Posted on 05-09-2015 11:15 AM
Hello Community,
Our primary engineer accepted a position with another company and I have taken his position. I am learning all things Casper and diving deeper into Mac Administration.
We are currently working on a project to move our server infrastructure from Mac to Windows Server running Windows Server Datacenter 2012 R2.
I understand in Open Directory we can make the user accounts "Mobile" or "Local". The mobile account allows for the sync of the user profile to a specified location. In a Windows server environment with Windows computers we can create a group policy to redirect the Documents folder excluding Pictures, music, etc.
Question:
- How has anyone in the community have a folder sync set for Macs using Windows Servers? We would like the folder to be available online/offlline. So, the folder is accessible while on campus and off.
-- If so, how are you accomplishing this?
I appreciate your help and thanks in advance.
Posted on 05-09-2015 11:36 AM
Our preference is to use mobile accounts (which caches the account so they can login offline). The mobile account doesn't have any relation to the home folder or syncing in particular.
For the home folder and user data, our preference is to just mount the SMBHome on the desktop when a user logs in, or for laptops, give them a dock icon they can click to mount when they need it.
In some schools we support (usually for compliance reasons), we sync any locally created data up to the SMBHome. We don't find the OS X mobile home sync reliable enough so we do this through a set of custom scripts. In our case the sync is one way only, so doesn't pull data down if they login to a different Mac.
I would be quite cautious around this topic as there are a bunch of configurations that will be very unstable. It really is a big can of worms!
You might also want to do a bit more testing with SMB reliability in your environment as it isn't as good as the Apple native AFP for file sharing (just my opinion though ;)
Out of interest, what are you doing at the moment with OD, user accounts and home folders? I.e. mobile accounts or not, synced homes, network only homes, local only homes, or something else?
Posted on 05-09-2015 01:05 PM
Hey @davidacland
Thank you for your response!
The team I am on have discussed using some sort of script to copy the contents of the folder back to the user share when on campus. Like you stated, we need to be quite cautious how we implement this. As a script or something similar maybe flaky and unreliable, (a use at your own risk.)
I did mention the golden triangle approach but members of the team do not want to go down this road. The Sr. Engineers are well more experienced than I. They have seen the golden triangle configuration and have experienced issues with it. Thus, not recommending it.
I do believe we will create the folder share path in AD and have it mount. The only obstacle we are running into is having it accessible offline.
We have also discussed AFP vs SMB. I looked into this an Apple is slowly but surely moving away from AFP. They started this shift in Mavericks and moving more towards SMB2..
As far as what we are doing at the moment. We were using mobile accounts but have moved back to local accounts as the server space started filling up quickly. So, the accounts are local with local only homes. The problem with this is not having data backed up. Which has prompted this discussion.
Posted on 05-09-2015 01:25 PM
Sounds like some heavy discussions are going on!
Just to add some thoughts to each point...
As a script or something similar maybe flaky and unreliable
Totally agree. We spent several years developing our solution which was only worth while as we support hundreds of sites around the country and needed something customisable and robust. If it is of interest, we will be sharing some of our code later in July this year following the Penn State conference.
They have seen the golden triangle configuration and have experienced issues with it. Thus, not recommending it.
The golden triangle isn't related to home folders. Its main purpose is to supplement AD by providing managed preferences (similar to group policies) to centrally control settings on the Macs. It has been a rock solid solution for the past 10 years but around 2-3 years ago was superseded by configuration profiles and the Apple MDM system.
I do believe we will create the folder share path in AD and have it mount. The only obstacle we are running into is having it accessible offline.
I think this would be a good first step and see how it goes. It would be a good idea to start off with a reliable, simple solution and then build on it.
We have also discussed AFP vs SMB. I looked into this an Apple is slowly but surely moving away from AFP. They started this shift in Mavericks and moving more towards SMB2.
Apple are certainly moving in that direction, but there have been some long standing SMB bugs that still mean AFP is a good choice, at least for the time being. The main problems I see are:
If you want to use Windows servers, you can still get ExtremeZ-IP from Acronis to provide AFP access for the Macs.
We were using mobile accounts but have moved back to local accounts as the server space started filling up quickly.
In the Mac world, mobile accounts mean a copy of the user account (not the data or home folder) are stored locally on the Macs hard drive. Having mobile accounts isn't the cause of the server space filling up, this will be due to misconfigured sync settings, or users simply storing too much data on the server.
Hope all goes well anyway. Keep firing questions over to this forum, there will be loads of Mac admins on here that have different experiences and opinions on directory accounts and home folders.
Posted on 05-09-2015 05:04 PM
Thank you @davidacland !
I really appreciate your time and responses! Definitely some good points and items to think about and discuss.
Posted on 05-10-2015 03:51 PM
You could move the user's files into Google Drive (one Drive, or Dropbox) depending on your storage space. For instance in Education, we have unlimited Google Drive Space. I modified the user profile template on each computer so it has a "Google Drive/My Mac" Folder. Within the My Mac folder lives Documents, Photos, Desktop, Downloads, etc. I then designed the user template folder to symbolic link the normal Documents folder to "Google Drive/My Mac/Documents". Once the user authenticates with Google Drive, it will merge the directories and backup (or download the user's files to the computer).
Posted on 06-07-2016 01:36 PM
@davidacland In your post above, you said that you would be sharing some of your code. Do you have a link to that resource?
Thanks!
Posted on 06-07-2016 07:02 PM
Hi @lee.smith,
A very big can of worms indeed. I have attempted on several occasions to use Apple's "Home Sync" in conjunction with Windows file severs and found it incredibly unreliable in our environment to the point that the solution didn't even make it off the test bench.
I have contemplated writing a series of rsync scripts run by Casper policies but I just haven't gotten around to it yet.
I did come up with a one-off solution similar to that of what @stjohns has mentioned. We use OneDrive for Business at our school. I deployed the OneDrive app and left the Documents, Movies, Music etc where they normally are and just scripted the copy of them to the OneDrive folder location that I put in the root of the user's home folder and then turned the original folders into symbolic links. This has been working well so far however the following are the issues that we deal with.
OneDrive cannot sync some special characters so syncing the ~/Library was out of the question and has been left as is.
I have not as of yet come up with a way of doing this as zero touch or as a mass deployment.
OneDrive (ours is cloud based not on premise) has a serious lack of ability to administer users files that are stored there. This makes the exit procedure quite cumbersome. i.e. to archive user files we have to start OneDrive on a PC and login as the exiting user, wait for everything to sync down and then archive it. Maybe its just us but this is what we have experienced.
Good luck!
Pat
Posted on 06-08-2016 12:46 PM
Hi @tim.arnold,
Here's a link to the stuff shared at PSU last year: https://github.com/amsysuk/psu
Posted on 02-02-2017 10:02 AM
@PatrickD Would you mind going into more detail of this script you used for OneDrive ?
Posted on 09-12-2018 02:40 AM