New User or Demobilized User has Bugged Picture and JPEGPhoto attributes
Summary
Using NoMAD Loginwindow Version 1.31, upon creating a new standard user at the loginwindow using "authchanger -reset -AD" OR using demobilization "authchanger -reset -Demobilize", the new user account has bugged Picture and JPEGPhoto attributes.
Steps to reproduce
Reset the loginwindow to allow demobilization, then use authchanger -reset -AD to create a new user at the loginwindow by being linked to your AD. After logging in, open System Preferences -> Users & Groups -> The new user you have. You'll notice the picture/icon they have is bugged (either a copy of another user on the system, or just an empty box). The same behavior happens if you demobilize a mobile user using authchanger -reset -Demobilize.
To confirm this, open Directory Utility -> Directory Editor -> Users in /Local/Default -> type in your username and look for the JPEGPhoto attribute. If the bug went through properly, the attribute should say something like {length = 33456; bytes = ...}. A normal, non-bugged user, in the JPEGPhoto attribute, should show something like Binary: 418439 bytes.
What is the current bug behavior?
See above
What is the expected correct behavior?
A normal, non-bugged user, in the JPEGPhoto attribute, should show something like Binary: 418439 bytes.
Possible fixes
/usr/bin/dscl . delete /Users/loginwindowUser JPEGPhoto /usr/bin/dscl . delete /Users/loginwindowUser Picture
This will reset both of these attributes back to default for the user, then when they select a new photo they will both be properly set.
Unintended consequences
This bug causes a problem with using the FV2 PRK to reset the users password at the FV2 recovery screen. Even with proper password policies set in place, on 10.13.6, 10.14.6, and 10.15 beta 8, reseting the password using the PRK at the FV2 recovery screen would NOT work. The only way to get it to work properly was to delete these Picture and JPEGPhoto attributes, then delete the auth.db file in /var/db/auth.db.