1 ACCEPTED SOLUTION
Since this option is typically managed from within OD, here is what we have done to enable "mobile accounts" for users on a new OD deployment.
First, Apple's method is to use a mobileconfig profile along with Profile Manager as part of OS X Server, and this will work, but since we are using the JSS to do our mdm, we decided to leave the JSS out of the equation and just enable Mobile Accounts for one of the OD groups. If you do this, then any user that is in that group will be prompted to create a Mobile User Account when the log in to a Mac that is bound to OD.
You have 2 options to setup the Mobile Account preferences within an OD Group. You can use Workgroup Manager (as long as you copy it to any 10.10 or 10.11 server, since you can't install it as Apple's installer will complain. So install it on 10.9 and copy it to your newer server). Or you can use Directory Utility to add the MCXplist entries.
If you use Workgroup Manager, just select the Group, then click Preferences (the prefs icon in the top icon bar), and you will see all of the icons in the Overview pane. Click on "Mobility", and turn on the options you think you will need (you can see ours in the pictures below). Then save those settings and you are done.
If you use Directory Utility, do the following.
- Open Directory Utility, select the node /LDAPv3/127.0.0.1
- Select Viewing of "Groups"
- Select your Group
- Click the Plus button to Add the Attribute (MCXFlags), and paste in the first xml info below.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>has_mcx_settings</key>
<true/>
</dict>
</plist>- Then add a 2nd attribute (MCXSettings) and paste in the xml below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.MCX</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>cachedaccounts.WarnOnCreate.allowNever</key>
<true/>
<key>com.apple.cachedaccounts.CreateAtLogin</key>
<true/>
<key>com.apple.cachedaccounts.CreatePHDAtLogin</key>
<false/>
<key>com.apple.cachedaccounts.WarnOnCreate</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist> 6. Save it and restart OD.. Now Mobile Users are enabled for that OD Group.
Since this option is typically managed from within OD, here is what we have done to enable "mobile accounts" for users on a new OD deployment.
First, Apple's method is to use a mobileconfig profile along with Profile Manager as part of OS X Server, and this will work, but since we are using the JSS to do our mdm, we decided to leave the JSS out of the equation and just enable Mobile Accounts for one of the OD groups. If you do this, then any user that is in that group will be prompted to create a Mobile User Account when the log in to a Mac that is bound to OD.
You have 2 options to setup the Mobile Account preferences within an OD Group. You can use Workgroup Manager (as long as you copy it to any 10.10 or 10.11 server, since you can't install it as Apple's installer will complain. So install it on 10.9 and copy it to your newer server). Or you can use Directory Utility to add the MCXplist entries.
If you use Workgroup Manager, just select the Group, then click Preferences (the prefs icon in the top icon bar), and you will see all of the icons in the Overview pane. Click on "Mobility", and turn on the options you think you will need (you can see ours in the pictures below). Then save those settings and you are done.
If you use Directory Utility, do the following.
- Open Directory Utility, select the node /LDAPv3/127.0.0.1
- Select Viewing of "Groups"
- Select your Group
- Click the Plus button to Add the Attribute (MCXFlags), and paste in the first xml info below.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>has_mcx_settings</key>
<true/>
</dict>
</plist>- Then add a 2nd attribute (MCXSettings) and paste in the xml below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.MCX</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>cachedaccounts.WarnOnCreate.allowNever</key>
<true/>
<key>com.apple.cachedaccounts.CreateAtLogin</key>
<true/>
<key>com.apple.cachedaccounts.CreatePHDAtLogin</key>
<false/>
<key>com.apple.cachedaccounts.WarnOnCreate</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist> 6. Save it and restart OD.. Now Mobile Users are enabled for that OD Group.
