Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Switch off local profile creation on Mac OS X 10.9.4

Posted on 2014-09-09
18
Medium Priority
?
681 Views
Last Modified: 2014-09-26
We have setup 60 iMac's on our AD/OD domain. We use Profile Manager to manage the devices and AD for users to logon.

Its taking 4 minutes to login a user as (i guess) the local profile is being created. Is there a way to switch this off?

How do other Network Admins tackle this?
0
Comment
Question by:James Wilkinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
18 Comments
 
LVL 10

Expert Comment

by:schaps
ID: 40313628
Slow logins on OS X machines joined to A.D. are usually DNS-related, not from creating a local profile. Does your A.D. domain end in ".local"?
0
 

Author Comment

by:James Wilkinson
ID: 40313699
I've setup manual reverse DNS for the clients as DNS wasn't being populated. We have Apple Server DNS which forwards to our AD DNS servers should I switch this off to see if it helps?

Have you any further advise or links related to DNS issues on macs?

Thank you for quick reply by the way
0
 

Author Comment

by:James Wilkinson
ID: 40313700
AD domain ends in .internal
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 10

Expert Comment

by:schaps
ID: 40313734
Do you mean you have a Mac server with a secondary zone which syncs to Microsoft servers DNS primary?
If so, set the Macs in question with static DNS set for your Microsoft DNS server just to see if that is the problem. In any case, it's not the reverse DNS likely causing the problem, but perhaps a delay in finding the srv records for the domain controller.
Also, I should have confirmed before, you are not using Mobile Accounts, correct?
Another thing to try: On Directory Utility-> Services-> Active Directory-> Administrative tab, check mark "prefer this domain server" and put in the IP address (not hostname, as it suggests) of your domain controller.
0
 

Author Comment

by:James Wilkinson
ID: 40313913
We set the Mac Server DNS to be switched on and set our AD DNS as forwarders. We then selected lookup for all clients

The clients are currently pointing towards the primary and secondary AD DNS Servers and not the Mac DNS Server

Should i set them to the mac or leave them as they are and switch off the Apple DNS Server?

Were not using Mobile Accounts and i will set the clients to prefer the domain server

Thank you
0
 

Author Comment

by:James Wilkinson
ID: 40316705
We've set the preferred domain server and logins are still taking a while. I have also looked at our DNS servers and they all look fine. Im planning on switching off the Apple Server DNS would you suggest this or should i leave it on?
0
 
LVL 10

Expert Comment

by:schaps
ID: 40316980
Just checking that you used an IP address, not hostname, in the preferred domain server?
Regarding the Apple DNS server, you wrote: "The clients are currently pointing towards the primary and secondary AD DNS Servers and not the Mac DNS Server." In that case, it doesn't matter whether the Mac DNS server is running. If no clients ever query the Mac Server for DNS, it does nothing, has no effect. You may as well turn it off. It makes me wonder why it was on, though, if it doesn't hold the primary zone and no clients point to it?
Further question, are you using Open Directory on the Mac Server and have Mac clients bound to both, or just bound to Active Directory?
In Directory Utility, under "Search Policy" and "Authentication," is your AD domain at the top?
0
 

Author Comment

by:James Wilkinson
ID: 40317052
Yes we used ip in the preferred domain

Yes were bound to AD and OD

We see the following in Directory Utility
Local/Default
Active Directory
LDAPv3/(our apple server FQDN)

Thank you
0
 
LVL 10

Expert Comment

by:schaps
ID: 40317086
In Directory Utility, under Services-> Active Directory-> User Experience-> what are the check-marked settings there?
0
 

Author Comment

by:James Wilkinson
ID: 40317116
Screenshot
0
 
LVL 10

Expert Comment

by:schaps
ID: 40317262
That all looks OK.
So you have a network home specified in the AD account on a Windows server?
0
 

Author Comment

by:James Wilkinson
ID: 40317488
Yes we have a hoe folder which allows the users documents to load in Computer as a network drive and that works fine now

We have noticed that when users first log on it takes a while but then the second login is 95 seconds for all users is 95 seconds classed as good? i thought it would be more like 10 seconds
0
 
LVL 10

Expert Comment

by:schaps
ID: 40317514
If the Mac is merely mounting a network drive when it logs in, not copying all its contents to the local Mac, logins after the first one should be more like 10 seconds. When they first login, the Mac is creating a local profile from the template, so that does take a few more seconds, but unless it's loading a large template profile, that is not likely your problem (let me know if you've modified the user template).

I would create a test user with a mapped --but empty-- network home folder, then on the Mac time the first login for that test user, restart Mac, time the second login, then remove the network home path from the user record in AD, restart Mac, then time a 3rd and 4th login to see if the delay is related to the mounting of this network drive. Not that you'd want to keep it that way, but it would narrow down the problem.
0
 
LVL 30

Expert Comment

by:serialband
ID: 40317538
From http://www.peachpit.com/articles/article.aspx?p=1246089
It's specifically about 10.5, but it still relevant.

Understanding the Home Folder Default Behavior

When you log in with a user account for Active Directory, by default Mac OS X creates a home folder for the user on the startup disk in /Users/usershortname.

If a directory already exists with that name, Mac OS X will not create a new home folder. You may experience unexpected results because the Active Directory user does not have write permissions to the home folder.

See “Transitioning from a Local User to an Active Directory User,” later in this chapter, if that is appropriate for your situation.
Understanding Home Folder Synchronization

The default settings do not configure Mac OS X to synchronize the local home folder with a network home folder. If you log in as the same Active Directory user on multiple Mac OS X computers that are configured with the default settings for the Active Directory plug-in, you will have a different home folder on each computer, and the contents will not be synchronized. To prevent this situation you can do the following:

    Configure mobile accounts and home folder synchronization. See “Understanding Mobile Accounts” for more on this.
    Deselect the option to force the creation of a local home folder, and use Active Directory tools to assign a network home folder for the Active Directory user account. See “Specifying a Network Home Folder” for details.
0
 

Author Comment

by:James Wilkinson
ID: 40320701
Some how our AD DNS Servers had a false A record for our Apple Server. It seems we have better results logging on now we know it's faster to login now (not 4 minutes) but we haven't timed it yet. Will update this ASAP
0
 
LVL 10

Accepted Solution

by:
schaps earned 2000 total points
ID: 40321010
Good to hear. As I wrote before, slow logins on OS X machines joined to A.D. are usually DNS-related. It happens either by slowing authentication or slowing the finding of and mounting the home folder.  To that last point, I remember having success speeding up logins by using an IP address in the user home folder setting on the Windows server (usually something like "\\server\users\username" I used "\\172.16.0.1\users\username"). However, I still would establish a benchmark, as a wrote before, of testing a user without a home folder assigned and see if login time increase substantially by adding one.

None of these things to try are necessarily settings you'd continue using in normal practice, but they aid in finding out what's happening.

T
0
 
LVL 10

Expert Comment

by:schaps
ID: 40344448
Hi, have you had any luck?
0
 

Author Closing Comment

by:James Wilkinson
ID: 40345698
Many thanks for your help with this, all your advice and comments aided the troubleshooting process and we now have successful log ins in 30 seconds
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The error "There was an error performing the update" occurred on a Mac OS X client workstation running  Symantec AntiVirus for Mac (http://www.symantec.com/business/products/purchasing.jsp?pcid=pcat_security&pvid=825_1) - the Enterprise product vers…
We could spend the next millennium discussing the differences of the Mac and Windows platforms. The next century will continue to have fanatics on both side of the equation and neither side will win the war. However, that’s not why we are here. W…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question