Creating Network/Mobile Accounts with Local Homes

Ben Greiner -

Configuring a workstation to use a network or mobile account is beneficial in environments where administrators wish to manage authentication from a central server, utilize single-sign-on, or improve security by enforcing a password expiration policy. There is a significant difference between a network and a mobile account.

  1. Network accounts must have a persistent connection to the directory server. This is suitable for desktops that permanently reside in the office.
  2. Mobile accounts retains the ability to function while traveling and do not require a persistent connection to the directory server. Mobile accounts are intended for notebook users, although they can be used by anyone. Mobile accounts also offer the ability to sync with a home folder on the network. However, this practice has been largely discontinued because it does not work well. (The end-user receives many notifications regarding files that cannot be synced, and this creates an influx of support requests and a rise in end-user frustration.)

A solution that we use and recommend is to implement mobile accounts with syncing disabled. This provides the benefits of central authentication along with the ability for single-sign-on and password expiration enforcement, and it avoids the pitfalls of network syncing. We then recommend the use of something like CrashPlan PROe to ensure user data is automatically backed up (rather than rely on end-users — and horribly implemented file syncing — to ensure files are safe). To get started, follow the appropriate instructions below related to your directory structure or contact us to have Robot Cloud automate the binding process. We also recommend reading these related articles:

?name=media_1368479714155.png

Bind a Mac to Open Directory (OD)

  1. Open the Directory Utility app located in System > Library > CoreServices.
  2. Double-click LDAPv3 (OD) and select 'New'.
  3. Type in the fully-qualified domain name. Select SSL if applicable and click 'Continue'.
  4. Enter the desired Computer ID and the directory administrator username and password.
  5. Click 'Continue', wait for the process to complete, then click 'OK'.
  6. Log out to test the new account.
  7. At the login screen, select 'Other' or simply type the user's network credentials.

Bind a Mac to Active Directory (AD)

  1. Open the Directory Utility app located in System > Library > CoreServices.
  2. Double-click Active Directory and enter the fully-qualified domain name and Computer ID.
  3. Click 'Show Advanced Options', and enable 'Create mobile account at login'.
  4. Enable 'Require confirmation…' in the sub-checkbox under 'Create mobile account at login'.
  5. Click 'Bind', wait for the process to complete, and click 'OK'.
  6. Log out to test the new account.
  7. At the login screen, select 'Other' or simply type the user's network credentials.

Promote Network Accounts to Mobile Accounts

If you already have network accounts and would like to promote these accounts to mobile accounts, then take a look at these Apple support articles for instructions on…

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk