AD Binding and Home Folders

m_higgins
Contributor

Morning All,
I am looking for some advice. Let me break it down in the case that we have.

We are a school and we have around 100 Macs around the site that are used by multiple pupils to log in and work on applications and such.

So the issues we are facing is this, the AD binding in Mac OS is flaky at best, so I have been playing with NoMad login which is great and works solidly, however, NoMad seems to create local users when they login, when in fact we would like their home folders to map to their AD home folders which is possible when directory bound. There is no need for them to have a home folder as they will most likely use a different machine each time.
The other alternative would be to prevent them from saving to the desktop/documents/pictures/movies and push them towards their office 365 onedrive but I am not even sure if this is possible.

Any advice or experience anyone has on the matter would be much appreciated.

5 REPLIES 5

tdilossi
Contributor

To my knowledge, every time a user logs into a mac, a user folder is created. Whether local or network, a folder is still created on the mac. we have a utility to remove all user folders with certain exceptions (admin, shared, etc,) that we use at the end of the semesters, and the end of the year due to the amount of data stored in the folders. We do not manage student data storage, we use gSuite, so we have all students save to their google accounts, but we run into issues periodically where a student saves locally and forgets what machine it was saved on. but to answer your question, I don't think you can lof into a mac without it building a user folder.

cbrewer
Valued Contributor II

IMO AD binding isn't the disaster that some make it out to be. It is a supported feature of macOS and you should be able to get it working reliably. Post back with the specific problems you are having. Work with Apple support if you can. If you want to further dial it in you can do things like create an extension attribute that reports back a successful or unsuccessful AD bind.

mark_mahabir
Valued Contributor

We use this really useful script for redirecting folders to OneDrive.

m_higgins
Contributor
Post back with the specific problems you are having. Work with Apple support if you can. If you want to further dial it in you can do things like create an extension attribute that reports back a successful or unsuccessful AD bind.

The issue we have is not the bind, we can bind the machines successfully but then we get a spinning wheel on login that never proceeds

sbrammer
New Contributor III
The issue we have is not the bind, we can bind the machines successfully but then we get a spinning wheel on login that never proceeds

I just ran into that problem this week as i have been trying to decrease the login time of new users. I made a couple of changes in our AD bind config, and one of them broke network logins with the spinning wheel you mentioned. To fix that, all i did was re-enable "Force local home directory on startup disk" and AD accounts were able to login again.

Still having the issue with slow logins of around 2 minutes, but the spinning wheel on login is no longer an issue for us.