Configuring a portable home directory

You can create a portable home directory for a user and synchronize that directory with the share defined in the user’s Centrify Profile. You can synchronize to /SMB/, /AFP/, or /Network/Servers (NFS) shares.

Advantages of a portable home directory are as follows:

  • If a user does not have a portable home directory and the computer becomes disconnected from the domain controller (and therefore disconnected from Active Directory), the user can log in with Active Directory credentials only if the user’s information exists in the Centrify cache. If there is any issue with the Centrify cache (for example, if the adflush --force command was issued to flush the cache immediately before the computer was disconnected from the domain), Active Directory users cannot log in unless they have portable home directories.
  • Active Directory users without portable home directories are required to log in at least once in connected mode to populate their account information in the Centrify cache. If the computer is not connected to the domain controller, the Centrify cache is not updated with the initial set of Active Directory user data, and Active Directory users cannot log in.

You use group policies to configure synchronization. These group policies perform the same function as the Mobility preferences that you can manage through Workgroup Manager.

The following sections describe the process of specifying the options for creating mobile accounts, and for specifying the options for synchronizing mobile accounts with the network home directory.

Before you begin you should have the following in place:

  • A Group Policy Object that applies to a domain or OU that includes Mac users.
  • A good understanding of the synchronization rules that you want to apply. The procedures in the following sections explain the group policies and options that you can enable, but you should consult the Mac OS X Server documentation for strategies about which options to apply.