Save a Windows License with Synology NAS Active Directory Server package.
Do you know that Synology NAS offers Active Directory functionality? Correct install the Synology Directory Server package from the package center and set up your Windows Domain.
It’s an excellent choice for small businesses that want to control user access and simplified management—coupled with the file server role; the Synology NAS offers both worlds. A Windows Server license normally costs around $1000 with CALs (Client Access License).
In this article, I will walk you through how to set up the Synology Directory Server.
Hardware requirements for the Synology Active Directory Server
Synology NAS with a DSM version of at least DSM v6.2 or higher is required. The actual version is 7.1 as of this writing. I recommend using the latest version.
Meet Charlie AI
The Best AI Content Creator
The Alternative to ChatGPT
Check the hardware requirements here; your Synology NAS must be listed,
Synology with a low-powered processor cannot install the Synology Directory Server.
I recommend the Synology NAS model DS723+ without disks or as a bundle of 12TB disks.
- Up to 471/225 MB/s sequential read/write throughput makes file operations quick and efficient
- Leverage built-in file and photo management, dataprotection, virtualization, and surveillance solutions
- Two 1GbE ports for simple integration into existingenvironments with optional 10GbE connectivity totackle more specialized, bandwidth-heavy applications
- Add 5 extra drive bays with one DX517 expansion unitfor a maximum of 7 storage drives
- Check Synology knowledge center or YouTube channel for help on product setup and additional information
- AMD Ryzen R1600
- Systemspeicher 2 GB DDR4 ECC
- 2 x RJ-45 1GbE LAN-Port
- 1 x USB 3.2 Gen 1-Port
- Synology DS723+, 2GB RAM, 2x Gb LAN, 2x 12TB Seagate IronWolf (Total 24TB)
For better performance, consider buying a Synology memory module.
Features and limitations of the Synology Directory Server package
- Supports roaming profile and home folder
- Supports group-based access controls too.
- Supports Group Policies
- Supports the Windows RSAT tools (install it on a Windows 10 or Windows 11 machine)
- Supports a single domain only
- Support one domain controller only
- Supports primary controller or secondary controller
- DFS is not supported
- The Active Directory module for Windows PowerShell is not supported
Please also see the official Synology Directory Server page
Some tips before the installation
- Give your Synology NAS a meaningful hostname
- Set a fixed IP address
- The Synology NAS should not be a Domain member, or the package installation will fail.
If you’re planning to buy a Synology NAS please do use my affiliate link to purchase it. Absolutely no additional cost for you (I would earn a commission from the seller), but definitely a huge help for me, as your gesture will contribute to covering the costs of maintaining this website and adding more great articles. Thanks in advance for your support!
How to install Synology Active Directory Server
You will find the Synology Directory Server package in the package center of your Synology NAS. If you see the package, it means that your NAS is compatible.
You also need to install the DNS Server package, which you can find in Synology’s Package Center. I suggest installing the DNS server first since it is a prerequisite. Configuring the DNS manager is unnecessary because the package Synology Directory Server takes care of everything.
There is one thing you should configure in the DNS Server. It is a forward to a DNS server attached to the internet. It could be to the IP address of your internet router or an external DNS server like Google 126.96.36.199, 8.8..4.4. In the picture below, I configured a forward to the internal-facing internet router.
A reader kindly mentioned adding an external DNS server to the Domain/LDAP setting in Control Panel also works; add an additional DNS server separated by a comma.
Configure the Active Directory Server
After installing the Active Directory Server package, you find it in the main menu. Click on the package, and a wizard will walk you through it. The first question is crucial; you must enter your domain name and the password for the Administrator account. Take some time to choose your domain name before setting up your server.
Go to the DNS manager; you will see a new DNS zone with your domain name (Active Directory-integrated). As you know, Windows Active Directory requires a DNS zone. The setup wizard auto-created it. You will see all the standard records when you click the zone name. New records will be created for each client computer when they join the Domain. Of course, you can also create records manually.
Manage the Synology Active Directory Server
On the left three tabs, Status, Users & Computers, and Domain Policy, you will notice back to the Active Directory. The tab Users & Computers shows the structure of your Active Directory. It’s the same structure you would see in Windows Domain. With the “Add” button, you can create a new user, computer, or OU.
However, I recommend managing your Active Directory on a Windows 10 computer with the RSAT (Remote Server Administration) tools.
Starting with the Windows 10 October 2018 Update, RSAT is included. You need to activate it with the “Features on Demand” option. Once successfully activated, you will find the RSAT tools in “Windows Administrative Tools.
Don’t forget to join the Windows 10 computer first to the Domain.
I would create folder shares with the Synology NAS. To do that, go Control Panel, Shared Folder. New in the permission tab, you can choose Domain Users and Domain Groups from the drop-down. As you recognize, there are still Local Users and Local Groups. They are the local accounts from the Synology NAS, and if you have created some accounts, they remain untouched after installing the Synology Directory Server.
There is no option in the Synology NAS to use Group Policy. However, you can use the Windows “Group Policy Management” tool from RSAT. It works the same way, and I haven’t yet discovered a problem with the Synology Active Directory Server. It’s an excellent tool for small businesses to set up folder redirection, roaming policy, or drive mapping. Even for a shop with 20 or fewer computers, it makes perfect sense to organize your network and provide a consistent experience to your users.
I discovered that using the tick “User must change password at next logon” is not working when using the Windows tool Active Directory for Users and Computers (ADUC). You will get a weird error message. Set this option in the Synology NAS if you want to use it.
In theory, you could still use other packages from the package manager. But I advise you not to use them or as little as possible. Use the Synology NAS as “your Windows Server” only. Better to buy a second NAS.
It would help to consider how you would back up your server. A general backup rule is to store your data 3 times. 1x production and 2x backups.
In the package center, you will find an excellent package, “Hyperbackup.” You have the choice to backup to an external USB drive, or you can also add another Synology NAS as a target for the backups and use it to store your data in an offsite location.
Hyperbackup has the option to back up your data to a cloud provider. I recommend backing up to another Synology NAS and, in addition, backup to the cloud. For example, Amazon S3 is a cost-effective cloud provider. Of course, you could choose other providers as well. Hyperbackup supports them all, and it’s easy to set up.
When choosing a cloud provider, research and determine which one is best and if you are comfortable storing your data abroad.
Back to the backup rule, storing your data in the cloud would be the third backup.
Can Synology active directory replace my Windows domain?
Synology Active Directory (AD) provides a Domain Controller (DC), which replaces the Windows Domain Controller. So the answer is yes. However, if you already have a licensed Windows Server, I would not switch your Domain to a Synology NAS except if the license is for an old Windows Server Version.
What is the difference between an Active directory and a Domain controller?
There is no difference. Both terms mean the same.
How do I join my Windows PC to Active Directory hosted on Synology NAS?
It’s the same process you would follow when you have a Window Domain Controller. You need to know the domain name and the domain account ID, which have Domain administrator rights.
The Synology NAS provides a Windows Server acting as Domain Controller without buying an expensive Windows license. Installing and maintaining a Windows Server is a complex process. Using a Synology NAS to act as your directory service it’s easy. It also helps minimize the cost of IT support. However, it would be best if you did not forget to keep your Synology NAS up-to-date to use the latest security updates.
Overall the Synology NAS is easy to set up. If you are looking for a straightforward software-based solution, this is it.
I hope this article was helpful. If you have any questions, please let me know in the comment section below or by email [email protected].
Any purchases made from clicks on links to products on this page may result in an affiliate commission for me.
Please keep in mind that the quantity or price of items can change at any time.
As an Amazon Associate, I earn from qualifying purchases.
As an Aliexpress Associate, I earn from qualifying purchases.
Als Amazon-Partner verdiene ich an qualifizierten Verkäufen