Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3329: How to set up network home folders for Mac users in Auto Zone

Centrify Identity Service, Mac Edition ,  

21 December,16 at 10:19 PM

Applies to: Centrify Identity Service, Mac Edition

 
 
Question:
 
How can an AD user be configured to login to a Centrify-joined Mac system with a network home folder in Auto Zone mode?


 
Answer:
 
Notes:
  • Starting with macOS Sierra, you won't be able to create portable home directories. Mobile home directories, which have networks accounts that are cached locally, can still be created. However, their home folder will no longer sync with their network home directory.
  • See page 18 of the Centrify Admin Guide for Mac OS X for further information on network home directories for Mac OS X.
  • If the Mac is joined to the domain in Zone Mode, please see the following KB instead:
  • The following example is for setting up a network home folder from a Windows file share, if using another type of file server, please use the equivalent sharing and security permissions for the device

Steps:
  1. On a network file server, create a folder where all the network home directories will be created.
     
  2. Right-click on this folder and configure the following settings:
     
    Sharing tab > Permissions button > Remove "Everyone" > Add "Authenticated Users" > Select "Full Control" 
     
    User-added image
     
    Security tab > Add "Authenticated Users" > Select "Full Control" 

    (This is required for initial setup of the network home folders, limiting users to only be able to access their own home folders can be configured afterwards.)

    User-added image

     
  3. In ADUC, go to the AD user object and right-click and select their AD Properties:
     
    Profile tab > Home folder section > choose Connect > Enter the folder path in the format:
     
    \\ [fully qualified server hostname] \ [share path] \%username%
     
    E.g: \\server-name.domain.com\ShareFolderName\%username%
     
    (The username will be filled automatically in place of the %username% token)
     
    User-added image
     
  4. Once the user's AD properties are updated, the home folder will be automatically created on the network file server.
     
  5. Go to Group Policy Management and in either an existing GPO, or a new GPO that will apply to the Mac systems, enable the GP at:
     
    Computer Configuration / Centrify Settings / DirectControl Settings / Adclient Settings / "Enable Auto Zone user home directory (Mac OS X)"
     
    If the network home folders will be coming from an AFP share, make sure to also configure the GP at:
     
    Computer Configuration / Centrify Settings / DirectControl Settings / Adclient Settings / "Auto Zone remote file service (Mac OS X)"
     
    User-added image
     
  6. Save and apply the GPOs.
     
  7. Go to the Mac and login as Local Admin 
     
  8. Open the Terminal and run:
     
    adgpupdate
    sudo adflush
     
  9. Verify that the AD users have now been configured with network home directories by running the command:
     
    adquery user -h ad_username
     
  10. The network home path will be shown in UNIX format:
     
    /SMB/ad_username/server-name.domain.com/ShareFolderName/ad_username

 
To restrict access of the network home folders so that users can only get into their own network homes, please see the following KB:


For additional information not covered in this guide or troubleshooting assistance, please review the Centrify Online Help or Customer Support Portal at https://www.centrify.com/support/customer-support-portal/

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.