I'm total lost here, so I want to be able to login to a mac from our active directory which I've managed to do fine.
But how do you sync the files? If i've saved documents on the desktop, my documents, downloads e.t.c. on a windows computer how would you then sync that onto the Mac?
Mac Pro, macOS Sierra (10.12), null
There will be various ways to do this but most of them would basically boil down to configuring both the Windows PC and the Mac to store files and folders on a server. If you configure them to use the same location then they should see each others files.
In Mac speak this is called a 'Network Home Directory' in Window speak this used to be known as 'Roaming Profiles'. Windows may do this in a different manner these days using folder redirection. See https://technet.microsoft.com/en-us/library/cc771969%28v=ws.11%29.aspx?f=255&MSP PError=-2147217396
It would also be possible to setup folder syncing on both the Mac and Windows so copies are synced to a location on the server. Such tools are I believe built-in to Windows but would require additional software on a Mac e.g. ChronoSync.
(Apple discontinued Portable Home Directory syncing in macOS Sierra.)
It would likely cause all sorts of problems if both computers were logged in at the same time as files would then be 'busy' as far as the other is concerned.
Thanks for the reply! I appreciate it.
So what youre telling me is we have to setup a network home directory to sync the files, home sync is no longer an option in MacOS Sierra? Which must be why I cant configure the home account settings but I can on an older version OS X....
If we setup a network home directory and setup a mobile account, would that work in a sense its still syncing to a server but you could still use the files if the network drops?
Network Home Directory based account only store stuff on the server, they do not store stuff locally.
Portable Home Directories used to have a copy on the server and a copy locally and sync them, as mentioned Apple have discontinued this feature.
Mobile Accounts only store stuff locally.
Either you switch to a Network Home Directory, or you continue to use a Mobile Account and then you need to use a third-party utility like as mentioned ChronoSync to do your own syncing to a folder on the server.
If the network drops and you are using a Network Home Directory then things rapidly stop working. Typically you have to reboot and if the connection is then working you can log back in. A Network Home Directory approach is only suitable for use when you are in the office where the server is. If your using a laptop you need to use a Mobile Account and perhaps syncing.
So how would you setup a Network Home Directory with AD? I've put a drive under "profile - home folder - connect" and it mounts the drive when you login on the dock to the account on the mac but it doesn't sync the desktop files etc, would you need a third party bit of software for that also?
The default behaviour when a Mac is bound to AD is to create a mobile account. It is possible to override this and it is also possible to set management options controlling your Macs so that this is automatic. For example you might manage your Macs via Profile Manager and set the 'Mobile Account' options to ensure it is always a Network Home Directory setup. It is also possible to setup what was called a 'Magic Triangle' whereby a Mac server is used solely to manage Mac settings. The client Macs then need to be bound to both the AD and Mac servers, however the preferred approach these days is Profile Manager or equivalent e.g. JAMF Casper Suite etc.
You also need to define the value in an AD field for each user which defines the Window SMB file path to access the users Network Home Directory. Since this is using a Windows Server and AD the format needs to be in Window UNC format not the more typical Mac/Unix/Linux URL format.
i.e. \\server\share\folder not smb://server/share/folder
This would I believe be in the AD homeDirectory attribute. Do not use the unixHomeDirectory attribute even though on the face of it it may seem logical to do so.
Obviously the Windows server must be sharing the designated location.
If you use Mobile Accounts instead then as I stated you will then need to get a sync tool and setup your own syncing.
John (as ever) is giving great advice as well as explaining the underlying technologies in both systems. No offence intended but you may be struggling with what's been explained? This question:
"So how would you set up a Network Home Directory with AD?"
May need further clarification? Your initial post states you can log in to your account on AD? Presumably you bound the mac to the AD domain first? If you're not sure what this means then it's done in the Users & Groups Preference Pane > Login Options > Network Account Server. This is for El Capitan but should still serve for Sierra? If you haven't actually done this then perhaps all you're really doing is connecting to a share that has been designated for your use on the Windows Server?
If you have bound the mac then you must use an account that has privileges for that domain. Doubtful anyone in IT would give this to you although you never know? Your AD account won't necessarily do but if you have used it and it did bind then I'd be surprised as this would be seen as a security risk by the IT Department. I've never been to an AD site yet that allows binding by non-admin accounts. Further no-no's are your local admin account on the mac itself should not be the same username as the one you use on AD. Some further clarification on how your mac has been configured would be helpful? As John has pointed out the default behaviour is for a Mobile Account which does not sync in Sierra. What this means is your OS X home folder is stored locally in /Users and you should see a link in the right hand side of the Dock which is your AD home folder. This folder is the profile you access when logging onto a PC. To sync data between the two you either manually do it; devise a script that does it for you or use a 3rd-Party application such as ChronoSync or CarbonCopyCloner to do it for you. To access your data as you would on a PC (ie: a network home directory) untick the option to create a Mobile Account. You can do this either using Directory Utility or the command line. Directory Utility is stored in /System/Library/CoreServices/Applications. This command issued using Terminal will open it for you:
open /System/Library/CoreServices/Directory\ Utility.app/
Click the lock icon, supply the local admin's password and select "Active Directory". On the next window click the grey disclosure triangle to reveal further options. Untick the "Create mobile account at login option". Once you've done this log in with another local admin account - you should do anyway this as it's good practice - delete the mobile account (back-up data first), log out and login again. This time - hopefully - you'll 'see' all the files you normally see on a PC as well as the OS X default home folder folders. Any data you add from that point should also be available when you log onto a PC. Depending on what work you do Network Home Directories work well if your connection is a permanent wired one. Obviously using a laptop that moves from to office would cause you problems if you don't log out first when at work. When going home you won't be able to access the data you'd accessed when at work. If you're a Designer using Photoshop, InDesign etc and your Mac is a laptop then you should be using a Mobile Account that allows for work/home use as well as something that backs up/syncs the data you create away from work. Perhaps you should start having a discussion with someone at work who may be able to help you more?
Mac OS & Active Directory Files
