User Profile

Script Example: sudo dscl . -create /Users/ITAdmin sudo dscl . -create /Users/ITAdmin UserShell /bin/bash sudo dscl . -create /Users/ITAdmin RealName ITAdmin sudo dscl . -create /Users/ITAdmin UniqueID 502 sudo dscl . -create /Users/ITAdmin PrimaryGroupID 20 sudo dscl . -create /Users/ITAdmin NFSHomeDirectory /Local/Users/ITAdmin sudo dscl . -create /Users/ITAdmin NFSHomeDirectory /Users/[ITuser] sudo dscl . -passwd /Users/ITAdmin [password] sudo dscl . -append /Groups/admin GroupMembership ITAdmin When using this locally or remotely, it works except the Home folder does not create or show up in the UI. After further testing, it does show up after an initial first time login. With our remote workforce and the secondary reasons for needing this script, we're trying to find a way to mimic a user login to add into our actual other script so that the home folder is created without actual end user interaction (won't be possible.) Or are there any other alternative ways to script a new admin user account? (Or a better place to ask this?) Thanks in advanced!

For an IT department initiative, we have to remotely remove admin rights from a subset of M1 Macbook Air users. Their computers were set up manually with one original admin user account. After much research and testing, the admin rights removal portion of our scripting is working except for the original admin user account. A few niche online resources indicated this might possibly be due to M1's having a new type of user account called an owner. I also read that any secondary accounts after the initial one should have access to the OIK and OIC so we're confused why admin rights aren't getting removed from that original user when it works on other secondary accounts in multiple ways of testing. Any ideas or context surrounding this elusive new owner type of account, why the working script won't remove admin rights from that account but will for others, or if there's some missing info in order to accomplish this goal? We ideally would like to add an IT managed admin user and remove admin from the original user (current MDM does not support his inherently so we're getting creative.)