Jamf Nation Community

I had the same problem as well and found a solution. For me, I found out it would only happen to AD Users who had local administrator access to the Mac (In the AD Bind settings on the mac, there's a section for assigning AD Users to the local admins group). When I removed the AD User from the AD group that was assigned local admin privileges (and waited for AD replication), I was able to log in without the issue!

I'm having this exact same problem johnklimeck described at the beginning with a brand new iMac running 10.8.4 joining an Active Directory 2008 domain. I've tried all of the suggestions listed in this thread with no success. My older iMacs running Snow Leopard that have been on the domain for 3 years are working fine. No account name conflicts between the local system and AD. Right now the system is being used to develop a template for an 18 station lab so all the work is being done by hand.

Any other suggestions on what to try?

I should add that for about the first 15 seconds after a restart, there is a notice at the login screen that "Network Accounts are Unavailable" but then it goes away and when I go Login Options>Directory Utility, everything looks good.

I'm having this exact same issue as originally posted.

AD 2008 R2 OS X 10.8.4

I can log in as most AD accounts. The account that I need to use is not logging in all the way. Question marks on the dock bouncing Finder on the dock. When I attempt to open Notes or Mail; I get an error that the Library needs to be repaired. Its not creating a Home Folder under /Users.

I have tried everything listed above. Does anyone else have any ideas.

I found a resolution to my issue if anyone stumbles across this.

First I had to disable the option to create a mobile account upon log in in Active Directory settings in OS X. This allowed me to get the user logged in but, the mobile account creation would fail.

Second follow these steps:
1. Delete the old user if that user exists on the client system.

1. Test to make sure the system is properly bound to Active Directory.

2. Login as the local admin and run the following command in the
   Terminal:
   sudo
   /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileac count
   -n userid -v

Remember this will require a password and will not return any visual
output when the keys are pressed.

1. Log out the local admin.

2. Log in as the Network user.

3. To configure the syncing service go to System Preferences >
   Accounts and click on the Settings button. This will be grayed out
   with users who are not set up with a network home directory.

Hope this helps.

Follow these steps pay special attention to 7-10, that is what tripped me up.

1. Open System Preferences and click Accounts.

2. If the lock icon is locked, unlock it by clicking it and entering the name and password of an administrator.

3. Click Login Options, then click Join or Edit.

4. Click Open Directory Utility.

5. If the lock icon is locked, unlock it by clicking it and entering the name and password of an administrator.

6. Click Services.

7. In the list of services, select Active Directory and click the Edit (/) button.

8. If the advanced options are hidden, click Show Advanced Options.

9. Click User Experience, then click “Create mobile account at login,” and optionally click “Require confirmation before creating a mobile account.”

10. If both options are selected, each user decides whether to create a mobile account during login. When a user logs in to Mac OS X using an Active Directory user account, or when logging in as a network user, the user sees a dialog with controls for creating a mobile account immediately.

11. If the first option is selected and the second option is unselected, mobile accounts are created when users log in.

12. If the first option is not selected, the second option is disabled.

13. Click OK.