Recently provided some assistance to a local IT company that exclusively uses Synology devices instead of servers for their clients. They approached us to create Group Policy objects based on this new feature of the Synology. The Synology Active Directory Server app is based on the Samba 4 Protocol, here are some details of available features:
- Support for Windows RSAT
- Support for TLS domain controller certification
- Support for custom NetBIOS domain names
- DNS auto registration
- Support for single domain controllers
Account & Privileges
- Group membership and policies
- Roaming user profiles
- Account single sign-on
- Home folder support
Security & Access Control
- Kerberos-based authentication
- Password reset via email
- Password strength policies
- Account lockout policies
Domain Clients
- Microsoft Windows 7 and above
- Linux
Take Aways
Here are some basic take-aways from our experience creating these Group Policy Objects (GPO) on the Synology Active Directory Server.
- Need to install Remote Server Administration Tools (RSAT) on the most up-to-date desktop or server OS version in the organization to allow for best compatibility with all earlier OSs when creating GPOs
- Need to modify Synology Active Directory Server control panel Domain Options to allow Domain Admins to have admin access – without this you will get Access Denied every time a GPO is attempted to be added
- Windows Servers, Active Directory and domains are not dead, they are just becoming a “Container” which makes them much cheaper for small businesses to adopt.
If your company is utilizing a Synology Network Attached Storage device and would like the functionality of an Active Directory domain, then contact us for assistance.
Great sharing of your experience … any idea whether can manage Mac Client on Synology active directory ?
Never tried it, but I would willing to try. Do you have a lab we could work in? I don’t have any access to a Mac.
Hi, I would like to know if it’s possible to transition from an existing Windows AD to the Synology, so that PC’s and user accounts along with their GUIDs are maintained? Doesnt seem to be much information available out there on this.
I have never attempted this, but from what I have read it is not possible. The Synology (Samba) likes to be the Primary Domain Controller for the domain and doesn’t play nice with others. I have heard that it does not even communicate with a secondary domain controller because of the difficulty setting up the trust relationship.
Bonjour à tous,
J’ai un soucis de lenteur à l’ouverture des sessions des utilisateurs. Pourtant quand je ping le DNS le temps de réponse est très correct.
J’ai mis en place des profils itinérants cela vient t’il d’un mauvais paramétrage?
Merci d’avance pour votre aide
Les profils itinérants sont toujours lents les deux premières fois où ils sont utilisés lors de la connexion et de la déconnexion en raison de la synchronisation avec le serveur. Assurez-vous que vous utilisez l’adresse IP du serveur au lieu de UNC pour le chemin du profil itinérant afin d’éviter des problèmes de résolution DNS. Synology AD n’est pas parfait mais utilisable.
Can I use this If I wanted to drop my Windows Domain Controller and switch to the Synology Domain Controller?
You can create another domain with the Synology as the DC, but you cannot keep the current domain.