I work for a very large ad agency, and we're in the process of doing a massive upgrade of all of our systems to 10.3 and 10.4. We've purchased an Xserve and Xserve RAID to act as an art server, but I have a predicament I'm trying to solve and cannot quite seem to find a satisfactory solution.
We have around 450 Mac workstations all running a variety of OS versions, from 9.1 all the way up to 10.4 on our most recent purchases. Each machine is effectively an island: local user accounts, local home directories, etc. We've been mandated by our parent company to start enforcing policies and managed preferences on our Macs in order to survive a forthcoming Sarbanes-Oxley audit for our internal systems.
Our Windows NT PDC will authenticate PC users, and, if necessary, create a home directory but will NOT create one on the server. I want the same to apply to the Macs in our agency. The Macs would authenticate against OD in order to force preferences, password changes and so on, but I wouldn't have to worry about migrating user data from a workstation. I simply do not have the space to store an average home directory size that is roughly 4-12GB for 450 machines. Plus, our network would crash in a heartbeat as soon as our artists start saving massive Photoshop files to their desktops.
Is there any way to achieve my goal of having systems authenticate to OD, yet maintain local home directories? And, if OD cannot do this, will Active Directory support something similar, if the Macs authenticate to it? Our NT4 PDC will be migrated to 2003 Server, soon, so AD is also a possibility.
I appreciate any help!
Thanks,
JB