Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2897: How to set up Mobile Accounts via Group Policy in Zone Mode.

Centrify Identity Service, Mac Edition ,  

21 December,16 at 10:28 PM

Applies to: All versions of Centrify DirectControl on Mac OS X.

 
Question:
 
How can Mobile Accounts be automatically created for AD users logging into a Mac system joined to the domain
in Zone Mode?

 
Answer:
 
Notes:
  • Starting with macOS Sierra, you won't be able to create portable home directories. Mobile home directories, which have networks accounts that are cached locally, can still be created. However, their home folder will no longer sync with their network home directory. 
  • On older versions of Centrify, a requirement of the Mobility Settings GPs is that the AD accounts MUST have a network home folder configured in order for the creation policy to kick into action.
    • As of Centrify Suite 2015 / Mac agent version 5.2.2, this requirement is no longer needed
  • It has been discovered that in environments where Parallels has been installed, this can corrupt the behaviour of OS X's Mobile Home Syncing. For more information, see:
 
 
To create a Mobile Account via Group Policy:
  1. Decide on the context of the Mobile Accounts:
  2. In a GPO that will apply to the user accounts, enable the GP at:
     
    User Configuration / Centrify Settings / Mac OS X Settings / Mobility Settings / "Use version specific settings"
     
    User-added image
     
     
  3. Navigate to the "Mac OS X 10.x Settings" folder(s) that correspond to the version(s) of OS X the GPs should apply to and enable the policy at:
     
    User Configuration / Centrify Settings / Mac OS X Settings / Mobility Settings / Mac OS X 10.x Settings / "Configure mobile account creation"
     
    - Check the [ Create mobile account when user logs in to network account ] box.
    - Check the [ Create mobile account even if user does not have a network home folder ] box (If needed)
    - Check the [ Require confirmation before creating mobile account ] box. (If needed)
    - If the user will be using OS X's Mobile Home Sync feature, select "Create home using: network home and default sync settings"
    - If the user does not need Mobile Home Syncing enabled, select "Create home using: local home template"
     
    User-added image
     
     
  4. Save and apply the GPOs.
     
  5. Go to the Mac and login as Local Admin
     
  6. Open the Terminal and run:
     
    adgpupdate
     
  7. Logout of Local Admin and login as the AD user, if the confirmation option was selected, then they should now receive a prompt to create the Mobile Account. Alternatively, look in System Preferences > Users & Groups, the user should also be listed as "Mobile"
     
    User-added image
     

Notes:
 
For tips on configuring additional syncing options for the Mobile Accounts, please see the following KBs:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.