Save a Windows License with Synology NAS Active Directory Server package.
Do you know that Synology NAS offers Active Directory functionality? Correct install the Synology Directory Server package from the package center and set up your Windows Domain.
It’s an excellent choice for small businesses that want to control user access and simplified managementācoupled with the file server role; the Synology NAS offers both worlds. A Windows Server license normally costs around $1000 with CALs (Client Access License).
In this article, I will walk you through how to set up the Synology Directory Server.
Hardware requirements for the Synology Active Directory Server
Synology NAS with a DSM version of at least DSM v6.2 or higher is required. The actual version is 7.1 as of this writing. I recommend using the latest version.
Check the hardware requirements here; your Synology NAS must be listed,
Synology with a low-powered processor cannot install the Synology Directory Server.
I recommend the Synology NAS model DS723+ without disks or as a bundle of 12TB disks.
- Up to 471/225 MB/s sequential read/write throughput makes file operations quick and efficient
- Leverage built-in file and photo management, dataprotection, virtualization, and surveillance solutions
- Two 1GbE ports for simple integration into existingenvironments with optional 10GbE connectivity totackle more specialized, bandwidth-heavy applications
- Add 5 extra drive bays with one DX517 expansion unitfor a maximum of 7 storage drives
- Check Synology knowledge center or YouTube channel for help on product setup and additional information
- AMD Ryzen R1600
- Systemspeicher 2 GB DDR4 ECC
- 2 x RJ-45 1GbE LAN-Port
- 1 x USB 3.2 Gen 1-Port
- Synology DS723+, 2GB RAM, 2x Gb LAN, 2x 12TB Seagate IronWolf (Total 24TB)
For better performance, consider buying a Synology memory module.
Hard drive recommendation for your Synology NAS
Features and limitations of the Synology Directory Server package
- Supports roaming profile and home folder
- Supports group-based access controls too.
- Supports Group Policies
- Supports the Windows RSAT tools (install it on a Windows 10 or Windows 11 machine)
- Supports a single domain only
- Support one domain controller only
- Supports primary controller or secondary controller
- DFS is not supported
- The Active Directory module for Windows PowerShell is not supported
Please also see the official Synology Directory Server page
Some tips before the installation
- Give your Synology NAS a meaningful hostname
- Set a fixed IP address
- The Synology NAS should not be a Domain member, or the package installation will fail.
A plea
If you’re planning to buy a Synology NAS please do use my affiliate link to purchase it. Absolutely no additional cost for you (I would earn a commission from the seller), but definitely a huge help for me, as your gesture will contribute to covering the costs of maintaining this website and adding more great articles. Thanks in advance for your support!
How to install Synology Active Directory Server
You will find the Synology Directory Server package in the package center of your Synology NAS. If you see the package, it means that your NAS is compatible.
You also need to install the DNS Server package, which you can find in Synology’s Package Center. I suggest installing the DNS server first since it is a prerequisite. Configuring the DNS manager is unnecessary because the package Synology Directory Server takes care of everything.
There is one thing you should configure in the DNS Server. It is a forward to a DNS server attached to the internet. It could be to the IP address of your internet router or an external DNS server like Google 8.8.8.8, 8.8..4.4. In the picture below, I configured a forward to the internal-facing internet router.
A reader kindly mentioned adding an external DNS server to the Domain/LDAP setting in Control Panel also works; add an additional DNS server separated by a comma.
My Synology article series
Configure the Active Directory Server
After installing the Active Directory Server package, you find it in the main menu. Click on the package, and a wizard will walk you through it. The first question is crucial; you must enter your domain name and the password for the Administrator account. Take some time to choose your domain name before setting up your server.
Go to the DNS manager; you will see a new DNS zone with your domain name (Active Directory-integrated). As you know, Windows Active Directory requires a DNS zone. The setup wizard auto-created it. You will see all the standard records when you click the zone name. New records will be created for each client computer when they join the Domain. Of course, you can also create records manually.
Manage the Synology Active Directory Server
On the left three tabs, Status, Users & Computers, and Domain Policy, you will notice back to the Active Directory. The tab Users & Computers shows the structure of your Active Directory. It’s the same structure you would see in Windows Domain. With the “Add” button, you can create a new user, computer, or OU.
However, I recommend managing your Active Directory on a Windows 10 computer with the RSAT (Remote Server Administration) tools.
Starting with the Windows 10 October 2018 Update, RSAT is included. You need to activate it with the “Features on Demand” option. Once successfully activated, you will find the RSAT tools in “Windows Administrative Tools.
Don’t forget to join the Windows 10 computer first to the Domain.
Folder shares
I would create folder shares with the Synology NAS. To do that, go Control Panel, Shared Folder. New in the permission tab, you can choose Domain Users and Domain Groups from the drop-down. As you recognize, there are still Local Users and Local Groups. They are the local accounts from the Synology NAS, and if you have created some accounts, they remain untouched after installing the Synology Directory Server.
Group Policy
There is no option in the Synology NAS to use Group Policy. However, you can use the Windows “Group Policy Management” tool from RSAT. It works the same way, and I haven’t yet discovered a problem with the Synology Active Directory Server. It’s an excellent tool for small businesses to set up folder redirection, roaming policy, or drive mapping. Even for a shop with 20 or fewer computers, it makes perfect sense to organize your network and provide a consistent experience to your users.
Some tips
I discovered that using the tick “User must change password at next logon” is not working when using the Windows tool Active Directory for Users and Computers (ADUC). You will get a weird error message. Set this option in the Synology NAS if you want to use it.
In theory, you could still use other packages from the package manager. But I advise you not to use them or as little as possible. Use the Synology NAS as “your Windows Server” only. Better to buy a second NAS.
Backup
It would help to consider how you would back up your server. A general backup rule is to store your data 3 times. 1x production and 2x backups.
In the package center, you will find an excellent package, “Hyperbackup.” You have the choice to backup to an external USB drive, or you can also add another Synology NAS as a target for the backups and use it to store your data in an offsite location.
Hyperbackup has the option to back up your data to a cloud provider. I recommend backing up to another Synology NAS and, in addition, backup to the cloud. For example, Amazon S3 is a cost-effective cloud provider. Of course, you could choose other providers as well. Hyperbackup supports them all, and it’s easy to set up.
When choosing a cloud provider, research and determine which one is best and if you are comfortable storing your data abroad.
Back to the backup rule, storing your data in the cloud would be the third backup.
Q&A Section
Can Synology active directory replace my Windows domain?
Synology Active Directory (AD) provides a Domain Controller (DC), which replaces the Windows Domain Controller. So the answer is yes. However, if you already have a licensed Windows Server, I would not switch your Domain to a Synology NAS except if the license is for an old Windows Server Version.
What is the difference between an Active directory and a Domain controller?
There is no difference. Both terms mean the same.
How do I join my Windows PC to Active Directory hosted on Synology NAS?
It’s the same process you would follow when you have a Window Domain Controller. You need to know the domain name and the domain account ID, which have Domain administrator rights.
Closing remarks
The Synology NAS provides a Windows Server acting as Domain Controller without buying an expensive Windows license. Installing and maintaining a Windows Server is a complex process. Using a Synology NAS to act as your directory service it’s easy. It also helps minimize the cost of IT support. However, it would be best if you did not forget to keep your Synology NAS up-to-date to use the latest security updates.
Overall the Synology NAS is easy to set up. If you are looking for a straightforward software-based solution, this is it.
I hope this article was helpful. If you have any questions, please let me know in the comment section below or by email [email protected].
Full Disclosure
Any purchases made from clicks on links to products on this page may result in an affiliate commission for me.Ā
Please keep in mind that the quantity or price of items can change at any time.
As an AmazonĀ Associate, I earn from qualifying purchases.
As an Aliexpress Associate, I earn from qualifying purchases.Ā
Als Amazon-Partner verdiene ich an qualifizierten VerkƤufen
Hi Edy,
thanks for your very useful guide.
I’m quite confused because I read that you can add the Synology NAS as Primary or Secondary Domain Controller but that Synology Active Directory “supports one domain controller only”. If I buy two NAS, can I use one as Primary Domain Controller and the other as Secondary DC, so if one fails the domain will still be up? Thank you
Hi Alex – Thank you š – “Supporting one domain controller only ” means you cannot install two domains on the same Synology. However, your scenario with two Synology will work fine. I hope this helps.
It really helps, thank you!
In your opinion and experience, is Synology Active Directory suitable for a small office with 20/30 users?
Thanks again.
Hi – Yes, Synology Active Directory is a good option for a small office of your size. Just make sure to buy a decent Synology NAS. I think the 723+ is a good one. You could even add more RAM if you see some performance issues. I would love it if you use my link on the article page to buy the Synology NAS. Thank you, and good luck with your project.
Hi Edy –
Thanks very much for the post. Is there a way (doesn’t seem to be one in the UI) to force an update of the AD information? I’ve tried the Update Domain Data button as well as the Test button(s) in the Domain/LDAP Control Panel in DSM with no joy. I had a user change his password in the last few hours, and my RADIUS server on the Synology isn’t picking up the new password. If it isn’t too much trouble, is there a way to change the frequency of the update(s)? TIA!
Greetings Great review, I learned a lot from your guide. I just completed a Domain Controller / Active Directory / DHCP / DNS migration from an old Dell PowerEdge server running Windows Server 2008 R2 to a new Windows Server 2016 running as a Virtual Machine in Synology Virtual Machine Manager on my DS1821+ with 64 GB of total physical memory.
The Windows Server 2016 Virtual Machine inside Synology Virtual Machine Manager is running on a two drive SSD volume. Configured with virtual 8 GB memory, 4 CPU(s), 2 Reserved CPU Threads and 40 GB virtual disk.
I have been testing all day and the 20 computers on the local network connected to this new Windows Server 2016 VM. The Host CPU percentage in Synology Virtual Machine Manager reaches a maximum of 16% but at idle stays at only 3%.
So far so good, so my question for you is the following: In your Q&A Section you state “However, if you already have a licensed Windows Server, I would not switch your Domain to a Synology NAS”. This is my situation, so do you recommend to join my Synology Directory Server to my existing Windows domain so the Synology acts as a secondary domain controller instead? I need to transfer some folders and files shares off the old Windows 2008 Server and I think making the Synology act as a secondary domain controller will help me.
Thanks in advance for your help
Hello Enrique – Thanks for your comment and your question. I understand that you virtualize your Windows Domain Controller as a guest on the Synology NAS. Synology will not act as a secondary domain controller if you just join the Synology server to your existing domain on the virtualized Windows Server. You need to install the package Directory Server, and then you can use Synology as a secondary domain controller. However, having two domain controllers on the same Synology (hardware) is not something I recommend. If Synology crashes, the domain will be down. Instead, use a second Synology NAS and install the Directory Server. Then you have redundancy. I hope this helps.