Applies to: Centrify Identity Service, Mac Edition
How can Mobile Accounts be automatically created for AD users logging into a Mac system joined to the domain in Auto Zone mode?
- On older versions of Centrify, a requirement of the Mobility Settings GPs is that the AD accounts MUST have a network home folder configured in order for the creation policy to kick into action.
- As of Centrify Suite 2015 / Mac agent version 5.2.2, this requirement is no longer needed.
- It has been discovered that in environments where Parallels has been installed, this can corrupt the behaviour of OS X's Mobile Home Syncing. For more information, see:
To create a Mobile Account via Group Policy:
- Decide on the context of the Mobile Accounts:
- If the Mobile Accounts will be requiring to sync their home folders between the Mac system and a network home folder location, use the following KB to set up and verify that the AD user is configured with a network home folder
- If the Mobile Accounts do not need any syncing and only a local home folder is sufficient (for example if the user only needs to be a Mobile Account for FileVault purposes), see the following KB for details on the new setting available in the GP:
- In a GPO that will apply to the user accounts, enable the GP at:
User Configuration / Centrify Settings / Mac OS X Settings / Mobility Settings / "Use version specific settings"
- Navigate to the "Mac OS X 10.x Settings" folder(s) that correspond to the version(s) of OS X the GPs should apply to and enable the policy at:
User Configuration / Centrify Settings / Mac OS X Settings / Mobility Settings / Mac OS X 10.x Settings / "Configure mobile account creation"
- Check the [ Create mobile account when user logs in to network account ] box.
- Check the [ Create mobile account even if user does not have a network home folder ] box (If needed)
- Check the [ Require confirmation before creating mobile account ] box. (If needed)
- If the user will be using OS X's Mobile Home Sync feature, select "Create home using: network home and default sync settings"
- If the user does not need Mobile Home Syncing enabled, select "Create home using: local home template"
- Save and apply the GPOs.
- Go to the Mac and login as Local Admin
- Open the Terminal and run:
- Logout of Local Admin and login as the AD user, if the confirmation option was selected, then they should now receive a prompt to create the Mobile Account. Alternatively, look in System Preferences > Users & Groups, the user should also be listed as "Mobile"
For tips on configuring additional syncing options for the Mobile Accounts, please see the following KBs:
For additional information not covered in this guide or troubleshooting assistance, please review the Centrify Online Help
or Customer Support Portal