Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

What Mac App Store ID is Bessie Using in Lion?

Users can log into the Mac App Store using their personal Apple ID. Users can also log into the Mac App Store with an AppleID that is linked to a company owned email address instead. The AppleID itself should be a company owned asset so that if/when users leave the organization, the organizations till owns the software that they purchase. Whether purchasing software through a volume purchasing program or directly, those dollars are wasted if the user is purchasing software through a personal AppleID. Therefore, you need a way to look at what AppleID that a user is using and to make sure that the organization has a way to link that account information back to the host the user is using and/or change the information if the user were to move to a different system.

In order to find the AppleID that a user is using, look into com.apple.storeagent. As the user, simply run defaults and read that domain along with the AppleID key:

defaults read com.apple.storeagent AppleID

When you run this, you see the Email address of that user. The DSPersonID is then listed here as well, as well as any other accounts (by DSPersonID) that have AppleIDs attached to the host. That DSPersonID is used throughout iCloud, actually. If you have installed iCloud through the system preference pane you will end up with Back to My Mac keys and other keychain assets that reference back to the keychains.

Now, to defaults write data into this domain isn’t as simple as you might think. The problem is that you would need to know the AppleID’s DSPersonID. You would also need to deploy the keychain items for the AppleID application password and the certificate for the AppleID, which has a com.apple.idms.appleid.prd.CN, or common name.