I'm doing some work right now fixing a mixed environment of OS X and Windows machines that was poorly designed and deployed. The options for directory integration on OS X are poorly documented and confusing, so I am going to do my best to document the behavior of these options here.

The first step in performing directory integration with an OS X client is to join the client to the Active Directory domain. To do this, open System Preferences, navigate to Users, then Login Options, press Edit next to "Network Account Server," then select Directory Utility. In there, you will be asked to enter the name of the domain you want to bind to and once you select Bind, you will need to enter proper domain credentials. This is the obvious part, however.

The non-obvious part which requires explaining are the various combinations of options surrounding the "Create mobile account at login" and the "Force local home directory on startup disk" settings. The following explanations assume the user has a network home folder path specified in their AD user account and the "Use UNC path from Active Directory" option is set. As far as I understand it at the moment (I will update this post as my understanding grows), these are the results of the various settings combinations:

• Create mobile account ON/Force local home directory ON: A local copy of the user's network home folder is created, which acts as the user's profile in /Users. The local copy is synced with the network copy at login, logout, and intermittently in between. Depending on the size of the user's profile, this can cause long login or logout delays.
• Create mobile account OFF/Force local home directory ON: This creates a local home directory separate from the user's network home folder. The network home folder is mounted in Finder separately.
• Create mobile account OFF/Force local home directory OFF: This combination serves the user's profile from a network home folder. If a profile is not present on the network home folder, then functionality on the Mac will be severely degraded since the user will not have a profile to work in. This saves space and generally decreases login/logout time, but increases network traffic and can be difficult to setup. I do not know if this option will work at all if Mac clients are running different versions of OS X since the profiles that need to be served may differ.

My current testing situation involves by OS X 10.9 clients and servers, along with a Windows 2008R2 Active Directory domain. I'll be writing more clarifying posts as time goes on.