Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2896: How to set up Mobile Accounts via Group Policy in Auto Zone mode.

Centrify Identity Service, Mac Edition ,  

26 July,16 at 05:32 PM

Applies to: Centrify Identity Service, Mac Edition


 
Question:
 
How can Mobile Accounts be automatically created for AD users logging into a Mac system joined to the domain in Auto Zone mode?


 
Answer:
 
Notes:
  • On older versions of Centrify, a requirement of the Mobility Settings GPs is that the AD accounts MUST have a network home folder configured in order for the creation policy to kick into action.
    • As of Centrify Suite 2015 / Mac agent version 5.2.2, this requirement is no longer needed.
       
 
 
To create a Mobile Account via Group Policy:
  1. Decide on the context of the Mobile Accounts:
  2. In a GPO that will apply to the user accounts, enable the GP at:
     
    User Configuration / Centrify Settings / Mac OS X Settings / Mobility Settings / "Use version specific settings"
     
    User-added image
     
     
  3. Navigate to the "Mac OS X 10.x Settings" folder(s) that correspond to the version(s) of OS X the GPs should apply to and enable the policy at:
     
    User Configuration / Centrify Settings / Mac OS X Settings / Mobility Settings / Mac OS X 10.x Settings / "Configure mobile account creation"
     
    - Check the [ Create mobile account when user logs in to network account ] box.
    - Check the [ Create mobile account even if user does not have a network home folder ] box (If needed)
    - Check the [ Require confirmation before creating mobile account ] box. (If needed)
    - If the user will be using OS X's Mobile Home Sync feature, select "Create home using: network home and default sync settings"
    - If the user does not need Mobile Home Syncing enabled, select "Create home using: local home template"
     
    User-added image
     
     
  4. Save and apply the GPOs.
     
  5. Go to the Mac and login as Local Admin
     
  6. Open the Terminal and run:
     
    adgpupdate
     
  7. Logout of Local Admin and login as the AD user, if the confirmation option was selected, then they should now receive a prompt to create the Mobile Account. Alternatively, look in System Preferences > Users & Groups, the user should also be listed as "Mobile"
     
    User-added image
     

Notes:
 
For tips on configuring additional syncing options for the Mobile Accounts, please see the following KBs:


For additional information not covered in this guide or troubleshooting assistance, please review the Centrify Online Help or Customer Support Portal at https://www.centrify.com/support/customer-support-portal/

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.