Managed Client: Mobile accounts are not removed after the account expiration time is reached
A mobile account may not be removed following the specified expiration time in Workgroup Manager, after logging in the first time. This can occur when a mobile user has logged into a computer only once.
Log out and then log back in a second time on the same computer.
This will reset the last login date and will allow the mobile account to be removed once the expiration time is reached.
Learn more
The last login date is recorded in the /var/db/shadow/hash/uuid.state file. After the first login on a client this date may be set to an incorrect time. For example:
<key>LastLoginDate</key>
<date>1899-12-31T00:00:00Z</date>
Logging in a second time on the same computer will properly set the last login date and allow the account to be removed once the expiration time is reached.