Fix ownership of copied folders for Active Directory Macs

Warning

This script does some serious system modifications. If you don't know what you're doing, ask questions in the comments. Don't just run this script if you don't understand what it does or how it's doing it.

This also assumes short usernames match up with user folder names, which they usually do.

What issue this addresses

I'm not sure how often other people will encounter this situation, but if you have an old Mac joined to Active Directory, and you want to transfer the user folders (assuming they are local user folders) to a new Mac also joined to Active Directory, the copied folders may not have the right folder ownership. For example, if you use an admin account to copy the folders over, the copied folders may belong to root.

So when users log in, they may have folders they can't get access to, or you may get the OS X needs to repair your Library to run applications. Type an administrator's name and password to allow this error message when you log into the new Mac as a domain user who'd already logged in on the old Mac.

How you should modify this script before running it

The script is written in such a way that it will not try to change ownership of certain system accounts (e.g., root, Shared, Guest). You can add in others as you see fit.

It also assumes, since you're on a domain, that the proper group for domain users is YOURDOMAIN/Domain Users. Modify to your actual domain, accordingly.

Creating the script

As an admin user, launch up Terminal.app (you can use a text editor, but if you don't have a favorite text editor like TextWrangler or Sublime Text, the built-in text editor in Mac OS X may default to rich text format instead of plain text). You can find Terminal.app in /Applications/Utilities or through a Spotlight search.

Paste in the follow command:

nano ~/Desktop/fix\ folder\ ownership.sh

This will open up in a terminal-based text editor a file in which you can paste the script.

In nano (or your favorite text editor, if you opted for a graphical text editor instead of a terminal-based one), paste in the following script:

#!/bin/bash

# Announce what this does
echo 'This script will make sure users own their own user folders. This will not modify the Shared user folder, the root user folder, or any of the admin/admin2 folders.'

# Change directory to the Users directory.
cd /Users

# Loop through the existing users
for p in *; do

# Don't do this for the Shared user, root, or any local admin account...
if [ "$p" != "Shared" ] && [ "$p" != "root" ] && [ "$p" != ".localized" ] && [ "$p" != "Guest" ]; then

# Announce changing folder ownership
echo -e "Changing folder ownership for $p"

# Change ownership to the current user with the group being the domain users group
#sudo chown -R "$p":"YOURDOMAIN\Domain Users" /Users/"$p"/

# End checking it's not a user not to be modified
fi

# End looping through existing users.
done

Modify the script before you save

Before you save the file, make the modifications you need. You'll see that there's a line excluding modifications for Shared, for root, for .localized, and for Guest. If there are any other user accounts you don't want to modify ownership on, add those into that line as well, using the same format (copy everything from the ampersands through the closing bracket, and then paste it before the semi-colon and then modify the username).

Also, change YOURDOMAIN to your school or company's actual domain name.

Save the file and get it ready to run

Save the file (if you're using nano, press Control-X to save).

Then, to make the file executable, paste in the following command:

chmod +x ~/Desktop/fix\ folder\ ownership.sh

Testing the script

Before using the script to actually modify anything, run it once with the change ownership line commented out (that's how it defaults to above).

cd ~/Desktop
./fix\ folder\ ownership.sh

Verify that the users that are listed are the actual ones you want to modify. Look very carefully at the list!!!

Running the script for real

If you feel confident about the list, modify the script so it will actually make the ownership changes. (By the way, you may need network connectivity to connect to Active Directory, or you may get warnings about illegal user names or illegal groups.)

Edit it again:

nano ~/Desktop/fix\ folder\ ownership.sh

Change the commented-out line:

#sudo chown -R "$p":"SIPREP\Domain Users" /Users/"$p"/

So it will now be uncommented out:

sudo chown -R "$p":"SIPREP\Domain Users" /Users/"$p"/

Then save (Control-X)

Then run the script again, and it should actually change the folder ownership:

cd ~/Desktop
./fix\ folder\ ownership.sh




For internal use

Leave a Reply

Your email address will not be published. Required fields are marked *