Possibly one of the best additions to a scripter's arsenal: createmobileaccount. Buried way down in /System/Library/CoreServices/ManagedClient.app/Contents/Resources is where you'll find this little gem.
Once on (or ssh-ed into) a machine that's tied to OD, simply:
./createmobileaccount -e -v -s -n username
The "-e" switch creates a FileVault home....exceptionally cool. Just "./createmobileaccount" for help.
Thanks again to the engineer that put this one together!
