Centrify DirectControl on all versions of Mac OS XProblem:
A Mac is configured to convert the AD user to a Mobile Account upon login.
If the user's network home folder is empty and folder structure needs to be created as well - then some of the home folders (Desktop, Documents, etc) will be created as hidden folders.
This appears to be a bug in OS X's FileSyncAgent mechanism and can be reproduced with Apple's own AD plugin (no Centrify installed):
- Create an AD user in ADUC with a new, empty network home folder
- Join the Mac to the domain using the Apple AD Plugin (System Preferences > Users & Groups > Login Options > Join)
- Make sure to enable: "Create mobile account at login"
- Login to the Mac as the newly created AD user
- Configure the mobile account to sync the home folder
- After the first sync, check the user's network home folder share. Some folders will be created with the hidden attribute enabled.
Pre-create the home folders on the network home share before syncing for the first time.
There are two options to do this easily:Option 1:
- Have the AD user log into a Mac where the Mobility Settings GPs have not been enabled, but where the AD user will still use their network home folder.
- After the AD user logs in for the first time with just the network home folder enabled (no mobility settings applied) home folder contents will be created correctly.
- Have the AD user log into the Mac with the Mobility Settings GPs enabled, but make sure to select the [ Don't Create ] button when prompted for the first time.
- This will allow them to log in with just the network home folder (same as Option 1).
- The second time the AD user logs in, they can now select the [ Create Now ] option when prompted again.
- (After the Mobile Account is created, the user will not be prompted again)
None. The FileSyncAgent is maintained by Apple and they have been notified. (Apple Bug ID #13005631)
For more information on network home folder configuration and Mobile Account creation, see the following KBs: