Category filter

Script to delete mobile accounts on Mac

Mobile accounts on a macOS device are user profiles designed for a seamless and convenient experience in accessing resources and services across different devices or within organizations. Unlike local accounts, mobile accounts are centrally managed by a directory service like Open Directory or Active Directory, helping administrators with user management to control access, enforce policies, or manage user data. However, there are instances where IT administrators may need to delete mobile accounts from a device. For example, when an employee leaves the company, changes in employee roles, or device reassignment to different employees. Moreover, it’s important to clear old mobile accounts that are no longer in use, especially when they remain on devices for extended periods. Deleting mobile accounts across multiple devices can be hassle-free by deploying the bash script below. IT administrators can deploy scripts to multiple devices at once using Hexnode’s Execute Custom Script remote action.

Scripting language – Bash

File extension – .sh

Disclaimer:

The sample scripts provided below are adapted from third-party open-source sites.

Delete the mobile accounts

Execute the following script to delete all the mobile accounts present on the macOS devices.

#!/bin/bash 
for username in $(dscl . -list /Users | grep -v '^_'); do 
    auth_authority=$(dscl . -read "/Users/$username" AuthenticationAuthority 2>/dev/null | grep "LocalCachedUser") 
    if [ -n "$auth_authority" ]; then 
        echo "Removing mobile account: $username" 
        dscl . -delete "/Users/$username" 
rm-rf"/Users/$username" 
    fi 
done 
echo "Mobile accounts removal complete."

#!/bin/bash

for username in $(dscl . -list /Users | grep -v '^_'); do

auth_authority=$(dscl . -read "/Users/$username" AuthenticationAuthority 2>/dev/null | grep "LocalCachedUser")

if [ -n "$auth_authority" ]; then

echo "Removing mobile account: $username"

dscl . -delete "/Users/$username"

rm-rf"/Users/$username"

done

echo "Mobile accounts removal complete."

On macOS, an authentication authority is a mechanism that verifies the identity of a user, granting them access to the system based on their credentials. There are different types of authentication authorities, such as LocalCachedUser, Kerberos, and Active Directory.

LocalCachedUser is a specific type of authentication authority used for mobile accounts on macOS.

This script checks the presence of ‘LocalCachedUser’ to identify mobile accounts for removal. The script employs the ‘dscl’ command to read the AuthenticationAuthority attribute of each user listed in the ‘Users’ folder. If the attribute includes “LocalCachedUser”, the script identifies the user as a mobile account holder and deletes their account using the ‘dscl’ command. Additionally, the script removes the user’s home directory using the ‘rm’ command. This process is repeated for all users listed in the ‘Users’ folder.

What happens at the device end?

Upon successful execution of the script, all the mobile accounts on the designated macOS devices gets deleted.
The output in the Action History after deleting the mobile accounts by executing the script.

Notes:

The device should be restarted for the modifications to take effect at the device end.
It is recommended to manually validate the script execution on a system before executing the action in bulk.
Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

Need more help?

Raise a Ticket

Ask Community

Chat With us