Using Active Directory to create OS X home folders rights issue

Hi,

Currently I'm in the process of setting up a new ML (10.8.4) Mac Pro to act as an OD server in our College. I have successfully bound it to Active Directory, and any AD user can log in to the test Mac I have also bound. So far so good.

What I want, is for all users to have local home folders on whichever Mac they log in to. This is working. What I also want is to mount a Network home folder located on the Mac server, on user login, so all preferences for software etc will be stored locally, but any files can be saved to a network location and accessed from any Mac.

I have read various set up guides, white papers etc and I have reached a stumbling block. I checked both 'Force local home directory on startup disk' and 'Use UNC path from Active Directory to derive network home location'. The problem comes when defining the home folder in the AD user's profile. I input \\server\share\%username% and when I click 'Apply' I get an error, 'The home folder could not be created because: the request is not supported.' However, if I check on the server, it has actually created the folder. When I click 'Apply' again, I get a message saying the folder already exists, do I want the user to be granted full control. I click 'Yes', BUT, and this is where I'm coming unstuck, when I check the permissions of the folder created, I get access to the folder, and everyone gets no Access. The user of the folder has no rights therefore when I log in as that user to test, it doesn't work. If I manually add rights for that user to the folder, then that works, but this is impractical as I'd have to do this individually for a large number of students.

As an aside, if I use the Attribute Editor in AD to add a homeDirectory and homeDrive, and Apply this, I get no error, but also no user folder created. It doesn't create the folder on login either. This is an issue, as the user creation process is automated, and I intend to get this field updated as part of the creation process for those students who will be using Macs.

Both Domain Admins and Enterprise Admins have administrative rights to the ML Server. I am a Domain Admin. The Users sharepoint has R+W access for System Administrator, Administrators group and Everyone Else. I also tried adding Domain Admins and a local group called MacStudents, that contains an AD group (done in WGM) that the above users are members of.

My next step is to update the AD Schema to include Apple specific attributes and see if I can get it work that way.

If there was a way to query a group, automatically create server based home folders with appropriate user names and grant the proper rights then this would be acceptable, however my scripting ability and knowledge is fairly non-existent.

Any help would be hugely appreciated as I've spent a long time trawling through google and various forums to no avail.