Seamless Active Directory integration transforms Synology NAS into domain controller
Recently provided some assistance to a local IT company that exclusively uses Synology devices instead of servers for their clients. They approached us to create Group Policy objects based on this new feature of the Synology. The Synology Active Directory Server app is based on the Samba 4 Protocol, here are some details of available features:
Support for Windows RSAT
Support for TLS domain controller certification
Support for custom NetBIOS domain names
DNS auto registration
Support for single domain controllers
Account & Privileges
Group membership and policies
Roaming user profiles
Account single sign-on
Home folder support
Security & Access Control
Kerberos-based authentication
Password reset via email
Password strength policies
Account lockout policies
Domain Clients
Microsoft Windows 7 and above
Linux
Take Aways
Here are some basic take-aways from our experience creating these Group Policy Objects (GPO) on the Synology Active Directory Server.
Need to install Remote Server Administration Tools (RSAT) on the most up-to-date desktop or server OS version in the organization to allow for best compatibility with all earlier OSs when creating GPOs
Need to modify Synology Active Directory Server control panel Domain Options to allow Domain Admins to have admin access – without this you will get Access Denied every time a GPO is attempted to be added
Windows Servers, Active Directory and domains are not dead, they are just becoming a “Container” which makes them much cheaper for small businesses to adopt.
If your company is utilizing a Synology Network Attached Storage device and would like the functionality of an Active Directory domain, then contact us for assistance.
Hi, I would like to know if it’s possible to transition from an existing Windows AD to the Synology, so that PC’s and user accounts along with their GUIDs are maintained? Doesnt seem to be much information available out there on this.
I have never attempted this, but from what I have read it is not possible. The Synology (Samba) likes to be the Primary Domain Controller for the domain and doesn’t play nice with others. I have heard that it does not even communicate with a secondary domain controller because of the difficulty setting up the trust relationship.
J’ai un soucis de lenteur à l’ouverture des sessions des utilisateurs. Pourtant quand je ping le DNS le temps de réponse est très correct.
J’ai mis en place des profils itinérants cela vient t’il d’un mauvais paramétrage?
Merci d’avance pour votre aide
Les profils itinérants sont toujours lents les deux premières fois où ils sont utilisés lors de la connexion et de la déconnexion en raison de la synchronisation avec le serveur. Assurez-vous que vous utilisez l’adresse IP du serveur au lieu de UNC pour le chemin du profil itinérant afin d’éviter des problèmes de résolution DNS. Synology AD n’est pas parfait mais utilisable.
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Great sharing of your experience … any idea whether can manage Mac Client on Synology active directory ?
Never tried it, but I would willing to try. Do you have a lab we could work in? I don’t have any access to a Mac.
Hi, I would like to know if it’s possible to transition from an existing Windows AD to the Synology, so that PC’s and user accounts along with their GUIDs are maintained? Doesnt seem to be much information available out there on this.
I have never attempted this, but from what I have read it is not possible. The Synology (Samba) likes to be the Primary Domain Controller for the domain and doesn’t play nice with others. I have heard that it does not even communicate with a secondary domain controller because of the difficulty setting up the trust relationship.
Bonjour à tous,
J’ai un soucis de lenteur à l’ouverture des sessions des utilisateurs. Pourtant quand je ping le DNS le temps de réponse est très correct.
J’ai mis en place des profils itinérants cela vient t’il d’un mauvais paramétrage?
Merci d’avance pour votre aide
Les profils itinérants sont toujours lents les deux premières fois où ils sont utilisés lors de la connexion et de la déconnexion en raison de la synchronisation avec le serveur. Assurez-vous que vous utilisez l’adresse IP du serveur au lieu de UNC pour le chemin du profil itinérant afin d’éviter des problèmes de résolution DNS. Synology AD n’est pas parfait mais utilisable.
Can I use this If I wanted to drop my Windows Domain Controller and switch to the Synology Domain Controller?
You can create another domain with the Synology as the DC, but you cannot keep the current domain.