Looking for a tool to help you create content that ranks?
Promo offer for the Solo plan
only $7 for the first month
Save a Windows License with Synology NAS Active Directory Server package
Do you know that the Synology NAS offers Active Directory functionality? Correct install the Synology Directory Server package from the package center and set up your Windows Domain.
It’s an excellent choice for small businesses that want to control user access and simplified managementācoupled with the file server role the Synology NAS offers both worlds. A Windows Server license would normally cost around $1000 with CALs (Client Access License).
In this article, I will walk you through how to set up the Synology Directory Server.
Hardware requirements for the Synology Active Directory Server
Synology NAS with DSM version of at least DSM v62 or higher is required. The actual version is 7.1 as of this writing. I recommend using the latest version.
Check the hardware requirements here; your Synology NAS must be listed,
Synology with a low-powered processor cannot install the Synology Directory Server.
I recommend the Synology NAS model DS720+ without disks or as a bundle 4TB disks.
For better performance, consider buying a Synology memory module.
Hard drive recommendation for your Synology NAS
My Synology article series
Which Synology NAS
How to use Synology Hyper Backup
Synology Drive
Synology Directory Server
WordPress on Synology
Features and limitations of the Synology Directory Server package
- Supports roaming profile and home folder
- Supports group-based access controls too.
- Supports Group Policies
- Supports the Windows RSAT tools (install it on a Windows 10 or Windows 11 machine)
- Supports a single domain only
- Support one domain controller only
- Supports primary controller or secondary controller
- DFS is not supported
- The Active Directory module for Windows PowerShell is not supported
Please also see the official Synology Directory Server page
Sponsored
Anker PowerHouse 767
Solar Generator, 2048Wh GaNPrime PowerHouse with 2Ć200W Solar Panels, Portable Power Station
My pick
Some tips before the installation
- Give your Synology NAS a meaningful hostname
- Set a fixed IP address
- The Synology NAS should not be a member of a Domain, else the installation of the package will fail.
A plea
If you’re planning to buy a Synology NAS please do use my affiliate link to purchase it. Absolutely no additional cost for you (I would earn a commission from the seller), but definitely a huge help for me, as your gesture will contribute to covering the costs of maintaining this website and adding more great articles. Thanks in advance for your support!
How to install Synology Active Directory Server
You will find the Synology Directory Server package in the package center of your Synology NAS. If you see the package, it means that your NAS is compatible.
You also need to install the DNS Server package, which you can find in Synology’s Package Center too. I suggest installing the DNS server first since it is a prerequisite. There is no need to configure the DNS manager because the package Synology Directory Server takes care of everything.
There is one thing you should configure in the DNS Server. It is a forward to a DNS server that is attached to the internet. IT could be to the IP address of your internet router or to an external DNS server like Google 8.8.8.8, 8.8..4.4. In the picture below I configured a forward to the internal-facing internet router.
A reader kindly mentioned adding an external DNS server to the Domain/LDAP setting in Control Panel also works, just add an additional DNS server separated by a comma.
Configure the Active Directory Server
After the Active Directory Server package is installed, you find it in the main menu. Click on the package, and a wizard will walk you through it. The first question is crucial; you have to enter your domain name and the password for the Administrator account. Take some time to choose your domain name before starting to set up your server.
Go now to the DNS manager; you will see a new DNS zone with your domain name (Active Directory-integrated). As you know, Windows Active Directory requires a DNS zone. The setup wizard auto-created it. When you click the zone name, you will see all the standard records. New records will be created for each client computer when they join the Domain. Of course, you can also create records manually.
Manage the Synology Active Directory Server
You will notice on the left three tabs, Status, Users & Computers, and Domain Policy, back to the Active Directory. The tab Users & Computers shows the structure of your Active Directory. It’s the same structure you would see in Windows Domain. With the “Add” button, you can create a new user, computer, or OU.
However, I recommend managing your Active Directory on a Windows 10 computer with the RSAT (Remote Server Administration) tools.
Starting with the Windows 10 October 2018 Update, RSAT is included. You need to activate it with the “Features on Demand” option. Once successfully activated, you will find the RSAT tools in “Windows Administrative Tools.
Don’t forget to join the Windows 10 computer first to the Domain.
Folder shares
I would create folder shares with the Synology NAS. To do that, go Control Panel, Shared Folder. New in the permission tab, you can choose Domain Users and Domain Groups from the drop-down. As you recognize, there are still Local Users and Local Groups. They are the local accounts from the Synology NAS, and if you have created some accounts, they remain untouched after installing the Synology Directory Server.
Group Policy
There is no option in the Synology NAS to use Group Policy. However, you can use the Windows “Group Policy Management” tool from RSAT. It works the same way, and I haven’t yet discovered a problem with the Synology Active Directory Server. It’s an excellent tool for small businesses to set up folder redirection, roaming policy, or drive mapping. Even for a shop with 20 or fewer computers, it makes perfect sense to organize your network and provide a consistent experience to your users.
Some tips
I discovered that using the tick “User must change password at next logon” is not working when using the Windows tool Active Directory for Users and Computers (ADUC). You will get a weird error message. If you want to use this option, set it in the Synology NAS.
In theory, you could still use other packages from the package manager. But I advise not to use them or as little as possible. Use the Synology NAS as “your Windows Server” only. Better to buy a second NAS.
Backup
It would help if you also considered how you would back up your server. A general backup rule is to store your data 3 times. 1x production and 2x backups.
In the package center, you find an excellent package, “Hyperbackup.” You have the choice to backup to an external USB drive, or you can also add another Synology NAS as a target for the backups and use it to store your data in an offsite location.
Hyperbackup has the option to backup your data to a cloud provider. I recommend backing up to another Synology NAS and, in addition, backup to the cloud. For example, Amazon S3 is a cost-effective cloud provider. Of course, you could choose other providers as well. Hyperbackup supports them all, and it’s easy to set up.
When choosing a cloud provider, do your research and determine which one is best and if you are comfortable storing your data abroad.
Back to the backup rule, storing your data in the cloud would be the third backup.
Q&A Section
Can Synology active directory replace my Windows domain?
Synology Active Directory (AD) provides a Domain Controller (DC), which replaces the Windows Domain Controller. So the answer is yes. However, if you already have a licensed Windows Server, I would not switch your Domain to a Synology NAS except if the license is for an old Windows Server Version.
What is the difference between an Active directory and a Domain controller?
There is no difference. Both terms mean the same.
How do I join my Windows PC to Active Directory hosted on Synology NAS?
It’s the same process you would follow when you have a Window Domain Controller. You need to know the domain name and the domain account ID, which have Domain administrator rights.
Closing remarks
The Synology NAS provides you with a Windows Server acting as Domain Controller without the need to buy an expensive Windows license. Installing and maintaining a Windows Server is a complex process. Using a Synology NAS to act as your directory service, it’s easy. It also helps minimize the cost of IT support. However, it would be best if you did not forget to keep your Synology NAS up-to-date to use the latest security updates.
Overall the Synology NAS is easy to set up. If you are looking for a straightforward software-based solution, this is it.
I hope this article was helpful. If you have any questions, please let me know in the comment section below or by email info@edywerder.ch.
Full Disclosure
Any purchases made from clicks on links to products on this page may result in an affiliate commission for me.
As an Amazon Associate I earn from qualifying purchases
Als Amazon-Partner verdiene ich an qualifizierten VerkƤufen
Hi Edy –
Thanks very much for the post. Is there a way (doesn’t seem to be one in the UI) to force an update of the AD information? I’ve tried the Update Domain Data button as well as the Test button(s) in the Domain/LDAP Control Panel in DSM with no joy. I had a user change his password in the last few hours, and my RADIUS server on the Synology isn’t picking up the new password. If it isn’t too much trouble, is there a way to change the frequency of the update(s)? TIA!
Greetings Great review, I learned a lot from your guide. I just completed a Domain Controller / Active Directory / DHCP / DNS migration from an old Dell PowerEdge server running Windows Server 2008 R2 to a new Windows Server 2016 running as a Virtual Machine in Synology Virtual Machine Manager on my DS1821+ with 64 GB of total physical memory.
The Windows Server 2016 Virtual Machine inside Synology Virtual Machine Manager is running on a two drive SSD volume. Configured with virtual 8 GB memory, 4 CPU(s), 2 Reserved CPU Threads and 40 GB virtual disk.
I have been testing all day and the 20 computers on the local network connected to this new Windows Server 2016 VM. The Host CPU percentage in Synology Virtual Machine Manager reaches a maximum of 16% but at idle stays at only 3%.
So far so good, so my question for you is the following: In your Q&A Section you state “However, if you already have a licensed Windows Server, I would not switch your Domain to a Synology NAS”. This is my situation, so do you recommend to join my Synology Directory Server to my existing Windows domain so the Synology acts as a secondary domain controller instead? I need to transfer some folders and files shares off the old Windows 2008 Server and I think making the Synology act as a secondary domain controller will help me.
Thanks in advance for your help
Hello Enrique – Thanks for your comment and your question. I understand that you virtualize your Windows Domain Controller as a guest on the Synology NAS. Synology will not act as a secondary domain controller if you just join the Synology server to your existing domain on the virtualized Windows Server. You need to install the package Directory Server, and then you can use Synology as a secondary domain controller. However, having two domain controllers on the same Synology (hardware) is not something I recommend. If Synology crashes, the domain will be down. Instead, use a second Synology NAS and install the Directory Server. Then you have redundancy. I hope this helps.