Apple - Convert domain account to local account

Sierra must have changed something because this did not work. The account attempts to log in, then there were a ton of messages asking for the admin password because the Library needed to be repaired. Then there was an error that a valid keychain could not be found (because the account did not have access to any of its own folders.) In the past, an ACL reset would fix that, but that's not possible with Sierra (or at least I haven't found a reliable way to do it.)

What I did instead was:

1. From an admin account, delete the Mobile User account, but do not delete the home folder.
2. From Terminal, rename the user's home folder to remove the "(Deleted)" tag. You can also rename it to anything you want at this point, such as "johnspartan" instead of "spartanj117"
3. Create a new local account, using the same name as the account you just edited. Select "Use Existing Folder." (If you don't see the prompt, you mistyped something. Cancel and double-check the previous step.)
4. Log out of the admin account, and log into the newly created account. All should be there, minus the Mobile account tag.

The instructions below apply in a situation where the user had a "mobile" account that has already been synced to the client machine so that the local home directory contained all the data needed by the user.

1. Log in the client machine as a local administrator. Make sure the user you are going to change is NOT logged in :-)
2. Do a backup!!! (e.g. by running TimeMachine)
3. From the Terminal, execute the id <user> command, where <user> is the name of the mobile user. Make a note of the User ID and primary group ID numbers.
4. In System Preferences, delete the mobile account by selecting it and then clicking on the '-' button. Select the "Don't change the home folder" option. This will rename the user's home folder on the client to /Users/<user>\ (deleted).
5. Add a new local account. The user name must be <user>. Specify a local password (i.e. not an iCloud one).
6. Right-click on the new local account, "Advanced settings" will be shown. Set the user ID to the previous value.

7. The new local account now has a new /Users/<user> home directory with the default subdirectories in it. From the terminal as administrator remove this new home directory and rename the old "deleted" home directory as follows:

   sudo rm -rf /Users/<user>
   sudo mv /Users/<user>\ (deleted) /Users/<user>
   

8. (Optional): the default group for new users is Staff, gid=20. You may need to change this if necessary. Use the Directory Utility tool to add/edit local groups.

I tried this script on macOS Catalina (10.15.2) and it worked perfectly.

1. Log into a local admin account other than the account to migrate.
2. Download and run this script, and follow all of the instructions
3. Once it is finished, reboot your computer into Recovery Mode (command + R)
4. Open Disk Utility, mount your primary drive, and run First Aid
5. Reboot and use as normal

According to the author of the script, it modifies the account itself by removing all of the AD affiliations, instead of deleting the account and migrating the data.

When running the script, you will most likely see a bunch of chown: Permission denied errors. The ownership of the files and folders in your /Users/<username> directory will be changed, but the filesystem permissions need to be flushed. There is a specific command you can run in Terminal if you feel like looking it up, but running First Aid in Recovery Mode is much simpler.