
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n <newADUser> -p <newADUserPassword> -h /Users/<newADUser> -a <localSecureTokenEnabledAdmin> -U <localpw>
fdesetup add -usertoadd -inputplist <PathToPlistWithNewADUserAndPassword>
But it will only work if you specifically declare the password of the account in the command, and checking the whole "User must change password at next login" radio in AD breaks the command.
This is a long-winded way of asking: What are people's workflows for enabling FV2 on AD mobile accounts in High sierra? Do you just wait until the new user is logged in and set up? There must be a less complicated way of doing this that I can't figure out. There are also specifics to my environment (user must be enrolled in JAMF with their specific username, onsite and wired to receive a SCEP profile to connect to our Wi-F) that make using PreStage not super helpful.
Just wanna get a sense of what others are doing.
Thanks for your help in advance!
