Thanks for being a part of WWDC25!

How did we do? We’d love to know your thoughts on this year’s conference. Take the survey here

determine if an account is a mobile account or Active directory account or local user account (non-mobile)

Privacy & Security General
bankumar
bankumar OP
Created Nov ’19
Replies 2
Boosts 0
Views 1.5k
Participants 3

Is there a way to figure out from code if a user account is actually a mobile account or active directory account or local user account (non-mobile) on Mojave?


Through following code i can distinguish between local user and AD user via attribute


// 'dsAttrTypeStandard:AppleMetaNodeLocation': '/Local/Default' for Local user

// 'dsAttrTypeStandard:AppleMetaNodeLocation': '/Active Directory/ABCD/abcd.in' for Domain user


func checkForLocalUser(name: String) -> Bool {

var records = [ODRecord]()

let odsession = ODSession.default()

do {

let node = try ODNode.init(session: odsession, type: ODNodeType(kODNodeTypeAuthentication))

let query = try ODQuery.init(node: node, forRecordTypes: kODRecordTypeUsers, attribute: kODAttributeTypeRecordName, matchType: ODMatchType(kODMatchEqualTo), queryValues: name, returnAttributes: kODAttributeTypeAllAttributes, maximumResults: 0)

records = try query.resultsAllowingPartial(false) as! [ODRecord]

} catch {

let errorText = error.localizedDescription

return false

}

let isLocal = records.isEmpty ? false : true


return isLocal

}
Not sure this is the correct way to achieve this. Also, I am not able to figure out whether the user is a mobile account user or not?
Please help.

Answered by DTS Engineer in 394638022

Distinguishing between local and remote users via the 

kODAttributeTypeMetaNodeLocation
property is just fine. The code you posted is a little convoluted though. Pasted in at the end is something a little simpler.

I’m not entirely sure how to distinguish the mobile user case. My general advice on that front is to use 

dscl
to dump an example record for all three cases you care about, and then look at the properties for relevant ways to tease them apart.

If you’d like help, please post the three dumps (feel free to elide long properties, like 

JPEGPhoto
). For example: 
$ dscl 
Entering interactive mode... (type "help" for commands)
 > read /Search/Users/roboquinn4
…
AppleMetaNodeLocation: /Local/Default
GeneratedUID: DE267A51-B991-4539-9A75-8DE592CD07A7
NFSHomeDirectory: /Users/roboquinn4
Password: ********
PrimaryGroupID: 20
RealName: RoboQuinn4
RecordName: roboquinn4
RecordType: dsRecTypeStandard:Users
UniqueID: 503
UserShell: /bin/bash

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
func isLocal(username: String) throws -> Bool {
    let session = ODSession()
    let node = try ODNode(session: session, type: ODNodeType(kODNodeTypeAuthentication))
    let record = try node.record(
        withRecordType: kODRecordTypeUsers,
        name: username,
        attributes: [kODAttributeTypeMetaNodeLocation] as NSArray
    )
    let locationsAny = try record.values(forAttribute: kODAttributeTypeMetaNodeLocation)
    guard
        let locations = locationsAny as? [String],
        let location = locations.first
    else {
        // … throw an error …
    }
    return location.hasPrefix("/Local/")
}
Replies  2
Boosts  0
Views  1.5k
Participants  3
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
Nov ’19
Recommended

Distinguishing between local and remote users via the 

kODAttributeTypeMetaNodeLocation
property is just fine. The code you posted is a little convoluted though. Pasted in at the end is something a little simpler.

I’m not entirely sure how to distinguish the mobile user case. My general advice on that front is to use 

dscl
to dump an example record for all three cases you care about, and then look at the properties for relevant ways to tease them apart.

If you’d like help, please post the three dumps (feel free to elide long properties, like 

JPEGPhoto
). For example: 
$ dscl 
Entering interactive mode... (type "help" for commands)
 > read /Search/Users/roboquinn4
…
AppleMetaNodeLocation: /Local/Default
GeneratedUID: DE267A51-B991-4539-9A75-8DE592CD07A7
NFSHomeDirectory: /Users/roboquinn4
Password: ********
PrimaryGroupID: 20
RealName: RoboQuinn4
RecordName: roboquinn4
RecordType: dsRecTypeStandard:Users
UniqueID: 503
UserShell: /bin/bash

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
func isLocal(username: String) throws -> Bool {
    let session = ODSession()
    let node = try ODNode(session: session, type: ODNodeType(kODNodeTypeAuthentication))
    let record = try node.record(
        withRecordType: kODRecordTypeUsers,
        name: username,
        attributes: [kODAttributeTypeMetaNodeLocation] as NSArray
    )
    let locationsAny = try record.values(forAttribute: kODAttributeTypeMetaNodeLocation)
    guard
        let locations = locationsAny as? [String],
        let location = locations.first
    else {
        // … throw an error …
    }
    return location.hasPrefix("/Local/")
}
0
mdobro
mdobro OP
Nov ’19

When we try to distinguish mobile users from other users we look for the presense of either kODAttributeTypeOriginalNFSHomeDirectory or kODAttributeTypeOriginalNodeName. The help for both those keys indicate they are used for "local account caching" and they work fairly reliably for our use. You need to test for both since some users may only have one and not the other.

0
determine if an account is a mobile account or Active directory account or local user account (non-mobile)
First post date Last post date
 
 
Q