The dreaded inherited ACL duplication issue
This issue is well documented here but its still annoying.
The gist is that if your users shuffle around and duplicate a lot of nested folders, like bundles (which means pages and numbers documents, applications and others), then eventually any ACLs, including inherited ones, will be duplicated over and over again geometrically (only linearly over AFP, thank god) and quickly hit the Finder's internal limit for the number of ACLs it can handle resulting in an "Error -41" when trying to do something to the item in the finder.
chmod -R -N ./*Which will remove all the ACLs on items in scope. Then re-propogate.
The Hot-Desking Carbon API Kerfuffle
So you have Open Directory set up and AFP remote home folders and your users are hot desking on managed machines. Only some of the time, and sometimes completely randomly the icons on the desktop don't show up, or the Finder will prompt that the /Network/Servers/yourserver.com/Users Alias has broken and needs fixing. There are loads of other odd symptoms that come and go even between logins.
Interestingly that directory path isnt an alias at all, but a mount point being managed by OS X's automounter. The thing is that the finder is still using a Carbon API to access at least this part of the file system and unlike OS X's BSD underpinnings, which see the file system as one whole tree with other volumes attached at certain folders, the Carbon API sees each device as a separate tree. The finder literally has no ability to process that traversing a folder might also traverse a volume.
The dirty hack is that these volume traversals within the file system are presented to Carbon applications as aliases. Something seems to be being cached between users which means that while the mount point changes with the user, whatever service the Finder is using to keep track of these mountpoint to alias conversions is getting stuck and reporting the prior alias, which becomes invalid with the new user's credentials.
Long story short means that for the most part everything is fine (and in fact the finder can still read the user's home folder and make changes) but the seemingly crufty Desktop Services part of the Finder trips up and bothers my users and my support ticked system is full of "No desktop icons" reports.
set Apple Remote Desktop to combo update all the machines each night until I can identify which cache I need to delete with a logout hook.