But there were two problems we found here.
We used a clear (just re-installed) macOS 10.15.6, joined to an Active Directory (galen2.internal), and didn't select "Create mobile account at login" or "Force local home directory on startup disk", because we wanted to use network home directory. The following is the AD user's (galen's) attributes:
test1@MacBook-Air ~ % dscl /Search read /Users/galen
dsAttrTypeNative:accountExpires: 9223372036854775807
dsAttrTypeNative:badPasswordTime: 0
dsAttrTypeNative:badPwdCount: 0
dsAttrTypeNative:cn: galen
dsAttrTypeNative:codePage: 0
dsAttrTypeNative:countryCode: 0
dsAttrTypeNative:distinguishedName: CN=galen,CN=Users,DC=galen2,DC=internal
dsAttrTypeNative:dSCorePropagationData: 16010101000000.0Z
dsAttrTypeNative:instanceType: 4
dsAttrTypeNative:lastLogoff: 0
dsAttrTypeNative:lastLogon: 132433350236492014
dsAttrTypeNative:lastLogonTimestamp: 132433334755547367
dsAttrTypeNative:logonCount: 18
dsAttrTypeNative:name: galen
dsAttrTypeNative:objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=galen2,DC=internal
dsAttrTypeNative:objectClass: top person organizationalPerson user
dsAttrTypeNative:objectGUID:
2e903d6d b6d4f14a 9e087ed9 5bf0161d
dsAttrTypeNative:objectSid:
01050000 00000005 15000000 10c17bb5 fb01ae17 c8d16b35 4f040000
dsAttrTypeNative:sAMAccountName: galen
dsAttrTypeNative:sAMAccountType: 805306368
dsAttrTypeNative:userAccountControl: 66048
dsAttrTypeNative:userPrincipalName: galen@galen2.internal
dsAttrTypeNative:uSNChanged: 16442
dsAttrTypeNative:uSNCreated: 12773
dsAttrTypeNative:whenChanged: 20200831074435.0Z
dsAttrTypeNative:whenCreated: 20200831065838.0Z
AltSecurityIdentities: Kerberos:galen@galen2.internal
AppleMetaNodeLocation:
/Active Directory/GALEN2/galen2.internal
AppleMetaRecordName: CN=galen,CN=Users,DC=galen2,DC=internal
FirstName: galen
GeneratedUID: 6D3D902E-D4B6-4AF1-9E08-7ED95BF0161D
HomeDirectory: <homedir><url>smb://GALEN-2K16-DC/share/galen</url><path>/</path></homedir>
NFSHomeDirectory: /home/galen
Password: ********
PrimaryGroupID: 1132486692
PrimaryNTDomain: GALEN2
RealName: galen
RecordName: galen
RecordType: dsRecTypeStandard:Users
SMBGroupRID: 513
SMBHome: \\GALEN-2K16-DC\share\galen
SMBHomeDrive: Z:
SMBPasswordLastSet: 132433307187969890
SMBPrimaryGroupSID: S-1-5-21-3044786448-397279739-896258504-513
SMBSID: S-1-5-21-3044786448-397279739-896258504-1103
UniqueID: 1832751150
UserShell: /bin/bash
The problem one is that if the SIP was enabled, the AD user (galen) that had a network home directory could not log in. We checked the log stream, we found that some applications were blocked by SIP. For example:
test1@MacBook-Air ~ % sudo log stream | egrep "file-write-create"
2020-08-31 16:01:48.757546+0800 0x5421 Error 0x0 0 0 kernel: (Sandbox) Sandbox: knowledge-agent(1552) System Policy: deny(1) file-write-create /System/Volumes/Data/home/galen/Library/Application Support/Knowledge
So we disabled the SIP, and cleared (deleted and re-created) the network home directory smb://GALEN-2K16-DC/share/galen, then the AD user (galen) that had a network home directory could log in, but the problem two is that after logging in, all applications became slow or even freezed. We checked the log stream, we found that there were many errors. For example:
test1@MacBook-Air ~ % sudo log stream
2020-08-31 16:15:44.081396+0800 0x1fab Error 0x0 775 0 Safari: (CoreFoundation) [com.apple.defaults:User Defaults] Couldn't read values in CFPrefsPlistSource<0x6000006e8600> (Domain: kCFPreferencesAnyApplication, User: kCFPreferencesCurrentUser, ByHost: Yes, Container: (null), Contents Need Refresh: Yes): Unable to determine access
2020-08-31 16:15:44.081203+0800 0x29e8 Error 0x0 596 0 cfprefsd: (CoreFoundation) [com.apple.defaults:cfprefsd] rejecting read of { kCFPreferencesAnyApplication, galen, kCFPreferencesAnyHost, no container, managed: 0 } from process 775 (Safari) because Unable to determine access
These two problems occurred on macOS Catalina or Big Sur Beta 5 but not occurred on macOS Mojave.
Please test this situation.
