Migrate MacOS Device

Owned by Matthew Lytle
May 09, 2023

These are instructions for migrating a single user MacOS device.

  1. Confirm the device is running MacOS Catalina 10.15 or later operating system. This app will not run properly on prior versions of MacOS. If it cannot be upgraded to MacOS Catalina it will need to be replaced.

  2. Find and take note of the primary user’s username. This is different than the user’s display name. It can be found by viewing the name of the user’s home folder. Also note this person’s AD username for access to Windows computers on campus if these two usernames are different. These will be needed later in the migration.

  3. Ensure you are logged into the MacOS device as an admin account on the device that is not the user to be migrated. If you have to create an admin account it is recommended you use credentials associated with your technician mgt account you plan to use to manage the device. This is an optional step but it will ensure this account has admin immediately after the migration. Admin authorization is dictated in new management platform but it can take time to check and grant admin privileges to an account that is authorized. By pre-staging this account as an admin prior to the migration it saves time at the end.

  4. Copy the migration app to local storage on the device to be migrated. To access the file share where the app is stored on the MacOS device navigate to top menu bar option labeled Go, then Connect to Server in dropdown menu. Here use this address to access the public file share “smb://ad.ualr.edu/shares/Public”. The migration app will be within the folder with name “macOS Provisioning” and at time of writing this the app filename is “UA Little Rock macOS Provisioning v6”. On windows the app will appear as a folder with “.app” at the end of the folder name but on MacOS this

  5. Run the migration app on the MacOS device. You should immediately be prompted for admin authorization. It is recommended to click to view details of the app while it is running to keep tabs on the process.

  6. Several notifications will appear on top right of screen. These can be ignored until one titled “Device Enrollment” with text “UA of Little Rock can automatically configure your Mac”. This popup notification can be clicked to open the Profiles section of System Preferences menu. Alternatively this can be reached manually from System Preferences immediately after the migration app is started.

  7. Here there is an authorization popup to “Allow Device Enrollment” which you must allow.

  8. An Azure login prompt will appear. The primary device user should sign in here to tie this device to their account. They may need their multi-factor authentication on hand for this.

  9. This may take some time and you should see different profiles represented with gear icons appear on this Profiles page of the System Preferences menu.

  10. A prompt to select a user on the device should appear. You should select the username associated with the primary user of the device. After hitting OK it will prompt for the AD username of this person. You should enter this person’s AD username to rename the account on their local MacOS device to match that of their AD account. If this is already the same or you are running the app a second time you can follow the same procedure as renaming the account to the same name will have no effect.

  11. There may be a popup of the app requesting permission to access the user’s home folder. You must click to allow along with any other prompts associated with the app.

  12. Finally a popup with a restart timer will appear. After reboot you should confirm you can login with the account that you used to run the migration.

  13. You should then confirm the primary user can login to the device. They will user their AD username but their old password at first login. There may be a notification of Filevault encrypting the device. This can be affirmed.

  14. After logging in a nomad signin popup should appear requesting the user’s AD password. The user should enter their AD password here as if they were logging into a Windows computer on campus.

  15. There will then be another popup notifying the user that the passwords for their AD user account and the local MacOS account are different. The user should enter their old MacOS password in this prompt and click Sync

  16. If the sync was successful the triangle notification on the top right of menu bar should change to a triangle with a check mark. Clicking this notification will display the account name, the days until password expiration, and options to change the password, etc. This is the recommended way for MacOS users to update their password going forward.

  17. Confirm Filevault is enabled in the System Preferences menu in the Security and Privacy section and enable it if is not.

  18. Restart and confirm once more the user is able to login.

Common issues associated with the migration and solutions.

Please note there is no issue with running the migration app multiple times on the same device if a part of the process breaks, hangs, or the wrong option is selected. During the user rename just use the same user account for both parts of this process.

  1. The login screen has no branding and AD users cannot sign in.

    1. Occasionally NoMAD, the login system, does not fully install. If this happens and re-running the app does not fix it you can install the NoMAD portion manually by downloading from the product website (https://nomad.menu/products/ ) and installing manually.

  2. Filevault is not enabled.

    1. Attempt to enable in System Preferences using either the admin account from which the script was ran or the primary user account.

  3. The passwords do not sync.

    1. A new user account should be created with the AD account username and files from the previous account should be migrated. File migration can be done via Finder. In MacOS you must also grant read and write permissions to the new user in folder properties. It is recommended to do this before moving.