Applies to: Centrify DirectControl for Mac OS X
Does Centrify offer a method to change the default home directory path for AD users that login to Mac OS X systems?
Is it possible for users to use the same network home directory path both for Windows and Mac systems?
Centrify provides methods to configure the default home directory path for both Zone Mode and Auto Zone installations.
The location of the home directory can reside locally on the system or on a network share.
However in the case of sharing network home folders between different operating systems; It is not recommended to share the same root home folder to both Windows and Mac systems as it can cause conflicts with commonly named folders such as "Desktop", "Documents", etc.
As a workaround, it is permissible to create a subfolder within the main home folder that can be used to separate the Windows system file structure from the OS X set of folders.
For example the Windows network home may be located at:
While the OS X network home for the same user could then be placed in:
In order to make these adjustments, the Mac system must have the default home directory path updated when creating a user profile.
The process to modify the home directory path will depend if using Zone mode or Auto Zone:
== Zone Mode ==
When a user is added to a Zone, set the desired home directory path in the UNIX account attributes.
To add a user to a Zone and set the home directory path:
Open the DirectControl / DirectManage Console and expand the desired Zone until the UNIX Data folder is displayed
Right-click Users and select "Add User to Zone"
Search and select the desired AD user
When the "Set UNIX User Profile" window opens, set the desired Home Directory path in UNIX format
After adding a user to a Zone, be sure to also configure a Role Assignment to allow login to the system.
Additional details about managing Zones is available in the Centrify Suite 2013 Planning and Deployment Guide
== Auto Zone ==
Centrify DirectControl provides a group policy to set an alternative home folder path for Auto Zone users and can be used to specify the desired empty subfolder of a network home directory.
Open GPME and navigate to:
Computer Configuration > Centrify Settings > DirectControl Settings > Adclient Settings > "Auto Zone home directory"
Enable the policy and set the desired path in UNIX format:
Save the GPO
To have the policy apply immediately, go to a target Mac and open the Terminal.
Run the commands:
To verify the user account has the correct home folder path, run the following command:
adquery user -h adusername
Example: adquery user -h bsmith
This policy does not support hidden share paths, i.e. network paths that contain a dollar sign, e.g.: \\server.domain.xxx\Home$\%username%
If hidden shares are used, please configure an alternate non-hidden share path that could be used instead.
The group policy "Enable Auto Zone user home directory" must also be set to "Not Configured" or "Disabled":
Computer Configuration > Centrify Settings > DirectControl Settings > Adclient Settings > "Enable Auto Zone user home directory"
This is because use of the "Enable Auto Zone user home directory" policy will always force the directory path specified in Active Directory Users and Computers (ADUC) and not the desired alternate path from the "Auto Zone home directory" GP.
This also means that the System Preferences > Centrify > Local Settings should also be kept to "Create local home directory" as well (despite the label of the setting).
See also the following KB:
Keywords: alternative home override ADUC auto.schema.homedir