Restoring the FileVault user list after adflush
In Server Suite, if your FileVault 2 user list contains mobile users from another forest with one-way trust (that is, cross-forest mobile users), it is possible that those users will be removed from the FileVault 2 user list after you execute adflush
or adflush -f
.
After you upgrade to release 2015.1 or later, perform the following steps to ensure that cross-forest mobile users are added to the FileVault 2 user list permanently:
- Execute the following command:
adflush -f
Executing this command removes the 2015-format, temporary GUID from cross-forest mobile users.
-
Execute the following command for each cross-forest mobile user that you want to add permanently to the FileVault 2 user list:
adquery user -guid cross-forest-mobile-user-name
Executing this command assigns a new, permanent GUID to each user that you specify.
-
Execute the following command for each cross-forest mobile user that you want to add to the FileVault 2 user list:
fdesetup add -usertoadd cross-forest-mobile-user-name
Executing this command adds the specified user to the FileVault 2 user list.
-
Execute the following command to verify that the users are added to the FileVault 2 user list:
fdesetup list