Microsoft Active Directory Domain Services (AD DS) are a directory service that help organize network resources within Active Directory environment. It supports user/group management, group policies, multiple directory servers (i.e., domain controllers), Kerberos authentication, etc. In this article, we shall learn how to Create New Users and Join Synology NAS to Active Directory. Please see How to upgrade macOS Big Sur to macOS Monterey, DSM Security: How to Protect Synology DS923+ NAS, and How to Sync Data in Cloud Drives to Synology NAS.
There are numerous reasons to join your Synology NAS to an AD domain. One of this reasons is a secure and centralized platform to manage Synology NAS and other network resources in an Active Directory environment. For domain users, AD DS allows them to access multiple Synology NAS merely using one set of credentials.
Additionally, managing folder permissions (ACLs) becomes more centralized when the NAS is joined to the domain. Considering this, it is highly advisable to join your NAS device to the domain.
Integrate Synology DS923+ into Active Directory
You can join Synology NAS to a domain as a domain client. After joining the domain, domain users can sign in to Synology NAS using their domain accounts and passwords. As mentioned above, this allows them to access files and use applications without the need to remember another set of username and password.
To join Synology NAS to your domain, please navigate to Control Panel. You can also use “Integrated Windows Authentication ” and the client computer must run Windows to leverage this authentication method.
You could click on Network. But to make life easier, click on “Domain/LDAP”.
Select the node “Domain/LDAP” and click Join.
Enter the domain name and specify the DNS server in the appropriate fields. Please select Trusted Domain as the “Management Mode”.
Please see How to fix Synology NAS Quick Connect is not enabled issue, and Synology NAS Domain Join: The Importance of DNS Configuration.
Management mode
This option determines how you manage privileges of domain users and groups integrated with AD.
- Trusted domains: Users and groups in the domain that the Synology NAS joins as well as trusted domains can be managed. This mode allows you to filter the list of users and groups by domains. Once you select this option, you will be prompted to specify the trusted domains whose data you wish to synchronize to the Synology NAS.
Note: If you wish to manage users and groups of trusted domains, these domains should have two-way trusts with the domain that the Synology NAS joins. - Single domain with OUs: Only users and groups in the domain that the Synology NAS joins will be synchronized in this mode. This mode allows you to filter the list of users and groups by organizational units (OUs).
Click Next to proceed.
This will perform a quick test and join your DSM923+ NAS to the domain when there are no network, firewall and DNS issues as referenced above.
All checks completed. Click Next to proceed.
Please select the domain you wish to replicate. In my case it is “TECHDA” and click “Apply”.
Yes, since we entered a different DNS server etc. On the prompt, click OK.
Note: Ensure your DNS is always up and running in order to be able to connect via “Quick Connect”. You can avoid this concern by specifying an alternate DNS server.
As you can see from the connection status, it is connected.
Also, see How to configure Synology Active Insights, Step-by-step guide on how to set up the Synology DS923+ NAS, and resolve IP Address blocked on Synology NAS due to forgotten Password.
Connect to Synology NAS with Domain Credentials
To do this, launch “Quick Connect” and enter the username. This could be in the format below or just the username.
We are logged in the synchronized Active Directory User Account.
Do not forget to enable 2FA for all users especially privileged userFor enhanced security, I would recommend enabling and enforcing 2FA for all users. You can do this manually for each user.
Create AD Users
We have discussed the benefits of creating an AD users. Launch the Server Manager, click on Tool and select “Active Directory users and Computers”. There are different ways to launch this tool and create a user in AD.
By the way, you can see our DS923+ NAS joined to the Domain.
Under the DSM Users OU, right click and select New and then User.
Enter the user object information
Also, enter the password
Click Finish to complete the User Account creation in Active Directory (AD).
As you can see, we have successfully created two users to administer the NAS centrally.
Summary
Integrating Synology NAS (Network Attached Storage) with Domain/LDAP provides a seamless and centralized user authentication and access management solution. Here’s a step-by-step guide on how to utilize Domain/LDAP integration with Synology
I hope you found this article on how to Create New Users and Join Synology NAS to Active Directory useful. Please feel free to leave a comment below.
