+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Mac Thread, Mapping AD network user homes through OD in Technical; Our macs here used to be set up so users got their AD network home drives mapped when they login ...
  1. #1

    Join Date
    Jan 2011
    Location
    Brighton
    Posts
    36
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    9

    Question Mapping AD network user homes through OD

    Our macs here used to be set up so users got their AD network home drives mapped when they login in when the path was in the following format in AD;

    \\fileserver\username$

    However to make adding new users easier for ourselves we changed the AD accounts so the home directory path is now as follows;

    \\fileserver\users$\Students\YearGroup\username

    This works fine in windows but on the macs it just maps users$ which they don't have permission to so..

    Is there an easy way of fixing this?

    I've written this applescript which ejects the users$ share, queries AD for the current users home directory, converts the \\ into / and maps that as an SMB share.

    However i'm hoping there's an easier way of doing this that i've missed as i've got to apply this to around 100 macs..

    Code:
    set diskName to "users$"
    tell application "Finder"
    	if disk diskName exists then
    		eject disk diskName
    	else
    		
    	end if
    	
    end tell
    
    set homedir to (do shell script "dscl /Active\\ Directory/domainname.org.uk -read /Users/$USER SMBHome | grep \\\\\\\\.* -o")
    
    set x to SaR(homedir, "\\", "/")
    
    on SaR(sourceText, findText, replaceText)
    	set {atid, AppleScript's text item delimiters} to {AppleScript's text item delimiters, findText}
    	set tempText to text items of sourceText
    	set AppleScript's text item delimiters to replaceText
    	set sourceText to tempText as string
    	set AppleScript's text item delimiters to atid
    	return sourceText
    end SaR
    
    set networkhomedir to the result
    
    mount volume "smb:" & networkhomedir as text
    Any suggestions would be greatly appreciated.

    Many thanks,

    Martin

  2. #2
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    The amount of people I've seen with fancy scripts for mapping AD network drives is starting to make me think that I've done something wrong!
    All I've done for our AD/OD is set the macs to use the path in AD to map the user's home drive (Directory Utility -> Services -> AD -> Advanced -> Use UNC path from AD), and that seems to do the trick.

  3. #3

    Join Date
    Jan 2011
    Location
    Brighton
    Posts
    36
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    9
    Quote Originally Posted by kirchie View Post
    The amount of people I've seen with fancy scripts for mapping AD network drives is starting to make me think that I've done something wrong!
    All I've done for our AD/OD is set the macs to use the path in AD to map the user's home drive (Directory Utility -> Services -> AD -> Advanced -> Use UNC path from AD), and that seems to do the trick.
    Kirchie,

    This worked previously before the student's UNC paths were changed, it seems that the macs weren't too happy with the home directory being a subfolder within a share. The staff here still have their home directories UNC paths shared out like \\server\username$ and that works fine it's just the students who have had their UNC paths changed to \\server\user$\Students\Yeargroup\Username

    Spent a while checking through everything in directory utility to no avail so I went down the scripting route..

    How are your UNC paths inputted in AD out of interest?

    Cheers,

    Martin

  4. #4
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    We have \\studentFS\student home$\year entered\Student name Staff have a simmilar structure, only it's grouped by deparment rather than year.
    I don't envy you at all with the blasted things. I'm fed up with them, and they're going to be bootcamped with Win7 next week. Should make things so much easier to manage!

  5. #5
    dayzd's Avatar
    Join Date
    Nov 2009
    Location
    In front of computer
    Posts
    403
    Thank Post
    74
    Thanked 59 Times in 48 Posts
    Rep Power
    24
    Can you not give students 'Traverse folder' permissions on the fileserver so they can see through the users$ folder to their own folder below?

    I vaguely remember having to do this once and I don't think I needed a companion script to get it to work...

  6. #6

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    What are you hosting the user accounts on??

  7. #7


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    'Traverse folder' permissions
    Id suggest its this too

  8. #8

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    Yes if this is a windows box setup like this \\server1\users\username

    your share permissions should be authenticated users full control

    your NTFS permissions on the users folder should be System full, Local/Domain admins full and authenticated users read/list. Also remember to turn off inheritance/propagate permissions

    your NTFS permissions on the username folder should be System Full, Local/Domain admins full and username read/list/execute/write/modify

    Also if this is a windows box you can turn on Access Based Enumeration and this will hide any folders the users don't have access too.

  9. #9
    Joewilson's Avatar
    Join Date
    Sep 2012
    Location
    10300 Highway 196, Collierville, TN
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I have also tried these AD home drives but it gives very problem to install. I think may be there may be network problem also.
    prix immobilier montpellier

  10. #10

    Join Date
    Jan 2011
    Location
    Brighton
    Posts
    36
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    9
    Thanks apeman,

    The network home drives are all on a server 2003 box, the macs connect
    using SMB.

    I tried applying all permissions suggested by yourself and it is still mapping
    the root of the share as a drive which is 3 levels up from the users
    folder ie;

    \\server\users$\ADSync\Student\YearGroup\Username

    Is there anything else I can try?

    On another note the script that I am using for mapping the drives is now failing..

    I copied the script locally and set it to run on log in through WGM. This was fine for a while but it's now corrupted the script .app file.

    Is there a better way to run log in scripts in an open directory environment, the script is written in applescript.

    Many thanks,

    Martin

  11. #11
    dayzd's Avatar
    Join Date
    Nov 2009
    Location
    In front of computer
    Posts
    403
    Thank Post
    74
    Thanked 59 Times in 48 Posts
    Rep Power
    24
    I've used bash whenever I've done login scripts. Never had them not run or become corrupt once.

    I actually had a slightly more complicated login script arrangement, that kind of mimicked the 'netlogon' method of Windows systems. Each machine had a short script installed locally which ran on login. This script would mount a share on the server, copy the 'real' login script to the local machine and then run it.

    This way I only had to make changes to the one copy on the server, and at next login the machines would run that instead. Saved loads of effort in deploying changes! It also kept the local version on disk, so that if the remote share could not be mounted, it ran the last version it had, making sure any environment settings or drive mountings would still be applied.

  12. #12

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    What version of 2003 is it?? 2003 or 2003 R2??

    What are the permissions on ADSync, Students, YearGroup and Username??

    I would also try and move away from login scripts they aren't supported in 10.7 and above.

  13. #13

    Join Date
    Jan 2011
    Location
    Brighton
    Posts
    36
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    9
    Yes I would much prefer not not have to rely on login scripts but at the moment it's the only way of getting the student's home drives mapped for them. (however flaky it's being)

    The permissions need sorting out over the half term as students currently have the ability to write directly to the users$ share which is occasionally getting mapped for them on both mac and windows. To sort this i'm going to remove all 'Local users' write permissions, not sure how this got there in the first place..

    Permissions are as follows;

    Highest Level;

    E:\Users - Shared as users$

    Share Permissions - Everyone Full Control

    NTFS - Auth Users - Read/List/Transverse
    - Creator/Owner - Full
    - System - Full
    - Local Administrators - Full
    - Local Users - Transverse/Write Data/Append Data


    E:\Users\ADSync - Not Shared

    NTFS - Creator/Owner - Full
    - System - Full
    - Local Administrators - Full
    - Local Users - Transverse/Write Data/Append Data


    E:\Users\ADSync\Students - Not Shared

    NTFS - Creator/Owner - Full
    - System - Full
    - Local Administrators - Full
    - Local Users - Transverse/Write Data/Append Data
    - Staff - Read/List/Transverse


    E:\Users\ADSync\Students\YearGroup - Not Shared

    NTFS - Creator/Owner - Full
    - System - Full
    - Local Administrators - Full
    - Local Users - Transverse/Write Data/Append Data
    - Staff - Read/List/Transverse

    E:\Users\ADSync\Students\YearGroup\Username - Not Shared

    NTFS - Creator/Owner - Full
    - System - Full
    - Local Administrators - Full
    - Local Users - Transverse/Write Data/Append Data
    - Staff - Read/List/Transverse
    - Username - Full

    So students, being a member of authenticated users and local users (through domain users) do have at least transverse permissions all the way down the folder path.

    Cheers for the help for far! Let me know your thoughts..

    Martin

  14. #14

    Join Date
    Jan 2011
    Location
    Brighton
    Posts
    36
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    9
    And it's server 2003 standard.

    Thanks!

    Martin

  15. #15

    Join Date
    Jan 2011
    Location
    Brighton
    Posts
    36
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    9
    I've tried this again today on a new test folder structure with correct permissions as per apeman's previous post and I've still got the same issue.

    I can now browse to the users folder from the users$ share but this still isn't ideal.. I ideally want students to be able to access their network home drives directly.

    All I want to know is if what I am trying to achieve is actually possible or if my best bet is to revert back to username$ shares (not favourable)

    Thanks,

    Martin

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Adding Windows 7 Home Premium to XP Network
    By rocknrollstar in forum Windows
    Replies: 2
    Last Post: 18th June 2010, 07:53 AM
  2. Network Printers automatically added to user accounts
    By Olliegami in forum Windows Server 2000/2003
    Replies: 6
    Last Post: 9th June 2010, 12:23 PM
  3. Mapping a network drive - Vista Home
    By Edu-IT in forum Windows
    Replies: 3
    Last Post: 9th November 2009, 07:56 PM
  4. [Ubuntu] Mount users Home drive from AD to
    By jmair in forum *nix
    Replies: 3
    Last Post: 29th April 2009, 06:38 PM
  5. Users Home Folder and Network Drive
    By lovelldr in forum Windows
    Replies: 6
    Last Post: 6th August 2007, 10:17 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •