Welcome to the MacNN Forums.

Matt OS X · May 24, 2012, 12:10 PM

I work for an university and I'm struggling to find a easy proper way to manually back up "AND" restore client's user profile on Snow Leopard/Lion OS with Active Directory password in sync.

Let me explain you here what I did:

I wanted to back up User home folders so that they can easily be restored to another computer or the same computer while preserving proper permissions, ACLs, and file/folder ownership.

To backup:
I used "Disk Utility" to backup the user home folder.
-Login as a local administrator, but not as the user account you want to backup.
-Launch Disk Utility.
-Choose File » New » Image from Folder...
-Select the user's home folder /Users/[username].
-Save the disk image to your external drive to back up.
-Enter an admin username and password when prompted.

To restore:
-When starting with a freshly restored or new computer use the Setup Assistant to create a local admin account that is NOT the same user name and short name as the user you are restoring.
-Logged in as a local administrator account.
-Mount the disk image from the backup drive of the user's home folder.
-Switch to the Finder by clicking the Finder icon in the Dock.
-Choose 'Go To Folder' from the Go menu.
-Type /Users/ and click Go.
-Copied the mounted disk image (not the disk image itself, but the white mounted disk image icon on the desktop) to the /Users folder by dragging it and holding the Command key. A green plus sign on the icon will indicate a copy and not a move is about to be performed.

When the copy is complete, the user's home folder restored with all its sub-folders, and all previous ownership and permissions.

I logged out my local Administrator account and an Active Directory client tried to log in with his/her account. The message popped out on the login screen saying;

"Unable to create mobile account. There was a problem while creating or accessing "/Users/username".

I do not want to create a local username via System Preferences with the same username because I want a Mac to communicate with Active Directory in sync. I do not want to depend or create a local user profile account then the local user profile password will not work with AD password when a client reset their password.

I wasn't sure if I should uncheck or check the "create Mobile account" on OS X Directory Service? Wouldn't that make any difference?

Thanks!

Big Mac · May 24, 2012, 12:50 PM

This should be easily supported given that OS X has had Directory Service support for some time. Have you read all you can find on OS X Active Directory support?

Waragainstsleep · May 24, 2012, 12:59 PM

It sounds like what you really want is a mobile account.

I normally use a Mac Server attached to the AD to do this but try the following if you can:

In the AD, go to the 'Profile' tab of the users AD account settings;
Change the 'Home Folder' from "Local Path" to "Connect to";
Specify a drive letter that AD isn't using for anything else in case they log into a Windows machine again some day;
Give the path of an AD file server where you want to back up their home folder;
Bind the client Mac to the AD making sure you specify to create a mobile account when logging in;

Test and see what happens. If you want greater control of what exactly does and doesn't sync as well as other preferences, you might need to get a Mac Mini Server (Or other Lion Server) and set up what is called the magic or golden triangle. Give this a go and see what happens first though.