I'm seeing a very strange behavior with our 10.10 client images when using AD login bindings and I believe it's based on our domain structure.
We currently have a top level domain SchooName.univ. There are four child domains (resource, labs, students, employees).
My employee clients are being bound to resource.SchoolName.univ. In my directory binding configuration the workstations are being placed into he correct OU. Under Administrative i have "Prefer this domain server" set to employees.SchoolName.univ and "Allow authentication from any domain in the forest" checked.
My issue is that we have many employees who also have accounts in the student domain. These accounts are both exactly the same user ID and password (controlled by an external IDM System). When they login to the workstation for the first time the experience is completely different than that of a normal employee. - There are several apps that have a question mark over them. - There are constant authentication windows asking to repair the library. - They do not see the first login prompt to sign in to iCloud.
Once they log out, and back in all of the above items clear up, but my Config Profile to map two smb shares at login will fail with a no permissions error.
Anyone have a similar issue or can point me in the right direction?
Thanks!