Jamf Nation Community

Would be god to know if this can be easily scripted to avoid having to use an osx server and workgroup manager.

have you looked at Unison?

My directory binding that I use at imaging time is set to create cached mobile accounts without requiring confirmation, you can also choose to use the UNC path provided by AD with afp set as the protocol so you can go straight to the Rules section in your config profiles. If possible, try to see if your Window server will perform Server-Side File Checking. That hides a lot of blinking houses and status bars from your end users.

I spent a lot of time disabling home sync and magic triangle nightmares when we went to using CrashPlan Pro for backup. Home folder sync can get ugly and the logs are tiresome to read. Are you using any type of backup solutions in your environment?

Are you sure you want to do this? My experience with home directory sync that is automated has been, well, bad even when it is actually working perfectly. The average user had a great deal of trouble with this because if anything goes wrong at the time the sync occurs there are difficult questions to answer. Why difficult? There isn't enough information presented to make it easy to make a judgement call and consequences are significant.

Let me give you an example that I have run up against time and time again over the years. Joe Student is working on his final exam paper in the lab. His paper "rocks" and he is certainly going to get an A for this work. Ok, great! Wait, look, the bus leaves in 10 minutes. Time to go home. Joe remembers to save his work, 'cause he is a responsible young man. Then he logs out. [Note: in my experience neither of these things actually happens despite their importance to making everything work smoothly, but that is another story.] Bing! "Your network home directory contains files that are newer than the ones you are saving now. Review? Network? Local? Warning: you may loose data." What is Joe to do? Pressure is on! Decide now! Bus isnt going wait forever!!

I my experience the alternative choice works much better. Set up your users to create a local home directory at login. Then set them up to mount their network home directories onto their desktop (lots of ways to do this) and make sure everyone knows where their files will be kept --after logout--only on their network home directory. Then set up a script to sweep up home directories and move them to a archive that user's cant touch (to give you a way out of the obvious "but I will never do it again if you can just give me back my file moments"). Put a big poster in the lab showing user's what their network home directory looks like and a notice that they will loose any file not put in that location. Heck, you might even put a notice on the wallpaper.

If you really want to do home directory sync, get a rsync script and run it from a little AppleScript application. Then you can give them the app that syncs their home directory on command. And rsync has its issues (you need to test and test and test) but it can be set up to just backup and not ever delete a file. This makes for bloated backups and happy users (angry sysadmin's but you know there are downsides to every great plan).

Trust me, fate has done you a favor! You dont want to sync automagically. Don't do it!

If I were forced to go forward with user home directory sync with the "shut up stupid sysadmin and do what your told before we find ourselves a more compliant bit monkey..." line (and we've all been there...) get network home directories to work. The key there is that you need fast connection to your home directories (which it sounds like you have) and a Mac friendly Windows server (or NFS on a Unix box). It sounds like you have both. The only trick you will need to work out is getting some apps to be happy with a network home (MS Office comes to mind) and you can use symbolic links to trick those apps into thinking they are using a local home directory.

Ok, like normal I gave you a complicated answer to a simple question. My apologies. Let us know what you did in the end.

Nice write up @wlcasey. I think you just saved me some major headaches with Home Sync. I'd like to setup some kind of one way rsync (user account -> AD share). Before getting in over my head, any tips on setting something like this up? Maybe a Self Service policy?

I would add to @wlcasey][/url 's idea of network homes to look at the folder redirection managed preference profiles you can create under Computers/Managed Preferences. You can symlink to the local media any directories that third party applications need locally and keep the rest directly on your SAN. A tip; I would keep most everything local save for the Desktop, Maybe Documents (excluding Microsoft User Data) and maybe ~/Library/Preferences (only if the users are going to be switching machines periodically and want a consistent user environment.)

We use Mobile accounts and force local home directory. This is mainly so our users that have MacBooks can always log into their computer since the AD share will not work outside our network. So, whatever solution we go with, it will only work when they are connected to our network.

You didn't mention anything about "Use UNC path from Active directory". I'm assuming that was selected.

I use a configuration profile and use Mobile accounts. I have found that using the local template is waaaaaaay better. I just have them dump all their docs on the network home drive into their local documents folder then sync "Desktop" and Documents". HomeSync works so much better this way than honoring the network template.