We're a mostly windows shop that uses a DFS store to hold all our user data. Mac syncing (with portable home directories) has always been... interesting... with this setup, but I think I have it mostly working. The one last nagging thing I have is a "?" that appears in the dock. The connection to the server is still being made, because any changes I make in ~/Documents (the folder I am syncing) get replicated up to the server (and any changes on the server sync down appropriately). I'd like to just remove this item from the dock, which seems to be a challenge with no solution. The two solutions I have found are as follows:
1: Per this article (https://jamfnation.jamfsoftware.com/discussion.html?id=5044), don't use portable home directories and mount the folder outside of the AD plugin. Maybe I'm not understanding that article correctly, but I think we need PHD to do syncing.
2: Use configuration profiles to push a "Documents," My Applications," or "Downloads" folder. This works, but then things like size and magnification become locked out to the user (even if the setting is to merge).
Any thoughts on a better workaround?
I agree, figuring out portable home sync directories is tricky. Here are some things I have learned along the way:
1) I believe the question mark in the dock is because the network credentials at login are not authenticating to AD at the login prompt. Desktop and hard wired machines should not get the ? mark, but laptops on WiFi only would. But....if you properly use a 802.1x profile at the login window, network credentials are passed to wifi and authenticated and then allows a proper connection to your SMB network home. You should get the home folder in the dock. Regardless of getting the ? or not, after login and you are on the network a homesync is established for syncing. The question mark just annoys and confuses customers.
2) I think..... you can hide the home folder from showing up in the dock by unchecking "create mobile account at login" AFTER you have already created a mobile managed account. I need to test it more, but I have seen this work. It sounds weird, but I think you can get the network home folder to not show up in the dock.
3) Create a profile for homesync that honors the "local template". If you honor the network template it "pulls" everything in their network home and dumps it into the user's local folder. I find this annoying, especially for longtime Windows users migrating to a Mac that have built up lots of documents. I also think HomeSync times take longer because it is checking a SMB or CIFS share (most likely). I'm not even sure Mac's can index SMB until 10.9 and even then, it seems wonky. Local template seems much better. It checks the local User directory (Documents, Desktop, Music, Photos, etc.) and then "pushes" a copy to the network home. Checking a local HFS+ that can be indexed..... homesync goes much quicker. I typically tell people to take ALL the "stuff from their network home that they want and dump it into the local documents folder. We then clean out the network home and sync the documents folder. I usually sync the Documents and Desktop folder because thats where users tend to save stuff.
I think this makes for a better mac experience. Most of my users don't know or care what a network home is so I can just tell them that if they save their "stuff" on the Desktop or Documents folder it will be backed up to the network
One weird thing I've been noticing, under "login options" in the Users & Groups system preferences, sometimes the "allow network users to login to this computer" disappears even though right below this, it shows as bound to the domain. It's almost like the bind shows up as active but its really broken. Network users can only login to the machine because their credentials are cached. Rebinding fixes but I don't know why it happens.
I've been banging my head on the table with this issue for several weeks now and finally was able to come to a solution on the matter.
The Active Directory settings plist needs to be modified manually, and I've chosen to do so with a login script using PlistBuddy. I run the following command at login for network users with local template mobile homes:
#!/bin/sh # Script.sh #Removing Network Home Folder from User's Dock sleep 15 sudo /usr/libexec/PlistBuddy -c "Delete :module options:ActiveDirectory:managed client template:mcx_application_data:com.apple.dock:Forced:0:mcx_preference_settings:MCXDockSpecialFolders-Raw:0" /Library/Preferences/OpenDirectory/Configurations/Active Directory/YOURDOMAIN.plist
Make sure to replace the YOURDOMAIN with... your company's domain. I chose to insert a sleep command to allow any login items to finish before the command runs. As you can see, removing the string associated with "MCXSpecialFolders-Raw" which happens to be named "AddDockMCXOriginalNetworkHomeFolder" will prevent the user's network home from appearing in the dock as the entry is deleted.
A restart is required after the first script run, and this will need to be repeated should any re-binding of the computer happen in the future, thus I've chosen to have this run on login. I'm going to work on getting if/else statements written so there are no errors but for now it seems to work just fine.
Steps to implement:
-J Samuel Clark
McNally Smith College of Music