I work for an university and I'm struggling to find a easy proper way to manually back up "AND" restore client's user profile on Snow Leopard/Lion OS with Active Directory password in sync.
Let me explain you here what I did:
I wanted to back up User home folders so that they can easily be restored to another computer or the same computer while preserving proper permissions, ACLs, and file/folder ownership.
I used "Disk Utility" to backup the user home folder.
-Login as a local administrator, but not as the user account you want to backup.
-Launch Disk Utility.
-Choose File » New » Image from Folder...
-Select the user's home folder /Users/[username].
-Save the disk image to your external drive to back up.
-Enter an admin username and password when prompted.
-When starting with a freshly restored or new computer use the Setup Assistant to create a local admin account that is NOT the same user name and short name as the user you are restoring.
-Logged in as a local administrator account.
-Mount the disk image from the backup drive of the user's home folder.
-Switch to the Finder by clicking the Finder icon in the Dock.
-Choose 'Go To Folder' from the Go menu.
-Type /Users/ and click Go.
-Copied the mounted disk image (not the disk image itself, but the white mounted disk image icon on the desktop) to the /Users folder by dragging it and holding the Command key. A green plus sign on the icon will indicate a copy and not a move is about to be performed.
When the copy is complete, the user's home folder restored with all its sub-folders, and all previous ownership and permissions.
I logged out my local Administrator account and an Active Directory client tried to log in with his/her account. The message popped out on the login screen saying;
"Unable to create mobile account. There was a problem while creating or accessing "/Users/username".
I do not want to create a local username via System Preferences with the same username because I want a Mac to communicate with Active Directory in sync. I do not want to depend or create a local user profile account then the local user profile password will not work with AD password when a client reset their password.
I wasn't sure if I should uncheck or check the "create Mobile account" on OS X Directory Service? Wouldn't that make any difference?