Set up mobile user accounts in Directory Utility on Mac
You can enable or disable mobile Active Directory user accounts on a computer that is configured to use Directory Utility’s Active Directory connector. Users with mobile accounts can log in using their Active Directory credentials even when the computer is not connected to the Active Directory server.
The Active Directory connector caches credentials for a user’s mobile account when the user logs in while the computer is connected to the Active Directory domain. You don’t need to change the Active Directory schema to use credential caching.
If you extend the Active Directory schema to include macOS managed client attributes, those mobile account settings are used instead of the Active Directory connector’s mobile account setting.
You can have mobile accounts created automatically, or you can require that Active Directory users confirm creation of a mobile account.
In the Directory Utility app on your Mac, click Services.
Click the lock icon.
Enter an administrator’s user name and password, then click Modify Configuration (or use Touch ID).
Select Active Directory, then click the Edit button (looks like a pencil).
If the advanced options are hidden, click the disclosure triangle.
Click User Experience, then click “Create mobile account at login.” Optionally click “Require confirmation before creating a mobile account.”
If you select both options, users decide whether to create a mobile account during login. When a user logs in to macOS using an Active Directory user account, or as a network user, the user sees a dialog with controls for creating a mobile account immediately.
If just the first option is selected, mobile accounts are created when users log in.
If the first option is not selected, the second option is disabled.
Deselect “Force local home directory on startup disk” when using network home directories that have no local directory. This option can’t be changed if “Create mobile account at login” is selected.