By Edy, Tech Expert & Blogger
Do you know that Synology NAS offers Active Directory functionality? Correct install the Synology Directory Server package from the package center and set up your Windows Domain.
It’s an excellent choice for small businesses that want to control user access and simplified management—coupled with the file server role; the Synology NAS offers both worlds. A Windows Server license normally costs around $1000 with CALs (Client Access License).
In this article, I will walk you through how to set up the Synology Directory Server.
Hardware requirements for the Synology Active Directory Server
Synology NAS with a DSM version of at least DSM v6.2 or higher is required. The actual version is 7.1 as of this writing. I recommend using the latest version.
Check the hardware requirements here; your Synology NAS must be listed,
Synology with a low-powered processor cannot install the Synology Directory Server.
I recommend the Synology NAS model DS723+ without disks or as a bundle of 12TB disks.
For better performance, consider buying a Synology memory module.
-
Buy on Amazon$349.99We earn a commission if you make a purchase, at no additional cost to you.
04/20/2025 06:47 pm GMT -
Buy on Amazon$179.99We earn a commission if you make a purchase, at no additional cost to you.
04/20/2025 06:47 pm GMT -
Buy on Amazon$88.99We earn a commission if you make a purchase, at no additional cost to you.
04/20/2025 06:57 pm GMT
Hard drive recommendation for your Synology NAS
-
Buy on Amazon$195.95We earn a commission if you make a purchase, at no additional cost to you.
04/20/2025 07:35 pm GMT -
Buy on Amazon$461.99We earn a commission if you make a purchase, at no additional cost to you.
04/20/2025 07:35 pm GMT
Features and limitations of the Synology Directory Server package
- Supports roaming profile and home folder
- Supports group-based access controls too.
- Supports Group Policies
- Supports the Windows RSAT tools (install it on a Windows 10 or Windows 11 machine)
- Supports a single domain only
- Support one domain controller only
- Supports primary controller or secondary controller
- DFS is not supported
- The Active Directory module for Windows PowerShell is not supported
Please also see the official Synology Directory Server page
Some tips before the installation
- Give your Synology NAS a meaningful hostname
- Set a fixed IP address
- The Synology NAS should not be a Domain member, or the package installation will fail.
A plea
If you’re planning to buy a Synology NAS please do use my affiliate link to purchase it. Absolutely no additional cost for you (I would earn a commission from the seller), but definitely a huge help for me, as your gesture will contribute to covering the costs of maintaining this website and adding more great articles. Thanks in advance for your support!
How to install Synology Active Directory Server
You will find the Synology Directory Server package in the package center of your Synology NAS. If you see the package, it means that your NAS is compatible.
You also need to install the DNS Server package, which you can find in Synology’s Package Center. I suggest installing the DNS server first since it is a prerequisite. Configuring the DNS manager is unnecessary because the package Synology Directory Server takes care of everything.
There is one thing you should configure in the DNS Server. It is a forward to a DNS server attached to the internet. It could be to the IP address of your internet router or an external DNS server like Google 8.8.8.8, 8.8..4.4. In the picture below, I configured a forward to the internal-facing internet router.
A reader kindly mentioned adding an external DNS server to the Domain/LDAP setting in Control Panel also works; add an additional DNS server separated by a comma.
My Synology article series
Configure the Active Directory Server
After installing the Active Directory Server package, you find it in the main menu. Click on the package, and a wizard will walk you through it. The first question is crucial; you must enter your domain name and the password for the Administrator account. Take some time to choose your domain name before setting up your server.
Go to the DNS manager; you will see a new DNS zone with your domain name (Active Directory-integrated). As you know, Windows Active Directory requires a DNS zone. The setup wizard auto-created it. You will see all the standard records when you click the zone name. New records will be created for each client computer when they join the Domain. Of course, you can also create records manually.
Manage the Synology Active Directory Server
On the left three tabs, Status, Users & Computers, and Domain Policy, you will notice back to the Active Directory. The tab Users & Computers shows the structure of your Active Directory. It’s the same structure you would see in Windows Domain. With the “Add” button, you can create a new user, computer, or OU.
However, I recommend managing your Active Directory on a Windows 10 computer with the RSAT (Remote Server Administration) tools.
Starting with the Windows 10 October 2018 Update, RSAT is included. You need to activate it with the “Features on Demand” option. Once successfully activated, you will find the RSAT tools in “Windows Administrative Tools.
Don’t forget to join the Windows 10 computer first to the Domain.
Folder shares
I would create folder shares with the Synology NAS. To do that, go Control Panel, Shared Folder. New in the permission tab, you can choose Domain Users and Domain Groups from the drop-down. As you recognize, there are still Local Users and Local Groups. They are the local accounts from the Synology NAS, and if you have created some accounts, they remain untouched after installing the Synology Directory Server.
Group Policy
There is no option in the Synology NAS to use Group Policy. However, you can use the Windows “Group Policy Management” tool from RSAT. It works the same way, and I haven’t yet discovered a problem with the Synology Active Directory Server. It’s an excellent tool for small businesses to set up folder redirection, roaming policy, or drive mapping. Even for a shop with 20 or fewer computers, it makes perfect sense to organize your network and provide a consistent experience to your users.
Some tips
I discovered that the tick “User must change password at next logon” does not work when using the Windows tool Active Directory for Users and Computers (ADUC). You will get a weird error message. If you want to use this option, set it in the Synology NAS.
In theory, you could still use other packages from the package manager. But I advise you not to use them or to use them as little as possible. Use the Synology NAS as “your Windows Server” only. It’s better to buy a second NAS.
Backup
It would help to consider how you would back up your server. A general backup rule is to store your data 3 times. 1x production and 2x backups.
You will find an excellent package, “Hyperbackup, ” in the package center.” You can backup to an external USB drive or add another Synology NAS as a target for the backups and store your data in an offsite location.
Hyperbackup has the option to back up your data to a cloud provider. I recommend backing up to another Synology NAS and, in addition, backup to the cloud. For example, Amazon S3 is a cost-effective cloud provider. Of course, you could choose other providers as well. Hyperbackup supports them all, and it’s easy to set up.
When choosing a cloud provider, research and determine which one is best and if you are comfortable storing your data abroad.
Back to the backup rule, storing your data in the cloud would be the third backup.
Q&A Section
Closing remarks
The Synology NAS provides a Windows Server acting as Domain Controller without buying an expensive Windows license. Installing and maintaining a Windows Server is a complex process. Using a Synology NAS to act as your directory service it’s easy. It also helps minimize the cost of IT support. However, it would be best if you did not forget to keep your Synology NAS up-to-date to use the latest security updates.
Overall the Synology NAS is easy to set up. If you are looking for a straightforward software-based solution, this is it.
I would love to get some feedback from you. Was this article helpful? Please share your opinion with me in the comment section below. Or, if you prefer a more personal touch, feel free to email me directly at info@edywerder.ch. Your thoughts and insights are always appreciated. Additionally, you can connect with me on Reddit at Navigatetech.
Before you go …
f you’re considering implementing Synology Directory Server, you may also be evaluating which Synology NAS model will best meet your needs. Understanding the hardware requirements for running directory services efficiently can be crucial for optimal performance. I recommend checking out this guide on which Synology NAS is best suited to different applications. It covers model comparisons and considerations for various use cases, making it easier to match a device to your directory management goals.
Full Disclosure
Any purchases made from clicks on links to products on this page may result in an affiliate commission for me.
Please keep in mind that the quantity or price of items can change at any time.
As an Amazon Associate, I earn from qualifying purchases.
Als Amazon-Partner verdiene ich an qualifizierten Verkäufen
Tech Expert & Blogger
Hi, I’m Edy. With over 30 years of experience in the IT industry, I’ve tackled numerous tech challenges.
As a solopreneur, I write articles to fill the gaps I notice in my work and online.
My mission? To provide clear, step-by-step tech guidance and improve the information you find on the web
Enjoying the content?
Hi Edy –
Thanks very much for the post. Is there a way (doesn’t seem to be one in the UI) to force an update of the AD information? I’ve tried the Update Domain Data button as well as the Test button(s) in the Domain/LDAP Control Panel in DSM with no joy. I had a user change his password in the last few hours, and my RADIUS server on the Synology isn’t picking up the new password. If it isn’t too much trouble, is there a way to change the frequency of the update(s)? TIA!
Greetings Great review, I learned a lot from your guide. I just completed a Domain Controller / Active Directory / DHCP / DNS migration from an old Dell PowerEdge server running Windows Server 2008 R2 to a new Windows Server 2016 running as a Virtual Machine in Synology Virtual Machine Manager on my DS1821+ with 64 GB of total physical memory.
The Windows Server 2016 Virtual Machine inside Synology Virtual Machine Manager is running on a two drive SSD volume. Configured with virtual 8 GB memory, 4 CPU(s), 2 Reserved CPU Threads and 40 GB virtual disk.
I have been testing all day and the 20 computers on the local network connected to this new Windows Server 2016 VM. The Host CPU percentage in Synology Virtual Machine Manager reaches a maximum of 16% but at idle stays at only 3%.
So far so good, so my question for you is the following: In your Q&A Section you state “However, if you already have a licensed Windows Server, I would not switch your Domain to a Synology NAS”. This is my situation, so do you recommend to join my Synology Directory Server to my existing Windows domain so the Synology acts as a secondary domain controller instead? I need to transfer some folders and files shares off the old Windows 2008 Server and I think making the Synology act as a secondary domain controller will help me.
Thanks in advance for your help
Hello Enrique – Thanks for your comment and your question. I understand that you virtualize your Windows Domain Controller as a guest on the Synology NAS. Synology will not act as a secondary domain controller if you just join the Synology server to your existing domain on the virtualized Windows Server. You need to install the package Directory Server, and then you can use Synology as a secondary domain controller. However, having two domain controllers on the same Synology (hardware) is not something I recommend. If Synology crashes, the domain will be down. Instead, use a second Synology NAS and install the Directory Server. Then you have redundancy. I hope this helps.