Save a Windows License with Synology NAS Active Directory Server package
Do you know that the Synology NAS offers Active Directory functionality? Correct install the Synology Directory Server package from the package center and set up your Windows Domain.
It’s an excellent choice for small businesses that want to control user access and simplified management—coupled with the file server role the Synology NAS offers both worlds. A Windows Server license would normally cost around $1000 with CALs (Client Access License).
In this article, I will walk you through how to set up the Synology Directory Server.
Hardware requirements for the Synology Active Directory Server
Synology NAS with DSM version of at least DSM v62 or higher is required. The actual version is 7.1 as of this writing. I recommend using the latest version.
Check the hardware requirements here; your Synology NAS must be listed,
Synology with a low-powered processor cannot install the Synology Directory Server.
I recommend the Synology NAS model DS720+ without disks or as a bundle 4TB disks.
Features and limitations of the Synology Directory Server package
- Supports roaming profile and home folder
- Supports group-based access controls too.
- Supports Group Policies
- Supports the Windows RSAT tools (install it on a Windows 10 or Windows 11 machine)
- Supports a single domain only
- Support one domain controller only
- Supports primary controller or secondary controller
- DFS is not supported
- The Active Directory module for Windows PowerShell is not supported
Please also see the official Synology Directory Server page
Some tips before the installation
- Give your Synology NAS a meaningful hostname
- Set a fixed IP address
- The Synology NAS should not be a member of a Domain, else the installation of the package will fail.
How to install Synology Active Directory Server
You will find the Synology Directory Server package in the package center of your Synology NAS. If you see the package, it means that your NAS is compatible.
You also need to install the DNS Server package, which you can find in Synology’s Package Center too. I suggest installing the DNS server first since it is a prerequisite. There is no need to configure the DNS manager because the package Synology Directory Server takes care of everything.
Configure the Active Directory Server
After the Active Directory Server package is installed, you find it in the main menu. Click on the package, and a wizard will walk you through it. The first question is crucial; you have to enter your domain name and the password for the Administrator account. Take some time to choose your domain name before starting to set up your server.
Go now to the DNS manager; you will see a new DNS zone with your domain name (Active Directory-integrated). As you know, Windows Active Directory requires a DNS zone. The setup wizard auto-created it. When you click the zone name, you will see all the standard records. New records will be created for each client computer when they join the Domain. Of course, you can also create records manually.
Manage the Synology Active Directory Server
You will notice on the left three tabs, Status, Users & Computers, and Domain Policy, back to the Active Directory. The tab Users & Computers shows the structure of your Active Directory. It’s the same structure you would see in Windows Domain. With the “Add” button, you can create a new user, computer, or OU.
However, I recommend managing your Active Directory on a Windows 10 computer with the RSAT (Remote Server Administration) tools.
Starting with the Windows 10 October 2018 Update, RSAT is included. You need to activate it with the “Features on Demand” option. Once successfully activated, you will find the RSAT tools in “Windows Administrative Tools.
Don’t forget to join the Windows 10 computer first to the Domain.
I would create folder shares with the Synology NAS. To do that, go Control Panel, Shared Folder. New in the permission tab, you can choose Domain Users and Domain Groups from the drop-down. As you recognize, there are still Local Users and Local Groups. They are the local accounts from the Synology NAS, and if you have created some accounts, they remain untouched after installing the Synology Directory Server.
There is no option in the Synology NAS to use Group Policy. However, you can use the Windows “Group Policy Management” tool from RSAT. It works the same way, and I haven’t yet discovered a problem with the Synology Active Directory Server. It’s an excellent tool for small businesses to set up folder redirection, roaming policy, or drive mapping. Even for a shop with 20 or fewer computers, it makes perfect sense to organize your network and provide a consistent experience to your users.
I discovered that using the tick “User must change password at next logon” is not working when using the Windows tool Active Directory for Users and Computers (ADUC). You will get a weird error message. If you want to use this option, set it in the Synology NAS.
In theory, you could still use other packages from the package manager. But I advise not to use them or as little as possible. Use the Synology NAS as “your Windows Server” only. Better to buy a second NAS.
It would help if you also considered how you would back up your server. A general backup rule is to store your data 3 times. 1x production and 2x backups.
In the package center, you find an excellent package, “Hyperbackup.” You have the choice to backup to an external USB drive, or you can also add another Synology NAS as a target for the backups and use it to store your data in an offsite location.
Hyperbackup has the option to backup your data to a cloud provider. I recommend backing up to another Synology NAS and, in addition, backup to the cloud. For example, Amazon S3 is a cost-effective cloud provider. Of course, you could choose other providers as well. Hyperbackup supports them all, and it’s easy to set up.
When choosing a cloud provider, do your research and determine which one is best and if you are comfortable storing your data abroad.
Getting back to the backup rule, if you store your data in the cloud, this would be the third backup.
Can Synology active directory replace my Windows domain?
Synology Active Directory (AD) provides a Domain Controller (DC), which replaces the Windows Domain Controller. So the answer is yes. However, if you already have a licensed Windows Server, I would not switch your Domain to a Synology NAS except if the license is for an old Windows Server Version.
What is the difference between an Active directory and a Domain controller?
There is no difference. Both terms mean the same.
How do I join my Windows PC to Active Directory hosted on Synology NAS?
It’s the same process you would follow when you have a Window Domain Controller. You need to know the domain name and the domain account ID, which have Domain administrator rights.
The Synology NAS provides you with a Windows Server acting as Domain Controller without the need to buy an expensive Windows license. Installing and maintaining a Windows Server is a complex process. Using a Synology NAS to act as your directory service, it’s easy. It also helps minimize the cost of IT support. However, it would be best if you did not forget to keep your Synology NAS up-to-date to use the latest security updates.
Overall the Synology NAS is easy to set up. If you are looking for a straightforward software-based solution, this is it.
I hope this article was helpful. If you have any questions, please let me know in the comment section below or by email firstname.lastname@example.org.
Any purchases made from clicks on links to products on this page may result in an affiliate commission for me.
As an Amazon Associate I earn from qualifying purchases
Als Amazon-Partner verdiene ich an qualifizierten Verkäufen